network monitoring

Norm maillist at
Wed Jun 6 17:02:52 UTC 2007

Ed Greshko wrote:
> Les Mikesell wrote:
>> Anne Wilson wrote:
>>> On Wednesday 06 June 2007 12:16:34 Andy Green wrote:
>>>> Yep no doubt.  But what does it mean?  It's now a reasonable duty
>>>> expected of the company to read all the employee traffic and you are
>>>> negligent if you're not doing it?  Don't worry it's just a rhetorical
>>>> question.
>>> No, there's no obligation to do that - it's just that if you don't you
>>> can be imprisoned for the behaviour of your employee.  I doubt if any
>>> company routinely monitor like that, but if it was suspected that
>>> someone was using company time and bandwidth for an illegal purpose,
>>> it would certainly be sensible to monitor that person's activities for
>>> a time.  It's not something I ever needed to do, but I can see that it
>>> could happen.
>> I don't think there is anything new or special about email here.  A
>> company can't knowingly allow any of their equipment to be used for
>> illegal purposes.  What would you do if you thought an employee was
>> making bomb threats from a company phone?
> NBIALH....  (No Body Is A Lawyer Here) .... But sure, a company can
> knowingly allow their equipment to be used for illegal purposes.  Sure, I
> can tell you how to snoop on your users.  Will your actions be legal?  Will
> my telling how to do it be legal?  Damed if I I remain silent on
> the issue.
> You go figure it out and be responsible for your actions in the jurisdiction
> within you live.
As Ed has pointed out the legal position on monitoring is very complex 
and varies from jurisdiction to jurisdiction.   From what I have been 
able to determine there is very little case law to really have a good 
idea how courts would rule in any jurisdiction.  What is out there seems 
at times to contradict itself, probably because few lawyers and fewer 
judges understand the issues and what is possible.  One interesting case 
in point is the handling of VOIP as part of the old Telco systems phone 
conversations did not need to recorded and saved, requiring all data to 
be saved then VOIP conversation are included in the net. Requiring a 
company to save VOIP conversation but not requiring the competitor down 
the road to save their regular telco conversations creates a very uneven 
playing field. 
Depending on which court and how they rule the operators of public hot 
spots and other public access points are in a frighteningly dangerous 
position,  Even worse if someone hacked into your presumably secure 
wireless access point there is the potential for you to be held libel if 
you could not prove beyond a court level of proof it came from outside 
your network and you had done every possible thing to prevent 
unauthorized use.  The whole area is a minefield that will take a number 
of years to sort out  before there can be very clear guidelines established.
I had looked at setting up a series of hot spot locations but gave up 
when I realised the process could be come very onerous for the users and 
the actual operators if appropriate precautions were taken.
In the last 10 years or so IT has opened up a myriad of security and 
privacy issues that will take years to stabalise, probably the first 
step is educating the typical user to implement a reasonable level of 
security and protection - a level that most of us on this list know well 
and hopefully are examples of reasonable precautions.

More information about the fedora-list mailing list