Académique Documents
Professionnel Documents
Culture Documents
Kyle Conway
Introduction
A misunderstood issue that has popped up often among employees is the issue of
whether or not their employer can legally monitor them while they’re at work (which is a
silly thing to wonder while you’re on someone else’s private property). But while that
question is obvious and couldn’t possibly result in the minimum number of pages, what we
will instead ask here is should companies be monitoring their employees while they’re at
work? Are there, perhaps, only certain actions that should be monitored (let’s not put
cameras in the toilets)? Should we only consider certain types of monitoring acceptable
(example: having a recording device at someone’s work station vs monitoring their online
traffic)?
information about employees' productive activities" (Peters, 1999). Surely one would believe
that a company has a right to determine how productive their employees are? Well,
the practice of monitoring one’s own private property in the place of businesses is on the
Legally speaking the issue is clear. It is someone’s private property, and so they may
monitor how they wish. Ethically, this is much more of a grey area. One of the reasons this
is believed to be a grey area is because the stated reason for doing this, that is to monitor the
dilemma our two situations are wanting to protect the company and its employees from
MONITORING EMPLOYEES 3
various harms and balancing that with making sure the employees of the company are treated
ethically (Bezek, Britton, 2001) which is as good for the employees as it is for the company.
We (as a planet, but more specifically the United States) entered the Information Age
at the beginning of this century (Hart, 2000). According to the American Management
Association (AMA, 2008) we are now at a point where 85% of employees that have access to
computers also have access to the internet. In this new age of the all pervasive internet,
employers are at risk from employee abuse of this technology (either from loss of
productivity or even potentially illegal use the internet which could result in the shutting
Frayer (2002) suggests that as a way to limit these potential risks the employer use
monitoring techniques that would allow them to “secretly to view, record, and report literally
everything employees do on their computers.” Due to computers becoming a more and more
important element in everyday tasks, and being accessed to such a great number of
employees all with their own idea of work ethics, many employers feel that it’s necessary to
One of the largest threats in our age of all-pervasive technology is the threat of the
wheelbarrow hoping that nobody questions why you brought a wheelbarrow into the office,
an insider threat can put those pages, which are now digital, on a thumb drive or send them
According to a report by IBM (IBM X-Force Threat Intelligence Index 2018) 95% of
all breaches are caused by a mistake by someone inside a company, whether malicious or
accidental. While the first step to preventing this is preventative measures (such as access of
MONITORING EMPLOYEES 4
least privilege to prevent people from accessing things they should not) another important
email monitoring for REGEX that match patterns such as credit card numbers or social
security numbers).
Insiders are necessarily already inside (it’s in the name) and so already pose a greater
risk to a company’s resources and assets than someone outside the network. For assets inside
the firewalls to be worked with someone must have access, and there is no sure fire way to
ensure that person isn’t, or doesn’t become, a malicious insider. And so, the best mitigation
technique for handling people already on the inside is monitoring (Insider Threats in Cyber
Security).
The reason that things are this way is because of the convenience of modern
technology. Having everything in a format such that it can be searched for with a command
instead of flicking through hundreds of pages, and in a format where it can be readily edited,
and in a format that is more secure from physical damage is the obvious way to handle data.
Unfortunately this also enables threats to make copies of any data inconspicuously. It enables
threats to move this data in the same unseen format that it is stored in, instead of on hundreds
of pieces of paper.
In the ever more automated market where the cost on so many things become cheaper
as the cost to manufacture shrinks, companies often must compete with each other by offering
the lowest price on their service or product. Having employees spend a substantial part of
their day browsing the internet means paying more for less work, which (on a large enough
scale) could translate to an increase is price of product, which could result in defeat of the
Even more intimidating for employers with respect to the market is the possibility of
MONITORING EMPLOYEES 5
malicious insiders which could result in breaches of protected information that results in
lawsuits or fines resulting in millions of dollars. The leakage of trade secrets is also a fear
that would be in the realm of economic pressures. A startup with a new idea could be
completely crushed if a larger company were to get that information from a disgruntled
employee on the inside leaking that information. Monitoring of employees would work as
both a deterrent for this kind of behavior, as well as potentially a way to outright stop it
(using things such as regular expression handling, for example, could stop the leaking of
In the age of the all pervasive internet, having access to the internet at all times to
upload a picture of what you’re having for lunch for your hundreds of followers (three or four
of whom you actually know) to ignore is just a part of life. Some people (although I prefer
the term “mental midgets”) even think that access to the internet is a fundamental right
(Velocci, 2016)!
In addition to internet access being considered a social norm, people have also
developed this idea that privacy (even while using someone’s else computer on that person’s
time to send data over their network) is something that should be guaranteed at all times
(Joseph, 2018).
Between the belief that one also need to be connected to the internet and the belief
that regardless of the situation one should always be able to do things out of view from
others, it would be outside of the social norm for people to be monitored at work. The social
norm dictates that an employer should, regardless of potential harm to themselves, allow their
employees free reign of internet access without monitoring in the hopes that their employees
have a work ethic that prevents them from causing any damage to the company. The
Modality 3: Legal
A key figure in the creation of the United States is John Locke who put forth the idea
of property rights that our nation was inspired and founded by. And though we as a country
are rapidly pulling them back in favor of an authoritarian approach, we are still the most
libertarian country with regards to private property, and our laws reflect this.
Because of our property rights laws, one is legally able to record what happens on
their property at all times (although most states do have specific laws against filming in
restrooms and changing rooms (Guerin, 2011)). Legal precedents have established that one
has no reasonable expectation of privacy on the property of others (with the exceptions listed
above) and has no legal complaint against being monitored while on the property of others.
Even when one thinks what they’re doing should imply a reasonable expectation of
privacy such as communicating privately with websites using TLS, courts have decided that
one doesn’t have reasonable expectation of privacy and have used this argument to
Modality 4: Technological
On of the bigger issues with this ethical dilemma isn’t so much the recording itself,
but what is being recording. As an extreme example of this, even people that are for
recording are (hopefully) against recording devices in bathrooms. Not all of the cases are as
extreme, though. For example, I think one would agree that having someone with access to
people’s credit card numbers wouldn’t want them leaked, and that a REGEX to scan email
attachments for credit card numbers would be a good way to prevent this type of leak.
However, the technology is not capable of differentiating between a malicious leak of credit
their break that may contain their credit card information. Since the technology is incapable
of differentiating this, it would intercept the private communication what may include private
MONITORING EMPLOYEES 7
information that the employee did not intend to share, and did not necessarily realize was
This inability for the technology to differentiate is often a pain point to these
discussions.
Top 10 Factors
As a legal argument, it is known (and has a legal precedent) that one has no
reasonable expectation of privacy on the property of another. It also clear that if you’re
working for an employer on their computer using their network, you are on their property.
Given that, legally an employer has a right to (even if we determine it is unethical to) monitor
This is a concern for the dilemma because it is a clear cut answer to the issue of
whether or not an employer can monitor their employees, regardless of whether one
The study by Balitis shows that when employees know they are being monitored it
engenders a feeling of mistrust between the employees and their employers. Many
employees states in the study that they felt that their employer didn’t trust them, which
dissolves the feeling of being a single team. Instead of it being an “us” it because an “us vs
them.”
This is an issue because poor morale invariable results in poor performance, which
Factor 3: People With Internet Access Are Inclined To Misuse Their Time On The
When people have access to the internet it is natural for them to want to check their
MONITORING EMPLOYEES 8
social media, or read news articles that are unrelated to work, or do any number of other
things. Our lives are so connected to the world wide web that it’s a natural reaction to check
it, as if the internet is our umbilical cord to the world. This is demonstrated readily by the
number of people that stare at their phones while walking or that will stop a conversation mid
This is an issue because it demonstrates how much of a social norm it is for people to
hang on their devices at all time to manage their social network accounts. It’s also an issue
because of the negative impact it has on their performance at work, which could lead to
termination, or just poor performance affecting the company in ways that results in negative
What one believes constitutes a reasonable expectation of privacy might not be the
same thing that others believes constitutes a reasonable expectation of privacy. Not only does
this differ among your every day person, but even within the law we see that the exact
definition can be blurry. An example of this is a case where a man was pulled over driving a
rental car he was no authorized to drive. The police said that since the rental was not
registered to him, he had no reasonable expectation of privacy and so the 4th Amendment did
not prevent them from searching the vehicle. Them an and his lawyer went through the first
two levels of the court system to fight it, but both courts sided with the police. It wasn’t until
the man and his lawyer took it to the Supreme Court (the highest legal court in the country)
In this case we can see that separate courts don’t even agree on what constitutes a
reasonable expectation of privacy. This is a big issue with relation to monitoring in the
workplace when employees are doing things they believe has a reasonable expectation of
MONITORING EMPLOYEES 9
privacy (such as surfing their private Facebook page) while their employer does not. The
employee would then feel that their privacy was invaded, which would constitute unethical
behavior, while the employer would feel that this wasn’t the case, and so no unethical actions
were taken.
To further muck-up the discussion with respect to the legality of monitoring on one’s
own property and reasonable expectations of property we have the issue of people working
from home. If one is doing work for another and has agreed to trade a segment of their time
for financial compensation to an employer, can one really claim an expectation of privacy
from that employer? Even if one admits there is no reasonable expectation of privacy from
an employer during hours traded to that employer, surely there must be an argument that the
It is this dilemma and gray area that some employers have been probing by activating
the webcam on work-from-home employee’s work laptops. While the arguments that an
employer has a right to check on their employees to protect their investment in that employee,
few would argue that there is anyplace more private that one’s own home. The place where
one goes to get away from the world. This very ambiguous area of conflicting arguments is
When it comes to monitoring, some of the more obvious ways are known. Everyone
knows that stores have cameras, and workplaces (unless investigating something specific)
rarely go through the extra trouble of hiding them. Employees can see when they’re being
watched. And many may even know that their calls are monitored and that their network
traffic is inspected. However, most people don’t consider (and might not even know about)
The concern here, from an ethical standpoint, is that when one knows they are being
watched there is less of a sense of violation. But when one doesn’t they often feel violated to
find out that they were being monitored. In addition to this concern, very private information
that would normally be protected (such as credit card data) could be captured at the keyboard
using things like keyloggers. Is it ethical for employers to monitor in ways that may
Factor 7: Employers Aren’t Required To Inform Their Employees That They Are
While most, if not all, employers have it listed in one of the million pages an
employee signs when they join a company, they don’t have any obligation to tell their
employees that they will be monitoring them. This can lead to, as mentioned elsewhere, a fall
in morale when employees find out. Even more so than just knowing, because if an
employee finds out after the fact, the damage to the morale is increased by the feeling of
betrayal as the employee feels like the spying was intentionally kept secret.
This also has sway on the debate because it removes the argument of security as a
reason. If it was about security, the company would want this information to be known as a
preventative measure. Employees knowing about this would have the threat of being caught
as a deterrent.
If an employee is on their lunch break, where they no longer fall under the jurisdiction
of their employer, and they’re using their phone on the guest WiFi to handle a private and
personal order, they should reasonably expect that their boss isn’t looking at what the SSL
interception has gathered. However, if the private communication triggered a REGEX in the
filter, it’s very possible that the communication could be caught in a filter and get reviewed
MONITORING EMPLOYEES 11
This is an issue because there is no way for technology to differentiate between truly
Even types of communication that normally get special treatment, such as Lawyer-Client
confidentiality is open for the employer to view. This is because, as pointed out above, there
This results in a hurdle, especially when paired with factor number seven and the
scenario of a worker using their own device on their break from factor number eight, because
of the ethical concern of an employer reading information which even the law (pretends) to
(Dachis)
security, it helps employers get an idea of productivity, it does so many things. However, if
an employee decided they didn’t want to be monitored and they did something about this, it
would likely be considered suspicious. This will probably result in more focused monitoring
of that employee and likely a conversation where the employee would be told to stop.
logical that an employer would need to monitor their employee, and this type of
circumvention would interfere with the positive reasons, it still shows an unbalance of power
Fact 1: Employees With Internet Access Waste Roughly 1.5 To Three Hours Of Eight
According to the research done by Roland Paulsen of Lund University, which was
based on 43 interviews, the average employee with access to the internet spends a lot of their
time “cyberloafing,” as Paulsen calls it. According to Paulsen’s research, the amount of time
on the clock doing nothing related to their job is, on average, between one and a half to three
Discussion of fact 1: If one considers a company that only has two employees that
only make $11/hour, the end result is a loss of over $10,000 for a company. If one considers
any company of a considerable size with employees paid at the average for the nation, it
becomes clear that this lost labor cost can become crippling large. Preventing this type of
behavior through monitoring is an obvious method to mitigate the loss of money through
wasted labor.
Fact 2: People Misuse The Internet At Work (2007 ELECTRONIC MONITORING &
SURVEILLANCE SURVEY)
According to the survey, 30% of employers have fired workers for misusing the
internet. Of those fired, 84% were fired for viewing, downloading, or uploading
“inappropriate/offensive” content. Some 34% were fired for “excessive” personal use. When
one considers how those 84% could have adversely affected the company, or how much
money was lost by the 34%, it’s clear that these people were potentially a real threat to the
Discussion of fact 2: Fact two demonstrates that many people misuse, potentially to
the detriment of their employer, internet access at work. When an employee can potentially
have an entire company shut down by the FBI for an investigation (Betz, 2018), or cost the
company employing them thousands of dollars in wasted labor (Paulsen, 2013) it’s only
expected that companies take the steps necessary to protect themselves, as well as the
Multiple independent qualitative studies (which means no numbers) have shown that
when employees know they are being monitored, their morale suffers (Balitis, Alton).
Employees often feel as though they are being reduced to nothing more than numbers instead
of being seen as real contributing people, which often leads to decreases in performance
(Alton). The morale is also crippled by the added stress felt by employees that feel that
because they’re being recorded at all times that they’re also being judged at all times.
Discussion of fact 3:
The third fact demonstrated the negative effect it has on the mental and emotional
well-being of the employees. When the mental and emotional well-being of people are
concerned, one should always step back and consider the ethical dilemma at hand (although
one should always remember that one is not responsible for the feelings of others and their
Fact 4: Inside Threats Are Very Expensive ($8.76 Million: The Average Yearly Cost Of
Insider Threats)
According to The Poneman Institute’s report in 2018, the annual average cost of
insider threats is 8.76 million dollars. The report also states that since 2016 (only two years
ago) the number of negligent mistakes which lead to compromises has risen 26% and the
number of malicious insider attacks has risen 53%. Negligent insiders result in 64% of
MONITORING EMPLOYEES 14
breaches.
Discussion of Fact 4:
With such a large percent of breaches being caused by negligence instead of open
malice (where the attacker would actively seek to hide their activity) it seems likely that
quality monitoring would mitigate many of these as these things were caught before they
could cause a problem. Additionally, even in the case of a malicious insider attempting to
hide their malicious activities, workplace monitoring would also help to mitigate these threats
considerably.
and employee retention. When employee morale suffers, which Fact 3 suggests monitoring
does affect, they are less likely to stay at the company long and seek employment elsewhere.
Discussion of Fact 5:
shown that the events aren’t isolated, it must be considered ethically significant. When a
populace as a whole feel unhappiness at a thing to a significant enough degree that they are
willing to go through the stress and effort of finding work elsewhere, then the thing must
have negative ethical connotations. Additionally, it is important to note that one of the
primary reasons for monitoring employees is security, and a rotating door of employees is
itself a threat to security as disgruntled employees are often the cause of threats to a company
as well as sampling a larger portion of the population as constant hiring takes place also
Solution Rationale
The purpose of this system is give the most desirable possibility for the largest
MONITORING EMPLOYEES 15
number of people in the given dilemma. For this we’d have to consider that while monitoring
does reduce the amount of wasted time and potential leaks, too much also causes harm to the
morale which negatively impacts the happiness of the workers, which impacts their
performance, which impacts the company, and so can potentially result in negative results for
everyone.
On the other hand, too little or no monitoring, though it leads to happier workers, also
may potentially result in harm to the company, which would could then negatively affect the
workers if it results in the company going under, or even performing so poorly that it results
in layoffs.
This system helps us find a balance more easily by determining who has a right here.
This system gives us a much more ready and simple result. The law and logic agree that one
has no reasonable expectation of privacy while using the property of another person
(especially while in a contract where one person is being paid to perform a task over a period
of time). In the case of monitoring while at work, what one does while sitting in a chair
owned by someone else in a building owned by someone else to use a computer owned by
someone else that sends data across someone else’s network can reasonably be examined by
Poor morale negatively affects work performance, which hurts the company.
Employees spending too much time surfing the web negatively impacts the
company’s performance.
MONITORING EMPLOYEES 16
The workplace, the work network, and the work computer are the property of the
The time an employee spends at work getting paid is part of an agreement to trade
their labor for an agreed upon compensation, which an employer has a right to expect.
restroom.
Conclusion
There is a balance that must be found in the area of monitoring in the workplace. It is
a place of work and employers have a right to monitor their employees, which studies show
they should in order to limit the amount of wasted time. But employers should also try to do
this in the least pervasive way possible, only collecting the minimal amount of data they need
to ensure this while allowing employees as much freedom as possible to keep the workplace
There does appear to be a sweet spot that results in a “best solution for everyone,” it
Synthesis
When looking at this problem ethically, we can see that monitoring can be harmful to
the happiness of employees (Balitis). If harm of any sort can be avoided, it should be, else
what is the point of having a concept of ethics at all. However, it’s important that this desire
It’s also important that we don’t stray too far to either side (total disregard for
employee happiness or total focus on employee happiness) as we’ve demonstrated that both
MONITORING EMPLOYEES 17
extremes result in a loss for everyone as the company suffers, which necessarily means it’s
References
$8.76 million: The average yearly cost of insider threats. (2018, April 25). Retrieved from
https://www.helpnetsecurity.com/2018/04/25/average-yearly-cost-insider-threats/
from
http://www.plattgroupllc.com/jun08/2007ElectronicMonitoringSurveillanceSurvey.pd
Alton, L. (n.d.). Is your company's constant monitoring killing morale? Retrieved from
https://www.nbcnews.com/better/business/constant-corporate-monitoring-killing-
morale-ncna800301
Balitis, Jr., J.J. (1998). Care needed with electronic monitoring. Business Journal (Phoenix),
18(21), 71.
Betz, B. (2018, September 20). New Mexico observatory shut down amid FBI child porn
observatory-shut-down-amid-fbi-child-porn-investigation-documents
RETENTION. 10.13140/RG.2.2.27677.72161.
Crocker, A. (2018, May 15). The Supreme Court Says Your Expectation of Privacy Probably
https://www.eff.org/deeplinks/2018/05/supreme-court-says-your-expectation-privacy-
probably-shouldnt-depend-fine-print
Dachis, Adam. How Can I Tell If I'm Being Monitored at Work and What Can I Do About It?
and-what-can-i-do-about-it.
Davis, C. (2016, October 26). What Are the Methods Used by Companies to Monitor
used-companies-monitor-employees-computers-64671.html
Guerin, L., & J. (2011, October 10). Workplace Cameras and Surveillance: Rules for
cameras-surveillance-employer-rules-35730.html
Joseph, S. (2018, April 03). Why the business model of Facebook is incompatible with
tech/facebook-business-human-rights-data-breach-social-media-personal-information-
a8286021.html
IBM X-Force Threat Intelligence Index 2018. (2018, April 04). Retrieved from https://www-
01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=77014377USEN
https://www.virtru.com/blog/insider-threats-in-cyber-security/
https://www.theatlantic.com/business/archive/2014/12/the-wasted-workday/383380/
Meyer, T. (2014, June 27). No Warrant, No Problem: How the Government Can Get Your
problem-how-the-government-can-still-get-your-digital-data
secrets-employee-emails-not-protected-by-attorney-client-privilege/
doi:10.1177/1350508413515541
MONITORING EMPLOYEES 20
Rivera, A. (12, February 28). Disclose Employee Monitoring to Respect Worker Privacy.
Solon, O. (2017, November 06). Big Brother isn't just watching: Workplace surveillance can
https://www.theguardian.com/world/2017/nov/06/workplace-surveillance-big-brother-
technology
Sweeney, M. (2018, December 06). Personally Identifiable Information: What is PII, non-PII
Velocci, C. (2016, July 04). Internet Access Is Now A Basic Human Right. Retrieved from
https://gizmodo.com/internet-access-is-now-a-basic-human-right-1783081865