Wednesday January 9, 2008

Workplace Internet abuse expands
Topics:
government employees
government, state
Internet
policy
audits
Internet filtering software
Connecticut
Advanced reading level Reading Level (Lexile): 1420L
Citation format:

July 15, 2007 Connecticut Post (Bridgeport, CT) Section: News
Author: KEN DIXON kdixon@ctpost.com

KEN DIXON kdixon@ctpost.com. "Workplace Internet abuse expands" Connecticut Post (Bridgeport, CT)2007-07-15: .School Library Collection By NewsbankOnline. Infoweb by Newsbank, Inc. January 9, 2008.
HARTFORD - In yet another sign of our increasingly digitized society, Internet use among state employees has doubled over the last three years and, with it, comes the increased potential for abuse.

A recently released review of the Department of Environmental Protection by the state Auditors of Public Accounts found that nearly half the computers tested had visited unauthorized Internet sites during 2004 and 2005.

State software prohibits departmental and agency computers from millions of sites, including adult-content and Internet auctions, although DEP computers didn't get the latest upgrade until last year, according to the state Department of Information Technology.

But DEP computers were routinely found to visit state, national and international newspapers, mail-order merchants such as L.L. Bean, travel sites, automobile manufacturers, private e-mail services and dozens of others.

Nineteen of the 42 DEP employees with Internet access, who were randomly selected among hundreds of employees by state auditors, were found to have viewed out-of-bounds sites.

Amid hundreds of auditor's work pages reviewed by the Connecticut Post, were records of a senior engineer in the DEP's waste-management bureau who visited several Web sites for brides from the former Soviet Union.

The site womenrussia.com was visited 2,062 times; Ukraineloves.com received 761 hits; and honestmarriageagencies.com was visited, via the employee's computer, 279 times during a period of time that was unspecified in the audit reports.

Auditors recommended that the DEP enforce the state's so-called acceptable-use policy, which prohibits employees from using computers for anything but state business.

While this supposed "zero-tolerance" policy on Internet use is the rule, the growing ubiquity of computers at home and the workplace may be giving the more than 53,000 state employees some flexibility to use Internet connections for personal use during breaks and lunch.

Employee union leaders and some state officials believe it's time to rethink ethical issues on personal and work-related uses of state equipment, including what they believe to be an "unrealistic" policy prohibiting any personal use of state computers.

Few state workers have been disciplined for Internet excursions, although in April, Veterans Affairs Commissioner Linda S. Schwartz was reprimanded, the agency's financial manager was fired, and a dozen people in her department were found to have misused state computers.

Nuala F. Whelton, communications director for DOIT, said the acceptable-use rules were last updated in May 2006. "There was an attempt made to make it reasonable," Whelton said. "You need rules to govern state resources for non-governmental purposes and from DOIT's perspective, our concerns in this area are primarily security."

The department provides filters and monitors the use of computers for 576 state departments and agencies, including 18 that joined during the last year.

More than 91 categories of Internet sites are filtered and blocked, including 20 million pornography, social-networking and recreation sites, Whelton said, adding that in the fiscal year that ended on June 30, state software blocked 5.7 million attempted visits to non-business-related sites. In the 57 agencies making up the executive branch, which has about 40,353 employees, there are about 25,000 Internet users, who are subject to DOIT's internal policy.

She said the filters are tailored to the needs of various state departments and that the rewritten policy balanced the needs of the state with the rights of state workers.

She warned that malicious Internet sites could install spy ware in the state's computer system.

State usage of the Internet has increased sharply, from 45 megabytes per second three years ago, to 65 megabytes two years ago and 90 megabytes last year, Whelton said.

"People are using the state web site to unprecedented degree," she said. "Tools to control usage have to be available for security as well as other reasons."

But Robert G. Jaekle, of Stratford, one of the state's two auditors of public accounts who supervised the regularly scheduled staff investigation of the DEP, said last week that the Internet landscape is a lot different now than when usage rules were first developed in 1999.

"If it's fantasy baseball someone's playing on state time that's one thing, but from my perspective, is the use of the Internet for non-business related purposes adversely affecting the performance of the employees?" Jaekle said in an interview.

"If it's on a break, a lunch period, is it that different from reading a novel for 20 minutes or playing your own hand-held video game? To me, it's not," Jaekle said. Jaekle has the feeling that agency officials are evolving away from the specificity of the rules.

"In the scheme of what priorities agencies have to do, I believe it's not a policy that's enforced," Jaekle said.

He recalled that there were similar examples of DEP non-work-related Internet excursions found in the audits of 2002 and 2003, but he couldn't remember similar instances of any other recent audits of state departments and agencies.

Dennis Schain, communications director for the DEP, agreed that although the audit of the department was released on July 3, the 2004 and 2005 period covered was at least a full year before the agency joined the overall state system, with DOIT's more-effective filtering and blocking abilities.

"We adhere to the overall state policy," Schain said. "If there's a need and interest for changes, it's for others to decide."

As for the engineer who surfed the Web for a potential Russian bride, Schain said he's still on the job, but he and others whom auditors found to violate the rules, were warned.

"In the cases where auditors identified improper use, supervisors were informed and were asked to discuss the matter with employees and to make certain they were fully aware of the state policy," Schain said.

Thomas H. Morawetz, who is the Tapping Reeve Professor of Law and Ethics at the UConn Law School, said last week that if workplace productivity is not affected, the supervisors should give employees leeway when it comes to personal use of the Internet during the business day.

"My sense is that it seems more common sense than ethics," he said, adding that the official state policy almost invites the possibility of abuse.

"The line's there, but it's an extremely hard line to draw and impossible to enforce," Morawetz said. Morawetz believes the state policy is outdated and the exact nature of an abuse would have to be defined more clearly in terms of what an employee may be doing on the Internet that is taking them away from their work duties.

"It just doesn't make sense," he said. "Anyone would be vulnerable under those guidelines." The computer is incidental to the issue, he said. "It's about abuse and deception and would have to be measured in terms of something inconsistent with carrying out the overall duties one is employed" to perform, Morawetz said.

He recalled that about 20 years ago, when he was starting out on the law school faculty, there was a telephone policy that not only prevented UConn employees from calling out of their offices on personal business, but they could not even accept calls that were not work-related.

A colleague then wrote a widely circulated memo intimating that - in an age before caller ID - someone would have to be clairvoyant to know whether an incoming call was business-related or not.

He warned that the current regulation of Internet use invites the potential for abuse by supervisors and managers who could ignore indiscretions of favored employees and target others for disciplinary action.

"It's only with computers that these policies seem to make sense because they're complicated and expensive," Morawetz said. "When we have pretty flawed laws like this one, the only way the laws can survive is if the people who enforce them decide not to enforce them or enforce them rarely."

Larry Dorman, spokesman for AFSCME Council 4, which represents 17,000 state employees, said last week there have been occasional disciplinary actions that extend to termination proceedings over alleged computer misuse.

"It's a very difficult and ambiguous issue to confront," Dorman said. "In the end you have to have common sense on the part of the employer and employee."

The union warns members to be careful when it comes to computers and the Internet.

"Ultimately, as advocates of the workers, we remind our members that the computers are owned by the boss, so whatever you're doing can be monitored by the employer," Dorman said. "The 'zero tolerance' approach is totally unrealistic and not reflective of what's going on in today's work place."

"There needs to be flexibility on the part of the employer," Dorman said. "We're certainly examining it from the point of contract negotiations."

But in an age of increasing around-the-clock dependency on technology, iron-clad rules may become as outdated as a dial-up Internet service.

(c) 2007 The Connecticut Post. All rights reserved. Reproduced with the permission of Media NewsGroup, Inc. by NewsBank, Inc.
Record Number: 11A6D42ECBA84C78