E-mail Disasters

Raytheon’s Case

Corrections or additions?

This article by Teena Chandy was published in U.S. 1 Newspaper on June 2, 1999.

All rights reserved.

E-Mail Policy Be Careful

For most computer users, electronic mail has fast

become the primary medium for business and personal communication.

It is cheap, fast, and so convenient that in many circumstances E-mail

has replaced letters, telephone calls, and even face to face conversation.

Many even assume that E-mail, like the spoken word, is private, fleeting,

and does not leave a trace. But this ephemeral nature of E-mail is

deceptive, because in reality E-mail more resembles the letter. In

many ways it is even more permanent and risky. Not only does it leave

a written record and can be delivered to the wrong address, it can

also be retrieved. It can even be subpoenaed in a court case. You

can tear up a letter or burn it but no matter how diligently you "delete"

them, almost all E-mail messages are saved somewhere by some backup

method.

So it should come as no surprise that authorities were able to quickly

track down the instigator behind the infamous "Melissa" computer

virus. Or that officials at Raytheon were able to identify 21 employees

who allegedly divulged company secrets in an online business forum.

Or that a plot to distribute fake E-mail messages is at the heart

of a personnel controversy at Morgan Stanley Dean Witter.

More and more employees are finding out that the E-mail messages they

send or receive at work are not considered private at all and that

they could be used against them. The legal and ethical issues of cyber

communication — employers’ right to know versus employees’ right

to privacy — are being debated vigorously and companies are faced

with precedent-setting decisions.

An American Management Association (AMA) survey shows that 45 percent

of major U.S. firms record and review employee communications and

activities on the job (including their phone calls, E-mail, and computer

files) and 27 percent record and review employee E-mail messages.

Since most employers screen employee E-mail randomly, more companies

are reading personal E-mail as opposed to work-related E-mail. Personal

accounts are not totally safe either. An employer cannot be prohibited

from requiring an employee to print out messages from their personal

accounts accessed by a company-owned computer.

The result? An increasing number of resignations, terminations, and

employment-related lawsuits. An employee can be fired for insubordination

or similar charges that originate from an E-mail message. "Most

employees do not understand E-mail yet and use it in a way that is

far too risky in the current business environment," says Lewis

Maltby, director of the workplace-rights office of the American

Civil Liberties Union (ACLU).

Many courts have ruled against employees in recent E-mail related

cases. A state court in California and a federal court in Pennsylvania

ruled that employers have the right to use surveillance. Maltby points

out that in the Smythe versus Pillsbury case in Pennsylvania, the

company had promised its employers that their E-mail would not be

monitored, yet fired an employee who vented to his co-worker about

his boss in an E-mail message. The court ruled against the employee

who sued the company for breaking its promise.

"The rationale for both these court decisions is that the equipment

used by employees to send and receive E-mail messages is owned by

the employer," says John MacDonald, an attorney at Stark

& Stark, the Lenox Drive law firm. "Accordingly the employer has

the right to determine how and when its property is used."

But when does an employer’s right to know become an

invasion of personal privacy? "Employers have no business reading

the private E-mails of their employees," says Maltby. A survey

on E-mail privacy, conducted by Opinion Research Corporation as part

of Accountants on Call’s ongoing "Profiles of the American Worker"

series, revealed that more than half of employed Americans feel that

the E-mail they compose and receive at work should be private between

the writer and the recipient.

Nonetheless, court rulings so far have only indicated that employee

wishes do not necessarily prevail over employer decisions. "People

like to believe their conversations over the phone are private, that

they are entitled to privacy, and expect the same kind of privacy

when they are using E-mail," says MacDonald. "However, courts

have ruled that an employee has no `reasonable expectation of privacy’

in interoffice E-mail communications." As for personal E-mail

sent from the office, MacDonald says, "that is still an open issue."

ACLU’s Maltby also agrees that, unless it is an outrageous situation,

an employee cannot do anything against an employer who used information

from an intercepted E-mail message against the employee. The employment-at-will

policy allows employers to fire employees for little or no reason

at all and monitoring E-mail communications gives employees yet another

reason to feel insecure about their jobs.

Monitoring, most companies are saying, is necessary to protect corporate

interests. It can expose an employee’s plan to leave the company and

take proprietary information, it can restrict employees from conducting

personal business on office time, and it can help track down sexual

harassment or other similar abuse. Chevron Corporation, for instance,

settled a sex discrimination lawsuit for $2.2 million in 1995. Among

the evidence was an E-mail message titled "25 reasons why beer

is better than women" retrieved from corporate computers.

Most companies, therefore, have adopted formal E-mail policies for

its employees. Almost all of the dozen companies that U.S. 1 surveyed

had an E-mail policy for their employees in place. "Any policy

should state that employees’ electronic communications are not private;

that the communications devices are employer property and that communications

shall or may be monitored," says Steven M. Berlin of the

law firm of Buchanan Ingersoll at 500 College Road East. "Policies

should also restrict employee use of electronic communication systems

to business purposes."

The E-mail policy at Cylogix clearly advises users "that

they should have no expectation of privacy for any Internet use via

the firm’s facilities, whether business or personal."

John McKeegan, spokesman at Johnson and Johnson, says

the company’s policy is that E-mail is for business use and it is

communicated to all employees. "If E-mail is used inappropriately

we have a talk with that employee."

A human resources representative at Summit Bank stated that

E-mail is company owned and not private: "We have a legal and

an ethical obligation to protect the company and its employees, and

to prevent abuse of the system."

Stark & Stark’s MacDonald, in contrast, is of the opinion that

there is no legal requirement to monitor employee E-mail. "It

is the duty of the company to investigate a complaint," says MacDonald,

"but it has no other legal obligation to monitor its employee’s

E-mail.

Companies that do monitor should probably say so. The AMA survey reveals

that 84 percent of companies that monitor employee E-mail do notify

their employees. Such a policy would make it easier for the company

to defend itself in the event of a lawsuit, says MacDonald.

Although the law may allow an employer to monitor electronic communications

in certain ways, the decision to do so must remain a business decision,

says Berlin. The phrase "Big Brother is watching you" has

acquired frightening significance in today’s workplace. While employer

concerns for such monitoring are often legitimate, this could also

create an "us versus them" attitude, says Berlin.

Only three of the Princeton companies surveyed said that they had

a specific hands-off policy. Dow Jones, Church and Dwight, and Neostrata

reserve the right to monitor if a situation warrants it, but otherwise

they say they trust their employees to use their best judgment and

their policy is to not monitor any employee E-mail.

"Dow Jones does not have an E-mail policy, but it is assumed that

E-mail will be used for company business," says Richard Tofel,

spokesperson for Dow Jones. "Of course we know our employees have

personal lives, and just as they may use the telephone to call their

children in the middle of the day, they might also E-mail their children."

"We have a written policy that is communicated to our employees,"

says Mark Bilawsky, vice president of Church and Dwight. "Our

employers are also aware that we do not eavesdrop or conduct any kind

of spot checks as regular procedure."

While most companies feel that monitoring is necessary "in the

best interests of the company," the decision to not monitor —

or as in the case of Dow Jones not having an E-mail policy at all

— could be in the best interests of the company too. As Berlin

of Buchanan Ingersoll points out, monitoring could have an impact

outside the workplace as well. For instance, a lawyer representing

an employee suing the company for sexual harassment can demand to

see all the E-mail communications of the alleged perpetrator. "A

monitoring policy may strengthen an argument that an employer had

notice of the wrongful or discriminatory acts of its employees or

managers," says Berlin.

MacDonald of Stark & Stark says that E-mail may play a large role

in discriminatory and wrongful discharge cases in the future. MacDonald

predicts a rise of cases where groups may feel that they were discriminated

against and that their actions were unreasonably monitored by their

employers.

So what E-mail policies should bosses and workers adopt? "If the

decision is to monitor, use the least intrusive monitoring measures

necessary," says Berlin of Buchanan Ingersoll. He suggests monitoring

employee communications only during probationary or review periods.

As for employees, "Never say on E-mail anything that you would

not want your boss to read," says Maltby. "What is amazing

is that even in companies where employers have told their employees

about their E-mail policies, they are awfully casual about using E-mail."

Maltby says that the ACLU will continue to work to update privacy

laws: "Law always lags behind technology but in the case of online

privacy, the law is lagging far too much behind. The last time the

issue was brought up in Congress was in 1994 and the original sponsors

have not reintroduced it."

Maltby encourages employees to write their representatives. "We

are still a democracy, and if enough employee citizens write to their

congressmen maybe something will change." And until that happens,

Maltby warns, "be very careful."

— Teena Chandy

Top Of Page
E-mail Disasters

Tales abound of E-mail disasters resulting from the

inadvertent use of E-mail. You type a cheeky note to your colleague

in private and your boss could be reading it. The mouse pointer in

the wrong spot could get your message to the wrong person, and worse

still, a lot of wrong persons. CNET has posted some instances of E-mail

disasters at http://www.cnet.com, and also offers some tips

for safe and effective E-mail use:

1.) Set up a queue: Hold your messages in your out-box

for a set period of time before you send them. That gives you a chance

to double-check the addresses before they go on their way.

2.) Encrypt it: Many workplaces do not allow this practice,

however, encrypting a message ensures that only the intended recipient

can read it, even if other people accidentally get the message.

3.) Use Freemail: Using a free, web-based E-mail account

for personal messages ensures private messages do not get mixed up

with business ones. You won’t have access to any company-wide aliases

from your freemail account, and your messages won’t be stored in your

company’s mail server.

4.) Field labeling: Many corporations have company-wide

E-mail aliases to make mass communication easier. So, when you open

a message that was mailed to the alias, the sender’s name shows up

in the From field — but the Reply To field is often set to the

company-wide alias. That means clicking "Reply" will send

the message to everyone. When you reply to a message, always make

sure the right address is in the To: line before you click Send.

5.) Keep romance at home: Never send romantic E-mail from

work. Your employer may be monitoring your incoming and outgoing mail.

Send E-mail from home, use the phone, or have the conversation in

person.

6.) Don’t request receipts: Never use the Receipt Requested

feature when posting to a mailing list. It generates useless traffic

that could slow down or shut down your E-mail system.

Top Of Page
Raytheon’s Case

Anonymity on the Web is a rather fragile issue, as shown

by the just-settled lawsuit by the engineering company Raytheon against

its employees who participated in a business forum on the Internet.

Raytheon — a global company with 875 employees at the Carnegie

Center — obtained court motions against Yahoo!, America Online,

and the other Internet services to obtain the identities of 21 participants

who Raytheon alleged were using aliases to divulge company secrets.

The Raytheon employees participated in forums provided by mainstream

Internet companies, but the Web also offers other such "business

forums." Vault Reports, a New York based company, has posted the

"Electronic Watercooler," an online network of uncensored

bulletin boards, at http://www.vaultreports.com to attract employees

and job seekers from more than 800 companies. "Feel free to gossip

about your co-workers, share salary and bonus information, inquire

about the hiring process, chat about company culture quirks, and much

more" the website says. Usually anonymous, the messages on these

boards include everything from general workplace gripes to "insider

information."

But how anonymous can you be on the Internet and are employees participating

in such chatrooms putting their jobs on the risk? Yes, if the Raytheon

incident is any indication. John Jessen, president and chief

executive of the Seattle-based Electronic Evidence Discovery Inc.,

says that they track down senders of anonymous E-mail all the time.

The Raytheon employees, who were generally exchanging gossip and chatting

about Raytheon’s stock price and business deals, used aliases to protect

their identities. Last week, after Raytheon had discovered all 21

identities, it dropped the suit against the employees. That prompted

countercharges that Raytheon used the legal system merely to discover

the identities. Four of the employees have since quit, and the others

have entered "corporate counseling."


Next Story


Corrections or additions?


This page is published by PrincetonInfo.com

— the web site for U.S. 1 Newspaper in Princeton, New Jersey.

Facebook Comments