Earlier this week the Boston Globe reported that Harvard University had asked the dean of its Divinity School to resign after "thousands of pornographic images" had been found on his home computer, which was university property. It seems that during a transfer of files, tech-support technicians noticed the pornographic material and told their supervisors. In other words, these support staffers took it upon themselves to decide that whatever was on his computer was fair game as long as that computer was the property of Harvard Divinity School.
I am a former tech-support employee of Harvard's Divinity School. In my work there, and in other tech-support jobs, I have been privy to some incredible things, including private files like admissions records. But I knew it was accidental that I had access -- and so I learned how to "look without seeing."
Admissions records are confidential information. But what of personal e-mail messages and hourly visits to Ebay to check on the status of an auction? At what point do an employer's legal rights end and an employee's privacy rights begin? And should tech support people be serving as arbiters -- or as snoops?
Most people don't realize how much of what they do at their desktop is visible. I have watched the most graphic of file names flash across screens during everything from disk copies to backups. It could be that the users didn't care -- but the truth is, they didn't know I could see what they thought was some obscure code hidden deep within the system.
The "Documents" choice on the Start menu of Windows 95 offers a sort of natural history of a day in the life of a computer. There are shortcuts to the most recently accessed documents, including picture files and videos, even Outlook's memo cards. Sometimes the most innocuous things are the most revealing: Copying files from one hard drive to another can display file names with explicit labels and e-mail message subject lines. If you are "looking," Netscape's cache and Window's Internet Explorer Temporary Internet Files folder are a storehouse of information. Even when the latter is completely emptied of Web content, the names of cookies that are stored there are incredibly revelatory. Most people don't realize how many sites actually send cookies, even when you offer no login info or check any box.
Any tech support person is liable to encounter such stuff at any given time, no matter how obsessive they may be about discretion and privacy. But there is a way to look without looking, to help someone with a Word document without actually reading it, to troubleshoot a system for every conceivable problem and not notice the things on a hard drive. This requires a carefully honed attitude, a way of thinking that what is yours is yours and mine is mine. Not everything you do all day long is my business -- and if I happen to see something you would rather I didn't, I extend you the same courtesy I want extended to me.
The Globe article suggests that such courtesy was not extended to the dean of Harvard Divinity School.
Today many companies are confronting us with a new piece of paper in our new-employee welcome folders. Suddenly, along with the W2 forms and 401K sign-up, we find the "Internet usage agreement." The first time I had to sign such an agreement, I didn't read it very carefully. I glanced over the predictable bullet points on pornography and other sensitive materials, and the warnings of opening attachments in e-mail messages. The finer print was lost to me, and I filed it away as an awkward but necessary formality in a hyper-evolving Internet culture. I never thought I would see it again.
The company that had me sign such an agreement is at liberty to check up on my Internet usage in any way it can. And even beyond the traces left on the user's own machine, there's an abundance of tracking software available. In the server room of one of my part-time jobs I noticed that a program called Gatekeeper displayed all the Internet usage in the office as it happened. I sat and watched people send e-mail, buy and sell stocks on e-trade and download pictures of Celine Dion. If I had wanted I could have traced this usage back to the individual user. Even though everyone in the company signed the same form I did, I know they all still, unconsciously or consciously, expected that they were not being watched, in the same way one assumes that a phone call to a spouse or friend is not being monitored.
That expectation is natural -- even more so in the case of a dean -- where the home is also, essentially, the place of employment. So what should those technicians have done when they stumbled on those pornographic files?
In my tech-support work, when I have noticed things that I knew someone wouldn't have wanted me to see, I have certainly tried to pretend I didn't see it. I try not to make judgments, knowing that my own Internet "research" has certainly been suspect at times.
How much privacy can any of us expect? According to the law, the answer is "none." The only thing an employer must do, by law, is make sure its Internet policies are non-discriminatory. Otherwise it can monitor, view and read anything it wants to.
And yet, at least amongst the tech-support people I've known and worked with, we will respect your privacy even when we don't really have to. I have never been given a job description where one of my duties as a desktop support person has been to notify my supervisors if I see anything suspect on someone's computer. I would never take a job that required me to do so. The idea of "anything suspect" is suspect in itself. Suspect to whom? If it were up to me, I'd allow game demo downloads, which many companies might frown on -- but crack down hard on visits to unicorn lore Web sites.
My own discretion hasn't protected me from the suspicions of others. Recently, someone I work for sat me down, and, Internet usage agreement in hand, pointed out the various bullet points that I had either overlooked or simply decided didn't apply to me. He told me I was no longer allowed to use the Internet for anything other than work-related issues -- which, as a computer tech guy, I had admittedly defined pretty broadly. He also informed me that I could no longer send any personal e-mail, and that the Internet existed, at least within the boundaries of this company, as a resource for the business at hand.
On the surface I accepted defeat -- and even felt somewhat embarrassed and guilty for doing stuff that was natural to me, as much a part of my everyday, workday life as coffee breaks and reading the newspaper in the bathroom. But in my gut I felt that something was terribly awry. I was having a privilege taken away from me that everyone else at the company, either spoken or unspoken, had. I knew all about the extent of not-nearly-work-related Internet usage that took place in that office, and I was sure my supervisor did as well. But I was made an example.
Humbled, I slunk back to my desk and went to the Microsoft Web site, figuring my boss couldn't very well argue that was for personal reasons. After this incident, I decided to read the fine print of our Internet usage agreement. The company's policy, had I taken the time read it, was very clear: Any Internet use was subject to being monitored and if necessary, traced back to the person. While I accepted its right to do this, I felt appalled at its willingness to do it.
Had the Harvard dean ever signed such an agreement? The Globe didn't say, and unless the matter somehow winds up in court we probably won't ever know.
Discretion is a virtue. The right to privacy in the workplace is no right at all -- but there is a certain unspoken agreement that we all have some freedom of movement, some freedom of personality and thought. The computer has complicated this, creating strange slippery slopes and new hidden pitfalls.
More and more, then, we should all expect to be signing documents like "Internet usage agreements." They are a kind of baptism that really just names the sin to come.
Your tech support staff may behave differently from me. But if I see anything, I will be your priest -- your secrets will remain between you, me and your Temporary Internet Files folder.