Turns out it's pretty easy to crash the lunch spread at the
American Society for Industrial Security's annual convention.
You just walk in, sit down, start munching on salad. I didn't
set out to trespass--I only wanted to chat up some corporate
dicks, ex G-men, and card-carrying government spooks when their
guard was down, beef-tip gravy on their chins. The thing was,
when I got busted (halfway through a stale roll), it wasn't by
the so-called security specialists with the Efrem Zimbalist Jr.
haircuts--it was by one of those superannuated babes with a cotton-candy
coif who police the floor of the Las Vegas Convention Center.
And what better locale, by the way, for a convocation of gumshoes,
rent-a-cops, drug-sniffing dogs, and keystroke monitors than
surveillance-friendly Vegas, the desert home of swivel-mount
ceiling cameras and heat-packing casino muscle? If you didn't
immediately get the idea that the American Society for Industrial
Security is a heavyweight organization to be reckoned with, the
Stonehenge-size block letters dominating the lobby of the convention
center might have clued you in. Looking about as foreboding as
Stanley Kubrick's 2001 obelisk, they spell authority in four
giant letters: "A.S.I.S." As in "kick asses."
Based in Arlington, Virginia, just a brief Beltway jaunt from
the Pentagon and CIA central, ASIS is the world's largest and
oldest association for security professionals.
It boasts more than 24,000 members worldwide who are dedicated
to defending management and company assets from the teeming threats
from within and without the modern corporation. ASIS members
work for Fortune
500 companies and multinational conglomerates like Coca-Cola,
Kodak, Bechtel, Ford, and Disney, and, of course, America's élite
law-enforcement agencies and spook hives--from the FBI and Secret
Service to the CIA and NSA. According to the latest ASIS figures,
more than half of the group's members spend between US$100,000
and $5 million per year on security, much of it to set up access-control
systems and TV surveillance. When the FBI needs advice on foreign
moles in the workplace, it turns to ASIS "to expand our
understanding of industrial espionage," as FBI Director
Louis Freeh recently put it. Here in Vegas, over the course of
three days, nearly
13,000 crime stoppers, tech shoppers, and amateur gawkers
will fan out on the convention floor to swap war stories and
hawk amazing gadgets--each more diminutive and diabolically inventive
than the gizmos in the previous booth.
Oddly, it's the professionals who cover for me when my gate-crashing
fails. My table neighbor, a security-fence salesman from New
Jersey (razor wire, barbed wire, electrified wire--your complete
line of perimeter defense products), has recovered a wayward
ID badge from the floor, and it's stuffed with official meal
tickets. Mr. Perimeter Defense peels a coupon off the wad and
saves me the embarrassment of ejection from the ASIS gathering.
"Even though our business is security," he cracks,
"sometimes you gotta break the rules."
Pretty easygoing guys, these latter-day Praetorian guards.
Now imagine what would have happened if I had bombed into the
cherry-paneled boardroom of one of their Fortune 500 clients,
or if I had been an employee hell-bent on sharing a non-reciprocal
luncheon engagement with the security-conscious CEO. At best--at
best--I might have been wrestled to the ground and "pacified"
with pepper mace, taser guns, or hand-held lasers that can "flash
blind" perpetrators ("perps") for up to two minutes.
After all, business is business. (One of the door prizes in the
exhibit hall? A Browning shotgun. Leave your business card in
I had come to the ASIS conference not to breach lunch-time
security, but to feast on the latest technology guaranteed to
repel vengeful employees--the nest-feathering, profit-skimming,
paper-clip-pilfering, gold-bricking, shoplifting, ax-grinding,
monkey-wrenching malcontents. That's not to say that ASIS is
concerned exclusively with bad seeds in the workplace. Judging
from seminars with titles like "Radical Fundamentalism:
Terrorism of the Future?" and "Sue Yourself: Before
Someone Else Does," security professionals are nothing if
not diversified in their occupational apprehensions.
But hands down, the favorite statistic traded in the cavernous
exhibit hall is this one: "Eighty to ninety percent of your
business theft is internal." Among the numerous vendors
who might sound this klaxon is Mike Bolte, an engineering whiz
at Diamond Electronics Inc., which networks cash registers to
a computer server that "looks for unusual keypunching activity"
and--when it finds likely monkey business--activates surveillance
videocams at many of your Wal-Mart, J.C. Penney, and Eddie Bauer
As those venerable shamuses at the Pinkerton private-eye agency
warn, "$15 to 25 billion a year is lost to employee theft."
And those numbers climb to $170 billion a year as soon as you
stop ignoring "losses from time theft that include bogus
sick days, late arrivals, early departures, and excessive socializing
on the job." Richard Heffernan, a member and past chairman
of the ASIS committee on safeguarding proprietary information,
submits, "Fifty-eight percent of the problem of misappropriation
of information involves insiders."
The second most popular factoid bandied about by the merchants
of corporate defense is no less worrisome: computer-data trashing
and other economic sabotage is on the rise because of employee
resentment in the era of corporate "downsizing."
As one lecturer puts it, "The so-called American dream--I
don't think we have that anymore in most companies." What
we have instead are disgruntled ex-employees and soon-to-be-ex-employees
who will "steal, vandalize, spread rumors, tamper with products,
screw with your computers, and urinate in the coffee pot,"
Kvetch about Big Brother in the workplace to these guys and
they'll call your attention to the thin blue line protecting
innocent employees like you from the thin yellow line, better
known as the ol' Sanka chamber pot. "That has happened twice,"
our lecturer dutifully adds, "as far as I'm aware."
At least twice, judging from the mileage coffee-pot crime is
getting as a conversational icebreaker. That's hot factoid Number
Three, in fact, and to be sure, it was a hidden surveillance
camera that exposed one such culprit in the heinous act. This,
in case you missed it, was broadcast to the world on Hard Copy,
or so several conventioneers feel compelled to tell me.
What kind of person would stoop to such abomination? "There
are 2 million schizophrenic people in this country," our
vigilant lecturer states, resuming his theme after digressing
briefly into the realms of caffeine and purity of essence. "Not
every one of them is extreme, but you've got to be prepared."
Like most everything else, industrial security is feeling
the tidal pull of the information age. Whereas wary employers
formerly hired platoons of human watchdogs, today a whole panoply
of surveillance technology can handle the business of workplace
monitoring at a fraction of the cost. Thanks to high-speed modems,
cell phones, and ISDN lines, the boss can now tune into surveillance
video from the office on his home PC or in his car. Digital "smart-card"
keys "remember" which gateways employees have swiped
their cards through. Is Homer Simpson malingering with the doughnuts
in the break room again? Doh! Yes, according to this handy computerized
audit trail of his peregrinations throughout the building.
"You can track how long employees are in any given area,"
explains Sandra Wagner, a salesperson for Advantor Corp., manufacturer
of one such system. You can monitor them even at their computer
workstations if you have them log in with their card key. If
you really want to get fancy, in a Tom Clancy kind of way, there
are proximity readers that can vet your ID cards up to 8 feet
away, and a whole line of "biometric" devices that
can scan your retina or iris, the length of your fingers, and
even your weight, to make sure an impostor doesn't suddenly take
up residence in your cubicle.
Many modern factories now require workers to log in at their
heavy equipment "to see how long they use it," offers
Wagner's colleague, Kevin Brooks. But doesn't that fuel the kind
of employee resentment that can lead to stealing, rumor spreading,
screwing with computers, java tampering, the whole nine yards?
I ask. "You gotta do a little PR to the employees,"
Brooks explains. "Tell them it's for their protection. Say
you don't want outsiders hitting the vending machines in the
employee lounge." Brooks is no slouch when it comes to PR.
"A lot of managers don't want to install video monitors,"
he explains. "I tell them, 'Why don't you tell your employees
it's for their protection?'"
Says Richard J. Heffernan, who runs a security consulting
firm in Branford, Connecticut: "Competitive advantage--that's
how you sell security to the Roseanne crowd. You tell them that
if they want to have a job down the road," they'd better
be prepared to accept workplace security measures, including
But why don't you just hire trustworthy people in the first
place, the kind who don't require management by high-tech stakeouts?
Well, it turns out that the security professionals have got that
angle covered, too. There are dozens of consultants eager to
hit the infobahn and run down crucial data on a prospective employee's
past record--workers' comp claims, health insurance status, criminal
rap sheets, proclivity to pocket
Post-it notes, general bad attitudes, you name it. Applicants
can submit computerized evaluations via phone.
Though most "reputable" security firms shun legally
sticky psychological surveys like the classic Minnesota Multiphasic
Personal Inventory (which asks privacy-invading true/false questions
such as whether applicants are strongly attracted to members
of their own sex), they nonetheless promise to weed out the kleptos,
schizos, nutsos, "time thieves," and general chip-embedded-on-shoulder
types. A series of rapid-fire questions about a candidate's work
history gives the prospective prevaricator little time to trump
Talk about your high-octane paranoia. There's enough of it
on the show floor to keep the adrenal glands of G. Gordon Liddy,
H. Ross Perot, and Oliver Stone throbbing for weeks. You'd think
that the proletarian rabble was about to face the guillotine
first thing Monday morning--well, make that Monday afternoon,
after late arrivals and excessive socializing on the job.
To be fair, though, not everyone here is obsessed with Joe
Lunchbox as the crime wave of the future. There are plenty of
legitimate security wares that any large employer would be smart
to look into--for example, revolving door "mantraps"
equipped with metal detectors, essentially a Roach Motel for
gun-toting loners. (A squad of South American corporate-security
jocks was especially intrigued by this technology.) Then there
are the shredders and disintegrators "approved for top-secret
destruction," which have a certain harmless utility. There
are also sensible bulletproof plexiglass shields-cum-teleprompters
just like the ones Bill Clinton uses, semiautomatic pistols small
enough to holster inside a Slurpee cup, and the latest in motion-sensing
For those extra-sensitive security concerns, George Wackenhut
is on hand. Wackenhut is the founder of --not a fast-food franchise, as the
name might imply, but the global-security concern that has been
described as the CIA's favorite dirty tricks subcontractor. In
1992, a Department of Energy investigation into the illegal use
of eavesdropping equipment at plants operated by Westinghouse
and other nuclear energy contractors rooted up 147 electronic
surveillance devices. One of the devices could listen in on 200
company phones simultaneously. The company responsible for planting
many of the bugs? Wackenhut, of course, a firm with a reputation
for leaning on employee whistle-blowers.
Grand theft tempo
But we're back to employee monitoring again. All secured roads
seem to lead there, even when the concern isn't grand larceny
but those management bugaboos: "long breaks, lack of productivity
... time theft." Which is why I'm surprised to find neither
hide nor hair of electronic-mail letter openers, keystroke-monitoring
programs, or other spying paraphernalia that are becoming so
commonplace in the discipline gingerly referred to as "personnel
tracking." Apparently, these tech tools are not exotic enough
for licensed gumshoes.
But that's just the point! The fact that these technologies
have become so routine means that any manager who purchases network-operating
software is probably getting built-in snoop features. In an office
hardwired with a server-based local area network managed by software
such as Microsoft LAN Manager, a technically inclined boss or
network administrator can turn any employee workstation into
a covert surveillance post. So there's no need to call in the
big guns from Wackenhut.
A recent ad for Norton-Lambert's Close-Up/LAN software package
tempted managers to "look in on Sue's computer screen....
Sue doesn't even know you're there!" Often, however, software
makers don't even need to advertise these "remote monitoring"
capabilities, which allow network administrators to peek at an
employee's screen in real time, scan data files and e-mail at
will, tabulate keystroke speed and accuracy, overwrite passwords,
and even seize control of a remote workstation, if they find
it necessary. Products like Dynamics Corp.'s Peak & Spy;
Microcom Inc.'s LANlord; Novell Inc.'s NetWare; and Neon Software's
NetMinder not only improve communications and productivity, they
turn employees' cubicles into covert listening stations. Other
software applications count the number of
per minute, the employee's error rate, the time it takes a worker
to complete each task, and the time a person spends away from
Not surprisingly, the Orwellian potential of such technology
has privacy advocates and working stiffs a bit paranoid. But
are concerns about employee monitoring irrational? Remote monitoring
certainly happens more frequently and routinely than we tend
to think. In 1993, Macworld magazine conducted a study of CEOs
and computer-systems directors and turned up some rather unsettling
statistics. Twenty-two percent of the polled business leaders
admitted to searching employee voicemail, computer files, and
electronic mail. The larger the company, the more the snooping.
Extrapolating to the workplace at large, Macworld estimated that
as many as 20 million Americans "may be subject to electronic
monitoring through their computers (not including telephones)
on the job."
Potholes on the surveillance highway
As is often the case, the patchwork of regulations and laws
addressing such new socio-technological wrinkles aren't exactly
models of clarity. Although the US Constitution addresses privacy
in the First, Third, Fourth, Fifth, and Fourteenth amendments,
there's no amendment specifically guaranteeing it. While the
courts have ruled that employers cannot monitor their workers'
personal calls, the Electronic Communications Privacy Act of
1986 grants bosses a "business-use exception," which
allows supervisory and quality-control monitoring. Practically
speaking, that leaves a loophole big enough to fly a Stealth
In 1993, the Computer Systems Laboratory of the National Institute
of Standards and Technology issued a bulletin titled "Guidance
on the Legality of Keystroke Monitoring." The report stated
that the US Justice Department "advises that if system administrators
are conducting keystroke monitoring or anticipate the need for
such monitoring--even for the purposes of detecting intruders--they
should ensure that all system users, authorized and unauthorized,
are notified that such monitoring may be undertaken."
Still, ambiguity reigns, for the courts have yet to set a
clear precedent on the legality of keystroke monitoring.
"It gets even trickier when you look at e-mail privacy,"
says Marc Rotenberg of the Electronic Privacy Information Center
in Washington, DC. I dialed Rotenberg up several days after the
Las Vegas convention. "Employees often think that they should
have privacy in their personal electronic-mail communications,"
he explains. "But in practice, there really is no legal
safeguard within the organization."
Several years ago, e-mail privacy advocates lost an important
test case when a California judge ruled against Alana Shoars,
a former e-mail administrator at Epson America Inc. Shoars alleged
that her supervisor had printed out and read messages that employees
had been assured were private. After she discovered the managerial
snooping, Shoars was fired for insubordination, she said. The
judge dismissed the case on the grounds that state privacy statutes
make no mention of e-mail or the workplace.
The ruling has left civil libertarians glum about the future
of e-mail privacy at work. Says Lewis Maltby, who runs the ACLU's
workplace rights project, "We had the perfect set of circumstances:
we had a wonderful plaintiff, we were in California of all places,
and we had a great attorney. We lost. I don't think you're going
to see any more e-mail litigation. If we can't win that case
in California, we can't win it anywhere."
Telephone communications and e-mail have some protections
under the Electronic Communications Privacy Act, but only insofar
as they are carried out through a telco common carrier or commercial
system such as CompuServe or MCI Mail. Internal electronic mail
in the workplace is considered company property.
Stress under surveillance
Assorted studies have found links between employee monitoring
and stress--both physical and psychological. A 1990 survey of
telecommunications workers conducted by the University of Wisconsin
and the Communications Workers of America found that 43 percent
of monitored employees said they suffered a loss of feeling in
their fingers or wrists, while only 27 percent of unmonitored
workers had those symptoms. More than 83 percent of monitored
employees complained about high tension as opposed to 67 percent
of unmonitored workers. An earlier report by the Office of Technology
Assessment also concluded that monitoring "contributes to
stress and stress-related illness."
These studies are hardly news on Capitol Hill, where privacy
advocates and employee unions have been pushing for fair-monitoring
legislation since the mid-1980s. The latest attempt (1993's Privacy
for Consumers and Workers Act) expired in Washington gridlock,
a victim of the legislative coma brought on by the prospect of
health-care reform (but also dinged by the manufacturing lobby).
Privacy advocates say the bill will be back this session. It
would require employers to tell new hires that they may be monitored
via phone, computer, or e-mail. It would also force managers
to notify workers when they are being surveyed--possibly by a
beep tone or red light--and to explain how the data will be used.
"Employees have the right to dignity," submits Lawrence
Fineran of the National Association of Manufacturers, the front-line
foe of the bill. "But," he says, "the employer
certainly has a right to any kind of data generated by an employee
on an employer's time and on an employer's equipment."
"There need to be limits on how that kind of technology
is used," counters Erica Foldy, former executive director
of the Massachusetts Coalition on New Office Technology.
"We shouldn't re-create the company town," says
Gary Marx, a sociologist at the University of Colorado who has
written extensively on technologies "that can extract personal
information" and threaten privacy. Marx argues that intrusive
monitoring not only invites managerial abuse--providing cover
for illegal attempts to thwart unionizing efforts, for example--it
also elevates inequity in the workplace.
"This stuff often increases the gap between managers
and workers," he says. "If managers really believe
in monitoring, let's apply it in a more universal way and require
managers to be monitored electronically." The economic "damage
that can be done by a few corrupt or unprofessional executives
is really far greater than somebody taking a little too long
on a coffee break," he adds.
According to Marx, extractive technologies have upset another
fundamental balance in the workplace. "Traditionally, on
an assembly line, there would be a supervisor who would walk
by," he explains, "and you knew who that person was.
You also knew when he or she was there. That may have generated
some anxiety, but in fact, you could gear your behavior accordingly.
But now with the mediated and potentially unseen nature of this,
it creates a sense of fear and stress, because employees really
never know when they are being watched."
In other words, Big Bro could be tuning in any time.
The prospect of total and constant surveillance may sound
a bit like science fictional overkill, but the prototype of tomorrow's
monitoring has the potential to do just that. You can find it--or
more accurately, it can find you--at Xerox PARC in Palo Alto,
California. Security is tight at "the PARC," where,
after all, the latest edgy tech is conceived and test driven.
Yet the security here is rather primitive, and the visitor's
badge I'm wearing is, well, positively antique. It's handwritten
on paper--and this in the proving ground of the paperless office.
As I'm pondering this anachronism, I'm greeted in the lobby by
Roy Want, a pleasant chap of 33 years whose boyish features and
arched eyebrows suggest a certain capacity for mischief.
It's more than slightly ironic that Want hails from England,
the former empire that gave the world Jeremy Bentham, philosopher
of utilitarianism and author of Panopticon, or The Inspection
House. Published in 1791, Bentham's treatise described a polygonal
prison workhouse that placed the penal/industrial overseers in
a central tower with glass-walled cells radiating outward. Mirrors
placed around the central tower allowed the guards to peer into
each cell while remaining invisible to the prisoners--a concept
Bentham referred to as "universal transparency." Knowing
that they were under surveillance--but not knowing for sure whether
they were being watched at any given moment--prisoners would
theoretically be on their best behavior at all times.
More than 200 years later, Want, a computer engineer, has
essentially reinvented the Panopticon. More accurately, his brainchild,
known as the would have made Bentham proud. Want's active
badge, worn by some 50 researchers and staffers in Xerox PARC's
Computer Science Lab, is about a quarter of an inch thick and
2 inches by 2 inches square. Clipped to a shirt pocket or belt
and powered by a lithium battery, the black box emits an infrared
signal--just like a TV remote--every 15 seconds. Throughout the
computer lab at the PARC, infrared detectors are velcro-mounted
to the ceiling and networked into a Sun workstation. Because
each employee's badge emits a unique signal, Any other staffer can access that information
on his or her personal computer.
Want explains to me that he developed the hardware while working
at the Olivetti Cambridge research laboratory in England. His
initial idea was to build smart telephones that forwarded calls
automatically to the phone extension nearest a staffer at any
given moment. But since defecting to Xerox PARC and working with
a team to develop the system's "Birddog" software,
he's discovered sundry new uses for the technology, he says.
While privacy tribunes see active badges as an ominous new development
in the brave new workplace, Want and his colleagues see them
as "a double-edged sword," with the potential for both
benign and malignant uses. "If you can build the system
correctly with the appropriate privacy, encryption, and access
safeguards, then I think you've built an acceptable system."
At the PARC, management and staff have an agreement that the
technology will not be used as an authoritarian carrot and stick.
The badges are intended as tools to help staffers locate their
"friends," as one researcher puts it.
Want is eager to stress the technology's limitations and the
ease with which anyone can thwart its abuse. "At any point
in time, you can take your badge off and leave it on your desk
and go shopping if you want. You can also put it in your desk
Potential misuse of the technology is more than an academic
concern now, for Olivetti is going commercial with the badges,
marketing the gizmos to insurance companies, hospitals, and other
large institutions with an interest in the whereabouts of key
personnel or patients. About 70 researchers at two of Digital
Equipment Corporation's research labs have also given Want's
badges a trial run. Dave Redell, a researcher who has been outspoken
about the badges, has mixed thoughts. "There's a strong
feeling around a place like this that we're all colleagues,"
he says, "as opposed to having a rigid management hierarchy.
Use of the badge is completely voluntary. In other kinds of workplaces,
though, the potential for oppression is far greater. Even in
a situation where you have an official policy saying that this
is completely voluntary, it would be much easier for there to
be a lot of pressure to wear these things at all times."
Others, including the ACLU's Maltby, see active badges in more
monochrome tones. "Like rats in a maze," Maltby mutters
when I call him for a comment. "They want a pager that you
can't refuse to answer."
Ubiquitous computing über alles?
PARC researchers are understandably excited about some of
the more benign applications. As a companion piece to the badges,
Want has developed a personal digital assistant he calls the
PARCTab. About half the size of an Apple Newton, Want's palm-held
PDA sends and receives wireless data signals to another network
of infrared detectors salted throughout the building. It's part
of Xerox PARC's "ubiquitous computing" project, an
attempt to banish paper from the workplace. Want can program
his personal assistant to trade e-mail and other files with his
workstation, and he can access the Internet through his PDA anywhere
in the building (except in the bathroom).
Want sees the tabs getting thinner and lighter. Each of us
would have dozens scattered around the office, in the car, and
at home. Detector "cells will start appearing in public
places or the home," he says. "The device will tell
you where you are, wherever you are."
Of course, it might also tell them where you are. Surely,
that's a concept that's hardly foreign to wired world citizens.
Cell phones made it possible for LA's finest to triangulate on
O.J. Simpson during his slo-mo odyssey along the Disneyland freeway.
And any time you use a credit card or make a long-distance phone
call, you're essentially leaving a trail of virtual bread crumbs
for the telcos, Visa, and law enforcers.
"There are always these trade-offs between what's useful
and what could be done to us," says Want from the belly
of the kinder, gentler Panopticon. "The benefits to be had
are so great; we just have to be sure that the people who are
in control respect our privacy."
I keep thinking of what the block-shouldered gumshoe from
one of the major security firms told me in Vegas. Are there certain
technologies and techniques that you guys aren't showing me?
I asked. "Some things," he said, shaking his head at
the naïveté of my query, "we aren't gonna broadcast
here in public."