Re: monitoring remote access

[Jack Dingler <jdingler () texas net>]

If the company undertakes the actions to monitor, log or prevent these acts from
occurring, then they probably are liable if they fail in preventing an illegal
activity undertaken by an employee operating on personal time.  Prodigy was an
excellent test case for this sort of litigation and liability.  They actively
worked to prevent misuse of their network and so were held liable when they
failed to provide 100% security.

I can see Daniel Djundek's company setting themselves up the same way.  Once
they declare themselves to be in the monitoring business, they'll likely be
liable for their employees actions. If one employee does hack a network and get
caught, he/she may argue that the company didn't take sufficient steps to stop
them.  Because the company would've actually had failed in preventing the attack
they may be liable for damages that the employee caused.  Since it's likely that
the monitoring company has deeper pockets than the employee, it's likely that
the bulk of the suit would be directed toward them.

The argument sounds stupid to me, but evidently, it's good enough to earn
attorney's many $$$ in fees, even if the case falls flat on it's face.

I'm not an attorney, nor do I play one on TV, but I have followed a few cases
with these circumstances, and it appears that Daniel's company is trying to get
sued.  They need to monitor and control their employees actions 100% or go 0%
and simply require that the employees sign a waiver of liability and distance
themselves from the obligation.

Jack Dingler

Robert Driscoll wrote:

> I'm not sure if this question has been asked, but does a company have
> any liability for employee actions on the internet? My company has a
> policy in effect that asks the employee to not use company resources to
> perform 'unsavory acts' on the internet. The policy uses the honor system
> and the fact that everyone goes through a firewall and all that activity
> is logged is a perhaps a deterrant.
>
> Recently an executive at a well known Internet company in Seattle was
> arrested by the FBI for 'minor luring'. Although he is facing charges
> I don't believe the company has any liability.
>
> -----Original Message-----
> From: owner-firewall-wizards () lists nfr net
> [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Jack Dingler
> Sent: Wednesday November 10, 1999 8:02 AM
> To: Daniel Djundjek
> Cc: firewall-wizards () nfr net
> Subject: Re: monitoring remote access
>
> The company could hire a private investigation firm to monitor their
> activities.
> This would also allow the company to monitor their physical activities too.
> The
> company would immediately be informed if an employee gets an unsavory
> tattoo,
> has body hair removed, or is engaging in an extramarital affair.  Anything
> the
> company needs to know about the private lives of their employees, could then
> be
> discussed in company meetings.
>
> Jack Dingler
>
> Daniel Djundjek wrote:
>
> > Dear all,
> >
> > A strange request was put to me....
> >
> > A company is setting up a number of dial up accounts via an isp for their
> > employees able to work at home.  Now since they are dialing in via an isp
> > and not directly in to the main office, the company would like to monitor
> > the employees activity to ensure they are not doing anything
> unsavoury(porn,
> > hacking, abusing company privelidges).
> >
> > Does anyone know of any 3rd party tools which can send alerts to a central
> > location for users on a dial up account.  The dynamic ip allocation would
> be
> > a problem but is there anything which can cope with this type of request??