The New York Times--April 5, 2000, Wednesday

MANAGEMENT: You've Got Inappropriate Mail; Monitoring of Office E-Mail Is Increasing

By LISA GUERNSEY

Andrew Quinn, a systems manager at a toy company near Montreal, is starting to learn more about his fellow employees than he had ever wanted to know. He has found that one co-worker has a penchant for herbal remedies, another likes jokes about women drivers and another checks the lottery numbers each morning.

He knows these things because, about a month ago, Mr. Quinn installed a new piece of software on the computer network that enables him to monitor not only every Web site that his employees browse, but every e-mail message that they send or receive. With a few clicks, he can open a window on a computer screen and see the senders, recipients and subject headings of each message. Those details, he said, help him figure out exactly what is straining his e-mail server, which has been crashing at least once a week.

''This guy, he's sending e-mail to his girlfriend,'' Mr. Quinn said as he scrolled through messages sent by employees of his company, Ritvik Toys, on a recent afternoon. ''But this message here, that's for business. And that one's for business, too.''

To office workers elsewhere, Mr. Quinn's surveillance might sound like Big Brother in action. But if they think it is of no immediate concern to them, they should think again. Ritvik Toys is one of hundreds of companies that are looking at workers' correspondence on a routine basis. And the number of companies doing so is soaring.

''The market for e-mail monitoring has basically doubled in size over the last year,'' said Abner Germanow, a research manager at the International Data Corporation. ''And we anticipate it to grow very rapidly.''

Managers give a variety of reasons for installing such software. Some, like Mr. Quinn, are on the lookout for oversize e-mail attachments that clog networks. Others seek to dissuade employees from using their systems for personal activities. And others want to make sure employees are not sending harassing messages.

Whatever the reason, the snooping raises ethical questions. Should managers really be peeking into people's private lives like this? And what should they do with sensitive information that, if disclosed, could jeopardize an employee's career?

Mr. Quinn's original purpose in installing the software, called SuperScout, was to manage his mail server more efficiently. But he has since grappled with the privacy issue, deciding against programs that would let him store and review the text of messages, rather than just the headlines.

''That's none of my business,'' said Mr. Quinn, an amiable computer guru with a hint of a Scottish accent, abundant freckles and a beeper on his belt. ''I'm not just sitting here to watch people. But if there is a problem, I want to be able to pinpoint it.''

Until recently, electronic monitoring applied mostly to Web browsing. It was easy for managers to look through logs of Web sites visited by employees. By contrast, tracking e-mail meant sitting in front of an e-mail server for hours. Few managers bothered.

But the last six months, software has become more advanced, enabling companies automatically to record, filter and sort every word that streams through their networks. SuperScout, a product made by SurfControl, can generate bar charts showing the 10 people who get the most e-mail messages, the 10 who send the most and the 10 who send the biggest messages. Another product, xVmail, made by xVault, enables managers to view and search the text of messages. Symantec and GFI Fax and Voice have also introduced e-mail monitoring products the last few months.

Mr. Quinn said employees' habit of sending personal e-mails never bothered him -- until the messages overwhelmed Ritvik's electronic network. ''It's all about bandwidth,'' he said.

Ritvik, which employs about 700 people year-round and 400 more in the summer and fall, is a decidedly old-economy company. A showroom in its headquarters just west of Montreal displays dozens of models, from castles to cowboys, that can be made with its colorful plastic blocks, called Mega Bloks. Huge molding machines whir and hiss on the building's first floor, where the toys are made seven days a week.

But like most manufacturers, Ritvik relies more and more on the Internet to get the job done. Its 200 salaried employees now file purchase orders, do product research and make sales calls by e-mail and on the Web. A few years ago, the company put in a high-bandwidth telephone line, known as an I.S.D.N., and will move to an even faster line, a T1, this month. But even then, Mr. Quinn said, the stream of data will probably fill those pipes until bigger ones come along.

So, he said, ''Instead of just buying more bandwidth, we decided to address the problem.'' This week, a month after installing the software, Ritvik planned to institute a new policy requiring employees to use discretion in their use of the network. It will also warn them that their e-mail messages may be monitored.

Such disclosure is a good business practice, according to the American Management Association. At some point, it may be required by law in much of the United States. One bill in the works, for example, would make secret monitoring illegal in California.

Mr. Quinn is hoping disclosure will be a powerful deterrent. From what he has seen, at least 50 percent of the company's e-mail is not related to work. And, he says, certain names keep appearing on lists of heavy e-mail users, including an employee he has nicknamed the herbal-remedy guy, who has spent hours looking at the Web site of Deepak Chopra, the author of spiritual books, and sending messages about herbal therapies.

Others send jokes. ''Look at this guy,'' he said, as he pointed to a subject heading titled, ''Joke of the Day'' and another titled ''Women Drivers.'' He scrolled further, displaying even more jokes all sent by the same employee.

''That's all he's been doing for the last hour,'' Mr. Quinn said, throwing up his hands. It is not his responsibility to monitor employee productivity, he said, but he cannot help but wonder how such people get their work done.

Ritvik employees had mixed emotions about the planned policy. ''It is a breach of your privacy, I guess,'' said Karen Trainor, the company's North American distribution supervisor. ''If someone knows everything you are writing, that's not really fair.''

But, she added, she had heard that the company was trying to shore up its networks and might need to check e-mail traffic to do so. Besides, she has known Mr. Quinn for years and trusts him. ''If that's what they are doing, I guess they have a reason to do it,'' she said.

For all its usefulness, though, e-mail monitoring raises the question of who exactly should be put under the lens. The technology department at the Southern California Edison Federal Employees Credit Union, for example, recently installed GFI Fax software. But while one employee was reprimanded for sending 150 e-mail messages in one day, said Tony Salse, the director of information technology, the credit union's senior managers and board members need not worry about a similar fate. ''We'll probably exempt them from that kind of scrutiny,'' he said.

Then there is the delicate question of how hard to clamp down. After all, most people send out the occasional personal greeting or joke to family members and friends, and banning that would be overkill, in the view of Chris McNierney, the manager of information systems at Seaboard International, a lumber wholesaler in New Hampshire. Mr. McNierney installed xVault software on his network in January to track the origins of viruses and offensive messages.

But, he said, ''People are going to have friends and make relationships in an office. Obviously you are going to have e-mails going back and forth, and I'm not sure you want to suppress that.'' Rather, he said, his goal was to spot questionable e-mail before it got out of hand.

''We can head things off before we have to make an example of somebody,'' Mr. McNierney said.

Many companies have, in fact, fired people for what is contained in their e-mail. At The New York Times Company, 23 employees at an office in Norfolk, Va., that handles most of the company's personnel records, accounting and payroll operations were dismissed in December for sending what were considered obscene messages, according to Nancy Nielsen, a spokeswoman for The Times Company. Catherine Mathis, another spokeswoman, said the messages were discovered as a result of a separate investigation into an employee's use of company stationery to obtain unemployment benefits for a friend. The Times Company said it does not routinely monitor its employees' e-mail.

Once monitoring becomes routine, it also falls into grayer areas of the law, according to some lawyers familiar with workplace privacy issues. A few lawyers have argued that a casual e-mail exchange is more like a telephone conversation than a printed memo and should be protected in the same way that wiretap laws prohibit government agencies and some businesses from secretly listening to personal conversations.

''Would you entrust the government with this kind of information?'' asked Jeremy E. Gruber, legal director for the National Workrights Institute at a recent New York Bar Association discussion on electronic privacy. ''Why do we think that employers will use it in a wonderful way?''

Mr. Quinn acknowledges that monitoring systems can be abused. For example, he has no trouble imagining a network manager who takes offense at an e-mail message most people would consider innocuous -- and who makes life difficult for the sender as a result. ''You have to ask: whose opinion draws the line?'' Mr. Quinn said.

Still, he has become a true believer in his company's new tracking software. Among other benefits, he says, it has helped him plug a security hole he might not otherwise have spotted: hackers who have sneaked into Ritvik's e-mail server and are using it as their in-box.

''There he is,'' Mr. Quinn said, pulling up a list of e-mail messages from someone using an account at Miami University in Oxford, Ohio. He said he planned to install a fire wall to keep out such impostors.

Mr. Quinn pulled up a bar chart of the top-10 e-mail senders for the afternoon. ''And, the winner today is . . .'' he said with a flourish. The top bar, in blue, showed the name of a Ritvik sales representative. ''O.K., that's legit,'' he said.