The Facebook conundrum
OUT-LAW Radio, 30/08/2007
We ask why half of employees are now blocked from Facebook, how
the site can cause companies trouble and why users are making
friends with a frog.
A text transcription follows.
This transcript is for anyone with a hearing impairment or who
for any other reason cannot listen to the MP3 audio file.
The following is the text spoken by OUT-LAW journalist Matthew
Magee.
Hello and welcome to OUT-LAW Radio, the weekly podcast that
keeps you up to date on all the twists and turns in the world of
technology law.
Every week we bring you the latest news and in-depth features
that help you to make sense of the ever‑changing laws that govern
technology today.
My name is Matthew Magee, and this week we tread warily onto the
battleground that is Facebook at work. Half of employees are banned
from it; others use it to slag off customers, while others
gleefully accept friend requests from invented frogs. We
investigate the mess.
But first, the news:
- Northern Irish iPhone busters face silicone valley law suit;
and
- Sony accused of causing second security flaw.
A Northern Ireland company that claims it can make Apple's
iPhone work on any mobile network in the world says that it has
shelved its proposed solution after receiving a threatening phone
call in the middle of the night from a Silicon Valley law firm.
Belfast-based UniquePhones sells unlocking technology for
hundreds of mobile phone models, so that any SIM card will operate
in any mobile phone. US Telco AT&T has a two year agreement
with Apple to act as the exclusive network in the US for iPhone
users and UniquePhones' solution could threaten that deal.
According to UniquePhones, it received a telephone call from a
California law firm at 2:55 am on the day that it had planned
to make the iPhone technology available for sale.
"After saying they were phoning on behalf of AT&T, said the
company, the law firm presented issues such as copyright
infringement and illegal software dissemination. UniquePhones is
taking legal advice to ascertain whether AT&T was sending a
warning shot or directly threatening legal action" said the
company.
John Salmon, a Technology Lawyer with Pinsent Masons, the law
firm behind OUT-LAW, said that unlocking your own iPhone is likely
to be lawful under European law, but that sharing the solution with
others is probably not.
Sony technology is being accused for the second time of opening
up users' computers to possible hacks without their knowledge or
permission. Security researchers claim that Sony memory stick
software could be dangerous.
Record label Sony BMG caused outrage in 2005 when digital rights
management technology included on audio CDs installed so called
rootkit software on users' computers. The software created a
security vulnerability and was hidden in a way that made its
removal difficult for users.
Security companies F-Secure and McAfee now claim that software
installed by a Sony memory stick and fingerprint reader called
MicroVault causes similar problems, installing itself secretly at
the heart of a computer's operating system and offering worms or
viruses a potential hiding place from anti‑virus software.
That was this week's OUT-LAW news
The latest workplace struggle has everything: high technology,
low malice, discord over work/life balance and endless pictures of
people's cats. Prepare the barricades: it is revolt time, and all
over social networking phenomenon Facebook.
It emerged this week that half of employees are now barred from
the site, whose use by employees has been accused of everything
from security naiveté to reputational assassination, from near
criminal procrastination to plain stupidity.
Workers, meanwhile, claim that they are chained to their desks
for so long that they need some kind of outlet for light relief,
and that their Facebook tinkering is as close to a social life as
they can now manage.
It was information security company Sophos which discovered that
half of employees are now barred from using Facebook at work. That
company’s Carole Theriault explained its research.
Carole Theriault: So what we decide to do is on
our website we ask the question of whether or not you as an
organisation block Facebook? What came back was about 50% of the
organisations said that yes they did.
So what are the problems with Facebook, why do employers want to
ban it? Theriault says that, when improperly used, the site can
cause problems with productivity and with security.
Carole Theriault: Not everyone in your company
is necessarily the best spokesperson for that company. Some
companies, for instance, might be worried about their reputation
going into disrepute if alongside an employee saying I work at this
particular company with pictures of her weekend hen parties, for
example. Companies are worried about their reputation and they are
also worried about passwords. You have to understand that 40% of
people use the same password everywhere. So if it is the name of
their cat or the name of their street and they of course on
Facebook put their full address and all the pictures of their
animals etc, it might be very easy for someone to steal that
information and that in fact might be their password for their
network for their desktop computer at work.
Catherine Barker is an Employment Law Specialist with Pinsent
Masons, the law firm behind OUT‑LAW. She says that the security
risks can be serious.
Catherine Barker: I can understand why so many
employers have decided to block the social networking websites such
as Facebook because there would seem to be absolutely no business
need for employees to access them. I think that with the social
networking websites there is the temptation for employees to share
information that could potentially bring their employer into
disrepute or also that their employer could be vicariously liable
for and I think that if you are on these sites during your working
time the temptation would be to talk about work matters, so that is
obviously a big risk for the employer.
Employers have to keep up, and it can be hard. Social networking
is a pretty generationally specific phenomenon. Senior managers
with responsibility for a firm's computer use policies can be
understandably bamboozled. John Wood, New Media Officer of the
Trade Union representative body the TUC explained what some of the
common reactions have been so far.
John Wood: Some employers are panicking and
banning it outright that we think might be an overreaction in a lot
of circumstances and another reaction to it seems to be is kind of
employers who are sticking their fingers in their ears and humming
as loud as they can and hoping that they will not have any problems
with it. We think it is better in both cases just to sit down
sensibly with staff, work out a sustainable policy.
Companies have a few options in dealing with problematic use.
They can ban the site altogether, but then they risk chasing every
new fad all over the internet, banning domain after domain in a
desperate trend following funk.
Dedicated OUT-LAW radio listeners will remember that we recently
revealed that employers could have a good claim to ownership of
their staff's Facebook profiles, if they are created in work time.
That would give companies some potentially useful rights.
Far simpler though is the updating of existing email and
internet usage policies. Barker and Theriault agree.
Carole Theriault: Have your internet and email
usage policy to be as comprehensive as possible, clearly setting
out what the boundaries are. What times these sites can be
accessed, when they cannot be accessed, what you can and cannot put
on these external websites about your company or anything that
would identify you as an employee of the company. A carefully
drafted policy and making sure that everyone is aware of it is
absolutely essential and also the policy should say that any
breaches of it would be a disciplinary offence and set out the
potential disciplinary sanctions that there would be for breaching
that policy so no one can be in any doubt about and complain at a
later stage.
Catherine Barker: I do not think it is
necessarily a problem that companies allow Facebook I think it is a
problem if you allow Facebook without giving any guidelines as to
how to use it. It is wrong to say not to block these things and not
give any guidance but then get upset because people according to
the powers that be, wasting time on Facebook. People need to know
and have guidance from their employers as to what is allowed and
what is not allowed.”
Woods state that the fundamental problem is understandable in
today's working conditions, and that it is as old as the hills
where nothing changes but the technology.
John Wood: People have been using the internet
to conduct their social lives through email before that they were
using personal use of the phones to conduct their social lives
which a lot of employers agreed to allow their staff during their
desk free time at work, during lunch breaks and break times. This
is not enormously different. The issue is that people are working
longer and longer hours over recent years and it leaves them pretty
little time to conduct a lot of their personal lives and a lot of
employers are quite happy with people using the phone or using
email or doing their online shopping when they need to as a way in
which they can mix together their work and their personal lives,
providing they are doing sensibly and in their own time at work and
they are not causing any problems for the employer.
Employees will plead for leeway and understanding, but to get it
they probably need to demonstrate some more care when using the
site. Sophos tested out how freely people were prepared to give up
their most personal details. The results were not good.
Carole Theriault: So here at Sophos actually,
we actually try to see how many friends we could make with
inanimate objects. So we created a little green plastic frog that
we called Freddy Staur, which is actually an anagram for ID
Fraudster and we put him up on Facebook and then tried to make
friends with 300 random people. Of all those people 40% of them
actually said yes I will be your friend and we were able to see
personal details and their profiles such as date of birth, email
address, phone numbers, mobile phone numbers, addresses and so on.
So people need to be very careful with who they make friends with
because obviously they can get access to all this set of personal
information.
Companies have already started taking action against employees
and ex‑employees over work related content published on the sites,
but Barker said that in order to take action, companies must first
have made it absolutely clear to employees that they are not
allowed to do certain things. Taking action without a warning or
policy could lead to acrimony, disputes and possible payouts.
Catherine Barker: I think in those
circumstances an employee might be able to argue that it was an
unfair dismissal because they were not aware of the policy or that
their actions were potentially misconduct and if they are not aware
of it then potentially that could lead to an unfair dismissal
finding.
That is all we have time for this week.
Catherine Barker mentioned in today's edition that the law
relating to monitoring employees is complicated, and indeed it is.
Anyone who wants to be guided through that legal maze can register
now for a free OUT-LAW seminar on exactly that topic, to be run in
mid to late November all over the UK. See OUT-LAW.COM for more details, in the
meantime, thanks for listening, and make sure you tune in next
week; goodbye.
OUT-LAW Radio was produced and presented by Matthew
Magee for international law firm Pinsent Masons.
