network monitoring
Norm
maillist at sios.ca
Wed Jun 6 17:02:52 UTC 2007
Ed Greshko wrote:
> Les Mikesell wrote:
>
>> Anne Wilson wrote:
>>
>>> On Wednesday 06 June 2007 12:16:34 Andy Green wrote:
>>>
>>>> Yep no doubt. But what does it mean? It's now a reasonable duty
>>>> expected of the company to read all the employee traffic and you are
>>>> negligent if you're not doing it? Don't worry it's just a rhetorical
>>>> question.
>>>>
>>>>
>>> No, there's no obligation to do that - it's just that if you don't you
>>> can be imprisoned for the behaviour of your employee. I doubt if any
>>> company routinely monitor like that, but if it was suspected that
>>> someone was using company time and bandwidth for an illegal purpose,
>>> it would certainly be sensible to monitor that person's activities for
>>> a time. It's not something I ever needed to do, but I can see that it
>>> could happen.
>>>
>> I don't think there is anything new or special about email here. A
>> company can't knowingly allow any of their equipment to be used for
>> illegal purposes. What would you do if you thought an employee was
>> making bomb threats from a company phone?
>>
>>
>
> NBIALH.... (No Body Is A Lawyer Here) .... But sure, a company can
> knowingly allow their equipment to be used for illegal purposes. Sure, I
> can tell you how to snoop on your users. Will your actions be legal? Will
> my telling how to do it be legal? Damed if I know....so I remain silent on
> the issue.
>
> You go figure it out and be responsible for your actions in the jurisdiction
> within you live.
>
>
As Ed has pointed out the legal position on monitoring is very complex
and varies from jurisdiction to jurisdiction. From what I have been
able to determine there is very little case law to really have a good
idea how courts would rule in any jurisdiction. What is out there seems
at times to contradict itself, probably because few lawyers and fewer
judges understand the issues and what is possible. One interesting case
in point is the handling of VOIP as part of the old Telco systems phone
conversations did not need to recorded and saved, requiring all data to
be saved then VOIP conversation are included in the net. Requiring a
company to save VOIP conversation but not requiring the competitor down
the road to save their regular telco conversations creates a very uneven
playing field.
Depending on which court and how they rule the operators of public hot
spots and other public access points are in a frighteningly dangerous
position, Even worse if someone hacked into your presumably secure
wireless access point there is the potential for you to be held libel if
you could not prove beyond a court level of proof it came from outside
your network and you had done every possible thing to prevent
unauthorized use. The whole area is a minefield that will take a number
of years to sort out before there can be very clear guidelines established.
I had looked at setting up a series of hot spot locations but gave up
when I realised the process could be come very onerous for the users and
the actual operators if appropriate precautions were taken.
In the last 10 years or so IT has opened up a myriad of security and
privacy issues that will take years to stabalise, probably the first
step is educating the typical user to implement a reasonable level of
security and protection - a level that most of us on this list know well
and hopefully are examples of reasonable precautions.
More information about the users
mailing list