1993-07-20 - Re: ANON: AP story

Header Data

From: smb@research.att.com
To: Karl Barrus <elee9sf@Menudo.UH.EDU>
Message Hash: 09662efd94388325f343f772f7cbd2584760c4e8957a3b1238bc156c98c4e35a
Message ID: <9307200118.AA24979@toad.com>
Reply To: N/A
UTC Datetime: 1993-07-20 01:19:08 UTC
Raw Date: Mon, 19 Jul 93 18:19:08 PDT

Raw message

From: smb@research.att.com
Date: Mon, 19 Jul 93 18:19:08 PDT
To: Karl Barrus <elee9sf@Menudo.UH.EDU>
Subject: Re: ANON: AP story
Message-ID: <9307200118.AA24979@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 The federal wiretap law was expanded in 1986 to prohibit
	 employers, including the government, from accessing employee
	 work computer records.  Under the law, the government is
	 allowed to conduct clandestine searches if the employee is
	 suspected of espionage or theft.  Pederson was under no such
	 suspicion.  [I guess this is the ECPA?]

I'd like someone to provide some statute citations or some case law to
back this up.  As I read the ECPA, nothing in it prevents an employer
from looking at employee files.  (Admittedly, the government may be
different.)  The following quote is from

@article{hernandez,
        title =         {{ECPA} and Online Computer Privacy},
        author =        {Ruel Torres Hernandez},
        journal =       {Federal Communications Law Journal},
        volume =        41,
        number =        1,
        month =         {November},
        year =          1988,
        pages =         {17--41}
}

	ECPA protection in the employer-employee situation may indeed be
	non-existent.  [Footnote:  This legislative intent to exclude
	corporate monitoring of employees from ECPA was confirmed by those
	who followed the drafting of the legislation.  According to Jerry
	Berman, counsel for the Americal Civil Liberties Union, a
	participant in the drafting of th elegislation, ``ECPA `goes right
	up to the water's edge [of employee privacy protection] but stops
	short' and to have included some employee privacy protection
	against employers in the corporate context `would have killed the
	bill.' ''  Electronic message from Brock Meeks (Mar. 31, 1988)]
	While the corporate exception acknolwedges an employer's property
	rights in all parts of his business, it leaves the employee's
	privacy interests completely unprotected.

I should note that the ECPA also explicitly permits monitoring ``as may
be necessarily incident to ...  the protection of the rights or
property of the provider of that service''.

Again, if anyone has hard citations to the contrary, I'd really like to
know.  In the case that has drawn the most attention, the Epson email
case, the claim was based on a state law that protects employee telephone
calls.  From what I've read, the judge rule against the plaintiff on
the grounds that only voice calls were protected.  That ruling was
apparently not appealed, probably because there was little chance that
that holding would be overturned.


		--Steve Bellovin





Thread