Firewall Wizards mailing list archives
Re: Legal Liability under 1986 ECPA
From: "Steven M. Bellovin" <smb () research att com>
Date: Mon, 28 Jan 2002 21:05:14 -0500
In message <3C5597DF.6FAC747 () pmc-sierra com>, Jeff Newton writes:
I'm pushing my company to require a signed AUP, rather than simply posting the security policy on their intranet. I was hoping to cite specific court cases to management illustrating the consequences of not obtaining employee signage. Administrators, managment, and security analysts have supposedly been held liable for scanning/sniffing,etc actions if employee permission isn't first obtained as per the 1986 Electronic Communications Privacy Act. Does anyone have specific case references?
It's a complex question with minimal case law. I included the
information I could find in Chapter 12 of "Firewalls and Internet
Security" (see the URL below), but there's no clear answer. The
Justice Department does recommend a warning banner, but the legal
need is shakey. This is especially true for corporate nets, where the
entire net and the computers on it are owned by the company, and the
legislative history of the ECPA clearly shows that Congress did not
intend to protect employees in that situation.
That said, ask a lawyer.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Legal Liability under 1986 ECPA Jeff Newton (Jan 28)
- Re: Legal Liability under 1986 ECPA John Adams (Jan 29)
- <Possible follow-ups>
- RE: Legal Liability under 1986 ECPA Ames, Neil (Jan 28)
- Re: Legal Liability under 1986 ECPA Steven M. Bellovin (Jan 29)
- Re: Legal Liability under 1986 ECPA Jody C. Patilla (Jan 30)
- RE: Legal Liability under 1986 ECPA Jermaine Howard (Jan 30)
- RE: Legal Liability under 1986 ECPA R. DuFresne (Jan 31)