I have not seen any CIO brave enough to tackle this issue head-on. While most of them are happy policing their own staff in IT Depts, most CIOs develop cold feet when it comes to imposing restrictions on end-users. CIOs only provide lip-service to their carefully drafted corporate Internet Usage Policy, but rarely resort to imposing the sanctions mentioned therein. If a corporate has well-defined Internet access & usage policy, there is no reason why lower-level staff should grapple with such back-room manoeuvres.