The City of Johannesburg says last week's media reports that its computers were riddled with pornography and that staff spent their days surfing smutty Web sites, failed to reveal they were based on information three to four years old.
City spokesman Gabu Tugwuana says the reports were based on investigations conducted in 2003 and 2004.
Newspapers reported last week that a number of city officials were more interested in downloading, watching and distributing pornography than attending to ratepayers' needs.
"Well-placed sources say as many as 200 cases have popped up over the past two years during general checks," the papers said, adding that up to 80% of computers inspected in one department had pornographic images on them.
The papers and opposition political parties called for action, but Tugwuana says action was taken at the time and several culprits were given final written warnings. Taking action again would amount to double jeopardy, he says. In addition, some of those fingered have left the city's employ.
Tugwuana added the city has since acquired commercial anti-porn software that has prevented a recurrence. "There have not been any challenges of that nature since then, that we know of," he says. "But we have 25 000 employees and there is no perfect system."
Tugwuana declined to elaborate on the software and the city's general online security architecture, saying "that information is strategic" and could assist bad apple employees to circumvent the system or help hackers trying to break in.
Real-time detection
Common anti-porn software, such as MailMarshal, uses image analysis software to detect pornographic images in e-mails or on Web sites in real-time. Marshal CEO Ed Macnair says the software scans images for curves typical of the human body.
Macnair warns that employers have a duty of care to employees, which includes not subjecting them to potentially offensive material. Company officers can also be jointly and severally held criminally liable for any child porn found on their machines. Macnair adds that there have been prosecutions in the UK and some other countries.
ICT lawyer Lance Michalson says the misreports highlight the need for an Internet usage and e-mail policy to highlight "what is acceptable use and what is not and lay the basis for being able to monitor to enforce that policy".
But he cautions that the Regulation of Interception of Communications and Provision of Communication-Related Information Act generally requires employees to give employers written consent to monitor.
Where an employer does not have such consent they may be able to rely on section six of the Act, the so-called business purpose exception - assuming the monitoring took place after 30 September 2005, when the law kicked in. But, even then, the "system controller", who is defined by law, has to make a "reasonable" effort to obtain the express or implied consent of employees in order for the monitoring to be lawful.
Related stories:
Online publishers decry censorship law
FPB to institute cyber inspectors
Workers get porn fix on company PCs
Share