When IT Is Asked to Spy

IT managers are being put in the awkward position of monitoring fellow employees.

1 2 3 4 Page 4
Page 4 of 4

His graduate-level college studies in IT security and forensics taught him how to properly preserve electronic evidence so that it is admissible in U.K. courts. For the information from a laptop to be admissible, he says, the hard drive needs to be removed and cloned, and then the clone is examined while the original evidence is left untouched.

But his bosses aren't interested in that. "The process my managers want me to follow is inappropriate," he says. They want him to skip the cloning and examine hard drives directly. "It's highly unlikely that they would ever be able to bring a successful prosecution [because] they insist on using a practice that would invalidate any evidence obtained," he says.

The Conscientious Objector

"Our department philosophy is that if the users fear us, the job gets 10 times harder," says Dan Olson, IT director at Farstad Oil Inc., a Minot, N.D., company with 500 employees. "Fear leads to coverup and spin. When we are trying to find [the cause of] a problem, what we need is the truth."

Fear of IT used to be a problem at Farstad. In the mid-1990s, after an employee was caught spending too much time in chat rooms, IT was directed to monitor employees and report those who did non-work-related activities on their PCs.

"We had never agreed to that, nor were we consulted on it," Olson says. He mostly ignored the directive, partly because it was never a written policy. Nonetheless, he says, "the next two years were miserable for [IT], as everyone feared that we would assume they were guilty until proven innocent."

At one point, management became concerned that employees were using instant messaging for personal business. A memo cautioning employees about this caused even more anxiety. "I remember people clicking their mice and quickly closing windows as I walked by," says Olson.

That fear was counterproductive, he says. If employees' PCs caught a virus, for example, he had trouble getting them to say what they'd been doing or what Web sites they'd visited.

Shortly thereafter, Olson persuaded management to ease the restriction. "We explained that we wouldn't be watching [workers] all the time. We would only check the logs if their manager complained that they weren't getting their work done," he says.

The new policy has made for much better working relationships between employees and the IT staff, he notes, with employees more willing to inform IT promptly about technology snafus and IT able to get the information it needs to remedy the problems.

Get Used to It

In the future, companies like Farstad that have policies that favor minimal monitoring are likely to be in the minority. Observers say IT managers can expect to be asked to take on even more monitoring duties, such as reviewing surveillance videos, examining text messages, tracking employees' whereabouts via GPS or monitoring activity on social media.

Will IT managers resist this expansion or chalk it up to just doing their jobs?

Florida Institute of Technology's Workman doesn't envision much pushback. "I see them doing it," he says, "but I don't see them being completely comfortable with the practice.

Harbert is a Washington, D.C.-based writer specializing in technology, business and public policy. You can contact her at her Web site, TamHarbert.com.

This story was originally published in Computerworld's print edition. It was adapted from an earlier version that first appeared on Computerworld.com.

Copyright © 2010 IDG Communications, Inc.

1 2 3 4 Page 4
Page 4 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon