It is a relatively mild scene in a documentary about the sexual predator who helped transform American politics. Back when he ran Fox News, Roger Ailes bought up his hometown paper, and in Divide and Conquer—now in theaters—the Putnam County News and Recorder’s former copy editor describes what happened to her after she eventually quit the job. In the next few days, people she had messaged privately about Ailes on Facebook began finding out that he was looking into them. One even received a phone call: “This is Roger Ailes, and I hear you’ve been making threats about me.” Ailes then quoted the friends’ Facebook conversation, verbatim. In her interview with Divide and Conquer, the copy editor was clearly still shaken by the experience: “It was really terrifying—this feeling that there are really powerful people who live five minutes from me that are out to destroy me and my life.”
But business owners would not need much money or influence to follow in Ailes’ footsteps. At thousands of organizations across the country, the requisite software is already installed on every computer. There are dozens of options for so-called employee-monitoring software, and they are cheap, legal, and incredibly sophisticated. Some let employers watch people through their webcams. Others track cellphone locations. Others, like Veriato 360 and Teramind, give employers the ability to get alerts whenever an employee visits a certain website, types a certain phrase, or sees a certain word appear on her screen. From there, the surveiller can look back at that point in time and watch a video of the employee’s screen alongside a record of what she was typing. If the boss wants, Veriato 360 lets her exclude passwords from these keystrokes that get logged, but it is only an option. If the Putnam County copy editor accessed Facebook on a work computer just once, it would have taken Ailes only a minute to look up a time she accessed the site and see the password she entered.
But Ailes’ terrorizing was not only easy to emulate—it was more or less legal. Employment contracts often include a clause that says something like, “By signing here, you acknowledge that your computer and internet usage will be monitored.” Ifeoma Ajunwa, a legal scholar who is a leading expert on privacy in the workplace, tells me that it is an open question whether such a clause is even necessary for employers to be able to legally install and operate monitoring software on technology that the business owns. But if there is such a clause, all rights to privacy are abolished, and passwords are no exception. Companies have no obligation to elaborate on what that monitoring consists of, and it is common for workplace-surveillance-software makers to advertise that their products can be installed without anyone ever knowing they are there.
So Ailes almost certainly got her password legally. What about when he used it to log in to her account and look through her messages? This is less clear. Ajunwa tells me that on the one hand, unauthorized access to the account would be illegal (and any shared access violates Facebook’s terms of service), but on the other hand, workers often “authorize” their bosses to log in to their Facebook accounts. Bosses “requesting” or demanding the social media passwords of employees and job applicants has become common enough that the ACLU launched a campaign to get the practice outlawed, and a couple dozen states have done so. Ailes’ home state of New York, however, is not one of them. Ajunwa says that if the Putnam County News contract included a clause such as “I acknowledge that my social media accounts will be monitored,” a judge might accept that as authorization to log in.
Right now, the law places essentially zero limitations on employers’ ability to gather sensitive information about their workers. Of course, once they have that sensitive information, there are innumerable laws mandating how they can use it, but that misses the point. No matter what the law says, when given the opportunity to abuse their power, many people take it. Employee-monitoring software creates countless opportunities for abuse, with a degree of secrecy that, in many cases, makes it inherently difficult for the wrongdoer to be caught.
There are perfectly good reasons someone would buy this software, beyond megalomania, lechery, or even desire for profit. For instance, a company might turn to it because the law actually requires that businesses take proactive steps to making sure their employees do not misuse certain sorts of customer data, like patient information and credit card numbers. I talked to an executive of a 50-person health care company who bought the software for that purpose as well as a few tech contractors paid to implement it for various clients. While no one had horror stories comparable to the copy editor’s, I gathered two main lessons from the conversations. First, while people purchase the software for plenty of reasons, once it is there, they find other uses for it. Some tyrants are born; some tyrants are made. Second, people’s personal lives always show up on their work computers. They text their lovers. They Google problems that are on their mind. A surprising number send nudes.
When a boss has a vested interest in that personal life, the combination of these two facts can be explosive: One contractor told me about a job where he installed Veriato on employees’ computers at 4 a.m. so a CEO could investigate intellectual property theft, only for the CEO to then discover that his son-in-law, who also worked for him, was coordinating meetups with his mistress through Yahoo Chess. If it had been another employee cheating, he probably would have ignored these intimate secrets. Or maybe not.
If we have learned anything from all the revelations of what men like Roger Ailes have done, the degree of interest many bosses take in their employees’ private lives is downright criminal. Sexual harassment is a critical example of how this access to private information can be abused. It is no coincidence that the most prominent lawsuit about monitoring software in the legal literature has sexual undertones. In that case, a woman alleged that her supervisor made a creepy joke to her, in the process admitting that he had used the company’s GPS tracking app to watch her location after work. She uninstalled it, and he fired her, according to the 2015 complaint.
However, harassment is just one avenue for abuse among many, and it is a particularly easy one for workers to spot. The ability for employers to receive alerts whenever specific words—any specific words—are typed or even just appear on the screen is a power that has implications for everything from disability protections to organized labor. And in a market full of competitors, developers have little incentive to leave a feature out—little incentive to make anything hard to do.
You can see this for yourself: A demo of Teramind is available here. For instance, Teramind lets employers receive alerts whenever people visit a website of a certain category, and the categories one can alert on include everything from canoeing to dermatology. Celebrity gossip. Job search. Resume writing. LGBTQ. Cancer. Depression. Abortion. Substance Abuse. Divorce support. Abuse support. AIDS/HIV. Islam. Pregnancy.
Of course, it is illegal to fire someone for being or trying to become pregnant. However, employers can walk right up to that line, with nothing to restrict them besides their own conscience and their fear of being caught. But would they be caught? Would anyone even suspect what had really happened? With almost no one noticing, our bosses have recently acquired a monstrous new power. Roger Ailes will not be the only monster to misuse it.
