By MICHAEL J. MCCARTHY
Staff Reporter of
THE
WALL STREET JOURNAL
The American workplace has been put on notice that office computers can be monitored. But who could have imagined the keystroke cops?
In a new threat to personal privacy on the job, some companies have begun using surveillance software that covertly monitors and records each keystroke an employee makes: every letter, every comma, every revision, every flick of the fingertip, regardless of whether the data is ever saved in a file or transmitted over a corporate computer network. As they harvest those bits and bytes, the new programs, priced at as little as $99, give employers access to workers' unvarnished thoughts -- and the potential to use that information for their own ends.
Say you draft a rant to the boss or a client, and then, thinking better of it, delete the whole thing. Too late. One by one, all the keystrokes have been sucked up and stored on your computer's hard drive or sent as e-mail that a computer-system administrator or manager can retrieve at his convenience.
Aspiring Aviator
Last December, Poplar Grove Airport in northern Illinois suspected that one of its employees might be running a business of his own from his office PC. So the privately run airport bought a "keystroke logger" called Silent Watch and a license permitting it to install the program on six of the airport's computers. Along the way, however, the electronic stakeout snared some other workers.
Describing her career ambitions, a young office worker seemed to have no clue her employer could delve so deeply into her computer. Soon after arriving at her desk on Christmas Eve morning -- at 9:24:09, to be precise-she poured out her soul on a blank page of Microsoft Word.
"I plan to obtain flight time by instructing and/or flying commuter planes," she wrote. She then backspaced over "planes," and substituted "jets." As she tapped away, it became apparent she was drafting a scholarship application for a flight-science program at Western Michigan University. "I know this is the career I want to pursue and the moen" -- she backspaced over the "en"-and typed "ney."
After correcting that typo, according to the airport's keystroke log, she stopped again, backspaced over the word "money" and changed it to "scholarship." So the sentence then began, "I know this is the career I want to pursue and the scholarship I would receive ..."
This wasn't an e-mail or a document she sent over the company's network. It was a work in progress, a draft, reconstructed letter by letter, typos and all.
"We used to tell our people we could monitor everything -- even before we really could -- just as a deterrent," says Chris Pauli, the airport's computer-system administrator. "Now we really can."
"When else can you peer into someone's raw thought process?" asks Peter A. Steinmeyer, a lawyer at Epstein Becker & Green in Chicago who has studied Internet and privacy issues and who represents management clients. Nonetheless, he says, while an employee may try to argue that he reasonably expected his "draft" thoughts to remain his own, courts have consistently held that communications written on company-provided computers aren't private under current law.
Prominent Customers
"There's no legal qualm about it," says Richard Eaton, who wrote and now sells a keystroke-capturing program called Investigator. "There may be an ethical one."
Mr. Eaton says his company, WinWhatWhere Corp., Kennewick, Wash., has sold more than 5,000 Investigator software licenses since the product was launched in August 1998. Customers, he adds, include Exxon Mobil Corp., Delta Air Lines and Ernst & Young LLP. Lockheed Martin Corp. says it is considering using the software for "ethics investigations."
For all its sleuthing capabilities, Investigator is nothing more than a shiny silver CD-ROM that costs $99 or less with volume discounts. Mr. Eaton, who developed the program, burns the CDs right in his home, which is also company headquarters.
"At first, I thought it was controversial," says the 47-year-old entrepreneur, who sports close-cropped hair and a diamond-stud earring. "Slimy," he adds.
The keystroke tracker evolved from a program he had been selling to help companies measure how much time computer users were spending on various projects. But after clients kept asking for keystroke surveillance, he says, "I saw there is a legitimate security need for it."
The keystroke software is part of a new "offline" workplace battle. Many companies are concluding that they may be missing computer mischief that doesn't involve the Internet or the corporate network, both of which they can monitor. Right at their desktop PCs, employees could be copying sales leads or pornography to or from disks or CD-ROMs, or downloading bookkeeping software to run their own businesses -- all of which could elude conventional surveillance methods.
But some uses are strictly personal. Many people have bought the Investigator program, Mr. Eaton says, to run down suspicions that their spouses are being unfaithful in Internet chat rooms. They simply download the software, then later see exactly what their partners were typing. One mother ordered it to check on her teenage children's computer use while she was away on vacation.
Covert by Design
The Investigator program is designed to be covert. It doesn't show up as an icon on the screen, and is hard to find among computer files even when someone specifically searches for it. It is usually installed on a worker's computer after hours, but it can also be disguised in an e-mail attachment for an unsuspecting employee to download as an "upgrade."
Recently, however, Mr. Eaton has added an onscreen notice, informing the user that the PC could be monitored -- an alert a systems manager can choose to have automatically displayed or not. "If your purpose is to humiliate them, then don't tell them," Mr. Eaton says. "If you want to stop abuse, tell them. Usually the threat alone is enough."
Once Investigator is installed, the computer manager can choose "alert" words like "boss" or "union" or specific names. Then any time they appear in the text of an e-mail, note or memo, those documents will be automatically e-mailed over a company's computer network to the employee's supervisor or other designee. (On a stand-alone computer, the document would have to be retrieved directly from the hard drive.)
On the WinWhatWhere Web site's "We Get Mail" section is an e-mail from Michael Nogrady, a computer technician. "Maybe someday you will be ashamed," he writes. "Who knows, some people will do anything for a dollar. I am not saying this to be cruel, just asking if you have looked at this program morally."
Says Mr. Eaton, "I don't want to violate privacy -- I like my privacy. But I don't want to be in a position of deciding who gets it and who doesn't."
Customers generally don't have much to say about Investigator. Exxon says it has a long-standing policy of not discussing products it uses, lest it seem like an endorsement. Accounting firm Ernst & Young confirms that it uses Investigator, but won't say how widely or for what purpose. A spokesman for Delta says the airline's information-technology division bought one copy of the software last year and used it for internal testing "in one tiny area" of the division. "We decided it's not something we want to pursue. It died a pretty quick death," the spokesman says. "We don't want to be a police agency."
While Mr. Eaton insists Investigator poses no legal problems, he says his lawyer suggested he include a disclaimer in the licensing agreement: "Any use of this software in conjunction with any hardware, device or apparatus to surreptitiously intercept wire, oral or electronic communications may violate state and federal laws."
Mr. Eaton refuses to discuss the specifics of how the software intercepts keystrokes, and does so even before they reach the author's screen. He does say, however, that Investigator is hooked into the system before something called the "keyboard driver."
When a key is depressed, that action alone doesn't create the corresponding letter on the monitor. Rather, pressing the "A" key, say, causes a slight surge in the electrical current in a circuit board below. Within 0.2 millisecond, a processor embedded in the keyboard begins to generate a "scan code" for that key. It is then sent to the keyboard driver, which translates it and tells the monitor to display an "A." This roundabout route allows for keyboards with foreign alphabets.
For sleuthing purposes, the fraction the route requires is time enough to intercept the codes as they travel between the keys and the monitor. The tiny time lag is important because sophisticated hackers sometimes encrypt messages to outwit computer-system administrators. Investigator, though, merely captures each keystroke before it can be encoded.
A similar alphabetic interchange underlay last December's intrigue at Poplar Grove Airport. About six months earlier, the airport and an affiliate, Emery Air Charter Inc., in nearby Rockford, Ill., had hired a programmer to design Web sites and work on special projects for both companies at a salary of about $50,000. Both businesses, which have about 120 workers combined, were growing rapidly, building hangars for private pilots, running charter flights and offering refueling and other aviation services.
But for weeks, says Steve Thomas, the 47-year-old chief executive and owner of both businesses, their programmer was missing in action. He disappeared into his office and produced almost nothing. Mr. Pauli, the chief financial officer who doubles as system administrator, would stop by to check on him. But Mr. Pauli says the man "would always blank off his screen so I couldn't see what he was doing."
When pressed, they say, the man was vague about his progress. "He was always busy, and we couldn't tell on what," says Mr. Pauli, 30. "But I could see he was storing things on a CD-ROM."
Worried the man might be "trying to pirate some of our strategies and secrets," Mr. Pauli says, he and Mr. Thomas huddled. "We couldn't tap the phones -- it's illegal. We explored a camera to videotape him," Mr. Thomas recalls.
One surveillance camera they looked at cost $3,500. But they couldn't figure out how to position it to get good computer-screen resolution or how to conceal it. Besides, Mr. Thomas adds, "we weren't certain about the legality."
Then Mr. Pauli went on the Internet and found the maker of Silent Watch. Adavi Inc., Dunkirk, Md., says it has sold more than 1,000 copies of the $159 monitoring program, which it started marketing last July. Aside from keystroke logging, the desktop-monitoring software can be programmed to send to a manager's screen via e-mail a replica of precisely what is on an employee's screen at any given moment -- text, graphics and all. Adavi says it has big corporate clients, but that they are adamant in their refusal to be identified.
A Sting Operation
Shelling out $237 for six licenses to Silent Watch -- "very affordable," says Mr. Pauli -- he installed the software on the computer of the mysterious programmer and on five others. In no time, the keystroke logs revealed the man was making repeated visits to pornographic Web sites, and sending and receiving numerous sexually explicit e-mails, which he channeled through Internet mail servers outside the airport's scrutiny.
"We were relieved our business wasn't being compromised," says Mr. Thomas, but the programmer had to be confronted, and fired. Messrs. Thomas and Pauli planned a sting. After monitoring the keystroke log for several days, they say, they could see he routinely visited the "inappropriate" sites early in the day.
So early one morning in late December, they prepared to swoop. As Mr. Pauli watched the keystrokes spit out on the Toshiba laptop computer in the CEO's office, Mr. Thomas grabbed a manila folder and posted himself outside the closed door of the man's office, just down the hall. When Mr. Pauli was certain the man had a pornographic page on display, he gave the CEO the high sign, and Mr. Thomas flung the door open. He says the man rapidly opened another screen to cover the window he had been viewing.
After asking him what he was working on, Mr. Thomas says he insisted the man show him what was behind the window "maximized" on his screen. After objecting, the man finally complied, and Mr. Thomas says, he saw something he will only describe as "raunchy."
Mr. Thomas then launched into a dressing-down. "I have whole logs here," he recalls saying, thrusting out the folder, which was filled with printouts. "We don't pay you for that. You don't work here anymore. Get your things, and get off the property," he remembers telling the programmer, whom he refuses to identify, but who he says appeared stunned. "His jaw dropped," Mr. Thomas says.
A Fax Dismissed
A few days later, he says, the airport got a fax from the man that threatened legal retaliation. "We talked about it, and then ignored it," Mr. Thomas says. "We never heard from him again."
Since then, the company has acquired an additional 19 licenses for Silent Watch. Mr. Pauli says he uses them mostly to trouble-shoot computer glitches. With them, he adds, he discovered that some employees were downloading a video game called Mercenary during their weekend work shifts. "I printed out the installing logs, and then showed them to their immediate supervisors," he says. "There hasn't been a problem since."
Mr. Pauli says he generally is using Silent Watch to keep an eye on computer misuse that hurts productivity, adding, "I don't care if they type personal letters."
Neither does the software. A couple of days after December's sting operation, Silent Watch was soaking up the scholarship plea of the office worker, who the company declines to name but who it says received a verbal reprimand for doing personal chores on company time. "In addition to taking lessons," her note said at one point, "I worked at an airport to learn the 'behind the scenes' " -- she then backspaced over that, changing it to say "to learn the other aspects of aviation besides flying."