Monday, June 30, 2008

Your Personal e-mail is Personal

I work in IT. I tell people all the time that IT can, though it does not currently, intercept your "private" communications. A private corporation is not the government and therefore you have no expectation of privacy other than that which the company gives you. Personally, I keep a laptop and an N800 for most of my personal correspondence. The reason for this is perfectly illustrated in the following case:


According to the suit, Sidell has concluded that, when hustled out of his office after his termination, he left his work computer logged into his personal Yahoo account. The login credentials are typically retained for two weeks, and Siedel claims that, during that time, his former employees accessed his account repeatedly. Their access netted them over 10,000 e-mails archived in the account, as well as providing privileged communications between Sidell and his attorneys regarding his plans to pursue legal action regarding his firing. Those actions prompted the suit, which was filed in May and alleges various violations of the Stored Communications Act, Electronic Communications Protection Act, and a Connecticut wiretapping law.

According to a story about the case in The New York Times, however, the situation may not be that straightforward. His former employers allege that Sidell did not log into his Yahoo account from his own computer, but instead accessed it from a different employee's machine, and left the window open when he departed. An examination of that window suggested that Sidell used this access to send confidential company documents to his Yahoo account, justifying the company's full investigation of the account's contents.

The company will lose this case. Why? Lets look at some interesting developments in IT law. We have a case of a man who would daily, sit outside a store and use the free wifi. He was charged with WIFI theft because he did not have permission to use the WIFI. Permission would have been gained by actually purchasing something in the store or getting the store owner's permission. Lesson: If the account/network is not yours you are not entitled to use it.

Siedell's employer had every right to look on the computer for any stored files on their property (computer). Any mail left on the employers servers or in the disk cache, is also fair game. What the employer, or any other legal person cannot do is misrepresent themselves as the rightful owner of an account.

For example we have the HP fiasco where they were seeking a leak and misrepresented themselves to a phone company in order to gain access to phone records. Illegal.

Another nice example is if I were to get access to your debit card and pin. That does not mean that I can go to the bank and access your account unless you gave me permission to do so. If I have not then you have committed a crime.

Therefore I fully expect Siedel's employers to be on the losing end of this lawsuit, just as the telcos who went along with Bush and co. ought to have been.

The fact that the account was accessed on another employees machine means nothing at all. The allegation that Siedel was forwarding company info to his personal account is one that a warrant is needed to discover. Or the company should have checked the logs of their network security appliances for transfers of files.

Anyway going back to the personal computer thing. Clearly Siedel wouldn't be in this boat had he used his own personal laptop.

No comments: