[Full-disclosure] You shady bastards.

Wed Jun 6 16:25:48 BST 2007

I'm certainly not a laywer, but the below cases refer to an employer and
employee relationship. That isn't the case here and is likely an important
distinction. You're also assuming that while he was an employee he consented
to monitoring and had no expectation of privacy. While that is generally
true, it may not be.

I've been involved in a few employer/employee investigations. The subject is
always legally sensitive and the legal department is generally a huge
player. The method of collection, the information that's collected, and the
purpose of the collection are always significant factors. Generally there
has to be a reasonable effort not to intentionally invade the employee's
privacy. That's a bit contradictory but in the 4-5 situations I've been
involved in that has always been the case.

In the case above, it appears that the former employer is intentionally
maintaining the email address and monitoring it for the purpose of obtaining
information unrelated to business needs.

Going back to hdm's original comment "Illegal or not, this is still pretty
damned shady" and definitely unethical.

On 6/6/07, J. Oquendo <sil at infiltrated.net> wrote:
>
> Tim wrote:
> >> Why would it be illegal if his former employer accessed his email using
> >> this method. The information going to their network is considered their
> >> property and they could do as they see fit.
> >>
> >
> > This is a poor assumption.  See the Wiretap Act and the Electronic
> > Communications Privacy Act.  Of course these are just US laws, but it
> > seems this is the scenario we're discussing.
> >
> > tim
> >
> >
>
> Spare me and the list...
>
> / * SNIPPED * /
> What about an employer's right to read e-mails as
> they come in? As they hit the inbound server? ...
> If the e-mail is not subject to the consent of
> all parties, and one of the parties (either the
> sender or recipient) lives in a jurisdiction
> that mandates all party consent, then this could
> be an unlawful interception under state law.
> (Federal law requires only one party consent.)
>
>
> http://www.securityfocus.com/print/columnists/412
>
> *NOTE Federal Law*
> /* END SNIP * /
>
> Or search ... Nancy K. Garrity, et al. v. John Hancock Mutual Life Ins. Co
>
> And no I won't bother with US v. Councilman
>
> --
> ====================================================
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> echo infiltrated.net|sed 's/^/sil@/g'
>
> "Wise men talk because they have something to say;
> fools, because they have to say something." -- Plato
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

-- 
Matthew  Wollenweber
mwollenweber at gmail.com | mjw at cyberwart.com
www.cyberwart.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070606/a2fea270/attachment.html 