lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 06 Jun 2007 11:27:01 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: Tim <tim-security@...tinelchicken.org>, 
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: You shady bastards.

Tim wrote:
>
> Spare you what?  If this is somehow off topic, please elaborate.
>
>   
Spare me and the list legalities. One it is slightly offtopic then again 
this is fd so I retract.

That entire argument and any thread arising from what is legal and what 
is not is likelier
to be answered, dissected, studied on a legal forum.
> Right, so under federal law, single party consent is sufficient.  If HD
> didn't consent, and the former employee currently doesn't consent (i.e.
> consent under the AUP or other agreements has expired), then it could be
> illegal.  That, or if the person reading the stored communications is
> not authorized by the company, then they would be personally liable.
>
>   
Laws are not about what could or should. They're about what's written. 
In this case, he sent
an email to someone's former workplace. The worker was not there, the 
employer obviously
read the email. So the questions to ask should be 1) HD didn't give 
consent, did/does the
employer have something written to their employees which states the 
monitoring of email.
If they do, case closed there is the one party federal consent.

Secondly, did HD specify in his email any legalities of unauthorized 
reading. No.

Thirdly, you need to realize what you've stated and your 
misinterpretation of the law.
ECPA protects against INTERCEPTION. No interception occurred here, the mail
was delivered to a recipient.
> Your conjecture that it's legal because the employer somehow owns the
> communication or the networks it travels over is completely bogus. The
> recipient is this email user, not the company.
>
>   
The network is the company's and all of its communications into or out 
are property of the company.

http://www.redearthsoftware.com/email-monitoring-article.htm
Email auditing and email interception

A second distinction to make is the difference between email auditing 
(sometimes called email
monitoring), where email is checked after the actual transmission, and 
email interception (sometimes
called email filtering), where email is intercepted and checked during 
transmission.

> Yup just looked this up.  This was thrown out because Nancy consented
> under JH's email privacy policy.  I don't see how this conflicts with my
> argument.
>
> tim
>
>   
Rinse and repeat this post and my comments..


-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g' 

"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato



Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ