Is this the end of corporate porn?

Actis Technology reckons it has the answer to the employee Internet abuse - and that means porn, viruses, password cracking and gambling.

Its Net Intelligence software promises to "treat employees as adults" while protecting corporates from abuse of its networks.

Basically, a program (2Mb) is installed on every employee's PC which gives sys admins complete access to their PC through the network. Meanwhile a database (currently 2Gb) - licensed from Actis - is contained on a server somewhere in the building.

A search is run on employees' machines which searches all disks, runs every file through a well-known algorithm and sends them back as a "fingerprint" (83 bytes long) to a central machine. The fingerprints are then matched with the database of fingerprints of "inappropriate" material. Any match and away you go. The database is updated automatically every day from Actis' Web site.

Net Intelligence, the company claims, will pick up any files (pics and executables) which are not deemed suitable while removing the nannying system of filters and blocks that most companies currently use - hence the "treating employees as adults" catchline.

A nice little feature is one where a sys admin can monitor everything a particular employee is doing / has done. It can even pick up on deleted files, say the company.

The software raises some privacy questions. Actis claims it has no competitors as yet - but that is only on the automatic recognition of files aspect. System tools which enable companies to monitor everything an employee does have been around for ages. They have not proved too popular with employees and there is a question mark over their legal status, in light of
the Human Rights and Data Protection Acts.

Colin Rose, Actis CEO, doesn't see anything ethically wrong with the product. While the software is clearly open to abuse, it is the duty of companies to inform employees of their monitoring policies. Actis recommends that they do this when selling them the software.

But since Actis has an ongoing relationship with its customers(through a constant updating of the database), doesn't it have a duty to insist that companies inform employees of what they plan to do with the software? We bat this question about a bit before Colin not unreasonably points out that trying to tell a company like Coca-Cola what it is to do with its software is akin to "commercial suicide".

And he's right of course. We're back to the question of whether ISPs should be responsible for content or whether authors of script kiddie code are to blame for its use. We can argue about the ethics of it all day but the fact is that while corporates are worried about what the Internet enables employees to do (we'll ignore Actis' scaremongering presentation this time), they will pay someone to give them software that prevents abuse. The law is still far behind and unclear on all of this and prohibition is no solution - despite what the government thinks.

Trust the Judges

To our mind, the proper solution to the issue lies in employment law. If law puts constraints on what an employer is entitled to put into a contract regarding monitoring, and what it can do with assembled data, including the possible sacking of staff, then companies can make software that fits in with the law - instead of the catch-all programmes currently on the market.

Employment specialist David Von Hagen of DJ Freeman, the City law firm, confirms the confusion that exists in this area.

"Well, there are three laws that currently apply to employee rights. The RIP Act gives employees quite extensive rights, but then there is the Human Rights Act - although it can't be brought against private companies. And then there is the Data Protection Act - which shouldn't be underestimated in the power that it gives to employees. But then we are still waiting on the code of practice, due this month, to clarify the situation."

The problem lies in the fact that employees currently do not have to inform employees of their monitoring policies to justify reprimanding or sacking staff - because any "abuse" will be covered under the RIP Act.

Back to Net Intelligence. Is it actually technically feasible? Yes, we reckon it is. As the CTO Bill Strain explained, there is a limited number of cracker, number generator and gambling programmes. Get the "fingerprint" for these programmes and keep them updated and you can be pretty sure of picking up any incidence of it on your company's computers. Porn is tougher. Despite their claims, there is no way Actis can cover the number of porn pictures on the Internet.

However, most employees are not super tech-literate folk or secretive paedophiles - they will go to sex.com or playboy.com to get hold of pics. These pictures are easily fingerprinted. Also, if someone downloads hundreds of pics, there is a good likelihood there one or two will crop up on the database. This at least put a question mark over that employee's behaviour.

With regard to paedophilic pictures, Bill tells us that they are recognised from the fingerprints that the police send them (but only when asked for) - thereby avoiding the illegality of looking at the pictures themselves.

While Actis won't like this, if a common standard is made with regard to fingerprinting programmes and pictures, a worldwide, constantly updated database of programmes could be created and we could get back to the original idea of the Internet as a self-regulating medium. Not as much money and control there though.

The database was two years in the making and can be licensed for around £35 per PC per year (half-price from the second year on). Actis is built on £4 million funding from a consortium led by the Royal Bank of Scotland. ®