How Big Is the SEC's Porn Problem?
Nielsen: 28 Percent of People Who Used Work Computer for Internet in Feb. Visited Adult Site
By KI MAE HEUSSNER and MATTHEW JAFFE
March 25, 2010—
So what was the Securities and Exchange Commission doing while the economy fell to pieces?
At least a few SEC employees were viewing pornography on their government-issued computers, according to media and government reports.
The Washington Times broke the story in February, but media blog Gawker reported Wednesday that it obtained 16 reports of investigations into SEC employees who spent as much as 1 1/2 hours a day accessing Internet sites such as skankwire.com, pokeoftheday.com and sexyavatars.com.
Gawker said that over the past two years, more than a dozen employees and contractors have tried to access porn on government computers at least 8,273 times.
According to a 2008 semiannual report to Congress from the SEC inspector general, the agency completed five porn-related investigations and inquiries between April and September of that year.
Report: SEC Supervisor Admitted Porn-Related Activities
In one case, the report said, an employee tried hundreds of times to access pornographic sites and was denied access. When he used a flash drive, he successfully bypassed the filter to visit a "significant number" of porn sites.
The employee also said he deliberately disabled a filter in Google to access inappropriate sites. After management informed him that he would lose his job, the employee resigned.
A similar SEC report for October 2008 to March 2009 said that a regional supervisor in Los Angeles accessed and attempted to access pornographic and sexually explicit Web sites up to twice a day from his SEC computer during work hours.
Over the course of 17 days, the report said, the supervisor received about 1,880 access denials for inappropriate Web sites. The supervisor also admitted to saving numerous pornographic images to his work hard drive and acknowledged that his porn-related activities may have interfered with his work. According to the SEC, the supervisor was reprimanded.
SEC: Agency Uses Sophisticated Surveillance Systems to Detect Internet Abuse
The reports said that in other cases, the employees faced suspensions or no disciplinary action at all.
In a statement, SEC spokesman John Nester said he couldn't comment on the specific situations, but emphasized that the indiscretions were uncovered because the SEC has systems in place to prevent and address these kinds of Internet violations.
"We use sophisticated surveillance and filtering systems and constantly update them to detect indications of possible abuse," he said. "Indeed, each of the cases investigated by the Inspector General was detected by our surveillance systems and referred to the Inspector General for investigation."
He added that misusing government resources for inappropriate purposes is "a matter of serious concern." In addition to Web-filtering systems, he said the SEC provides comprehensive training on the proper use of the Internet.
When SEC employees abuse Internet access, he said, supervisors look at each incident on a case-by-case basis and respond with sanctions ranging from counseling to dismissal.
Nielsen: Average Visit From Work Computer Is 13 Minutes
Human resources experts said that these examples at the SEC provide just a window into the larger, persistent problem of porn in the workplace.
In February 2010, about 28 percent of people who used a work computer to access the Internet visited an adult site, according to The Nielsen Company. The average visit from a work computer was about 13 minutes and the average work visitor spent one hour and 38 minutes on adult sites during the entire month of February, the research firm told ABCNews.com.
"It's a problem across the board," said Nancy Flynn, founder and executive director of The ePolicy Institute, an organization that helps companies reduce their electronic risk. "There have been countless stories not only in financial services but with government agencies, corporations, nonprofits. You name the type of business and industry and there have been cases of employees spending time viewing pornography."
As businesses realize that electronic pornography and sexually-explicit content open them up to or exacerbate sexual harassment or discrimination claims, she said, they've increasingly adopted monitoring and blocking technology.
How Effective Is Web Site Blocking Tech?
Flynn said ePolicy and the American Management Association frequently partner on workplace surveys and between 2001 and 2007 saw a 27 percent increase in the number of companies that use Web site blocking technology.
But some of those familiar with the technology said that bypassing it can be child's play.
"As soon as a kid is old enough to hook up to the Internet, [he] can figure out how to do it," said Michael Leahy, a recovering sex addict and author of "Porn@ Work: Exposing the Office's #1 Addiction."
Some employees need only change browser settings to access porn sites, he said, while others can use Internet anonymizers that mask a user's IP address.
HR Expert: Regulating Online Behavior Is 'Balancing Act'
Leahy added that security programs can vary between devices, so that while a desktop computer may block inappropriate Web sites, a business-issued laptop, BlackBerry or iPhone may not. In other cases, he said, people could be using e-mail to transmit and receive porn they might have created.
"The bottom line is there is absolutely no 100 percent fail-safe technology to keep people from getting to this material," he said.
When he talks to companies and organizations about how to address the problem, he said, he emphasizes accountability systems that let employees know they are being monitored and issuing regular reports to all interested parties.
Knowing that superiors and others will see a detailed list of their Internet visits can help keep employees clean, he said. (Leahy said his wife even receives regular reports of every Web site he visits.)
"The SEC, it's a high-pressure workplace," he said. "The big question I'd like to ask is: What is the accountability around there?"
Doug Dureau, a technology and human resources panelist for the Society for Human Resource Management, said that regulating Internet behavior in the workplace is "a balancing act."
"There are so many Web sites out there, and if you lock it down too tight people aren't able to go to any Web site," he said.
For example, in the interest of blocking porn, some companies might inadvertently rope off sites on breast cancer or other health-related topics.
Risque Web Sites Often Security Threats
But some say the stakes in the public sector are different from those in the private sector.
Thomas Schatz, president of Citizens Against Government Waste, said the SEC investigations highlight poor management practices at government agencies.
"The agencies that sometimes complain about a lack of resources, they're not doing such a wonderful job of managing their existing resources if this kind of activity is going on," he said.
In the private sector, he said, this sort of violation wouldn't be tolerated, but in the public sector it could be more tempting because it's difficult to fire government employees.
"Apparently, this group of workers didn't have enough to do to keep them busy," he said.
Web security experts say that given the potentially sensitive data stored on government networks, visits to sexually-explicit sites can be especially dangerous.
Dave Meizlik, a spokesman for Websense, a company that provides Internet filtering and Web security systems, said security threats emerge with surfing more risque Web sites. Included on a number of those sites are malicious links embedded with data-stealing code, he said.
According to a 2009 Websense Web security study, 69 percent of all sites with adult, gambling or drug-related content served at least one malicious link and 50 percent of Web pages categorized as "Sex" served malicious content.
"Productivity is just one aspect of the issue. The bigger issue here and the real danger is security," said Meizlik. "When they're after data, it becomes even more of an issue when you're talking about an organization like the SEC."