In a bizarre but troubling case that just reached the courts in California, a former financial services employee is accusing her company of tracking her movements via the GPS functions in a timecard app she was required to install on her phone. She alleges that when she disabled the GPS on the grounds that she didn’t want to be tracked on her off hours, her company retaliated by firing her.
Should your boss be allowed to track you when you’re not at work?
Privacy is a shrinking commodity for employees in the United States.
The case isn’t just about her alleged retaliatory firing, however. It’s also the tip of the iceberg when it comes to a new generation of GPS-enabled apps and their implications for employers, employees, and privacy rights.
The details of the case are rather staggering. The complaint states that:
After researching the app and speaking with a trainer from Xora [the timecard app in question], Plaintiff and her co-workers asked whether Intermex would be monitoring their movements while off duty. Stubits admitted that employees would be monitored while off duty and bragged that he knew how fast she was driving at specific moments ever since she installed the app on her phone. Plaintiff expressed that she had no problem with the app’s GPS function during work hours, but she objected to the monitoring of her location during non-work hours and complained to Stubits that this was an invasion of her privacy…Her manager made it clear that he was using the program to continuously monitor her, during company as well as personal time.
Historically, getting a corporate phone was one of the hallmarks of getting ahead at work. While some companies continue to provide cellphones and pagers—yes, pagers are still in use—many more have taken to a bring your own device policy. “Most business users,” writes Beth Stackpole at Computer World, “have their own personal smartphones and have little enthusiasm for juggling a second device and even less for being saddled with what they view as outdated technology.”
With corporate phones came the implication that employees be available at all times, and when smartphones hit the market, employees were faced with requirements to install and use certain apps.
It’s the tip of the iceberg when it comes to a new generation of GPS-enabled apps.
Such requirements make sense from a corporate perspective: They create standardization for activities like handling company email, sending confidential information, taking field reports, and any number of other tasks, depending on the nature of a company.
Though workers are taking their own phones to work, these requirements aren’t changing. Whether employees forward calls and pages to their personal phones or provide their direct lines to their employers, they’re expected to be constantly available to answer questions, handle crises, and come into work—even when they’re not explicitly on call. They’re also required—like Myrna Arias, the woman suing her former company—to maintain a garden of apps.
On the surface, both of these precedents have troublesome implications. Maintaining a work/life balance is challenging when an employer has near-constant access and the ability to pressure employees into availability on their work hours. In the United States, where people have a very work-oriented culture and tend to work long hours with minimal vacation time, this is a particularly significant concern. It’s hard to take time off when your boss is always one step behind you.
Mandatory apps are also an issue, though they might on the surface look like a good idea. For instance, a company email application would allow people to keep work and personal email separate. But the problem is that many apps include permissions they don’t need to have, like GPS functionality or the ability to determine which apps are running in the background.
When employers require their staff to use apps with these abilities and also structure in reporting functionalities, they’re effectively spying on employee phones. And employees themselves. Suddenly, supervisors and the information technology department can know where people are, when they last used Grindr and that they spend a lot of time playing Candy Crush on the train in to work in the morning.
It’s hard to take time off when your boss is always one step behind you.
While many employees know—or should know—that their work computers are spied upon by information technology departments, their phones historically remained off-limits. That’s not the case now, thanks to the same technologies that make smartphones so useful. This raises a number of ethical concerns about abuses of these privileges, as employee privacy is a reasonable expectation.
At PCWorld, Robert Strohmeyer writes: “Today, more than three-quarters of U.S. companies monitor employee Internet use [on corporate computers].” That reflects growing concerns about malware and security compromises, as well as the rise of cracking down on inappropriate Internet use during work hours. The IT department, in other words, is tracking those cute cat videos on YouTube and those visits to Facebook, all in the name of productivity.
This established precedent is accepted as a security measure, because it involves purely corporate equipment. The same level of monitoring—including keystroke logging and other intrusive measures—would not be so acceptable on private devices used on occasion for corporate purposes, though employers might argue it’s necessary to protect sensitive data. When employer-provided or mandated apps perform the same function on a phone employees use for both personal and work purposes, things get equally sticky, especially because phones also have GPS capability and they tend to go wherever employees do.
Such applications could, for example, reveal information about employees that might subject them to discrimination. Phone habits might indicate that someone is LGBTQ, or that a staffer participates in a religion, political party, or activity of which an employer disapproves. These apps don’t just compromise the right to privacy, but also the right to be treated equally in the workplace, and they could expose employers to the risk of discrimination suits.
Such applications could, for example, reveal information about employees that might subject them to discrimination.
For women, GPS tracking is a particularly serious issue. Given the precarious position of women in the tech industry, the prospect of being tracked by employers is likely not thrilling, since women in tech routinely report sexual harassment on the part of supervisors and coworkers. The thought of being followed outside of work is troubling, and there’s another risk with tracking apps that’s potentially even more serious: the risk that unauthorized personnel might access that information.
As Sony recently demonstrated, many companies have very poor corporate security, exposing their systems to the risk of hacking. This includes the tools used to monitor employees, creating a troubling potential backdoor for hackers. Whether they’re explicitly penetrating a system to get information about employees or they acquire that information along the way through a company’s files, the net effect is the same: Female employees are unwittingly exposed to the risk of having their movements reported to random and potentially dangerous strangers.
Having employers know where you spend time is creepy and invasive. Having hackers know where you live, where you go, and how you use your phone could be life-threatening, especially for high-profile women in tech who may already be facing threats. Since there’s no way to make a company’s computer systems completely impenetrable, it’s reasonable to question whether companies should be allowed to track their staffers at all.
Employers following their staff around with intrusive apps run the risk of lawsuits like this one, but for their employees, the stakes are much higher. Requiring employees to use utilities that expose them to these kinds of risks shouldn’t be legal, and if that puts the companies that develop them out of business, that’s an acceptable cost when weighed against the benefits of protecting employee privacy and safety.
S.E. Smith is a writer, editor, and agitator with numerous publication credits, including the Guardian, AlterNet, and Salon, along with several anthologies. Smith also serves as the Social Justice Editor for xoJane and will be co-chairing Wiscon 40—the preeminent feminist science-fiction conference—in 2016.
Photo via -5nap-/Flickr (CC BY 2.0)