Re: Cracked; rootkit - entrapment question?

[ryan () SECURITYFOCUS COM (Ryan Russell)]

On Thu, 2 Mar 2000, 1Lt Rob Lee wrote:

> You probably should get the FBI on it before you do any steps to monitor the
> SUBJECT.  There is a very thin line on what you can monitor.  The system
> administrators exception on security monitoring is just to ensure they can
> protect their systems from hacking.  As soon as you knowingly monitor a
> specific individual it is now a wiretap and you could be brought up on
> charges for doing so.  Sorry, this is true even if on your own network.

Are you certain?  Are you aware of any court case precent that has gone
that way?

I've prosecuted at least two employees at a previous job based on my
monitoring their activities.  My security policy specifically reserved the
right to do data, voice, video, and other monitoring on company owned
systems.  A judge granted me a restraining order, and later an injunction
against a former employee, based on a written deposition from me that
included statements that said I monitored the employee.

If what you say were true, doesn't that mean that Kevin Mitnick could have
Shimomura thrown in jail? ;)

Perhaps you personally are held to a higher standard, being a government
employee?

                                Ryan