Bob Snyder wrote:
hayden@krypton.mankato.msus.edu said:
I'd say that there are some serious ethical and legal concerns that should be addressed by the administration for keeping such logs...
Ethical I would definately agree with.
Legally, I'm not so sure of. The applicable law would appear to be the Electronic Communications Privacy Act of 1986. The law does allow administrators to see messages in the normal course of their job, as long as they don't reveal that information to a 3rd party (except law enforcement in the event of a criminal act)
I'm no lawyer, but I believe that technically the ECPA allows them to view mail when it is part of maintenance, which could be in the "normal course of their job[s]" but I think it means that if they see mail while maintaining (ie, bounced msgs) it's Ok to read it but maintenance doesn't mean outright monitoring of mail. Then again, what does the ECPA say about monitoring message traffic? That's essentially what they are doing, and likely they will rationalize it as being to save their own skins. It also might be the work of a SysAdmin and the school administration would be entirely clueless about it. Another possibility is that a hacker (the same who got ahold of the file?) put in something to monitor it... (my knowledge of Unix is little, though...)
This protection is probably strongest with a company you purchase Internet Service from, probably lesser so with a University, since there is less obviously a customer/seller relationship, and almost non-existant with a business, since there isn't a customer relationship, and the systems are owner by the business.
I've heard some nasty stories about boards and a couple of I-Net providers who charge for access but reserve the right to throw someone off the system without refund (it's often in the terms of many account applications) for various no-nos. Rob