9 Replies - 1103 Views - Last Post: 06 July 2009 - 06:16 PM

#1 BenignDesign  Icon User is offline

  • holy shitin shishkebobs
  • member icon




Reputation: 6167
  • View blog
  • Posts: 10,655
  • Joined: 28-September 07

Logging Legality

Posted 06 July 2009 - 05:46 AM

I discovered this morning that my boss has been using both a keylogger and an activity logger on our office machines for quite a while. My question is this: even though the system belong to him and/or his company, is it legal to use loggers without first informing your employees they are being logged?
Is This A Good Question/Topic? 0
  • +

Replies To: Logging Legality

#2 NickDMax  Icon User is offline

  • Can grep dead trees!
  • member icon

Reputation: 2250
  • View blog
  • Posts: 9,245
  • Joined: 18-February 07

Re: Logging Legality

Posted 06 July 2009 - 06:33 AM

well... your just asking for legal advice from a population of internet idiots, so let me begin:

The law has not really caught up with most technology but I think this would fall under the same rules as a bug -- generally speaking it is not against the law to bug an office or common space so long as there is not a "reasonable expectation of privacy". Then it sort of depends on what is done with the information. It probably would not be admissible in court - but outside of that there generally is not too many rules covering bugging.

So if the information was used to fire you then you could probably fight it. If he ever suggested to purchase something online than you might have a case.

However, my opinion on the matter is completely useless to you.
Was This Post Helpful? 0
  • +
  • -

#3 BenignDesign  Icon User is offline

  • holy shitin shishkebobs
  • member icon




Reputation: 6167
  • View blog
  • Posts: 10,655
  • Joined: 28-September 07

Re: Logging Legality

Posted 06 July 2009 - 06:53 AM

I'm not asking for legal advice. I'm asking for any laws already in place - if any - to govern these things... and hoping to possibly spark a conversation on whether or not laws SHOULD be in place to address these types of issues.
Was This Post Helpful? 0
  • +
  • -

#4 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5874
  • View blog
  • Posts: 12,754
  • Joined: 16-October 07

Re: Logging Legality

Posted 06 July 2009 - 08:37 AM

View PostBenignDesign, on 6 Jul, 2009 - 06:46 AM, said:

is it legal to use loggers without first informing your employees they are being logged?


Your company owns their network and all resources related to it. It is legal for them to read all you email and keep a record of it. They own everything on your machine. They can sniff all your traffic, too. We use WebSense for traffic shaping. A lot of this is justified as a requirement to offset liability.

I'm not sure about a key logger specifically. However, it seems to fall inside the parameters of what most places have judged legal.

The only place this can get sticky is if the company appears to be targeting a particular individual. As long as the big brother policies are applied universally, they're pretty safe from litigation.

Sorry, I'm afraid the individual is usually at a disadvantage in a company environment.
Was This Post Helpful? 0
  • +
  • -

#5 MajorWalrus  Icon User is offline

  • D.I.C Head

Reputation: 10
  • View blog
  • Posts: 115
  • Joined: 22-April 09

Re: Logging Legality

Posted 06 July 2009 - 08:53 AM

I work in the legal world and have done some research on this topic. Both baavgai and NickDMax are, unfortunately, right. You have little recourse to address this.

If you want to talk about what should be done about it, well, let's talk. What do you want done? I'd imagine that just here at DIC we've enought voices to at least get a petion going. If every one of us took the time to write to our represenatives ...

The Electronic Frontier Foundation has some things to say on this - and other things. They're a good place to start if you're interested in researching.

All that said, though, what your boss did (and is likely still doing) is bullsh*t.

--
Edit to add link.

This post has been edited by MajorWalrus: 06 July 2009 - 08:54 AM

Was This Post Helpful? 0
  • +
  • -

#6 BenignDesign  Icon User is offline

  • holy shitin shishkebobs
  • member icon




Reputation: 6167
  • View blog
  • Posts: 10,655
  • Joined: 28-September 07

Re: Logging Legality

Posted 06 July 2009 - 09:12 AM

View PostMajorWalrus, on 6 Jul, 2009 - 09:53 AM, said:

If you want to talk about what should be done about it, well, let's talk. What do you want done?


I realize I can't stop someone from installing software on their own machine, but I do think there should be some legal obligation to inform people when these activities are taking place. I often see signage in convenience stores telling everyone they are under surveillance -- and I realize this is more for deterrent purposes than for warm and fuzzy feelings -- but shouldn't the same principle apply in the workplace? Doesn't it violate some privacy code somewhere? I don't particularly care that they did it, only that they didn't disclose it.
Was This Post Helpful? 0
  • +
  • -

#7 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5874
  • View blog
  • Posts: 12,754
  • Joined: 16-October 07

Re: Logging Legality

Posted 06 July 2009 - 09:54 AM

View PostBenignDesign, on 6 Jul, 2009 - 10:12 AM, said:

I often see signage in convenience stores telling everyone they are under surveillance -- and I realize this is more for deterrent purposes than for warm and fuzzy feelings -- but shouldn't the same principle apply in the workplace? Doesn't it violate some privacy code somewhere?


Different unwritten contracts. Though, in reality, a store doesn't have to tell you that you're under surveillance. The threat of the action is often more effective than the action itself. If your goal is to be a deterrent.

And that's the point. If the company doesn't want you sending porn in your emails, they just let everyone know they're watching for porn. However, if you want to an idea who is responsible for the most porn, telling the players is counter productive because they'll change their behavior.

Your right to privacy in public areas is generally questionable. At work, everything you do may be monitored for the safety of the company. Unless actions violate some social taboo, all bets are off.

This post I am about to send will be logged as a WebSense transaction and Firewall traffic. While I know the content isn't logged, it is permissible for my company to keep a copy, since I'm using their resources. All traffic on a company resource may be logged. It doesn't really matter if I like it or not. Or even if I'm aware that it's happening.
Was This Post Helpful? 0
  • +
  • -

#8 MajorWalrus  Icon User is offline

  • D.I.C Head

Reputation: 10
  • View blog
  • Posts: 115
  • Joined: 22-April 09

Re: Logging Legality

Posted 06 July 2009 - 10:07 AM

View PostBenignDesign, on 6 Jul, 2009 - 08:12 AM, said:

View PostMajorWalrus, on 6 Jul, 2009 - 09:53 AM, said:

If you want to talk about what should be done about it, well, let's talk. What do you want done?

I do think there should be some legal obligation to inform people when these activities are taking place.


If your workplace is like most, you were at least shown a document outlining the company's policies regarding electronic data. Its common for most businesses to have employees sign a something saying they understand that the machines, network, and data traversing both belong to the company.

While the kind of notification you're talking about may not have been explicit in the document/contract you saw (if any) the concept is thought to be understood.

However, like baavgai said,

Quote

The threat of the action is often more effective than the action itself.


Your boss probably isn't logging every keystroke you make, nor keeping a copy of every byte you send out into the world. Imagine the moutains of data to sort through! I'd say that unless you've done (or are doing) something untoward you can feel pretty safe knowing that no one is going to want to root through thousands of gigs of data just to see what wedsite you were surfing last Tuesday.
Was This Post Helpful? 0
  • +
  • -

#9 BenignDesign  Icon User is offline

  • holy shitin shishkebobs
  • member icon




Reputation: 6167
  • View blog
  • Posts: 10,655
  • Joined: 28-September 07

Re: Logging Legality

Posted 06 July 2009 - 10:15 AM

I don't do - nor do I intend to do - things I absolutely shouldn't be doing (the worst of my crimes is browsing DIC while waiting on downloads/uploads to finish).... the whole thing started when I pulled up my antivirus software this morning and - out of sheer curiosity - decided to check the logs... and came across the same three files on every single scan -- and every time, they were manually marked "Ignore". So I searched the files and found them to be loggers.

If I were doing something horrendous, I surely would have caught hell for it by now, it just caught me by surprise - and frankly, I'm a little pissed over it. While not everyone agrees with me, I feel like I've been deceived in some small way. Or maybe it just hurt my obnoxious pride... :P

But regardless ... nothing I can do about it, so let's move this conversation on.... what - if any - legal guidelines do you think should be in place for keyloggers/activity loggers in the workplace?
Was This Post Helpful? 0
  • +
  • -

#10 NickDMax  Icon User is offline

  • Can grep dead trees!
  • member icon

Reputation: 2250
  • View blog
  • Posts: 9,245
  • Joined: 18-February 07

Re: Logging Legality

Posted 06 July 2009 - 06:16 PM

you have a "reasonable expectation to privacy" with regard to your email -- any company that monitors your email is just waiting for a lawsuit they will probably loose.

Just have to wait for them to take the proper bait.

however like many areas of cyberlaw the law is not clear -- but the courts have been making it pretty clear that they don't approve.

IMO -- bugging your office is:

a. Dangerous - Because you are opening yourself up to a lawsuit if you happen to overhear the wrong bit of personal information (even more so if you act upon it).

b. Unethical - at the very least you should inform your employees. For example all government computers have a very plane and open warning that everything you do on that computer may be monitored.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1