RE: web monitoring tool

["Ken Kousky" <kkousky () ip3inc com>]

Doug - great summary but since this thread has raised so many branches
it's clearly an area many of us are still seeking more definitive
materials.

Several earlier comments raised the question of an individual's
reasonable expectation of privacy. One of the biggest variables here is
"from whom" we seek privacy. Many of the laws raised in discussions of
privacy relate to the states ability to initiate surveillance which is
changing as we focus on hunting out potential terrorists under our beds.


Indeed, it is my understanding that many of the relaxations of privacy
protections from the government are being extended to corporations if
they simply suspect somebody (not limited to employees, could be
customers) of being one of those under-the-bed terrorists. Traditionally
there is a big difference between privacy from the state vs from the
managers and owners of corporate systems but these lines are being
changed continually.

For example, it looks like wiretapping restrictions have mostly been
focused on government monitoring so I'm also not clear how wiretapping
restrictions apply to private activities of a company. And I still don't
know from all the discussions on this where they apply w.r.t. web/email
monitoring.

We also talk a lot about the employee's privacy rights but what about
somebody outside the company sending very personal information to
somebody inside the company - is it sender beware, your recipient may
lack privacy? Does the sender have rights to "expectations of privacy"
when they send an urgent message to somebody at work?

The key here is that case law evolves and relevant legislation is
changing. States are active here too, so we may have differences in
local jurisdiction.

Finally, HIPAA and GLBA are really targeted at privacy as well. It's
possible that active monitoring of internal email may expose medical or
financial records in unexpected and/or unintended ways creating new
liabilities.

So, we can remain diligent but some definitive references sure would be
useful. The law school links so far seem to have provided the best
guidance but more materials written for non-lawyer technicians would be
appreciated.

Maybe we should move to a privacy list?

KWK

-----Original Message-----
From: Douglas K. Fischer [mailto:fischerdk () purefm net] 
Sent: Friday, April 11, 2003 11:09 PM
To: security-basics () securityfocus com
Subject: RE: web monitoring tool


----------------------------------------------------------------


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------