Inside Wal-Mart's 'threat research' operation

By The Wall Street Journal

A Wal-Mart worker fired in March for intercepting a reporter's phone calls says he was part of a larger, sophisticated surveillance operation that included snooping not only on employees but also on critics, stockholders and the consulting firm McKinsey.

As part of the surveillance, the retailer last year got an employee to infiltrate an anti-Wal-Mart group to determine whether it planned protests at the company's annual meeting, according to Bruce Gabbard, the fired security worker, who worked in Wal-Mart Stores' (WMT, news, msgs) Threat Research and Analysis Group.

The company also deployed cutting-edge monitoring systems made by a supplier to the Defense Department that allowed it to capture and record the actions of anyone connected to its global computer network. The systems' high-tech wizardry could detect the degree of flesh tone on a viewed Internet image and alerted monitors that a vendor sharing Wal-Mart networks was viewing pornography.

Wal-Mart has since disconnected some systems amid an internal investigation of the group's activities earlier this year, according to an executive in the security-information industry.

• Talk back: Does Wal-Mart take surveillance too far?

The revelations by Gabbard, many of which were confirmed by other former Wal-Mart employees and security-industry professionals, provide a rare window into the retail giant's internal operations and mindset.

The company fired Gabbard, a 19-year employee, in March for unauthorized recording of calls to and from a New York Times reporter and for intercepting pager messages. Wal-Mart conducted an internal investigation of Gabbard and his group's activities, fired his supervisor and demoted a vice president over the group as well.

Gabbard says he recorded the calls on his own because he felt pressured to stop embarrassing leaks. But he says most of his spying activities were sanctioned by superiors. "I used to joke that Wal-Mart paid me to be paranoid, and they got their money's worth," Gabbard says.

Surveillance appears legal

Wal-Mart says it permitted recording employee calls "only in compelling circumstances and with written permission from the legal department." But because pager messages were sent over a frequency that was not secure, Gabbard inadvertently intercepted pages from non-Wal-Mart employees as well. A U.S. attorney is investigating whether any laws were violated as a result of the phone and pager intercepts.

Aside from that possible infraction, Wal-Mart's surveillance appears to be legal. U.S. courts have long held that companies can read employee e-mails, and Wal-Mart employees are informed they have "no expectation of privacy" when using company-supplied computers or phones. The surveillance of people in public places is also legal.

Wal-Mart has always placed tight limits on what its employees can do while at work. For instance, it bars store employees from using personal cell phones on the job. Managers receive a list of e-mail addresses and phone numbers their employees have communicated with, and a list of Web sites visited, according to current and former employees. And the company limits Internet access, blocking social-networking and video sites.

But Wal-Mart appeared to go beyond most companies in its sleuthing. It didn't just scan e-mails written on the corporate e-mail system. Technology it was helping develop allowed it to view e-mails that employees sent to or received from private accounts such as Hotmail or Gmail whenever the employees were hooked into the Wal-Mart computer network, according to Gabbard and others with knowledge of the system.

The security operation and its surveillance technology "seems Orwellian," says Robert West, the founder and chief executive of Echelon One, a security research and consulting firm composed largely of former corporate chief information officers. Other activities, such as infiltrating critics' groups, went "beyond the scope of the typical information security organization," he says.

 1 | 2 | 3 | next >