Security Basics mailing list archives

Re: Securing workstations from IT guys

From: Patrick J Kobly <patrick () kobly com>
Date: Thu, 29 Nov 2007 11:52:11 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Owen wrote:

On Nov 28, 2007 1:11 PM, Petter Bruland <pbruland () fcglv com> wrote:

I think installing key logger software is stepping over the line.
Although it's company assets, isn't there some sort of privacy law that
makes this illegal?

-Petter

As long as there is a policy in place signed by the employee, their is
no expectation of privacy.


Thoroughly incorrect with respect to at least some jurisdictions.

The determination of whether you have a reasonable expectation of
privacy (which is [one of] the Constitutional test(s) [in the US] for
governmental search and seizure) is a finding of fact that relies on
more than just written policy and contracts.

Mark Rasch (at http://www.securityfocus.com/columnists/456) writes about
United States v. Warshak (on appeal 6th circuit), discussing this point.

Dismissing out-of-hand with "no expectation of privacy" is highly
unwise.  Your expectations of privacy are not so simple.  You have
different expectations of privacy with respect to different entities.
You have different expectations of privacy with respect to the different
uses that entities will make of your potentially private data...

This is an issue that those who draft policies, processes and employee
communications will really have to start taking seriously.

If their is no signed agreement, then yes
there may be restrictions in place by law.  Most companies have the
clause within an employee handbook that new employees must read, sign,
and adhere to.


The existence of a "reasonable expectation of privacy" is a finding of
fact.  Contracts and written policy do not in and of themselves obviate
all other factors in determining whether such an expectation exists.

PK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHTwpbCODE1AJ6UNoRAmAxAJ9tHW5hdvKuRJpVdBbBqWK97gNe3QCfQiUF
HYpo8zJApYUmwEHAi80D5MY=
=pLev
-----END PGP SIGNATURE-----

Current thread:

Re: Securing workstations from IT guys, (continued)
- - - Re: Securing workstations from IT guys Ansgar -59cobalt- Wiechers (Nov 29)
    - RE: Securing workstations from IT guys Nick Vaernhoej (Nov 29)
    - Removable media Worrell, Brian (Nov 30)
    - Re: Removable media Albert R. Campa (Nov 30)
    - Re: Securing workstations from IT guys Vinny (Nov 29)
    - RE: Securing workstations from IT guys Craig Wright (Nov 29)
    - RE: Securing workstations from IT guys Frary, Brock (Nov 29)
    - RE: Securing workstations from IT guys Nick Vaernhoej (Nov 29)
    - RE: Securing workstations from IT guys Craig Wright (Nov 29)
    - Re: Securing workstations from IT guys Mark Owen (Nov 29)
    - Re: Securing workstations from IT guys Patrick J Kobly (Nov 29)
    - RE: Securing workstations from IT guys Vandenberg, Robert (Nov 28)
  - Re: Securing workstations from IT guys Brad Bendily (Nov 27)
    - RE: Securing workstations from IT guys Petter Bruland (Nov 27)
  - RE: Securing workstations from IT guys Ramsdell, Scott (Nov 27)
    - RE: Securing workstations from IT guys Craig Wright (Nov 28)
- Re: Securing workstations from IT guys cc (Nov 29)
- Re: Securing workstations from IT guys krymson (Nov 26)
- Re: Securing workstations from IT guys rohnskii (Nov 26)
- Re: RE: Securing workstations from IT guys kurt . kessler (Nov 27)
  - RE: RE: Securing workstations from IT guys David Gillett (Nov 27)

(Thread continues...)