lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 6 Jun 2007 11:25:48 -0400
From: "matthew wollenweber" <mwollenweber@...il.com>
To: "J. Oquendo" <sil@...iltrated.net>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: You shady bastards.

I'm certainly not a laywer, but the below cases refer to an employer and
employee relationship. That isn't the case here and is likely an important
distinction. You're also assuming that while he was an employee he consented
to monitoring and had no expectation of privacy. While that is generally
true, it may not be.

I've been involved in a few employer/employee investigations. The subject is
always legally sensitive and the legal department is generally a huge
player. The method of collection, the information that's collected, and the
purpose of the collection are always significant factors. Generally there
has to be a reasonable effort not to intentionally invade the employee's
privacy. That's a bit contradictory but in the 4-5 situations I've been
involved in that has always been the case.

In the case above, it appears that the former employer is intentionally
maintaining the email address and monitoring it for the purpose of obtaining
information unrelated to business needs.

Going back to hdm's original comment "Illegal or not, this is still pretty
damned shady" and definitely unethical.


On 6/6/07, J. Oquendo <sil@...iltrated.net> wrote:
>
> Tim wrote:
> >> Why would it be illegal if his former employer accessed his email using
> >> this method. The information going to their network is considered their
> >> property and they could do as they see fit.
> >>
> >
> > This is a poor assumption.  See the Wiretap Act and the Electronic
> > Communications Privacy Act.  Of course these are just US laws, but it
> > seems this is the scenario we're discussing.
> >
> > tim
> >
> >
>
> Spare me and the list...
>
> / * SNIPPED * /
> What about an employer's right to read e-mails as
> they come in? As they hit the inbound server? ...
> If the e-mail is not subject to the consent of
> all parties, and one of the parties (either the
> sender or recipient) lives in a jurisdiction
> that mandates all party consent, then this could
> be an unlawful interception under state law.
> (Federal law requires only one party consent.)
>
>
> http://www.securityfocus.com/print/columnists/412
>
> *NOTE Federal Law*
> /* END SNIP * /
>
> Or search ... Nancy K. Garrity, et al. v. John Hancock Mutual Life Ins. Co
>
> And no I won't bother with US v. Councilman
>
> --
> ====================================================
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> echo infiltrated.net|sed 's/^/sil@/g'
>
> "Wise men talk because they have something to say;
> fools, because they have to say something." -- Plato
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


-- 
Matthew  Wollenweber
mwollenweber@...il.com | mjw@...erwart.com
www.cyberwart.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists