A few years ago, IT departments were facing the two-fold attack of spam and malware. Years of under-spending, lack of good quality tools and poor understanding of the issues on the part of end-users resulted in inadequate (and non-centrally-managed) anti-malware protection on corporate PCs. Nor were there good quality tools for dealing with spam. So rather than focusing on preventive measures, tactics were developed to deal with the symptoms. Proxy servers were setup with filters to block obscene language and images, with the intention of preventing spyware popping up ads for pornographic sites on unfortunate users’ machines. Incoming mail services had similar filters added in an attempt to block these nasties, with the added feature of preventing the download of scripts, documents or executables which could potentially do harm. [Note: I was a full-time sysadmin at that time, and managing servers and desktops has always been a substantial part of my job.]

All these mechanisms were put in place to stop unwanted malware and spam. They were never intended to be used to police the workforce, but that’s exactly the position we’ve ended up in. One of the people I met at the Glasgow conference bemoaned the emerging role of IT support as “gatekeepers” of the workplace. Her point was that, as staff spend more of their working time using computers, the IT department are expected to use technological means to make sure that staff are doing relevant stuff while on the computer.

Let’s look at the typical kinds of things IT admins are expected to do:

  1. Block obscene or offensive language
  2. Block obscene images
  3. Block “time-wasting websites” (e.g. ebay)
  4. Block social websites and services (e.g. Facebook, IM)
  5. Block installation of non-approved software

In my opinion, all of the above – with the exception of (5) – are the responsibility of the line manager to sort out. We’re all grown-ups, and it’s just daft that you can’t occasionally use a “wee swearie” in an email. The appropriateness needs to be judged on an individual basis, and it’s not up to the IT department to make that judgement. By blocking “time-wasting” and “social” websites etc, we have become the thought police of the workplace. IT staff increasingly have to deal with unhappy and confrontational users who can’t use familiar technology to do their work. (The TUC brought this issue into the national press earlier this year: http://www.tuc.org.uk/law/tuc-13641-f0.cfm). If a member of staff is not doing their job because they’re wasting time on ebay/Facebook/whatever, or if they’re sending inappropriate emails or looking at pornographic images, that’s a management issue and nothing at all to do with IT. Everyone should be governed by the dictates of professionalism, not policed into acceptable behaviour by technology.

Personally I find instant-messaging an absolutely essential tool for communicating with the other programmers on my team, yet in many workplaces it is blocked. Google Mail, FeedDemon, Webdav and my Exchange host are the other essential tools, in addition of course to free access to the web.Working through an authenticating proxy is often tricky for these services, especially when it’s Microsoft authentication. Things are made worse – or indeed impossible – when there is an additional confirmation page to be clicked through to get to a site which has been deemed “offensive”. I have even heard of some networks which block newsfeeds entirely.

[An aside/rant: We in the UK have a culture where public sector workers are epitomised as lazy and inefficient. This viewpoint was particularly common in the 1980s, and we public sector workers live in that shadow to this day. So common is this stereotype, that public sector employees see *themselves* in the same way, tending to over-compensate by having to be obviously fully-employed at all times. This is very detrimental to learning and creativity, especially when combined with the culture of “presenteeism”. The most interesting innovations come from the junction points: between disciplines, or between work and play. So what does it matter if someone wants to check their auctions on ebay during their break? So what if someone wants to check out holiday details at lunchtime? AT LEAST THEY ARE LEARNING TO USE A COMPUTER! Which is progress given the still-fairly-common reticence to use computers. By using computers for personal/leisure tasks. they learn new skills (IT and non-IT) and gain confidence, which enhances their work.]

The lockdown should stop so that the IT department can concentrate on (5). The most common complaint I heard at the conference was that the “IT department stops me doing anything”. I find this a really depressing state of affairs. We should be technology enablers, not the police. The knee-jerk reaction to prevent installation of “unapproved” software has been instilled into us by the ongoing battle against malware. But now that we’ve got better tools to fight malware, we should spend less time being police and more time educating and helping end-users.

Of course I could be completely off the mark, and I find myself hesitating before posting this. I look forward to your comments setting me straight.