lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 6 Jun 2007 14:06:34 -0400
From: Tim <tim-security@...tinelchicken.org>
To: blah <blah@...kogre.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: You shady bastards.

> It seems there's a presumption that an employee, when he leaves, still owns
> that email address that the former employeer provided.  I do not believe
> that's the case, anymore than the ex employee owns the cell phone provided
> by the former employer.
> 
> If a call comes into the cell phone of the former employee, or a voice mail
> is left on that phone of the former employee, the employer, to my knowledge,
> is in no way prohibited from listening to that message, and that is not
> considered wiretapping, interception, or anything else.
> 
> I think we're conferring way too many rights to someone who no longer works
> for the company.  If this were personal information sent to the old address,
> the vast majority of companies make it clear that work assets are for work
> purposes only, any other usage is not permitted, and electronic
> communications are monitored.
> 
> But bottom line: the guy had no rights to an email address he no longer had
> access to and never owned and I doubt anyone would win a case otherwise in a
> court of law.

That's an interesting point.  Not sure how that aspect of it would be
interpreted against the ECPA, and Wiretap Act, and other related laws.
While a consent exception may no longer apply, in a way the
communications weren't sent to them anymore, since they don't exist
at the company.

In any case, J. Oquendo's obsessive linking has convinced me that this
probably wouldn't be illegal due to non-provider exceptions, even
without consent.

Sorry H.D., it most likely isn't illegal.

tim

P.S. - Once again, IANAL

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ