On the rise: monitoring employees' Web habits

On the rise: monitoring employees' Web habits<@VM>How one monitoring app works

Many tools can help your agency monitor and control employees' Web and e-mail use

  • Internet Manager from Elron Software of Burlington, Mass.; www.elronsoftware.com


  • Mailsweeper, Pornsweeper, Secretsweeper and Websweeper from MIMEsweeper Solutions of Theale, England; www.mimesweeper.com


  • Sentian FS from N2H2 Inc. of Seattle; www.n2h2.com


  • SuperScout Web and e-mail filters from SurfControl PLC of Cheshire, England; www.surfcontrol.com


  • Mail-Gear and Web Security 2.0 from Symantec Corp. of Cupertino, Calif.; www.symantec.com


  • NetSpective WebFilter from Telemate.Net of Atlanta; www.telemate.net


  • Secure Web from Tumbleweed Communications Corp. of Redwood City, Calif.; www.tumbleweed.com

  • Census IT security chief Tim Ruland says using Web blocking software 'has nothing to do with the mistrust of employees.'

    Many agencies know what their workers are doing and where they are going on the Internet.

    More than 200 federal, state and local agencies use software that monitors how employees use the Internet at work.

    Some critics have raised concerns that using such software can threaten employees' privacy rights and lead to discriminatory practices by management.

    But federal managers defend the use of the applications.

    Tim Ruland, chief of the IT Security Office at the Census Bureau, which has been using Web blocking software since 2000, said it 'has nothing to do with the mistrust of employees. We do not monitor where the employees go. We trust them.'

    Census is among a number of agencies using Websense Enterprise software from Websense Inc. of San Diego. The software denies access to pornography, gambling and hate Web sites, among others, and keeps a log of attempts by employees to visit such sites.

    The Army, Bureau of Labor Statistics, Census Bureau, Centers for Disease Control and Prevention, Federal Aviation Administration and Navy also use Websense. Many other products also can block, filter and monitor Web use.

    Among them are Internet Manager from Elron Software of Burlington, Mass., used by the Navy, National Guard and Veterans Affairs Department; Superscout Web Filter from Surfcontrol PLC of England, used by the IRS and VA; and Secure Web software from Tumbleweed Communications Corp. of Redwood City, Calif., used by the Energy Department and Food and Drug Administration.

    Diane Witiak, a spokeswoman for the American Federation of Government Employees, said her union considers computers similar to other office equipment such as telephones and fax machines. It's OK for employees to use their computers for legitimate personal reasons during their free time, Witiak said.

    There is no governmentwide policy directing departments to monitor employees' Web use. But the CIO Council has issued a recommendation on 'limited personal use' of government office equipment that characterizes as inappropriate the 'creation, downloading, viewing, storage, copying or transmission of sexually explicit or sexually oriented materials and materials related to illegal gambling, weapons and terrorist activities.'

    The policy instructs each agency to 'assess its individual needs and responsibilities as they relate to its mission, security, budget, workload and public contact in determining the extent to which the policy is established and implemented.'

    James Seligman, CIO at CDC, which has been using Websense software for two years, said the agency wanted to stay in line with the policy. 'We wanted to make sure that we have something managerially,' he said. 'So as we learned that the technology was available, we did something that was prudent to solve intentional and unintentional problems coming out of Internet use.'

    CDC, which has 8,600 users, has blocked pornography, hate, terrorist and weapons Web sites. CDC employees were told beforehand that the agency would use Web filtering software. Most took it in stride, Seligman said.

    Some workers questioned whether the software would interfere with legitimate research, but CDC has tweaked the app so certain users can access prohibited sites. For instance, workers conducting research on sexually transmitted diseases can visit sites barred to other employees.

    Lance Cpl. Daniel Gericke, a trouble desk server administrator with the 13th Marine Expeditionary Unit, said filtering software helps manage the bandwidth on board the amphibious assault ship USS Bonhomme Richard.

    Marine Corps policy says users cannot access Web-based e-mail, adult content or Web proxies. 'But we also block bandwidth-intensive sites, such as MP3 sites and streaming audio sites, to save the limited bandwidth on ship,' he said.

    Gericke also touted the benefits of the log feature of Websense software. 'It keeps very good logs of who surfs where and a lot of statistics to see how your bandwidth is being used or misused,' he said.

    But privacy advocates have raised concerns over such features. Andrew Schulman, an author and consultant on computer and privacy issues and a fellow with the U.S. Privacy Foundation, said blocking prevents employees from spending work hours surfing inappropriate Web sites, but logging raises privacy issues and could result in discrimination against some employees.

    For instance, the log files create records of how an employee uses the Internet. These fall into the category of public records and can be used in court cases, he said.

    Also, if an agency plans to lay off employees, it may use the log of their Web activities against them, he said.
    'The problem is not blocking, but it's in the recording'who does what on the Internet.' Schulman said. 'Such software can also create a sense of fear among employees when they are not informed how the software works.'

    Added bonus

    Ruland said the software helps Census workers conduct research by narrowing their searches and skipping past inappropriate Web sites. 'We are not concerned any longer about them going to wrong sites,' he said.

    While filtering and blocking software may help researchers avoid unhelpful sites, its main function remains to prevent inappropriate Web use by employees. Several studies have revealed the problem to be pervasive.

    Monitoring by the Treasury Department last year showed that 51 percent of IRS employees' time spent online was on activities such as personal e-mail, chats, shopping, and checking personal finances and stocks.

    Websense claims that 70 percent of all Internet pornography site traffic occurs during the 9-to-5 workday.

    Stephen Larsen, a spokesman for the Army's Program Executive Office of Enterprise Information Systems at Fort Monmouth, N.J., said the Army is maximizing its bandwidth by blocking some pornography, gambling, sports and shopping sites.

    Within the Army, which has 200,000 users of Websense Version 4.2, each command is responsible for establishing its own policies and choosing which sites it will filter.

    Larsen said employees have accepted this as a way of life.

    'There is a phone number listed on the refusal page that gives employees an option to call to argue that this site should not be blocked,' he said. 'We have heard of no such phone calls.'

    Col. Eddie W. Morton, deputy chief of staff for information management with the Florida Army National Guard, said the command has zero tolerance for traffic on unauthorized sites. The software helps reinforce and manage the policy.

    'Most of the employees were glad to see it put in place,' he said.Websense Enterprise software, written in C++, can run under Microsoft Windows NT and 2000, Sun Microsystems Solaris and Red Hat Linux.

    When a user makes a request to access a Web page, the request is passed through a firewall or proxy server or a caching device. The software, from Websense Inc. of San Diego, is integrated with these control points and checks whether a user request should be allowed or denied.

    The software logs the time and the identity of the users who make each request, said Harold Kester, Websense's chief technology officer.

    The software filters requests through the Websense Master Database, which contains more than 3.5 million of the most-accessed sites, organized into categories such as gambling, shopping and adult content, Kester said.

    The database, updated daily, contains sites in 44 languages.

    The software also checks Web pages every 90 days to see if the uniform resource locators have changed, he said. It can block, permit or postpone access or limit how long a user stays on a site, Kester said.

    If an employee tries to visit a blocked Web site, the software flashes a message saying that access has been denied. The event is logged, but the employee's manager is not notified.

    'It's not like they want to be the Internet police,' Kester said.

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above