Limiting Use of Laptop Monitoring ToolsWhen Federal Agencies Should, Shouldn't Snoop on Their Workers
Some U.S. federal agencies seem to be going too far in monitoring their employees' communications activities on their government-issued laptop computers.
A news report, published by the Washington Post on Aug. 17, says several federal agencies have installed monitoring software from SpectorSoft that can track an employee's keystrokes, retrieve files from hard drives and search for keywords. Besides monitoring e-mail messages, SpectorSoft also can be programmed to intercept social media postings.
There's always the ability for a human being to come in after the fact and look through communications.
No doubt, the government has legitimate fears about the insider threat, employees disclosing secret and sensitive information without authorization, and should take steps to prevent them. And, they're earmarking lots of money to do just that. Spending on protecting and maintaining classified information systems by nonintelligence agencies soared by 20 percent between 2010 and 2011 to $5.65 billion, according to the 2011 Cost Report from the federal Information Security Oversight Office.
But such monitoring has a downside. Many whistleblowers perform important roles in alerting the public to misuse of government funds and unethical conduct by colleagues and managers. Monitoring software could hamper well-intended public servants from tipping off the public about such abuse.
As the story points out, the government has monitored federal workers - including Food and Drug Administration scientists, starting in 2010 - when they use Gmail, Yahoo or other personal e-mail accounts on government computers. Although the FDA has said it acted out of concern that the scientists were improperly sharing trade secrets, the story says, the scientists have argued in a lawsuit that they were targeted because they were blowing the whistle on what they thought had been an unethical review process.
"Nobody's reading anybody's e-mail here," Rob Carey, the Defense Department's principal deputy chief information officer tells the Post. "The FDA case would not happen here. We have rules in place. There has to be probable cause. It appears that there was monitoring going on that shouldn't have been."
Each agency sets its own rules on when and how to use monitoring software.
Privacy advocates say the use of monitoring software can result in the over-collection of data, leaving managers the choice of what they will review and why. "There's always the ability for a human being to come in after the fact and look through communications," Seth David Schoen of the Electronic Frontier Foundation, a digital advocacy group, tells the Post. "And there will be a trove of communications there for them to look through retrospectively."
Agencies shouldn't be prevented from monitoring activities on government-issued computing devices. But they should be transparent about how they employ monitoring software and limit its use to prevent the illicit disclosure of sensitive and classified materials.