Roy Schestowitz wrote:
> Study: Companies snooping on employee e-mail
>
> ,----[ Quote ]
> | According to a new study, about a third of big companies in the United
> | States and Britain hire employees to read and analyze outbound e-mail as
> | they seek to guard against legal, financial or regulatory risk.
> `----
>
> http://www.cnn.com/2006/TECH/internet/06/05/email.snooping.reut/index.html?section=cnn_tech
This is a regulatory requirement in brokerage firms, where brokers
are expected to monitor traffic that might include disclosure of
insider information. These same 'watchers' are often sold to other
industries. Lotus Notes is deliberately designed to provide auditing
of the e-mail so that illegal disclosures and insider trading can be
monitored and prosecuted if necessary.
Many companies also keep logs of web sites visited, and intercept POP
and NNTP traffic in the routers.
Ironically, use of indecipherable encryption is also a termination
offense in some of these environments.
Keep in mind that there are also restrictions and regulations on what
can and cannot be done with the information gathered. For example,
personal e-mail that is not illegal (copyright violations, insider
trading, passing information to facilitate criminal acts, solicitation
of minors...) may not be used for such things as termination of
employees, denial of promotions, or to commit illegal acts such as
blackmail or extortion.
Even when criminal acts are committed via e-mail, there needs to be
sufficient probable cause for a search warrant or a court ordered
disclosure order before the e-mails can be used as evidence in a court
of law. Even then, there are some pretty strict guidelines on how the
e-mail archives can be used. The orders cover specific subjects and
often specific recipients and senders. Only those e-mails can be used
in court, and often the requested e-mail is very strictly filtered.
Criminal investigators have to be extra careful to prevent the
accidental discovery of unrelated criminal activities because the
unwarranted disclosures would be "poison fruit".
The ticklish issue is the "anonymous informant" tips. For example, if
a system administrator is reviewing e-mail to find indications of
insider trading as part of a court order or regulatory act, and happens
to see an e-mail soliciting a minor, and that administrator calls the
police and drops the name and suggests the search, it could appear to
the police that the tip was given by someone who had personal
information. For example, the suspect had said something to the
informant. If it turns out that the informant is discovered to be a
system administrator reporting information collected in an unwarranted
search, then the entire case could be dismissed and couldn't be
prosecuted due to double jeopardy law.
Keep in mind that this is United States law, and even the example given
is probably better discussed by lawyers.
In Linux administrator certification exams, the issues of reviewing
e-mail are included in the examination - including the SAIR Linux
certification.
|
|
