Re: You shady bastards.

[Tim <tim-security () sentinelchicken org>]

> Spare me and the list...

Spare you what?  If this is somehow off topic, please elaborate.

> / * SNIPPED * /
> What about an employer's right to read e-mails as
> they come in? As they hit the inbound server? ...
> If the e-mail is not subject to the consent of
> all parties, and one of the parties (either the
> sender or recipient) lives in a jurisdiction
> that mandates all party consent, then this could
> be an unlawful interception under state law.
> (Federal law requires only one party consent.)
>
>
> http://www.securityfocus.com/print/columnists/412
>
> *NOTE Federal Law*
> /* END SNIP * /

Right, so under federal law, single party consent is sufficient.  If HD
didn't consent, and the former employee currently doesn't consent (i.e.
consent under the AUP or other agreements has expired), then it could be
illegal.  That, or if the person reading the stored communications is
not authorized by the company, then they would be personally liable.

Your conjecture that it's legal because the employer somehow owns the
communication or the networks it travels over is completely bogus. The
recipient is this email user, not the company.

> Or search ... Nancy K. Garrity, et al. v. John Hancock Mutual Life Ins. Co

Yup just looked this up.  This was thrown out because Nancy consented
under JH's email privacy policy.  I don't see how this conflicts with my
argument.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/