Wal-Mart just doesn’t get it. It spends considerable time and energy on social responsibility initiatives, like promoting diversity at vendors (after begin named as defendant in the largest class action discrimination suit in history) and becoming environmentally responsible (after having settled an EPA action). Yet the company continues to engage in behavior which, if not illegal, certainly comes awfully close. I
The latest, described in lurid detail in today’s Wall Street Journal, is the activities of Wal-Mart’s “threat research” operation, which investigates parties that propose shareholder resolutions, like the New York City Comptroller’s office, monitoring vendor use of its network, viewing employee e-mails, even when sent from private accounts. A US attorney is investigating some of its practices.
In theory, Wal-Mart was doing what most responsible employers do these days: make sure its network is secure, take reasonable steps that its workers aren’t goofing off on company time, or worse, collecting kiddie porn. But Wal-Mart went way beyond that scope, and the difference in degree is a difference in kind.
The point of departure is that Wal-Mart’s threshold for what it regards as a threat is absurdly low. The company uses military intelligence level technology and can monitor keystrokes as well as content moving over its computers. It doesn’t allow employees to bring personal cell phones to work (one wonders if this is in part to prevent them from taking photographs as well as making calls). Recording phone conversations appeared to have been a common practice, although the officialdom claims that procedures have been tightened up. The Journal describes its practices as “Orwellian.”
But these practices are an embodiment of the culture. Wal-Mart is a cult. It is inward looking, demands strict obedience to its rules (apostates are expelled) and demonizes those who dare attack it. Witness its scorched earth policy against Julie Roehm, the marketing communications head it abruptly fired last December. When Roehm sued Wal-Mart for breach of contract and unfair dismissal, the Bentonville behemoth accused her in a countersuit of having an affair with another top executive and of seeking employment with the ad agency she selected, tainting the review process.
Now what’s wrong with what Wal-Mart did? Most normal companies would call opposing counsel, show them the goods, and advise them to get their client to drop the suit. That in fact is in the shareholders’ best interests. Legal battles that wind up on the front page of the Wall Street Journal are costly (it’s not just the legal fees, but the PR and senior management time they consume). The fact that Wal-Mart chose this course of action says it has a vindictive streak, that despite the considerable time and cost it has devoted to presenting itself as a kinder, gentler company, it is willing to reveal itself as ruthless in response to what frankly, in terms of dollar value, can’t be that large a law suit.
To the WSJ story:
The Wal-Mart Stores Inc. worker fired last month for intercepting a reporter’s phone calls says he was part of a larger, sophisticated surveillance operation that included snooping not only on employees, but also on critics, stockholders and the consulting firm McKinsey & Co.
As part of the surveillance, the retailer last year had a long-haired employee infiltrate an anti-Wal-Mart group to determine if it planned protests at the company’s annual meeting, according to Bruce Gabbard, the fired security worker, who worked in Wal-Mart’s Threat Research and Analysis Group. The company also deployed cutting-edge monitoring systems made by a supplier to the Defense Department that allowed it to capture and record the actions of anyone connected to its global computer network….
The revelations by Mr. Gabbard, many of which were confirmed by other former Wal-Mart employees and security-industry professionals, provide a rare window into the retail giant’s internal operations and mindset. The company fired Mr. Gabbard, a 19-year employee, last month for unauthorized recording of calls to and from a New York Times reporter and for intercepting pager messages. Wal-Mart conducted an internal investigation of Mr. Gabbard and his group’s activities, fired his supervisor and demoted a vice president over the group as well.
Mr. Gabbard says he recorded the calls on his own because he felt pressured to stop embarrassing leaks. But he says most of his spying activities were sanctioned by superiors. “I used to joke that Wal-Mart paid me to be paranoid and they got their money’s worth,” Mr. Gabbard says.
Wal-Mart says it permitted recording employee calls “only in compelling circumstances and with written permission from the legal department.” But because pager messages were sent over a frequency that was not secure, Mr. Gabbard inadvertently intercepted pages from non-Wal-Mart employees as well. A U.S. attorney is investigating whether any laws were violated as a result of the phone and pager intercepts.
Aside from that possible infraction, Wal-Mart’s surveillance activity appears to be legal. U.S. courts have long held that companies can read employee emails, and Wal-Mart employees are informed they have “no expectation of privacy” when using company-supplied computers or phones. The surveillance of people in public places is also legal.
Wal-Mart has always placed tight limits on what its employees can do while at work. For instance, it bars store employees from using personal cellphones on the job. Managers receive a list of email addresses and phone numbers their employees have communicated with, and a list of Web sites visited, according to current and former employees. And the company limits Internet access, blocking social-networking and video sites.
But Wal-Mart appeared to go beyond most companies in its sleuthing. It didn’t just scan emails written on the corporate email system. Technology it was helping develop allowed it to view emails that employees sent to or received from private accounts such as Hotmail or Gmail whenever the employees were hooked into the Wal-Mart computer network, according to Mr. Gabbard and others with knowledge of the system.
The security operation and its surveillance technology “seems Orwellian,” says Robert K. West, founder and chief executive of Echelon One, a security research and consulting firm composed largely of former corporate chief information officers. Other activities, like infiltrating critics’ groups, went “beyond the scope of the typical information security organization,” he says….
According to several former Wal-Mart employees, the company’s roughly 20-person Threat Research and Analysis Group hunts computer hackers through cyberspace, trolls colleagues’ emails looking for misbehavior or proprietary-data theft and tries to plug damaging information leaks. Members work on the third floor of the Wal-Mart’s Bentonville, Ark., technology offices. They enter a separate glass-enclosed structure by holding the palm of their hand to a biometric reader that grants them access to a dimly lit work area. Colleagues call it the “Bat Cave.”
The group “is no longer operating in the same manner that it did prior to the discovery of the unauthorized recording of telephone conversations,” said Wal-Mart’s Ms. Clark. “…We have strengthened our practices and protocols.”
According to Mr. Gabbard, Wal-Mart began beefing up its electronic call surveillance after the Sept. 11, 2001, terrorist attacks in response to government requests to employers in general to help find terrorist cells….
The electronic surveillance accelerated in October 2005 when confidential company memos began appearing on the Web site of a union-backed anti-Wal-Mart group, Wal-Mart Watch, according to Mr. Gabbard. One such memo suggested that because of rising costs and criticisms of its worker health insurance, the retailer should revise its policies by hiring healthier workers and requiring all jobs to perform physical activity, such as retrieving shopping carts.
Concerned about the leaks, Wal-Mart began working with Oakley Networks Inc., a developer of “insider threat management” gear to track employee and suppliers computer usage over its network, according to Mr. Gabbard and an industry source. One Oakley system is able to record an employee’s computer keystrokes and deliver a TiVo-like replay of his or her computer activities, according to Tom Bennett, Oakley’s vice president of marketing….
Suspecting that the leaks of confidential memos might have come from McKinsey employees who had been working on a health-care project at Wal-Mart’s Bentonville, Ark., headquarters at the time of the leaked memo, Wal-Mart’s security experts used an Oakley device to monitor the McKinsey Internet activities, according to Mr. Gabbard and others.
Wal-Mart ultimately took no action. “We continue to work closely with McKinsey, and we have no evidence that anyone there ever inappropriately shared confidential information,” Wal-Mart’s Ms. Clark said Monday. McKinsey declined to comment….
Mr. Gabbard says he also used his computer skills to find information on Wal-Mart critics. In March 2006, he searched a South Carolina Democratic Party Web site for information on Nu Wexler, the spokesman for the anti-Wal-Mart group Wal-Mart Watch. Wal-Mart knew that Mr. Wexler planned to be in Northwest Arkansas during an annual company conference. Mr. Gabbard said he found personal photos of Mr. Wexler stored on a publicly available folder on the party’s computer, which allowed Wal-Mart security to identify Mr. Wexler.
“Wal-Mart has far bigger concerns than my vacation photos,” said Mr. Wexler, after being informed of the surveillance. “Someone would have had to dig for quite a while to find that link.”
In late spring 2006, Wal-Mart learned that several anti-Wal-Mart groups might protest at the annual shareholders meeting in June. Company executives were concerned the civil-rights group Acorn (the Association of Community Organizations for Reform Now) and local Up Against the Wal members would disrupt its meeting. Wal-Mart sent a long-haired employee wearing a wireless microphone to Up Against the Wal’s Fayetteville, Ark., gathering, and eavesdropped from nearby, says Mr. Gabbard. “We followed around the perimeter with a surveillance van,” he says.
“It is not the company’s policy to infiltrate organizations or events, and we would not condone any associate engaging in such activity,” said Wal-Mart’s Ms. Clark.
Wal-Mart also directed its surveillance operations at critical shareholders. According to a January 2007 memo reviewed by The Wall Street Journal, security units were asked to “do some preliminary background work on the potential threat assessment” of those submitting proposals to its June shareholder meeting, particularly those whose resolutions the company was trying to block. The list included proposals from a Boerne, Texas, religious group; the New York City Controller’s office; and Sydney Kay, an 85-year-old, retired science teacher who submitted a resolution requiring that board nominees own at least $5 million in Wal-Mart stock, and his 93-year-old sister Hilda Kaplis.
“It is standard business practice to do an overall assessment for potential disruptions at a major event like our shareholders’ meeting involving 20,000-plus people,” said Ms. Clark.
Reached at his Dallas home, Mr. Kay scoffed at the notion he posed a threat to Wal-Mart’s annual meeting. “I am a nobody,” he said.