mailing list archives
Re: You shady bastards.
From: Tim <tim-security () sentinelchicken org>
Date: Wed, 6 Jun 2007 09:58:44 -0400
Is this illegal? I could see reading email addressed to him being within
the bounds of the law, but it seems like trying to download the "0day"
link crosses the line.
It might be. The ECPA prohibits this kind of behavior unless one of
several exceptions applies. Typically, employers will require users to
consent to monitoring, thereby activating an exception. However, if
this employee is no longer working there, the exception may have expired
along with their employment contracts (NDAs, non-competes, AUPs, etc).
It all depends on what this employee signed.
Oh, in addition, even if this employee is technically still consenting
to this monitoring, the administrator who is doing the monitoring must
have authorization by the company for it to be legal. If they are going
off and doing it on their own, then they aren't covered by the
exception, from what I understand.
Illegal or not, this is still pretty damned shady.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: You shady bastards. Jay Sulzberger (Jun 06)