CA courts 'Big Brother' with all-seeing software

Computer Associates has used its CA World 2003 conference to unveil a controversial technology which will enable employers to closely monitor the activity of their staff within the organisation.

The eTrust unit’s 20/20 product, named because of the perfect vision it affords bosses of their employees, aggregates information from all points of access, both physical and digital, within the company – from card scanners at the front door to network access points such as workstations and WLANs.

However, this is a technology which is likely to raise serious concerns about a growing 'Big Brother' culture within business.

Ron Moritz, senior vice president of eTrust security solutions, said: “I believe we are going to have to spend a lot of time emphasising how this will improve employee privacy rather than breaching it.”

The scale of that task should not be underestimated. Employees will doubtless be slow to appreciate the benefits of a technology which will monitor their comings and goings from the building and cross references those physical events with digital ones such as phones calls, internet access and emails to build a comprehensive picture of each and every working day.

The security benefits are obvious and immediate. eTrust 20/20 will flag up any suspicious events and anomalies. These might be an employee entering the building after hours to email rival companies or it may be an employee logging onto the network when the card scanner says they are not in work – perhaps a first warning of other employees abusing their colleague’s network privileges or perhaps a remote hack.

From the relatively low-level threat of cyber-loafing – employees wasting time online when meant to be working – right up to security breaches, physical and digital, which could bring down a company, a great many risks will be flagged up.

During a pre-determined time period points will be allocated to employees based on their activity. Those with the highest scores will be deemed to present the highest risks. For example, cyber loafing for two hours per day may carry a score of 20 points while emailing large documents to a rival after hours may carry a score of 1,000 points. Companies can monitor any employees who seem to be returning high scores.

"I think this is in the interests of the employees and the shareholders of any company," said Moritz. "If somebody is leaking secrets to a rival, or spending all their day wasting time online then I think people should know about this."

However, the concern will be with companies who are perhaps over-officious with their implementation of 20/20. Through the use of RFID tags companies will be able to determine the level to which they want to monitor their staff. Cigarette breaks, trips to the toilet, being five minutes late because of traffic will all add to your points total if an employer wants it that way.

Those opposed to such monitoring would doubtless argue that this will do little for staff retention or morale. But Moritz claims the reality of the market now is such that employers hold the best hand.

"In a down-market it is easier to implement these kinds of technology," he said. "In a market where people are fearful of their jobs anyway they tend to be far more accepting of these kinds of technologies."

Moritz added that three years ago employees could have just gone elsewhere to register their displeasure as such measures but for many that just isn’t an option. It’s easier to take a principled stand when you know where your next pay-cheque is coming from.

20/20 is provisionally scheduled for a fourth quarter release this year. It is being targeted primarily at companies such as financial institutions and government organisations where security and the protection of data is paramount.

Moritz said: "The US government departments we have shown this too so far have been very impressed."