Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: You shady bastards.
From: "matthew wollenweber" <mwollenweber () gmail com>
Date: Wed, 6 Jun 2007 11:25:48 -0400

I'm certainly not a laywer, but the below cases refer to an employer and
employee relationship. That isn't the case here and is likely an important
distinction. You're also assuming that while he was an employee he consented
to monitoring and had no expectation of privacy. While that is generally
true, it may not be.

I've been involved in a few employer/employee investigations. The subject is
always legally sensitive and the legal department is generally a huge
player. The method of collection, the information that's collected, and the
purpose of the collection are always significant factors. Generally there
has to be a reasonable effort not to intentionally invade the employee's
privacy. That's a bit contradictory but in the 4-5 situations I've been
involved in that has always been the case.

In the case above, it appears that the former employer is intentionally
maintaining the email address and monitoring it for the purpose of obtaining
information unrelated to business needs.

Going back to hdm's original comment "Illegal or not, this is still pretty
damned shady" and definitely unethical.


On 6/6/07, J. Oquendo <sil () infiltrated net> wrote:

Tim wrote:
>> Why would it be illegal if his former employer accessed his email using
>> this method. The information going to their network is considered their
>> property and they could do as they see fit.
>>
>
> This is a poor assumption.  See the Wiretap Act and the Electronic
> Communications Privacy Act.  Of course these are just US laws, but it
> seems this is the scenario we're discussing.
>
> tim
>
>

Spare me and the list...

/ * SNIPPED * /
What about an employer's right to read e-mails as
they come in? As they hit the inbound server? ...
If the e-mail is not subject to the consent of
all parties, and one of the parties (either the
sender or recipient) lives in a jurisdiction
that mandates all party consent, then this could
be an unlawful interception under state law.
(Federal law requires only one party consent.)


http://www.securityfocus.com/print/columnists/412

*NOTE Federal Law*
/* END SNIP * /

Or search ... Nancy K. Garrity, et al. v. John Hancock Mutual Life Ins. Co

And no I won't bother with US v. Councilman

--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g'

"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Matthew  Wollenweber
mwollenweber () gmail com | mjw () cyberwart com
www.cyberwart.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]