Is Your Boss(ware) Watching?
With more workers clocking in from home than ever before, employers have switched on monitoring systems to ensure that productivity continues apace. In a June 2020 Gartner study 26 percent of HR leaders confessed to using software or technology to track remote workers since the outset of the pandemic—up from 16 percent in April. More recently, one in five companies admitted to watching remote workers without their knowing.
Productivity tracking software or “bossware” is nothing new, and many major companies already use this technology, but the pandemic brought it into the home environment at greater scale, raising red flags for privacy experts. Whether at home or in the traditional workplace place, some programs involve the participation of the worker and require their consent to be monitored while others operate more like “stalkerware” and are invisible to those being watched.
Once installed, bossware can track anything from employee emails, employee travel or movement, and work computer usage. Some apps can take screenshots of worker computers, and conduct keystroke logging to register whether employees are staying on task.
It’s not just about watching the clock, however. In addition to productivity monitoring, these services have additional benefits and functions, such as monitoring data security for remote workers, guarding against the theft of intellectual property, providing encrypted communication channels or platforms, and logkeeping and other tools that assist with regulatory compliance.
Companies undoubtedly have a right to protect their information security and intellectual security—as long as you are using company devices and you have consented to the surveillance, it would seem as though the use of bossware is fair game. But if you’re talking about your company monitoring you on your own personal laptop, tablet or phone on your home network that should be a different story.
One concern would be how this gathered data would then be used—could you guarantee it is only for security or productivity purposes? Is the data held safely on the other end? For instance, if your keystrokes are being monitored and you are entering in passwords, can you be sure that these are secured by the surveillance software and those monitoring it? (Indeed, some bossware specifically advertises its ability to capture workers’ passwords in order to provide access to private messages.)
What if screenshots are collected and also happen to capture sensitive data? Where is it stored and for how long? Do you have access to your own data once it is captured? If you have no idea you are being monitored how could you possibly be assured of this?
What’s more, if you are on your own device and it’s being monitored by your company, when workers are in their home environment using their devices for many different tasks and functions, how might there be limits placed on what is monitored and what isn’t?
What if the worker makes an offensive comment on a chat on a video game? What if their personal beliefs or relationships are not in line with company culture? What if they reveal health information that could put their job security at risk? When are these data points get used against you, and who decides which ones are reasonable?
We might also look at this issue as a matter of context. Industry norms, for instance, might play a role. So for some jobs such as in law enforcement you may sign something at onboarding to uphold certain standards of behavior even when off the clock. An employer holding you accountable to those standards in a remote work environment is completely reasonable. Or an Instacart shopper who is expected with a delivery but can no longer be tracked because they have turned off their phone. Those are reasonable bossware-observed breaches of conduct.
Now if the bossware uses predictive analytics to anticipate wrongdoing—for instance, you visit a website that is deemed inappropriate—and on this basis your human resources department has flagged you as a risk and your employer decides to deny your promotion, that could trigger legal ramifications. You have not actually done anything wrong, and this judgment was purely hypothetical.
What if they combine their own observations with employee data that was purchased from other sources to build a more complete profile on which to make human resources decisions—again, completely outside of your job performance? Or what if another family member borrows your device? Are you going to be judged on the basis of their online behaviors? The scenarios are endless and endlessly problematic.
Though it’s arguably not ethical, using bossware on workers’ own devices at home is still legal as of this moment—and with many analysts predicting a future of remote or at the very least hybrid work for many sectors, bossware is likely here to stay. It will be interesting to see how individuals and privacy advocates push for better protections in the coming months and years, and how our regulations and laws can keep employers from intruding too heavily into the home lives of their workers.