lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 6 Jun 2007 11:16:31 -0400
From: Tim <tim-security@...tinelchicken.org>
To: "J\. Oquendo" <sil@...iltrated.net>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: You shady bastards.

> Spare me and the list...

Spare you what?  If this is somehow off topic, please elaborate.

> / * SNIPPED * /
> What about an employer's right to read e-mails as
> they come in? As they hit the inbound server? ...
> If the e-mail is not subject to the consent of
> all parties, and one of the parties (either the
> sender or recipient) lives in a jurisdiction
> that mandates all party consent, then this could
> be an unlawful interception under state law.
> (Federal law requires only one party consent.)
> 
> 
> http://www.securityfocus.com/print/columnists/412
> 
> *NOTE Federal Law*
> /* END SNIP * /

Right, so under federal law, single party consent is sufficient.  If HD
didn't consent, and the former employee currently doesn't consent (i.e.
consent under the AUP or other agreements has expired), then it could be
illegal.  That, or if the person reading the stored communications is
not authorized by the company, then they would be personally liable.

Your conjecture that it's legal because the employer somehow owns the
communication or the networks it travels over is completely bogus. The
recipient is this email user, not the company.

> Or search ... Nancy K. Garrity, et al. v. John Hancock Mutual Life Ins. Co

Yup just looked this up.  This was thrown out because Nancy consented
under JH's email privacy policy.  I don't see how this conflicts with my
argument.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ