Security Basics mailing list archives
RE: Internet E-mail monitoring/approval - MONITORING
From: Gregory.Kane () hood-ctsfmail army mil
Date: Fri, 11 Apr 2003 08:29:40 -0500
Folks I am not an attorney, just someone who has had the opportunity to work in the computer security field and have faced many of the same issues. Policy development (legalities) should always be passed through an attorney. I Believe this is my main point. We can all look at the various laws and make an interpretation, but will our interpretation hold up in court? To put it another way, would you go to an auto mechanic if you needed brain surgery? I hope not! On these type of questions seek competent advice from your attorney. The following is a copy of a response email that I sent that apparently did not make a posting to the list: Ted The Department of Justice URL for the Privacy Act of 1974 as Amended is http://www.usdoj.gov/foia/privstat.htm . Another very good resource to keep a person's backside out of trouble is "Cyber Crime Investigator's Field Guide" by Bruce Middleton. Another thought is the "Electronic Communications Privacy Act" along with possible violation of First Amendment Rights. Look up on google.com. Now with that said, did the target sign any type of auditing authorization when he/she was first employed? There may be a loophole with that, but it would normally be used in conjunction with a court order - actually getting a court order. Whatever you might do, do not necessarily accept 100% of any on-line legal guidance. I am NOT providing any type of legal guidance. Always, always, check with a qualified attorney or corporate legal counsel before committing to anything. To provide initial guidance for your employer the mentioned items should help. Greg Kane So the adage is, when in doubt seek a qualified expert. Greg Kane M.S., GSEC, VAT SAIC CTSF-TD-IA Assistant Information Assurance Manager Trl- 4G (254) 532-8321 X-2032 Cell 254-865-4934 gregory.kane () hood-ctsfmail army mil "Wajid" <wajid () cerrado co To: <Gregory.Kane () hood-ctsfmail army mil>, <tfrederick () ascentek com>, .uk> <security-basics () securityfocus com> cc: 04/11/2003 01:51 Subject: RE: Internet E-mail monitoring/approval - MONITORING AM Hi Greg, interesting point. In drafting an AUP (acceptable user policy) for computer use, (for a financial company) if I say.... ================= ... The use of the technological facilities provided by Company is a privilege NOT a right. <snip, snip> Although the Company respects the privacy of its users, privacy should not be expected whilst using computers systems at the Company. Computers and email facilities are provided to help the company achieve its mission and to conduct its business efficiently. The Company reserves the right to monitor any machine at any given time either for administrative purposes, or for verifying the compliance of this agreement. This can be done without prior consent of the user. ================= Is it legal to say this? If the company forbids the use of its facilities for personal use, shouldn't it have right to the content? I have read some documents on privacy, but data such as logs of sites visited, downloaded content; you come across that on maintenance anyway... (router logs etc) isn't that classed as 'monitoring' ? If the employee has signed to such a policy, should there still be a problem? I have failed to see anything from the Information Commissions regarding this, if anyone has any links, please let me know. W -----Original Message----- From: Gregory.Kane () hood-ctsfmail army mil [mailto:Gregory.Kane () hood-ctsfmail army mil] Sent: 10 April 2003 18:16 To: tfrederick () ascentek com; security-basics () securityfocus com Subject: re: Internet E-mail monitoring/approval Ted The best answer is to get a good attorney and a court order for anywhere in the United States, or lots of money for the law suit. The Privacy Act has you on this one. Email is considered the same as personal snail mail and cannot be opened without a court order and it must be from a federal court. Greg Kane Greg Kane M.S., GSEC, VAT SAIC CTSF-TD-IA Assistant Information Assurance Manager Trl- 4G (254) 532-8321 X-2032 Cell 254-865-4934 gregory.kane () hood-ctsfmail army mil ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- RE: Internet E-mail monitoring/approval - MONITORING Gregory . Kane (Apr 12)