Home page logo
/

basics logo Security Basics mailing list archives

Re: Securing workstations from IT guys
From: Patrick J Kobly <patrick () kobly com>
Date: Thu, 29 Nov 2007 11:52:11 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Owen wrote:
On Nov 28, 2007 1:11 PM, Petter Bruland <pbruland () fcglv com> wrote:
I think installing key logger software is stepping over the line.
Although it's company assets, isn't there some sort of privacy law that
makes this illegal?

-Petter

As long as there is a policy in place signed by the employee, their is
no expectation of privacy. 

Thoroughly incorrect with respect to at least some jurisdictions.

The determination of whether you have a reasonable expectation of
privacy (which is [one of] the Constitutional test(s) [in the US] for
governmental search and seizure) is a finding of fact that relies on
more than just written policy and contracts.

Mark Rasch (at http://www.securityfocus.com/columnists/456) writes about
United States v. Warshak (on appeal 6th circuit), discussing this point.

Dismissing out-of-hand with "no expectation of privacy" is highly
unwise.  Your expectations of privacy are not so simple.  You have
different expectations of privacy with respect to different entities.
You have different expectations of privacy with respect to the different
uses that entities will make of your potentially private data...

This is an issue that those who draft policies, processes and employee
communications will really have to start taking seriously.

If their is no signed agreement, then yes
there may be restrictions in place by law.  Most companies have the
clause within an employee handbook that new employees must read, sign,
and adhere to.

The existence of a "reasonable expectation of privacy" is a finding of
fact.  Contracts and written policy do not in and of themselves obviate
all other factors in determining whether such an expectation exists.

PK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHTwpbCODE1AJ6UNoRAmAxAJ9tHW5hdvKuRJpVdBbBqWK97gNe3QCfQiUF
HYpo8zJApYUmwEHAi80D5MY=
=pLev
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]