YOU ARE HERE: LAT HomeCollections

High-Tech Snooping All in Day's Work

Security: Some firms are now using computer investigators to uncover employee wrongdoing.


Moving beyond merely monitoring employees' Internet use, many of the nation's largest companies are quietly assembling teams of computer investigators who specialize in covertly copying employees' hard drives and combing them for evidence of workplace wrongdoing.

These high-tech investigators employ tools and techniques that originally were devised for law enforcement to catch criminals but that are now spreading rapidly in the private sector at Microsoft, Disney, Boeing, Motorola, Fluor, Caterpillar and dozens of other major companies.

The development, little known outside the narrow community of corporate security experts, is sure to raise tensions over workplace privacy in an age when the lives of millions of workers are inextricably tied to their office computers.

Employers say that their rush into the field known as "computer forensics" is a matter of self-defense, that being able to retrieve computer evidence is essential to their ability to catch employees engaged in everything from spending too much time surfing the Internet to stealing company secrets.

"People don't always tell the truth about things," said Howard Schmidt, head of corporate security for Microsoft. Their computers, he said, usually do.

But others question the need of corporations to target unsuspecting employees with the same forensic technology that police agencies use to investigate criminals. Employees subject to such searches face a level of scrutiny they may never have imagined. Investigators acknowledge that searches of computer hard drives routinely turn up embarrassing details about workers' health problems, marital woes and financial difficulties.

"Pardon me for being a cynic," said Lewis Maltby, president of the National Work Rights Institute in New Jersey, "but I don't have total confidence in internal security teams to protect my privacy."

Forensic work is a mix of daring and digital excavation. Investigators often sneak out late at night or use various ruses to obtain "mirror" copies of employees' hard drives. Then they pore over the computers' contents in excruciating detail, searching caches that few users even know about and resurrecting deleted files.

A recent search at one of Southern California's largest assembly plants unfolded in typical fashion.

The investigator waited until midnight on a Sunday, when the plant was empty, its machinery motionless and thousands of computers had slipped into screen-saver slumber.

Stealing glances over his shoulder, he sat in front of the personal computer of a colleague who was likely home in bed. The detective spent half an hour making an exact copy of the hard drive, then retreated to an office lab. There, using an advanced new software program called Encase, he uncovered hundreds of pornographic images, more than enough to cost the worker his job.

"People don't realize that the computer records everything," said the company investigator, who spoke on condition of anonymity. "It's better than an eyewitness."

Surveillance Trend in Workplace

The rush into computer forensics is part of a broader surveillance trend in the American workplace. According to the American Management Assn., 45% of the nation's large companies electronically monitor their workers, up from 35% two years ago. And under federal law, companies have an almost unfettered right to do so.

Because workplace computers are considered company property, employers are free to examine their contents without restriction. In fact, only in Connecticut are companies even required to inform employees if their computer use is monitored. California Gov. Gray Davis has twice vetoed legislation that would have set a similar standard.

For years, many companies have kept logs of employees' Internet use and peeked into their e-mail. Now, corporate demand is rising for new types of surveillance software, from programs that record every keystroke to a new product from Raytheon called SilentRunner that spots suspicious clusters of activity on a company network.

Compared to other surveillance tools, forensics is more like a digital archeological dig. It involves sifting through a drive's contents for evidence and handling it so carefully that not a single byte is altered.

Digital Evidence Is Turned Up

The Times interviewed more than a dozen corporate security specialists about the growing use of computer forensics by leading American companies. Citing concerns about the secrecy of their work, the investigators would describe specific cases only on the condition that their names and companies not be identified.

The investigators said their searches often turn up troves of digital evidence that lead to employee discipline or dismissal for violations such as stealing business plans, submitting phony expense reports and stockpiling pornographic pictures.

Los Angeles Times Articles