And forgive us our trespasses

Agencies monitor employee Internet use to stem unauthorized surfing

In August, when information technology officials at the Interior Department's Office of Surface Mining headquarters began monitoring what sites their 150 employees visited, they wanted to ensure that the office's wide-area network bandwidth was not being sucked up by large, nonwork-related files such as movies and graphics. But the agency found much more — a handful of employees were surfing pornographic and gambling sites on agency time.

"Just a very few people were actually going to adult sites and gambling sites," said Roy Morrison, network systems support team leader at the surface mining office. "They would stay there for hours. This is a big problem, and you need to do something about it. It sucks up resources, and it's a potential embarrassment. We just don't want to go down that road."

As a result, the agency last month completed and distributed an Internet usage policy detailing how employees may use the Internet. And, armed with software from SurfControl, agency officials also have blocked adult and gambling sites for all 650 surface mining employees and are evaluating whether they should continue monitoring or just block the sites, Morrison said. "I would prefer to block and not have the problem as opposed to letting the employees go wherever and then disciplining them," he said.

With Internet access pervasive throughout federal agencies, most IT managers have crafted or begun to develop a personal use policy, and many are using blocking and monitoring software to stem unauthorized cybersurfing on agency time. Many have been encouraged by recent news reports about companies like The Dow Chemical Co., which fired 50 workers and suspended 200 for sending and storing pornographic and violent e-mail messages. They're also encouraged by the CIA investigation of 160 of its employees and contract workers for exchanging "inappropriate" and off-color messages in a covert chat room on the spy agency's classified computer network.

Bandwidth Crunch

Traditional transgressions associated with monitoring Internet usage — employees visiting adult sites or gambling online — are not the only problems. Employees shop, search for jobs, read the news and check stocks online. Internet misuse accounts for 30 percent to 40 percent of worker productivity losses, according to the IT analysis firm IDC.

According to a recent Vault.com Inc. survey of 670 employers and 451 of their employees, 25 percent use the Internet during office hours for personal reasons for at least 10 minutes each day. Another 13 percent said they surf at the office for more than two hours a day. By July 2001, 80 percent of U.S. companies will be monitoring their employees' behavior online, according to IDC.

In addition to productivity losses, agencies are concerned with unnecessary surfing gobbling up needed bandwidth by downloading applications such as music videos and family photos. Agencies also are concerned about potential legal liabilities derived from pornographic material being stored on networks.

Software that blocks or monitors certain e-mail messages and Web sites can be used by agencies to prevent employees from e-mailing confidential documents to outside recipients and to block viruses from entering agency networks, said Keith Thurston, assistant to the deputy associate administrator at the General Services Administration's Office of Governmentwide Policy. Most large U.S. government agencies use filtering and monitoring software, he said.

The Federal Aviation Administration is one of those agencies. The FAA will soon begin monitoring its employees' e-mail one day per week, said Less Dorr, FAA spokesman.

"The whole idea is not just to see who's going to what site and doing what," Dorr said. "The idea is to get engineering data on our bandwidth to understand if we need to do anything else. We don't anticipate blocking any sites. This is primarily to get a handle on not only our current Internet usage but what changes may be needed in the future."

Access Denied

The National Park Service began monitoring the Internet usage of 460 of its employees about eight months ago. Officials found that about 2 percent of the traffic went to adult Internet sites, said Don Thie, manager of information and telecommunications services at the National Park Service. Since then, the agency has been monitoring all em-ployee Internet usage with SurfControl's software and blocking all adult sites.

"It protects our management from even the possibility of a problem," Thie said. "Just one instance that got into the general press could cause you problems."

SurfControl's monitoring features will enable officials to block additional sites in the future, such as those that allow downloading of music clips, if they feel any employee abuse warrants it.

"If we see a class of Internet activity that is significant enough to cause a problem with the circuits, then we'd make the decision to do the blocking," Thie said.

SurfControl has noted many types of Internet abuse from its clients, including one employee who was running his own pornography site from a company server. Employees at other companies have been discovered watching a Victoria's Secret Web cast and a live television show via the World Wide Web, said Kevin Blakeman, president of U.S operations at SurfControl.

"Not only has that person's productivity been affected, but they can affect the productivity of other people from slowing the network," Blakeman said. An employee "may start off doing something that is work related, but five Web sites and three clicks later, they're halfway around the world."

SurfControl's software sits on the network and watches Internet traffic to build a report of which users are going where and how often (see box).

"Maybe marketing people need wide access to get competitive information, but a shipping person might only need access to FedEx and UPS," Blakeman said. "If a user tries to go to an adult site, an e-mail can be sent to human resources saying, "This person has tried to go to this site.' It's not too different in the same way the telephone system is often set up where you have to plug in a code to make a call or you're restricted from making international calls."

At the Small Business Administration, officials chose a filtering product from N2H2 Inc., with artificial intelligence that provides an extensive database of sites that the agency can choose to make inaccessible to its 6,500 employees. Instead of resorting to actively monitoring em-ployees' Web usage and having administrators cull through these reports, SBA relies on the N2H2 software to block employees from accessing inappropriate sites.

"The software is context sensitive," said Howard Bolden, agency computer security manager. "It understands the difference between the word "sex' in a porn site as opposed to medical literature. If they do go to an inappropriate site, a screen pops up saying, "This site is blocked.'"

SBA is among several agencies that allow limited personal use of government computers during nonworking hours. Websense Inc.'s filtering product is designed to incorporate this agency policy, said Andy Meyer, vice president of marketing at Websense. Because many employees are working longer hours, employers are beginning to offer at-work Internet access as a benefit so employees can shop or do research, for example, at lunch or after the workday is completed, Meyer said. The U.S. Army Reserve Information Center, U.S. Naval Submarine Support Facility and the U.S. Defense Commissary Agency are among Websense's federal customers.

Downloading: Cease and Desist

While many agencies are turning to monitoring and filtering products to prevent their employees from visiting inappropriate Web sites, others are more concerned with making sure employees don't download and store illegal material or consume too much storage space.

The Justice Department, the State Department, the U.S. Patent and Trademark Office, the Air Force and the Marines have all deployed software from W. Quinn Associates Inc. that allows administrators to track and prevent users from downloading specific files.

"It's the agency that's responsible for the content of its servers," said Steven Toole, vice president of marketing at W. Quinn. "Servers by nature are shared. If you have an employee who downloads some pornography and then another employee goes into that directory and says, "I wonder what this is?' Boom — you've got a lawsuit."

W. Quinn's software does not block users from surfing to sites, but instead bars them from downloading files with file extensions indicating they are movie files, graphic files, pornographic files or MP3 music files. Merely blocking Internet sites cannot prevent an employee from purchasing a pornographic CD-ROM and storing images on the network or scanning images from a hard-copy magazine onto the network, Toole said. Employees are assigned limited storage space on the server and notified when they reach their quota.

"While the Marine Corps band may want to record their own performances, the rest of the Marine Corps is not in the band and they don't need to store sound files on the server," he said. "Left alone, employees will take up as much space as they can on agency networks. You want to be able to watch your legitimate storage over time so you can plan for future growth."

Accepting a Watchful Eye

Most government agencies advertise their Internet personal use policies to employees and inform them that they are being monitored. Although some employee unions have expressed initial discomfort with the policies, they have since backed down, GSA's Thurston said.

Agencies are supported by the Electronic Communications Privacy Act of 1986, which gives employers the right to access employees' e-mail and voice-mail messages if they are maintained on a system provided by the government or the employer. However, employers may not access messages without the consent of either the author or the intended recipient of the message if an outside service provider owns the system — an important distinction for the government.

"Some of them feel that it's an infringement on their rights," said Interior's Morrison. "I have to remind them this is a government computer and it doesn't belong to them."

Harreld is a freelance writer based in Cary, N.C.

NEXT STORY: Bill opens access to Senate data

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.