From: smb@research.att.com
To: Karl Barrus <elee9sf@Menudo.UH.EDU>
Message Hash: 09662efd94388325f343f772f7cbd2584760c4e8957a3b1238bc156c98c4e35a
Message ID: <9307200118.AA24979@toad.com>
Reply To: N/A
UTC Datetime: 1993-07-20 01:19:08 UTC
Raw Date: Mon, 19 Jul 93 18:19:08 PDT
From: smb@research.att.com
Date: Mon, 19 Jul 93 18:19:08 PDT
To: Karl Barrus <elee9sf@Menudo.UH.EDU>
Subject: Re: ANON: AP story
Message-ID: <9307200118.AA24979@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
The federal wiretap law was expanded in 1986 to prohibit
employers, including the government, from accessing employee
work computer records. Under the law, the government is
allowed to conduct clandestine searches if the employee is
suspected of espionage or theft. Pederson was under no such
suspicion. [I guess this is the ECPA?]
I'd like someone to provide some statute citations or some case law to
back this up. As I read the ECPA, nothing in it prevents an employer
from looking at employee files. (Admittedly, the government may be
different.) The following quote is from
@article{hernandez,
title = {{ECPA} and Online Computer Privacy},
author = {Ruel Torres Hernandez},
journal = {Federal Communications Law Journal},
volume = 41,
number = 1,
month = {November},
year = 1988,
pages = {17--41}
}
ECPA protection in the employer-employee situation may indeed be
non-existent. [Footnote: This legislative intent to exclude
corporate monitoring of employees from ECPA was confirmed by those
who followed the drafting of the legislation. According to Jerry
Berman, counsel for the Americal Civil Liberties Union, a
participant in the drafting of th elegislation, ``ECPA `goes right
up to the water's edge [of employee privacy protection] but stops
short' and to have included some employee privacy protection
against employers in the corporate context `would have killed the
bill.' '' Electronic message from Brock Meeks (Mar. 31, 1988)]
While the corporate exception acknolwedges an employer's property
rights in all parts of his business, it leaves the employee's
privacy interests completely unprotected.
I should note that the ECPA also explicitly permits monitoring ``as may
be necessarily incident to ... the protection of the rights or
property of the provider of that service''.
Again, if anyone has hard citations to the contrary, I'd really like to
know. In the case that has drawn the most attention, the Epson email
case, the claim was based on a state law that protects employee telephone
calls. From what I've read, the judge rule against the plaintiff on
the grounds that only voice calls were protected. That ruling was
apparently not appealed, probably because there was little chance that
that holding would be overturned.
--Steve Bellovin
Return to July 1993
Return to “smb@research.att.com”
1993-07-20 (Mon, 19 Jul 93 18:19:08 PDT) - Re: ANON: AP story - smb@research.att.com