Managers Crack Down
On Digital Dillydallying

By JOAN INDIANA RIGDON
Staff Reporter of THE WALL STREET JOURNAL

It's crackdown time in cyberspace, as employers move to curb frivolous workday use of the very digital tools that were supposed to make the troops so much more productive.

That workers are wasting time with electronic mail and the Internet is undisputed but hard to quantify. One analysis of computer logs by Nielsen Media Research Inc. in New York found that employees at International Business Machines Corp., Apple Computer Inc. and AT&T Corp. together visited Penthouse magazine's World Wide Web site 12,823 times in a single month earlier this year. Based on an average visit of 13 minutes, that comes to more than 347 eight-hour days.

It's no surprise, then, that companies are resorting to stern warnings, disciplinary measures and even new surveillance software in an effort to keep wired employees focused on their jobs. More is at stake than worker productivity. The same technology that fosters collaboration and allows the lowliest clerk to send electronic suggestions to the chief executive also makes a company vulnerable to leaks. Any employee can send out a memo on a company's digital letterhead, making it appear to be corporate policy. Or, employees can pirate confidential memos or spreadsheets, attach them to e-mail, and send them to friends, competitors or the Internet at large.

When Compaq Computer Corp.'s 17,000 employees log onto the corporate network, a warning flashes on their screens that "improper and illegal duplication" of corporate data will be punished. It also notes that Compaq reserves the right to read all messages sent over the network, including e-mail. This year, Compaq fired 12 workers at its Houston headquarters who had visited sexually explicit sites on the Internet. Compaq's objection "wasn't the content," a spokeswoman says, but rather the way "the company's resources were abused."

During production crunches at the end of each quarter, Sun Microsystems Inc. closely monitors employee use of its computer network and the Internet, so "we can use the resources of the network to get the product out the door," says Scott McNealy, Sun's CEO. Previously, Sun had shut down Web access entirely during busy periods, but relented when employees protested.

More help for managers is in sight. SurfWatch, a unit of Spyglass Inc., makes new software that allows companies to block employee access to any Internet site. SurfWatch originally developed it to allow parents to control their children's use of the Internet; demand from customers like Lockheed Martin Corp. has encouraged it to turn to the corporate market.

E-mail is a stickier problem -- and a bigger security risk. To find unauthorized personal messages, employers have to monitor the server computers that store all the company's e-mail, a daunting prospect. Though employees determined to leak secrets have always been able to purloin documents or computer disks, "the fact that you can e-mail it and in the blink of an eye it's gone -- that's definitely a concern," says Jay Friedland, founder of SurfWatch.

He says his company may develop a version of its Internet software that can be set to prevent employees from attaching documents to personal e-mail -- the easiest way to relay them outside the company. But the software wouldn't prevent someone from retyping information and sending it out.

New York apparel retailer J. Crew Group Inc. discovered employees were abusing e-mail when it found a profusion of electronic chain letters on its server computer. The company declines to comment on the incident, but scolded employees in a recent internal memo: "The messages have a snowball effect on our disk capacity and are a tremendous waste of time." As for employees who were using e-mail to sell concert tickets and rent apartments, J. Crew proposed a low-tech alternative: the office bulletin boards.

The legality of e-mail surveillance is murky. A U.S. District Court in Pennsylvania ruled in January that Pillsbury Co. had the right to read employee e-mail if it is sent over company systems -- even if the monitoring is done without the worker's knowledge. That case arose from Pillsbury's dismissal of a manager who had used e-mail to make derogatory comments about his bosses. But privacy experts argue that under the Electronic Communications Privacy Act of 1986, employers are permitted to monitor phone calls and e-mail only for business reasons, as when a phone company eavesdrops on its operators to check how they handle calls.

Still, the sheer volume of corporate e-mail makes it all but impossible to police. Some 45,000 pieces of e-mail each day are sent and received by Netscape Communications Corp.'s 1,800 employees, for example. Inevitably, sensitive company documents occasionally get an unwanted public airing.

Wired Ventures Ltd., a San Francisco multimedia publisher, was an apparent victim last month, when an embarrassing internal memo from Chief Executive Louis Rossetto Jr. was published on The Well, a Sausalito, Calif., on-line service. The memo, attacking the media as "clueless," may have placed Wired in violation of Securities and Exchange Commission rules; it was published during the required "quiet period" before its planned initial public offering. The IPO was later dropped, although Wired says the memo wasn't the reason.

Dimension X, a San Francisco maker of Internet software, has also seen the dark side of e-mail. Last year, one of its contractors used company e-mail to insult another company -- one that happened to be in talks with Dimension X about forming a business alliance.

The insult carried Dimension X's digital signature, and as such "carries the whole weight of the company," laments Chief Executive Karl Jacob. He says the other company forwarded a copy of the e-mail to him with a note: "Is this the way that your employees conduct themselves?" Mr. Jacob fired the contractor and says the business alliance fell through for other reasons.

While he cautioned employees to be careful of what they write on company e-mail, Mr. Jacob says Dimension X has no plans to screen messages, believing it to be an invasion of privacy. To defend against such problems, "ultimately you have to build trust," he says.

Though companies are growing more vigilant, most stress that the advantages of e-mail and Net access outweigh the risks. After Edify Corp. went public in May, employees at the Santa Clara, Calif., software maker spent so much time on-line checking its volatile stock price that CEO Jeff Crowe jokingly threatened to fine abusers $5. But Mr. Crowe isn't especially concerned about excessive Net-surfing by employees. As he puts it, "We find they get bored pretty fast."