1996-08-07 - Re: Corporate e-mail policy

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: c1652395420a6976c2a856644133a0a1af7ff9bdcc5db546080144bad8caef72
Message ID: <199608070259.TAA17453@toad.com>
Reply To: N/A
UTC Datetime: 1996-08-07 11:13:00 UTC
Raw Date: Wed, 7 Aug 1996 19:13:00 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 7 Aug 1996 19:13:00 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail policy
Message-ID: <199608070259.TAA17453@toad.com>
MIME-Version: 1.0
Content-Type: text/plain




>    "Electronic mail may be monitored if there is sufficient reason to
>     believe that it is being improperly used which includes, but is not
>     limited to: mail to competitors, more than 20 recipients (spam), and
>     incoming mail from questionable sources.  If such monitored mail is
>     encrypted the employee must provide a clear text version of the mail
>     which is to be unencrypted under supervision to avoid substitutions.
>     Any employee refusing to make available such mail will be ...."

Official mail to competitors, the press, or customers is probably something
you'd want an official copy of anyway, and the employee should be
able to decide intelligently what to keep (unless your lawyers say
to always keep everything, in which case the legal department should
be responsible for maintaining the archives....)

Incoming encrypted mail you can (presumably) get an employee to decrypt.
Outgoing encrypted mail may not support that - PGP, for instance,
supports an encrypt-to-self option, but if you don't use it,
and didn't record the outgoing message, you _can't_ decrypt it.
Writing something into a policy that will get an employee fired
for refusing to do something that can't be done with the available tools
is not a good idea.  I'm not highly impressed with the idea of 
snooping on employees' mail, even if it _is_ your company.
If you don't trust them, don't hire them.  If you do trust them,
don't eavesdrop.   And if they're ripping you off and don't have the sense
to sneak their sotlen data outside the building by sneakernet
or other untappable mechanism, you probably should have fired them
for incompetence long ago anyway.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!






Thread