Employee Privacy – Sensors in the Office and an Automatic Mouse Mover
02-06-2021 | By Robin Mitchell
As employees make their way back into offices, some are concerned about introducing sensors and monitoring systems to track employee movements. Others have turned to ingenious ways to fight for employee privacy. Why are sensors being introduced into the workplace, how will such sensors impact employee privacy, and should sensors be integrated into such environments?
COVID, Fear, and Sensor Technology
There is no doubt that the COVID pandemic has had a major impact globally; lockdowns have seen many businesses close down, countries closing their borders has prevented the flow of work and commerce, and the inability to leave home has seen most of the workforce work from home. But now that vaccines are being rolled out, along with falling infection rates, society is already starting to return back to normal, and for some, this means back to the office place.
However, the fear of COVID returning is seeing some workplaces turn to sensor technologies to try and control the further spread of COVID. For example, motion sensors fitted into corridors can reveal the amount of traffic that the corridor receives, while motion sensors placed at employee desks can give companies an idea of desk utilization. In addition, facial recognition systems can be used to track employees specifically, and such data can be used to trace those who may have made contact with each other.
As such, engineers can expect IoT devices to play a critical role in future and present pandemics with their ability to gather data in discrete locations wirelessly. But, should such sensors be installed, and is it mostly driven by fear?
Eroding Employee Privacy
While large banks such as JPMorgan and Goldman Sachs continue with their integration of IoT technologies into offices, there are some that are concerned with the use of such sensors. While these sensors can be used to help contain the spread of COVID, they can also be used to invade privacy with one bank employee specifically stating that the use of tracking systems “feels a little personal”.
The response from the industry and consultants has essentially been “get over it and accept that the office needs sensors”, but this should ring alarm bells to anyone who understands the many privacy concerns that IoT presents. So before we look into why the use of such tracking systems may be a danger to privacy we should first start with a famous line from Benjamin Franklin:
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
While said several hundred years ago, the statement still holds true and is very applicable to the world of privacy and IoT. Simply put, sacrificing personal privacy and data protection for the sake of having an IoT device that may prevent a few additional COVID cases could have major ramifications across the industry as a whole.
Without going into too much detail, the implementation of sensors in the workplace presents multiple privacy and security issues. To start, constantly monitoring employee movements, even in a privately owned space, is unethical, and can lead to unfair treatment and/or dismissal. Secondly, tracking employee movements can potentially reveal private information (such as the number of bathroom trips), which the employee may want to keep private.
Thirdly, tracking employee movements for the sake of COVID monitoring could eventually fall into the realm of performance tracking. Regardless of what an employer may feel, if their employee has performed all the duties required of them, it should not matter how often they use their desk or spend time drinking coffee. A good analogy of this is with contract workers:
If a contractor claims a job will take 5 days but finishes it in 7 days, they are still paid the same amount. However, if that same contractor did the same job in only 3, you cannot expect a discount for the work.
Fourthly, using such tracking systems and facial recognition systems could potentially expose private data to outside attackers. By storing images of people, their patterns, and behaviours, an attacker can easily exploit this to attack both employees and the company. For example, by knowing when employees leave their desk, an attacker could use that time to gain entry into a secure system.
Fifthly, the mass deployment of sensors and IoT devices in the workplace provides multiple points of network entry to hackers. The vast number of insecure IoT devices on the market using default passwords and no encryption provides an outside attacker with a high degree of probability of a successful attack.
Fighting Back Against Privacy Invasion
Deploying sensors and monitoring systems in the workplace has its own ethical concerns, but deploying such technology in the home for those working remotely is undoubtedly unjustified. In addition, the large amount of employees forced to work from home has managers concerned about employees not working as expected for the number of hours they are contracted to. As a result, monitoring systems that can determine how long computers are inactive, or how long a homeworker spends in their home office, are becoming more popular. But these come with the same challenges presented by IoT devices; lack of privacy, potential leaking of private data, and erosion of work/life boundaries.
If employers do not start to consider the rights of their employees regarding privacy, they may find that the very technology used to provide proof of work and track employees could be used against them. For example, one Scottish man in the UK has launched a new product called the Wee Shoogle. Simply put, this device holds a user’s mouse and rotates it using varied patterns. By doing this, tracking software is fooled into thinking that someone is using the computer and therefore will register an active user. As such, employees can utilize the Wee Shoogle as a metaphoric ‘middle finger’ to those who want to track their movements, computer usage, and time spent working.
Read More