A text transcription follows.
This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.
The following is the text spoken by OUT-LAW journalist Matthew Magee.
Hello and welcome to OUT-LAW Radio, the weekly podcast that keeps you up to date on all the twists and turns in the world of technology law.
Every week we bring you the latest news and in-depth features that help you to make sense of the ever‑changing laws that govern technology today.
My name is Matthew Magee, and this week we tread warily onto the battleground that is Facebook at work. Half of employees are banned from it; others use it to slag off customers, while others gleefully accept friend requests from invented frogs. We investigate the mess.
But first, the news:
- Northern Irish iPhone busters face silicone valley law suit; and
- Sony accused of causing second security flaw.
A Northern Ireland company that claims it can make Apple's iPhone work on any mobile network in the world says that it has shelved its proposed solution after receiving a threatening phone call in the middle of the night from a Silicon Valley law firm.
Belfast-based UniquePhones sells unlocking technology for hundreds of mobile phone models, so that any SIM card will operate in any mobile phone. US Telco AT&T has a two year agreement with Apple to act as the exclusive network in the US for iPhone users and UniquePhones' solution could threaten that deal.
According to UniquePhones, it received a telephone call from a California law firm at 2:55 am on the day that it had planned to make the iPhone technology available for sale.
"After saying they were phoning on behalf of AT&T, said the company, the law firm presented issues such as copyright infringement and illegal software dissemination. UniquePhones is taking legal advice to ascertain whether AT&T was sending a warning shot or directly threatening legal action" said the company.
John Salmon, a Technology Lawyer with Pinsent Masons, the law firm behind OUT-LAW, said that unlocking your own iPhone is likely to be lawful under European law, but that sharing the solution with others is probably not.
Sony technology is being accused for the second time of opening up users' computers to possible hacks without their knowledge or permission. Security researchers claim that Sony memory stick software could be dangerous.
Record label Sony BMG caused outrage in 2005 when digital rights management technology included on audio CDs installed so called rootkit software on users' computers. The software created a security vulnerability and was hidden in a way that made its removal difficult for users.
Security companies F-Secure and McAfee now claim that software installed by a Sony memory stick and fingerprint reader called MicroVault causes similar problems, installing itself secretly at the heart of a computer's operating system and offering worms or viruses a potential hiding place from anti‑virus software.
That was this week's OUT-LAW news
The latest workplace struggle has everything: high technology, low malice, discord over work/life balance and endless pictures of people's cats. Prepare the barricades: it is revolt time, and all over social networking phenomenon Facebook.
It emerged this week that half of employees are now barred from the site, whose use by employees has been accused of everything from security naiveté to reputational assassination, from near criminal procrastination to plain stupidity.
Workers, meanwhile, claim that they are chained to their desks for so long that they need some kind of outlet for light relief, and that their Facebook tinkering is as close to a social life as they can now manage.
It was information security company Sophos which discovered that half of employees are now barred from using Facebook at work. That company’s Carole Theriault explained its research.
Carole Theriault: So what we decide to do is on our website we ask the question of whether or not you as an organisation block Facebook? What came back was about 50% of the organisations said that yes they did.
So what are the problems with Facebook, why do employers want to ban it? Theriault says that, when improperly used, the site can cause problems with productivity and with security.
Carole Theriault: Not everyone in your company is necessarily the best spokesperson for that company. Some companies, for instance, might be worried about their reputation going into disrepute if alongside an employee saying I work at this particular company with pictures of her weekend hen parties, for example. Companies are worried about their reputation and they are also worried about passwords. You have to understand that 40% of people use the same password everywhere. So if it is the name of their cat or the name of their street and they of course on Facebook put their full address and all the pictures of their animals etc, it might be very easy for someone to steal that information and that in fact might be their password for their network for their desktop computer at work.
Catherine Barker is an Employment Law Specialist with Pinsent Masons, the law firm behind OUT‑LAW. She says that the security risks can be serious.
Catherine Barker: I can understand why so many employers have decided to block the social networking websites such as Facebook because there would seem to be absolutely no business need for employees to access them. I think that with the social networking websites there is the temptation for employees to share information that could potentially bring their employer into disrepute or also that their employer could be vicariously liable for and I think that if you are on these sites during your working time the temptation would be to talk about work matters, so that is obviously a big risk for the employer.
Employers have to keep up, and it can be hard. Social networking is a pretty generationally specific phenomenon. Senior managers with responsibility for a firm's computer use policies can be understandably bamboozled. John Wood, New Media Officer of the Trade Union representative body the TUC explained what some of the common reactions have been so far.
John Wood: Some employers are panicking and banning it outright that we think might be an overreaction in a lot of circumstances and another reaction to it seems to be is kind of employers who are sticking their fingers in their ears and humming as loud as they can and hoping that they will not have any problems with it. We think it is better in both cases just to sit down sensibly with staff, work out a sustainable policy.
Companies have a few options in dealing with problematic use. They can ban the site altogether, but then they risk chasing every new fad all over the internet, banning domain after domain in a desperate trend following funk.
Dedicated OUT-LAW radio listeners will remember that we recently revealed that employers could have a good claim to ownership of their staff's Facebook profiles, if they are created in work time. That would give companies some potentially useful rights.
Far simpler though is the updating of existing email and internet usage policies. Barker and Theriault agree.
Carole Theriault: Have your internet and email usage policy to be as comprehensive as possible, clearly setting out what the boundaries are. What times these sites can be accessed, when they cannot be accessed, what you can and cannot put on these external websites about your company or anything that would identify you as an employee of the company. A carefully drafted policy and making sure that everyone is aware of it is absolutely essential and also the policy should say that any breaches of it would be a disciplinary offence and set out the potential disciplinary sanctions that there would be for breaching that policy so no one can be in any doubt about and complain at a later stage.
Catherine Barker: I do not think it is necessarily a problem that companies allow Facebook I think it is a problem if you allow Facebook without giving any guidelines as to how to use it. It is wrong to say not to block these things and not give any guidance but then get upset because people according to the powers that be, wasting time on Facebook. People need to know and have guidance from their employers as to what is allowed and what is not allowed.”
Woods state that the fundamental problem is understandable in today's working conditions, and that it is as old as the hills where nothing changes but the technology.
John Wood: People have been using the internet to conduct their social lives through email before that they were using personal use of the phones to conduct their social lives which a lot of employers agreed to allow their staff during their desk free time at work, during lunch breaks and break times. This is not enormously different. The issue is that people are working longer and longer hours over recent years and it leaves them pretty little time to conduct a lot of their personal lives and a lot of employers are quite happy with people using the phone or using email or doing their online shopping when they need to as a way in which they can mix together their work and their personal lives, providing they are doing sensibly and in their own time at work and they are not causing any problems for the employer.
Employees will plead for leeway and understanding, but to get it they probably need to demonstrate some more care when using the site. Sophos tested out how freely people were prepared to give up their most personal details. The results were not good.
Carole Theriault: So here at Sophos actually, we actually try to see how many friends we could make with inanimate objects. So we created a little green plastic frog that we called Freddy Staur, which is actually an anagram for ID Fraudster and we put him up on Facebook and then tried to make friends with 300 random people. Of all those people 40% of them actually said yes I will be your friend and we were able to see personal details and their profiles such as date of birth, email address, phone numbers, mobile phone numbers, addresses and so on. So people need to be very careful with who they make friends with because obviously they can get access to all this set of personal information.
Companies have already started taking action against employees and ex‑employees over work related content published on the sites, but Barker said that in order to take action, companies must first have made it absolutely clear to employees that they are not allowed to do certain things. Taking action without a warning or policy could lead to acrimony, disputes and possible payouts.
Catherine Barker: I think in those circumstances an employee might be able to argue that it was an unfair dismissal because they were not aware of the policy or that their actions were potentially misconduct and if they are not aware of it then potentially that could lead to an unfair dismissal finding.
That is all we have time for this week.
Catherine Barker mentioned in today's edition that the law relating to monitoring employees is complicated, and indeed it is. Anyone who wants to be guided through that legal maze can register now for a free OUT-LAW seminar on exactly that topic, to be run in mid to late November all over the UK. See OUT-LAW.COM for more details, in the meantime, thanks for listening, and make sure you tune in next week; goodbye.