From: Eric Murray <ericm@lne.com>
To: m5@dev.tivoli.com (Mike McNally)
Message Hash: 12192dfdc20488c43693d2390b0355c1c21da9160d7f73787c4e73681bb30e29
Message ID: <199512290107.RAA27776@slack.lne.com>
Reply To: <9512282259.AA12970@alpha>
UTC Datetime: 1995-12-29 09:57:27 UTC
Raw Date: Fri, 29 Dec 1995 17:57:27 +0800
From: Eric Murray <ericm@lne.com>
Date: Fri, 29 Dec 1995 17:57:27 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Employer Probing Precedents?
In-Reply-To: <9512282259.AA12970@alpha>
Message-ID: <199512290107.RAA27776@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain
> Scott Brickner writes:
> > The notion that, simply because you're wearing a uniform owned by your
> > employer, you're subject to physical search at the employer's
> > discretion is laughable. The difference between this and searching the
> > computer on one's desk differ only in degree, IMO.
>
> Another vaguely-related concept is that of tenants' rights to a degree
> of security in rental property.
Wrong model. You don't pay rent to your employer for your computer.
Your deskside workstation is just like your desk
that it sits beside when it comes to employer/employee rights.
While a prudent employer won't go through your desk unless it's
required, they do have the right to do so.
Many companies have stated policies as to when they can go through
your desk; at places like IBM it is very restrictive as to when
managers can go through your desk. This is merely smart business- giving
people trust is the best way to make them responsible.
All companies should also have written policies that state what
parts of employee's computers/hard drives/home directories/email
etc. is considered private, and under what circimstances management
is allowed to look through those areas. I managed to sneak a policy
like this into the computer security policy I wrote for a previous employer.
Again, the policy should strictly limit what snooping through employee's
files the company will do. Any company that goes through it's employee's
files with less than sufficient justification is going to generate a lot
of negative reputation, and fast.
Does this allow for employees keeping encrypted material on their
company computer? I don't think so, or rather I think that it's in
the company's rights to ask for the encryption keys under certain
circimstances- employee leaving company, employee suing company, etc.
If you've kept something damaging on your employers machine, you better
delete it before the situation gets so bad that they'll be going through
your files.
If you want to keep something secret, put it on your own machine.
--
Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Return to December 1995
Return to “Scott Brickner <sjb@universe.digex.net>”