Firewall Wizards mailing list archives
Re: Legal Liability under 1986 ECPA
From: "Steven M. Bellovin" <smb () research att com>
Date: Mon, 28 Jan 2002 21:05:14 -0500
In message <3C5597DF.6FAC747 () pmc-sierra com>, Jeff Newton writes:
I'm pushing my company to require a signed AUP, rather than simply posting the security policy on their intranet. I was hoping to cite specific court cases to management illustrating the consequences of not obtaining employee signage. Administrators, managment, and security analysts have supposedly been held liable for scanning/sniffing,etc actions if employee permission isn't first obtained as per the 1986 Electronic Communications Privacy Act. Does anyone have specific case references?
It's a complex question with minimal case law. I included the information I could find in Chapter 12 of "Firewalls and Internet Security" (see the URL below), but there's no clear answer. The Justice Department does recommend a warning banner, but the legal need is shakey. This is especially true for corporate nets, where the entire net and the computers on it are owned by the company, and the legislative history of the ECPA clearly shows that Congress did not intend to protect employees in that situation. That said, ask a lawyer. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Legal Liability under 1986 ECPA Jeff Newton (Jan 28)
- Re: Legal Liability under 1986 ECPA John Adams (Jan 29)
- <Possible follow-ups>
- RE: Legal Liability under 1986 ECPA Ames, Neil (Jan 28)
- Re: Legal Liability under 1986 ECPA Steven M. Bellovin (Jan 29)
- Re: Legal Liability under 1986 ECPA Jody C. Patilla (Jan 30)
- RE: Legal Liability under 1986 ECPA Jermaine Howard (Jan 30)
- RE: Legal Liability under 1986 ECPA R. DuFresne (Jan 31)