Employer Probing Precedents?
-----BEGIN PGP SIGNED MESSAGE----- To Whom It May Concern: I was curious as to where I might find some electronic freedom legal precedents. If, for example, an employer was planning to probe file systems on PCs in the off-hours and employees began encrypting their hard drives, what legal precedents would support the employees or would support the employer in blocking the encryption? Thanks for any info you can give me!! Jason Livingood jlivingood@hammer.net - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMOG/6ioZzwIn1bdtAQHQ2QF/cOq8vE9o+V/yGuk5KLbYv5E6xWJjV2cB pSHFhr4O0HtiTgOtTxMhylVmXFZpuosm =fIWG -----END PGP SIGNATURE-----
On Wed, 27 Dec 1995 Jason D. Livingood/WSC@hks.net wrote:
To Whom It May Concern: I was curious as to where I might find some electronic freedom legal precedents. If, for example, an employer was planning to probe file systems on PCs in the off-hours and employees began encrypting their hard drives, what legal precedents would support the employees or would support the employer in blocking the encryption? Thanks for any info you can give me!!
You want to take a look at the ECPA (stands for Electronic Communications Privacy Act--I think). I don't have URLs handy, but it should be easy enough to find via Alta Vista or Yahoo. The way I understand it, though there are fairly strict limits on the snooping your employer can do, you waive more or less all your privacy rights if you sign a form saying you "consent" to the snooping. Your encryption question falls in kind of a grey area (most of the ECPA deals with reading people's email, etc.), but it's probably covered in there somewhere. I have very strong feelings about this subject, but I'll keep them to myself for now since I'm posting from work. We were all informed a week or two ago that Bear Stearns is now archiving every piece of email coming into or leaving the company. All I'll say here is that I disagree strongly with the views Tim May posted about employees' property rights, etc. (though we agree on most other things). --Dave. -- ******************************************************************************* Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. *******************************************************************************
On Thu, 28 Dec 1995, I wrote:
All I'll say here is that I disagree strongly with the views Tim May posted about employees' property rights, etc. (though we agree on most other things).
Um, I meant employers' rights, obviously. --Dave. -- ******************************************************************************* Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. *******************************************************************************
Scott Brickner writes:
The notion that, simply because you're wearing a uniform owned by your employer, you're subject to physical search at the employer's discretion is laughable. The difference between this and searching the computer on one's desk differ only in degree, IMO.
Another vaguely-related concept is that of tenants' rights to a degree of security in rental property. My employer owns the workstation in front of me, but in exchange for supplying them with software and ideas (when I'm not busy sending e-mail to mailing lists ;-) they've "given" it to me to use in that pursuit. They could of course insist that I pay for it, like the old company store model that railroad workers dealt with. In a sense I do pay for it, under the idea that the company would be able to pay me more if not for the expense of the tools I need for the job. Though the ownership==control equation works sometimes, and is appealing to reason, I don't think things are always so simple. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eric Murray writes:
Another vaguely-related concept is that of tenants' rights to a degree of security in rental property.
Wrong model. You don't pay rent to your employer for your computer.
I don't think you read the rest of my note. I don't think it's completely clear that I don't pay rent to my employer for my computer.
Does this allow for employees keeping encrypted material on their company computer? I don't think so, or rather I think that it's in the company's rights to ask for the encryption keys under certain circimstances- employee leaving company, employee suing company, etc. If you've kept something damaging on your employers machine, you better delete it before the situation gets so bad that they'll be going through your files.
And still this reminds me of tenants property rights. (And I do agree the connection is rather thin, but work with me here.) An apartment manager can get in to an apartment for a variety of contractually set reasons. Maybe what all this means is that, at some point, employees will begin demanding explicit contracts w.r.t. computer system policies, just like for basic stuff like salaries & benefits. Indeed, I know of several cases where engineers being courted demanded and got perks like window offices or an extra few PTO days in their initial offer; why not a contract for what is and isn't "mine" on the network? (In that light, it'd probably develop that those without such a contract would be left on poor legal ground.) (And we'd better stop before Perry yells at us :-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scott Brickner writes:
The notion that, simply because you're wearing a uniform owned by your employer, you're subject to physical search at the employer's discretion is laughable. The difference between this and searching the computer on one's desk differ only in degree, IMO.
Another vaguely-related concept is that of tenants' rights to a degree of security in rental property.
Wrong model. You don't pay rent to your employer for your computer. Your deskside workstation is just like your desk that it sits beside when it comes to employer/employee rights. While a prudent employer won't go through your desk unless it's required, they do have the right to do so. Many companies have stated policies as to when they can go through your desk; at places like IBM it is very restrictive as to when managers can go through your desk. This is merely smart business- giving people trust is the best way to make them responsible. All companies should also have written policies that state what parts of employee's computers/hard drives/home directories/email etc. is considered private, and under what circimstances management is allowed to look through those areas. I managed to sneak a policy like this into the computer security policy I wrote for a previous employer. Again, the policy should strictly limit what snooping through employee's files the company will do. Any company that goes through it's employee's files with less than sufficient justification is going to generate a lot of negative reputation, and fast. Does this allow for employees keeping encrypted material on their company computer? I don't think so, or rather I think that it's in the company's rights to ask for the encryption keys under certain circimstances- employee leaving company, employee suing company, etc. If you've kept something damaging on your employers machine, you better delete it before the situation gets so bad that they'll be going through your files. If you want to keep something secret, put it on your own machine. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
David Mandl writes:
All I'll say here is that I disagree strongly with the views Tim May posted about employees' property rights, etc. (though we agree on most other things).
I have to agree with David. I don't think that "property rights" are quite as clear-cut as Tim claims. By granting use of certain equipment to a single employee, such as a desk, a uniform, or personal computer, the employer has invested that employee with a vague sort of limited ownership of the item. The notion that, simply because you're wearing a uniform owned by your employer, you're subject to physical search at the employer's discretion is laughable. The difference between this and searching the computer on one's desk differ only in degree, IMO. Property rights *are* fundamental to many other human rights, but they aren't the exclusive basis of them. The right of self-determination isn't based in property (except to the extent that one may be said to inalienably own oneself, but this is really an analogy), and is equally fundamental to human rights. Many of the issues related to workplace privacy concerns exhibit conflicts between these two.
participants (5)
-
"Jason D. Livingood/WSC"@hks.net -
David Mandl -
Eric Murray -
m5@dev.tivoli.com -
Scott Brickner