First, it seems really easy to get a story in the media about how if you don't keep a close watch on your employees, they'll screw your company. The vehicle of choice usually seems to be giving them Internet access.
Over at Techdirt today, there's a good post about how the latest survey purporting to support that idea is once again shown to be sponsored by a company with an obvious conflict of interest.
As the post points out, there are so many reasons why employees should use the Internet at work that it's hard to know where to start:
But, did they bother to look at whether or not that personal surfing was actually damaging? Nah. Did they look at whether or not that personal surfing helped give employees a much needed break that helped them be more productive while working? Nah. Did they look at how people who were blocked from personal surfing found other ways to waste time? Nah. Did they look at how those who are allowed to personal surf at work often use it to take care of tasks that would otherwise take them away from work? Nah. Did they look at how so many companies today expect employees to be on call so that work invades their home as well? Nah. Did they look at how allowing personal surfing at work tends to make happier, more loyal employees? Nah. Or did they look at any of the other research that has shown that employees who do personal surfing at work tend to more than make it up by doing work at home? Nah, of course not.
The second thread is similar. We are too obsessed with "security," these days. It's become much easier to slap a "restricted" label on something and limit access than to assess it realistically and figure out who should see the information. In fact, that's the wrong way to look at information. Instead of "who should see this?" it should be, "Who should not see this?" In most cases, there is really no good reason to restrict access, beyond the obvious "because."
It's ironic that as tools proliferate to allow us to access more information, there are so many people convinced we need to restrict access. It's not that simple. As Adam Curry puts it on his weblog, "There are no secrets. Only information you do not yet have."
We need to make sure that people have access to the information they need to do their jobs better. But we also need to make sure that they continue to have access to as much information as possible, without arbitrary restrictions that are based more on the old "information is power" paradigm so many people still subscribe to.
I know there is a lot more to this story. We could get into protecting personal information, financial information, etc. I don't mean to negate the idea of security. But I do think that the knee-jerk "secure this" has become a crutch for many people. We need to rethink all of our access to information provisions, both public and private.