Q: Does privacy exist in the workplace anymore, or is it a relic of the past?
A: There are two answers. The first answer is actually a question: Should there be privacy in the workplace? There's a real tension between what employers are entitled to and what they expect. When you go to work on somebody else's property, you don't have the full range of rights you enjoy elsewhere. Privacy is not a strong right; it's one of the first things employees lose when they go on their employer's property. The other answer is that, from a practical point of view, even if there is a right to privacy, technology is taking away that right. Technology is making it possible for employers to do things they could never do before. Because they can do these things, they simply go ahead and do them. The practical effect is that, because we haven't sat down and talked about the issue of privacy in the workplace, it's being eroded.

Q: In your book, you say that innovation differs from invention. How so?
A: That's an important distinction. I think of invention as new discovery. It could be new to the world or new to the industry, but it's things we didn't know before. Invention is done by people who have scientific training or who are answering questions like why and how. They're asking difficult, long-term questions that result in fundamental new knowledge. Innovation, by contrast, is applying knowledge to a real problem and taking an idea to market. There may not be any customer in mind during a process of discovery and invention, but a customer is critical to the process of innovation.

Q: Can managers balance the need for privacy with the company's need to be safe and secure?
A: Yes, I think they can. It needs to be resolved at the business level—the operational level—so that people are engaging in these types of activities with some plan in mind. Business managers and owners should be looking at what information they need to accomplish their objective, either in terms of productivity or security. For example, if you're doing background checks as part of your pre-employment screening, you don't need to do credit checks on employees who aren't handling money. Similarly, if most of your employees aren't driving a company car or van, then there's really no need for their driving records to be part of the background check. By the same reasoning, unless you have actual concern that somebody's ability to do their job is impaired at the time you're looking at them, then random drug tests are ineffective. Checks should be more targeted than they are at present, and they should be based on observable criteria. These are the kinds of things that should be discussed and implemented on a management level, so you can have a balance of privacy and functionality within the workplace.

Q: What can we as individuals do to protect our privacy? What rights do employees have?
A: The only concrete rights that employees have is with respect to telephone conversations. There are limits on what employers can do in recording or listening to telephone conversations. Beyond that, employees should educate themselves, so they can be aware of what can be done to them. Then they can try to talk to management and supervisors to find out what's being done—even though businesses have no obligation to tell them. Finally, use common sense: If there's information that you don't want your employer to have, do whatever you can to use your own private means of communication to keep that away from employers. The best example of that is to not use the company E-mail system for anything that's private. People think that if they have a private E-mail account like Yahoo or Hotmail, that somehow protects the confidentially of their E-mails. But if those messages are traveling across the corporate E-mail system, they're accessible to the employer.

Q: Have the terms of the workplace-privacy discussion changed in the wake of 9/11?
A: Yes, the post-9/11 world has made surveillance much more acceptable both in and out of the workplace. At the federal level, the U.S. government has put enormous resources to combat terrorism, and we've adopted provisions that allow for much more surveillance than ever before. That's happening as well in the workplace, perhaps even faster there, because corporations have the profit motive to protect and the resources to devote to greater security and surveillance.

Q: Speaking of the government, isn't it a major collector of personal information? And isn't some of that information now being shared in ways we might not expect?
A: First, the government is not doing much about protecting your privacy, because there's no constitutional right to privacy. That means the government isn't going to step into the workplace unless we get a congressional act saying these privacy rights need to be protected. Now with respect to the sharing of information, that's where we see a connection between the Patriot Act, homeland security, and workplace privacy. Even though the Fourth Amendment is supposed to protect us from unreasonable searches and seizures, those constitutional protections don't apply in the workplace. That means managers and employers can gather information that the government can't. At the same time, Congress, through the Patriot Act and Homeland Security Act, has essentially authorized the FBI to gather information that businesses collect for anti-terrorism investigations. Essentially, that lets the FBI do an end run around the Fourth Amendment.

Q: Any hope in Congress?
A: You need to look at what Congress has been doing and talk about it in the past tense. There were a number of bills working their way through Congress in the late '80s and early to mid-90s. But the fact is, none of those pieces of legislation were going anywhere. This isn't a valuable Congress for doing that kind of work. The bills would get proposed; they would run into strong business-lobbying efforts; and they didn't gain any traction at all.

Q: How did we get here? Why isn't there more protection of individual privacy?
A: There's always been a tremendous tension between property interests and constitutional interests. When the founding fathers drafted the Constitution and the Bill of Rights, their primary concern was to limit the ability of a central government to impose its will and impinge on the liberties of the individual citizens. There wasn't concern for private employers. If there had been any concern, the outlook likely would have been the same, because private business was perceived as needing protection from a central government as well. The end result is, businesses aren't required to enforce the constitutional rights that restrict what the government can do. We do have laws that limit what business can do, such as affirmative-action programs, anti-age-discrimination laws, and so on; those statutes are passed by Congress under its Commerce Clause powers, which basically gives it the ability to regulate what happens in interstate commerce. But that's a wholly different thing from a constitutional provision that limits behavior. And those constitutional provisions don't apply to businesses directly.

Q: Let's turn to some specific technologies: biometrics, for starters. Friend or foe?
A: Biometrics is the Holy Grail because of the perception that it's a very accurate identifier of individuals. Organizations want to make sure that the people coming onto their property are authorized to be there. Some of the biometrics technologies raise privacy concerns, because their use passes on additional information—retinal scans being the best example of that. Whether there's going to be a sudden surge in retinal analysis as part of a biometrical security system, perhaps not, but the potential is there.

Q: What about all the various cards that people use as part of their jobs: door cards, credit cards, even fare cards? Convenient, to be sure, but what about their use for tracking our coming and going?
A: A lot depends on how they're used by the employees. If you have an ID card that doesn't involve financial transaction data, then the accumulation of the private information is somewhat lower. Even within the workplace, if you have a large enough workplace, you can develop a pattern of traffic based on how those swipe cards are used to get into different points in the facility. That could be relevant in terms of job performance and the response of management, Well, that's what they're there for; that's what they're being paid to do, so there shouldn't be a concern for that. A greater concern would arise if management were then taking the data and trying to correlate it with the movements of other people, and then perhaps using it to track, say, potential unionizing activity, or perhaps checking for people spending too much time talking with each other—that is, tracking who's with whom for possible romantic entanglements. As much as management is entitled to gather information for useful purposes—productivity and such—there's always concern for the next level of analysis beyond that. If it's being used to make sure people are doing their work, fine, but if it's being used to gather information about their lives or their patterns of behavior, that's not relevant to their job performance.

Q: Is there any evidence that all this tracking has actually made the workplace safer?
A: It's a negative proof. When you're talking about workplace violence or terrorism, the only sign of success is that it doesn't happen. So how much spending is enough? You never know if it's the next dollar or the one you spent six months ago that's going to prevent some tragedy. Beyond that, I'd say the answer has to be yes, because the spending can't sustain itself without some kind of return on the other side of the ledger. There's a discernible benchmark with respect to things like productivity and theft; there, at least, businesses can make a correlation between the amount they spend on surveillance and the improvements they see in productivity or reduction of theft. I assume that if businesses weren't seeing sufficient improvements in productivity or reductions in theft, they wouldn't be spending all this money. If nothing else, it's a question of office morale, in the sense that you don't want someone surfing porn sites or sports sites, or day-trading on stocks, when the guy in the next cubicle is slaving away on a spreadsheet all day. If you have something that's designed to level the playing field, then it reduces the potential acrimony.

Q: Are there new technologies that help protect and preserve individual privacy rights?
A: To be honest, I came away from my research a little depressed. All the technological developments, whether software or hardware, seem to running in the direction of anti-privacy. Now I'm a huge fan of the Internet; I love the tools and the resources it offers. But I also think we need to be conscious of the integration that's rapidly taking place. Pools of data are collecting on the Internet that will enable a kind of data mining and data analysis we can only now begin to imagine. One thing that's particularly powerful in this regard is Moore's Law, which observes a doubling of computing power every 18 months along with cost drops. My sense is that as the costs drop, these things get implemented on a wider and wider base, without any discussion taking place of what the implications are. Unless Congress starts to debate this in a serious way, there isn't going to be much of a bright spot there. One of the other guilty parties in all this is the nation's labor unions. There has been a vast silence on their part with respect to privacy. I understand what the economic environment is like; from a union/employee point of view, this is a tough time to stir the waters. But this is the time to do it. There aren't going to be many more opportunities for us to have a meaningful national debate.

Q: You propose that there should be an employee bill of rights. Why?
A: I'm arguing for a series of provisions that would provide basic protection for employees in the workplace. I don't want anyone to come away with the idea that employers should not be able to do surveillance; that's unrealistic. But there are some basic things that employers should do to make sure the basic concept of privacy is respected within the workplace. The most important piece of that is disclosure. It's extremely important for employers to tell their employees what types of surveillance are being done in the workplace. Beyond that, I argue that it's inconsistent with our broader societal values to have hidden surveillance taking place. Most states already outlaw hidden audio surveillance, for example. I think we should do the same with respect to videos. It's not an appropriate mechanism for trying to improve productivity. Companies need to take steps to make sure employees have a mechanism for learning about new types of surveillance that come in. Also, we need to figure out ways to ensure that background checks, such as drug testing, are tied to the business objectives of the employers, rather than simply giving them a blank check for obtaining information.