Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: You shady bastards.
From: Tim <tim-security () sentinelchicken org>
Date: Wed, 6 Jun 2007 09:58:44 -0400


Is this illegal? I could see reading email addressed to him being within 
the bounds of the law, but it seems like trying to download the "0day" 
link crosses the line.

It might be.  The ECPA prohibits this kind of behavior unless one of
several exceptions applies.  Typically, employers will require users to
consent to monitoring, thereby activating an exception.  However, if
this employee is no longer working there, the exception may have expired
along with their employment contracts (NDAs, non-competes, AUPs, etc).

It all depends on what this employee signed.

Oh, in addition, even if this employee is technically still consenting
to this monitoring, the administrator who is doing the monitoring must
have authorization by the company for it to be legal.  If they are going
off and doing it on their own, then they aren't covered by the
exception, from what I understand.

Illegal or not, this is still pretty damned shady.




Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]