An interesting perspective, Andy. I was describing, however, both the
spirit *and* the letter of the ECPA, as supported by original Senate
hearings on the bill and the subsequent interpretation of numerous Federal
courts. You are describing, perhaps, the spirit of a law you *wish* to
exist, or a personal "moral law" centered on your prerogatives as an
employer, either of which, by definition, would be "so much easier" for you
to observe.
You are obviously welcome to such opinions, and I actually don't disagree
with your general conclusion that non-productive use of business assets is
questionable. But I must say I'm happy that there are laws on the books
that protect employees that do not have the economic privilege to "go get
[their] own," in your words, from employers who take supremem advantage of
their employees, then plead that their employees have always had "job
mobility." Luckily for anyone who works for such employers, the Americans
with Disabilities Act, the Family and Medical Leave Act, and the Civil
Rights Acts, to name just a few, are on the books rather than
employer-centric alternatives.
Sandy
P.S. Ironically, if you read my message again, you'd probably find that
your views regarding "policy" coincide quite well with the intent of the
ECPA. As I mentioned early on, the Consent Exception states that, in
essence, if you've published a detailed privacy policy and made sure that
everyone's signed it, you can use any surveillance methods noted in said
document, under circumstances noted in said document. It's surveillance
without prior notice which is proscribed. In other words, as long as your
policies make it from your mind to paper, you can get away with a lot--but
simple gut feelings about employers' rights won't stand up in court. This
is why employers need to--yes--hire a lawyer and draw up a policy from the
get-go that indemnifies them from charges of unwarned intrusion and still
lets them poke their noses in as necessary to keep their businesses running
securely and efficiently.
At 11:54 PM 6/17/2001, you wrote:
>Hmm...this is exactley the problems with law and lawyers in general...
>
>Therein is the difference between the "spirit" of the law and the
>"letter" law.
>
>Ok, so now we know the "letter" of the law..
>
>The "spirit" is so much easier. I am the company, and while you are
>using my equipment while you are at work, it is up to me how that
>equipment will be used.
>
>If it is a company truck....If I say no stop offs at Arby's, then there
>are no stop offs at Arby....If it is my email system, and I say no
>personal use, then that's how it is. If you don't like it, get a job
>somewhere else.
>
>This is still a *free* country (or is it?) and what goes on in my
>company is up to me. I am *paying* you to do things *my* way. If you
>don't like that, you can grin and bear it, work for someone else or
>start your own company and then *you* can dictate policy.
>
>There...that is the "spirit" of the law....for you to just assume you
>can take the company delivery truck and do whatever you want with it is
>absurd... Whatever happened to a little horse sense?
>
>Anybody that is using the company *anything* for *anything* but the
>betterment of the company *deserves* to get fired or whatever....I don't
>have much sympathy for people that get in trouble for abusing a
>system...as if they don't already know better...
>
>If you want to have a delivery truck to do whatever you want...go get your
>own...don't assume liberty with mine... Stick to business while at work
>and there are no problems. We are so hung up on the rights of the
>employee...what about my rights as the employer to expect you to be
>doing what I am paying you to do...like work? Seems to me that you are a
>common thief if you are taking my paycheck, but are wasting company time
>or resources for your own petty BS...
>
>I hope this adds a little perspective to this *not so tricky* moral
>question.... This person deserves to be blown is as what they were
>doing was immoral and unethical....let the lawyers fight out the legal
>stuff.
>
>Thanks, andyb
>[EMAIL PROTECTED]
>
>Sunday, June 17, 2001, 8:55:49 PM, you wrote:
>
>SW> All,
>
>SW> I know the original poster seems to have moved on, but here is a legal
>SW> mini-backgrounder from a law student who's done assistantships on several
>SW> IP cases involving e-mail privacy (I think some responders were sorely
>SW> underinformed about the complexity of an employer's "ownership" of data
>SW> generated by and stored on their systems--it's not so simple):
>
>SW> E-mail communications is governed by the Electronic Communications
>Privacy
>SW> Act (ECPA) of 1986. ECPA explicitly prohibits (like a trailing "deny
>all"
>SW> in an ACL) the real-time interception, off-line access, and subsequent
>SW> disclosure of e-mail, with the following exceptions:
>
>SW> - CONSENT EXCEPTION (CE): This exception states that when a single party
>SW> involved in said communications has consented to the interception or
>access
>SW> before it occurs, the prohibition does not apply. The provider of the
>SW> service itself (IT dept, ISP, telco) does NOT constitute a party under
>the
>SW> law, BUT both ends of the convo, sender and receiver, are parties whose
>SW> consent makes the whole convo eavesdroppable. You can think about many
>SW> consequences of single-party consent: for instance, if someone is sending
>SW> corporate secrets to someone at another company, but the receiving
>SW> company's management is secretly cooperating with the sender's management
>SW> in order to nab the sender (maybe a good-faith gesture!), the comms
>may be
>SW> monitored without much of a legal hangup. The CE directly applies to
>SW> published and agreed-upon (through clicking on "Yes" on login, etc)
>SW> corporate communications policies, which is why they're so
>important. (In
>SW> the world at large, single-party consent is also what allows you to
>SW> surreptitiously tape a conversation with just about anyone you want--as
>SW> long as you are really IN the convo and not just sitting quietly as a
>third
>SW> party--but separate regs apply to what you DO with the recording, of
>course.)
>
>SW> The CE does leave room for "implied consent," but the precedents are
>rather
>SW> fuzzy. It is not enough, under this exception, to assume that employees
>SW> "just know" that an employer is watching...for the CE, there generally
>have
>SW> to be policies published in some form regardless, but implied consent
>SW> allows for some flexibility in what constitutes "approval," i.e. whether
>SW> you kept working at a company after you knew of their policy, even if you
>SW> never actually signed anything, or whether you could have been
>expected to
>SW> have heard an announcement made over the PA on a given day.
>
>SW> - ORDINARY COURSE OF BUSINESS EXCEPTION (OCBE): This exception states
>that
>SW> the prohibition does not apply if the employer's actions can be perceived
>SW> as "in the ordinary course of business." You might think that this is a
>SW> catch-all, but case law suggests it is not so. The question here is
>SW> whether the scope of an employer's surveillance realistically reflects
>the
>SW> danger to the employer's business. For instance, recording all calls
>made
>SW> to and from a MacDonald's franchise without telling the employees
>would not
>SW> generally be legal, precedents suggest...but supposing that the franchise
>SW> were the one in NYC in which several employees were murdered last year
>SW> during an inside-job robbery, the courts would probably see it
>SW> differently. Again, if the CE does not apply, meaning that an
>employer has
>SW> effectively taken no action to alert employees to corporate surveillance,
>SW> the OCBE will NOT always fill in the gap.
>
>SW> - SYSTEM PROVIDER EXCEPTION (SPE): This one exempts "system providers"
>from
>SW> the prohibition, which has been variously interpreted as only including
>SW> commercial providers such as ISPs and as covering the whole range of
>public
>SW> and private infrastructure providers. This is a big one, but it really
>SW> hasn't been tested enough in court to warrant a clear
>SW> preceding interpretation. In one big case, a defendant specifically
>used
>SW> the lack publicized corporate policy to win a first trial, then lost on
>SW> appeal due to SPE.
>
>SW> - CONTEMPORANEOUS REQUIREMENT EXCEPTION (CRE): This exception does not
>SW> appear in ECPA, but several courts have interpreted the ECPA to suggest a
>SW> fourth exception that is quite inflammatory and appears to give
>employers a
>SW> "back door," provided they conduct themselves from the outset with the
>CRE
>SW> in mind. Basically, the CRE says that e-mails no longer in transit (i.e.
>SW> on backups) are completely exempted from all surveillance
>SW> prohibitions. Interesting, eh? But remember that if the ECPA has been
>SW> violated as regards a given employee, it won't matter that the same
>company
>SW> LATER abided by the ECPA, using the CRE as their targeted
>exception. Once
>SW> an employer has violated the act, it is liable for that violation,
>SW> regardless of subsequent by-the-books activity, and most employers would
>SW> not want to be involved in a suit-and-countersuit matter.
>
>SW> With all the differing interpretations of the ECPA, you'd think that
>SW> Congress would've found a more up-to-date and clearer successor to it,
>but
>SW> an attempt in 1993 failed, as did several others, so the ECPA still
>SW> stands. One would also want to look into any employment contracts signed
>SW> by those whose messages he intercepted, as there's a possibility that
>these
>SW> detailed a corporate hierarchy (they are/were directors, he a
>sysadmin) in
>SW> which their communications were explicitly deemed confidential and
>thus to
>SW> be shielded from those lower on the totem pole...such provisos are
>SW> sometimes built into executive contracts to protect an executive team
>from,
>SW> for instance, the trickle-out of the truths behind "morale-boosting"
>SW> (mis)representations of a company's cash situation. If this contingency
>SW> existed in their contracts, the mere act of "peeking" done by anyone
>other
>SW> than the directors' managers could have been a contract violation;
>this is
>SW> a good reason to use an automated content checker which would forward
>SW> messages to the higher-ups without human intervention, as then management
>SW> is doing the hands-on work.
>
>SW> On another note (sorry to run on), Dan introduced the concept of
>"libel" in
>SW> one of his posts--I don't know what the exact text of the e-mail was, but
>SW> be aware that insults and epithets, like "Sandy's the most arrogant
>SW> sysadmin I've ever seen," that don't really have objective true/false
>SW> qualities, usually can't be libelous. If provable facts are
>SW> misrepresented, like "Sandy's late every day," there may be a
>case. Also,
>SW> as for the idea of Dan's neglecting to forward the inflammatory e-mail
>SW> being itself criminal, this is unlikely--failure-to-report cases
>SW> necessitate knowledge that a felony is being committed, and it should be
>SW> obvious that, given that he is a techie and not a lawyer, Dan could not
>SW> reasonably be expected to "know" this; IP infractions, though they may be
>SW> felonious, are much harder for the average person to pinpoint than, say,
>SW> child abuse or rape. On the other hand, speaking strictly in terms of
>SW> grounds for dismissal, COMPANY policy might punish the failure to
>report a
>SW> breach of security or usage policies.
>
>SW> Well, the upshot of all of this is, as many noted, "Get a lawyer." There
>SW> simply is not enough case law out there, especially not at the Supreme
>SW> Court level, to draw privacy-related conclusions based on the data
>that Dan
>SW> provided. I would welcome further discussion of such topics in this
>forum,
>SW> though some pure-techies might object, and I'd be happy to recite some
>SW> interesting case law.
>
>SW> Best,
>
>SW> Sandy
>
>SW> P.S. One would also wonder whether or why Dan used his real name on this
>SW> ML...I don't know if anyone's serving up archives anywhere...
>
>SW> At 01:13 AM 6/16/2001, you wrote:
> >>Dan you have Subject Matter Authority. you can speak as to when, where,
> >>how, but not why.
> >>
> >>leave that to line authority, it keeps your algorithmic problem solving
> >>wisdom pure.
> >>
> >>you're not a sellout if you go to mgmt. with it. go to the first line
> >>immediately above you.
> >>if God forbid you are somehow harmed in this, first realize, email admins
> >>are still not walking around with will work for food signs: a company that
> >>burns me for being honest just lost valuable talent, and a large piece of
> >>their own credibility in the business community, because i'm very frank
> >>about my long history of personal failure in an interview. in my
> experience,
> >>documentable failure pays better than undocumentable success.
> >>i have to assume that they'll check my references. my amateur advice?
> what
> >>would i do? bang on the piano a while then pray or meditate, get some
> peace
> >>first.
> >>
> >>get some legal advice, pay for it if you have to upfront, your good name is
> >>priceless. if they hear you, you've gained your adversary's heart and
> mind.
> >>if they don't, they weren't worth having at any rate of pay. this is my
> >>last raving lunacy on this thread, it's becoming like kicking a dead whale
> >>down the beach. cumbersome and tiring. help yourself man, get a lawyer.
> >>i hope i don't ever find out what you're going through. it sounds rough.
> >>help yourself quick, then others will join in and help you.
> >>----- Original Message -----
> >>From: "Dan Evans" <[EMAIL PROTECTED]>
> >>To: <[EMAIL PROTECTED]>
> >>Sent: Thursday, June 14, 2001 07:14 PM
> >>Subject: Re: [IMail Forum] A tricky moral problem
> >>
> >>
> >>|
> >>| ----- Original Message -----
> >>| From: "Patrick Mathews" <[EMAIL PROTECTED]>
> >>| To: <[EMAIL PROTECTED]>
> >>| Sent: Thursday, June 14, 2001 2:38 PM
> >>| Subject: RE: [IMail Forum] A tricky moral problem
> >>|
> >>|
> >>| > pray, call a lawyer, because 'coming across an email' may also raise
> >>cause
> >>| > for concern. if the mail was posted to a public forum. no problem.
> >>if
> >>| it
> >>| > was shown you by a recipient, no problem. an accidental viewing?
> >>| problem.
> >>| > accidents happen, but when they do, someone is always left holding the
> >>| > bag...
> >>|
> >>| Which is what we have here, and I have the bag at the moment :0(
> >>|
> >>| Dan
> >>|
> >>|
> >>| Please visit http://www.ipswitch.com/support/mailing-lists.html
> >>| to be removed from this list.
> >>|
> >>| An Archive of this list is available at:
> >>| http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >>|
> >>
> >>
> >>Please visit http://www.ipswitch.com/support/mailing-lists.html
> >>to be removed from this list.
> >>
> >>An Archive of this list is available at:
> >>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
>SW> Please visit http://www.ipswitch.com/support/mailing-lists.html
>SW> to be removed from this list.
>
>SW> An Archive of this list is available at:
>SW> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
>Please visit http://www.ipswitch.com/support/mailing-lists.html
>to be removed from this list.
>
>An Archive of this list is available at:
>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
