No one who proposes or enforces the restriction of someone else's liberties ever sees the downside.
Here's the downside for you: users are adopting newer, personal technologies faster than IT departments can get a handle on them. Circumventing the IT department makes it irrelevant. And whatever is irrelevant doesn't last.
I'm not sure how it is that you think that you can make the jump from restricting non-work related sites from users at work to being a violations of liberties. That's a ridiculous jump there.
Regarding the latter, circumventing the IT department doesn't make it irrelevant, it just sets you up for trouble. Technology does tend to advance rather quickly, which is why companies have IT departments to begin with. Someone needs to analyze the new technology, determine how it could affect the business direction, determine whether it can help the business be more effective, and how best to integrate the technology into their existing infrastructure and then support it afterwards. Most end users don't think about those sorts of issues, so they tend to see IT as being "behind the times" or "getting in the way of progress." But what they don't recognize is that improperly implemented technology also has a cost to it, and not just in the form of failure to achieve the intended results.
A good example here is in mobile messaging. Right now the two prevalent standards are Blackberry and Outlook Mobile Access. When the issue of mobile messaging came up at my employer we had to decide which was the best way to go about it. We ended up choosing OMA over Blackberry because we already had all of the resources that we needed. It's fully integrated into Exchange 2003 and Outlook Web Access, so no extra licenses were required and configuration was easy. Also, most carriers in the US sell OMA-capable smartphones/PocketPCs. On the other hand, Blackberry requires a separate server application which usually runs on it's own server. Also, the number of carriers providing Blackberry capable devices is more limited.
Of course, after we selected, announced, and implemented OMA there were still people in the organization who went out and bought Blackberry devices, then got angry with us when we wouldn't support them. Mainly they were upset because the sales rep who had sold them the phone told them that it worked with Exchange. Of course, what they didn't tell them was that it required Blackberry Enterprise Server or a client to be installed on the PC that ran all the time with Outlook open that forwards mail over the Internet in order to get it to work with Exchange. Which meant that even if the end users DID circumvent IT by installing the client on their PC, the "road warrior" types with laptops still never got their mail forwarded because their laptops where in their bags.
The problem is, most end users take the same sort of attitude that you do, i.e., IT is screwed up, we'd be better off without them, they don't do anything to add value. But that's because most end users don't have the slightest idea what it is that IT departments do (and of course, there are undoubtedly a few bad IT departments). There have been increasing regulations applied to businesses and government entities regarding data security, especially in the area of protection of private data. When end-users try to circumvent the IT department, they compromise security.
A computer security breach at a company that results in loss of customer data, (names, addresses, SSNs and credit card numbers) could result in a huge PR issue, not to mention fines, fees for credit monitoring for their customers and legal costs. Not to mention the legal penalties that could be imposed for failing to comply with SOX or HIPAA.
And I don't think that anyone reasonable expects that by blocking some sites they will be able to eliminate all "goofing off" at work, or all web-based security risks for that matter. There is no such thing as a 100% effective solution for most needs, but there are some good solutions that greatly mitigate the risks and make it much harder for people to goof off/compromise the network. Mostly it's about raising the bar. If you can deter casual goofers, then the only people who will be goofing off will be people willing to make a concerted effort to circumvent IT policies and systems, and those are definitely the sort that you don't want around. If you can prevent the most common (and simple) malware infection vectors, you can eliminate a huge security risk.
A great example: at that hospital where I worked our helpdesk staff was constantly having to deal with computers that were malfunctioning due to spyware/malware infections. Users had wide-open Internet access and were downloading software (even though that was a violation of the AUP), as well as inadvertantly getting systems infected. The Helpdesk techs were each spending a 2-3 hours a day to rebuild and redeploy systems that had been compromised, or otherwise cleaning up infected machines. After we implemented web filtering we were able to almost totally eliminate these infections. Afterwards they very rarely had to deal with a spyware infection or rebuilding PCs that were bricked from malware. The total time savings for that department was nearly 40 hours per week. That's one FTE that could be freed up to work on other, more important projects.
Why is it that you keep ignoring the security implications in your responses? Is it because you know that you don't have an argument against it? Because the security issue on it's own warrants use of web filtering. You could completely throw out the argument about people goofing off, creating a hostile work environment, etc, and best security practices would still dictate that you filter web access.
![[noevil]](/data/assets/smilies/noevil.gif "[noevil] [noevil]")