Defending Your Privacy at Work

In the popular science fiction series Star Trek: The Next Generation, an alien race called the Borg speeds through the universe in massive cubiform structures, absorbing all of the civilizations in their path. As the Borg engage each new foe, they broadcast their intentions and chillingly declare that, "You will be assimilated. Resistance is futile."

It's appropriate to raise the specter of the Borg in the context of workplace privacy: The Borg are portrayed as a semiautonomous collective of cyborg organisms that share a consciousness and an utter lack of personal privacy. The advance of surveillance technology in the workplace has a Borg-like quality to it, a relentless encroachment to which resistance often does in fact feel futile.

Fortunately, science fiction does not necessarily predict the future. Although it is sometimes difficult to do so, there are steps that individuals can take to protect at least some of their privacy at work. More importantly, there are things that we can do together to help better define the proper boundaries between the workplace and personal space.

• Assume that you have no privacy at work. The first and most important step is to be realistic about the current state of workplace privacy. Unless you are told otherwise, your safest assumption is that everything you say and do, particularly on your computer, can be monitored by your employer. With this in mind, you may want to prevent intrusions into your private life by:

  • Limiting the amount of time you spend on personal telephone calls during working hours

  • Limiting or avoiding sending personal e-mails on the company's computer system

  • Avoiding the storage of personal files on the company's computer system

  • Removing your badge incorporating infrared technology when you don't want to be located (if your job requires wearing such a badge)

  • Being aware that every day you leave "digital footprints" (Credit cards, ETC cards, cell phones, GPS, and other devices used in m-commerce leave a trail of activity in their wake that gives your employer a good idea of how you've been spending your time. Exercise prudence in your use of such devices.)

Even if you are told that your communications are not being monitored, it is very easy for an employer to begin doing so with relatively little expense and no notice to you. The advances in technology make it possible for companies to conduct a wide range of secret surveillance, and in the vast majority of states, companies are under no legal obligation to let you know that they are doing so. It is, however, illegal to record a conversation without the consent of all participants. The following list includes some of the signs that indicate you may be bugged:

• People seem to know your activities when they shouldn't.

• Your AM/FM radio has suddenly developed strange interference.

• Electrical wall plates appear to have been moved slightly or "jarred."

• The smoke detector, clock, lamp, or exit sign in your office or home looks slightly crooked, has a small hole in the surface, or has a quasi-reflective surface.

• Certain types of items have "just appeared" in your office or home, but nobody seems to know how they got there. Examples include clocks, exit signs, sprinkler heads, radios, picture frames, and lamps.

As a practical matter, the only prudent assumption to make is that your employer knows far more about you and how you spend your day than you realize.

Decide how important workplace privacy is to you. It may not bother you that your employer is capable of tracking nearly everything that you do in the office. In the type of tough economy that the U.S. has experienced over the last couple of years, workplace privacy can seem like a relatively minor concern. Moreover, despite its Orwellian overtones, there's a seductive appeal to former British Prime Minister John Major's campaign slogan, "If you've got nothing to hide, you've got nothing to fear." Unprompted, many people offer a similar sentiment when asked about the possibility of increased government surveillance to battle terrorism.

But privacy shouldn't be about fear; it should be about choice. When you apply for a job, you routinely take into account the type of work it is, where the job is located, what the work environment is like, how much the job pays, and so forth. An employer's approach to workplace privacy should be on that list as well: the types of background checks done during the application process, the handling of personnel and medical records, visual and electronic surveillance, and monitoring outside of the office. In the specific instance where an employer asks you to take a lie detector test, you should be aware of the following:

• You cannot be legally asked questions about your religious beliefs, sexual preference, racial matters, lawful activities of labor organizations, and political affiliation.

• You have the right to refuse to take a lie detector test.

• An employer cannot require that you take the test as a condition of employment.

• The employer must explain how the test results will be used.

• You have certain rights, which the employer must list, if the test is not properly administered.

• You have the right to stop the test at any time.

• You can request that questions not be asked in a "degrading and needlessly intrusive fashion."

In addition, be certain to educate yourself regarding company drug tests. When a company routinely conducts drug testing of its employees be aware that "false positives" can be affected by what you eat for breakfast (poppy seed rolls are the most notorious for failure to pass a drug test) as well as that caplet you took for your headache.

While virtually all businesses conduct some type of surveillance, the specific types of surveillance conducted varies widely from business to business. You might be comfortable working for a company that monitors phone calls for quality assurance, but less comfortable with a company that keeps track of how long you wash your hands.

If you are in doubt about a company's surveillance methods, ask. The challenge, of course, is getting a straight answer. Companies have no obligation to disclose all of the surveillance tools that they use and may be very reluctant to do so. There's also some risk involved: In some corporate environments, you may be perceived as a troublemaker or security threat if you push too hard for information about the company's surveillance practices. It is worth asking, however, if that's the kind of company for which you do or don't want to work.

• Be proactive on the issue of privacy. An important practical step is to educate yourself about the kinds of surveillance that your employer could be conducting. Once you are familiar, for instance, with the various types of software and hardware that can be used to monitor the workplace, you can begin to conduct a realistic assessment of just how closely you are being watched. More importantly, you can ask your employer or potential employer informed questions about the types of surveillance that it conducts.

• Pay attention to developments in technology. If you are concerned about workplace privacy, it's also important to keep abreast of the technological changes that make surveillance easier. This book will help give you an idea of some of the areas to watch: faster and more sensitive biometric tools (Chapter 3), smaller cameras (Chapter 5), more sophisticated Web monitoring software (Chapter 6), and so forth. In order to be proactive on the issue of workplace privacy, you need to know the questions to ask, and paying attention to technological innovations will help provide you with the necessary information.

Also, in the area of computer monitoring, be aware that a company's Web surveillance options usually fall into one of the following four categories:

1. Log files and cookies—the lists of resources you've visited online. (Both Internet Explorer and Navigator keep a history of sites visited that can be easily accessed.)

2. Browser caches—which, in addition to keeping pieces of stored Web pages, track the addresses of downloaded Web pages, the dates they were first accessed, and the dates they were last accessed.

3. Packet sniffers—programs installed on a gateway server or Internet service provider system that are designed to examine individual packets of electronic data for specific terms.

4. Filters and monitors—software to filter access to inappropriate material as well as outright monitoring of Web surfing

You should also search your favorite mainstream media website (a few of mine are nytimes.com, globe.com, cnn.com, and salon.com) for the latest developments in surveillance technology. It's also useful to periodically visit somewhat more specialized sites like wired.com or slashdot.com. On all of those sites, searches using some combination of the terms "employee," "workplace," "surveillance," and "privacy" will turn up a variety of relevant articles.

In addition, there are a number of organizations that actively advocate for greater privacy. Although most deal with the issue of privacy in general, virtually all address the issue of workplace privacy as well. Good places to start include the American Civil Liberties Union (aclu.org), the Electronic Privacy Information Center (epic.org), the National Work Rights Institute (workrights.org), and the Privacy Rights Clearinghouse (privacyrights.org).

• Encourage Congress, your state legislature, and your union to strengthen workplace privacy. Workplace privacy is not something that will be protected effectively by market forces; while competition over workers can have some effect, there are too many competing economic considerations. If workplace privacy is going to be protected in a meaningful way, Congress, the various state legislatures, and labor unions will have to make the establishment of appropriate guidelines a priority. I believe that this issue is large enough and important enough that it should be addressed at the federal level rather than piecemeal by the states. Some of the elements that should be included in such an "Employee Bill of Rights" are:

  • Opt-in requirements for collection of information by employers

  • Disclosure of surveillance by employers

  • Limits on the casual and unauthorized spread of employee information

  • Restrictions on the misuse of employee medical information

  • Requirements for reasonable suspicion for drug testing

  • Preservation of the boundary between work and home

  • Enforcement of these rights that would consist of both civil and criminal remedies

Chapter 10 outlines what legislation Congress has passed, to date, that deals with the issue of employee privacy rights, as well as some good ideas that failed to gain support.

It's understandably tempting to be skeptical about the power of individual voters to influence Congress, but a large enough group of individuals can make a difference. If you think that workplace privacy is important and that Congress should do something about it, let your representative and senator know. Ask them where they stand on the issue of workplace privacy, and ask them to notify you if any relevant bills are filed. If you see reports in the media that privacy-related legislation has been filed, let your representatives know that you are following the issue. It does make a difference.

Thanks to technology, it's never been easier to contact your representatives. Every senator and representative in Congress maintains a website with information regarding their positions on different issues and links for sending them e-mail. In addition, there are a number of websites specifically designed to assist you in contacting your Congressional delegation.

On the local level, not all state senators and representatives have Web pages, but increasing numbers do. At the very least, each state has a website that contains, among other things, information on how to contact your state senators and representatives.

Needless to say, if you're worried about the issue of workplace privacy and possible surveillance by your employer, you probably shouldn't use your office computer or company e-mail account to lobby for more restrictive legislation.