TELECOM Moderator <telecom@eecs.nwu.edu> (08/26/90)
Several employees of Epson America have filed a class action suit against their employer, accusing Epson of spying on them for several months by monitoring thousands of their electronic messages. According to the suit, Epson's computer operations manager made printed copies of electronic mail sent and/or received by 700 workers. The plaintiffs claim this type of act violates a state wiretap law. Epson responds that the suit is entirely unfounded, and I agree with that assessment. The right to privacy in email or on the telephone means privacy on computers *you own or control* (i.e. lease or rent a mailbox, etc), and on telephone lines *you pay for*. Whoever legally controls the computer controls the information on it. Obviously if you lease a mailbox from MCI Mail, then you legally control that part of the MCI computer. If you subscribe to phone service, then you are entitled to privacy on *your phone and line*. If the Epson employees can demonstrate that their employer granted them the right to receive and send personal mail, then a case might be made in their favor. But I doubt any such right was given. And if the email is all business related, then what gives the employees the right to say their employer cannot supervise or review their work? Likewise with telephones: Your employer has the legal right to monitor your business phone calls to evaluate your performance, etc. If you do not like him listening to your personal calls, then a counter-question would be in order: why are your personal phone calls being made on company phone facilities? Use the payphone in the cafeteria. Use your own MCI Mail or ATT Mail account to send and receive personal stuff. Don't complain because the owner of the equipment wants to see how it is being used. The Epson employees deserve to lose this suit, and I hope the court requires them to compensate their employer for his expense in defending it. Patrick Townson ------------------------------ End of TELECOM Digest V10 #596 ******************************
john@bovine.ati.com (John Higdon) (08/26/90)
On Aug 25 at 19:46, TELECOM Moderator writes: > Epson responds that the suit is entirely unfounded, and I agree with > that assessment. The right to privacy in email or on the telephone > means privacy on computers *you own or control* (i.e. lease or rent a > mailbox, etc), and on telephone lines *you pay for*. My initial reaction to all of this was, "Pat, lighten up. People shouldn't have their private mail read." And then I remembered the days of owning a "real" business myself. And then I started to steam. There really is an attitude that saturates the workplace. The assumption is that employees have some god-given right to use the communications facilities of their employer for personal messages. Facing ever escalating telephone bills, we decided to investigate and possibly crack down on personal calls. We started with a memo that re-stated company policy that personal calls were not permitted. Further, any calls so detected would be charged back to the employee and repeated abuse could result in termination. So we fired up the SMDR and set a scan for calls over five minutes in length. A hodge-podge of what we discovered: The sales manager lived in Sacramento and apparently had to call the wife several times a day. A service rep would wyle away the (slow) hours by chatting with a friend in San Francisco. The general manager (!) conducted her Werner Erhard volunteer business off and on all day long. You should have heard the squeals when we put the hard copy in front of these people. Offers to pay were ignored -- my company was not in the telecom reselling business. The point was: we wanted people to stop using the bloody phone for personal business. It blocked REAL calls, distracted the person from doing his job cheating us out of the time we were paying for, and the cost of the calls took the money out of our pockets. Everywhere I have gone, people treat the phone on their desk as their own personal service. It also happens to be handy for use in their work. Oh well, who wouldn't want to save 100% on his long distance calls? John Higdon | P. O. Box 7648 | +1 408 723 1395 john@bovine.ati.com | San Jose, CA 95150 | M o o ! [Moderator's Note: Thanks for your input on this. The same thing is true of computer terminals and email systems. Most companies overlook a small amount of personal phone calls and a small amount of personal email. But when the employees take the attitude it is their property, and that the employer has no right to see or know what is being done with his phones and his computer, then the time is ripe for a crackdown on personal calls and email, cutting out or restricting this privilege for everyone. I suspect what will happen at Epson once the suit is dismissed or the employees lose is that Epson might will go on the warpath and cut out all personal use of their facilities. So all employees will suffer from the arrogance of a few. And speaking of arrogance, is it true that Los Angeles attorney Noel Shipman, representing the handful of *former* employees of Epson who brought this suit named all present Epson employees as members of the class? Is it true he has received demands from *very angry* current employees demanding to have themselves removed from the class, saying 'you do not represent me in anything'? Just asking. PAT]
telecom@eecs.nwu.edu (TELECOM Moderator) (09/01/90)
TELECOM Digest Sat, 1 Sep 90 01:40:00 CDT Epson Email - Part 1 of 2
Inside This Issue: Moderator: Patrick A. Townson
Re: Class Action Suit Against Epson Charges Email Spying [Many of You]
----------------------------------------------------------------------
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Re: Class Action Suit Against Epson Charges Email Spying
Date: Sat, 1 Sep 1990 01:00:00 CDT
Here are several responses received this week from readers of the
op-ed on the Epson email case. Quotes have been severely cut back.
This is part one of two parts -- yes, I told you the mail came
flooding in this week! :)
From: bei@halley.uucp
Organization: Tandem Computers, Austin, TX
If I have any opinion at all, it's a gut reaction that a company can
legally monitor the phones of its workers, but ethically shouldn't
unless their job involves phone contact with the public. The best
justification for this comes from a friend who works at one of those
big three-letter companies, when he was explaining why his company
should relax its restrictions on Usenet news. He said that the
company should provide space, time and access for news for the same
reasons they have soda machines and a jogging track: To make a better
work environment.
From: "Dennis G. Rears (FSAC)" <drears@pica.army.mil>
John Higdon and the TELECOM Moderator make extremely good points from
the business viewpoint on the subject. The business is paying and
they own everything on the computer. However, like most subjects
there is more than one side: the employee, employer, and the third
party ...
What about the non-Epson employee who sends email to the Epson
employee over the internet or their paid account on Compuserve or
somewhere else? (I realize this is probably not the case but we are
talking about privacy of email.) Does the company have a right to
read mail from him to an epson employee? To employ the paper analogy,
If I send US mail to John Doe at his Acme, Inc. place of work, does
Acme have the right to open it? If you say no, Acme can say that it
costs them money to distribute it internally so they have a right.
Sure they can refuse it but then they could have refused the email
from the remote site.
At my government work site, the telephone book states that I consent
to telephone monitering by using the phone. That means they have my
consent but what about the person I am calling. What happens when a
another person calls me; have they consented to thier call being
monitored?
I believe the contents of email, telephone, or paper mail should be
kept private. A company should be able to prohibit personal use and
enforce but never be able to read mail. In my job I send lots of mail
that is 100% business related that is meant for only a few people. It
would be damaging to some people and the mission itself if other than
the people who it was intended for saw it.
I don't want my boss or my boss'es boss to know than I am dealing with
certain people or organizations. If I found out he could read my
mail, I wouldn't send it and productivity would go down. Do your
business search maintain the right to search your desk? Personally, I
am disgusted that things like this have to go to court in the first
place. Employees should respect the property rights of the employer
and employers should respect the privacy rights of the employee.
There are privacy concerns on email that has nothing to do if that
email is personal or not.
From: hkhenson@cup.portal.com
Pat, re this topic, could someone post the court filings? I suspect
the case is a little more complex than you make it out. While I agree
with you that email/phone calls on company resources are converting
the company resources to private use, spying on mail/listening to
phone calls is not considered "polite" behavior, and is normally not
done unless the abuses become obvious. For employeees to be in a
court case with an employer is a sign of *serious* problems of trust.
From: Dave Levenson <dave%westmark@uunet.uu.net>
Organization: Westmark, Inc., Warren, NJ, USA
There is a case pending in NJ today. The state claims that the owner
of a business in this state monitored telephone calls to/from his
employees, while they were at work, without their permission or
knowlege. He is charged with several counts of wiretap. Because he
is in a heavily-regulated industry, he may be in danger of losing his
right to operate his business.
The press coverage does not indicate whether the monitored phone calls
were considered 'personal', either by the employer or by the
employees. A company spokesperson has stated that the monitoring was
done by a private investigator hired by the owner to investigate
possible fraud by employees. It is further claimed that the
monitoring was done without the knowlege of the owner who hired the
investigator.
Others have stated that the employees whose phones were monitored were
believed to be making arrangements to start up a new business in
competition with that of their employer.
It is not clear that any charges of fraud were ever brought against
any current or former employees as a result of the investigation.
The case has not come to trial.
From: Brendan Kehoe <kehoe@scotty.dccs.upenn.edu>
Organization: University of Pennsylvania
Uh, sorry that doesn't jive -- I've been running with the assumption
that the ECPA gave me the right to *NOT* have email read on, for
example, a bulletin board, unless the owner explicitly says that
he/she will be doing so to protect their system. Supposedly that whole
idea is the BASIS of the ecpa; if it were as you propose, then
theoretically you could say that if a call placed by an AT&T
subscriber were routed to a US Sprint trunk, for whatever reason
(lines down, etc), then US Sprint has the legal right to do whatever
they wish with the traffic they forward, since the person that "owns"
that traffic isn't a Sprint subscriber? C'mon.
If I'm wrong about the way I see this law being interpreted, please
correct me ... (but keep the flames to email, ok?).
From: Mike Godwin <mnemonic@walt.cc.utexas.edu>
Organization: The University of Texas at Austin, Austin, Texas
This suggests that the right to privacy depends on ownership of
property. Does a landlord have the right to plant a listening device
in an apartment just because the tenant doesn't actually own it?
Maybe, according to Pat, since the tenant paid for something, and
maybe privacy was part of that something. But suppose I'm a
housesitter or a houseguest who hasn't paid a dollar of rent, and
suppose the landlord installs a listening device to hear *my*
conversation. Does our Moderator *really* want to say that privacy is
something one has only if one has paid for it?
Suppose the Epson employees testify that they were under the
impression that e-mail was private and would not be reviewed by anyone
other than the recipient. Suppose they then can testify that they
wrote things they would not have written if they had known Epson
supervisors were spying on them.
[regarding if the company should be able to see all business-related
email]
This, to me, seems naive. I have never had a job in which it was not
true at some point that I had a business-related communication I did
not want my boss to review. For example, if I wrote a note to X
telling her to include charts in her presentation because the Boss is
more impressed by graphics than he is by reasoned logical argument, it
is quite likely that I wouldn't want the Boss to see that I had
written that, even if the Boss himself knew it to be true.
Nor is it always the case that such e-mail would concern something
negative about supervisors. Sometimes, communication among peers,
while business-related, is informal to a degree that would make it
embarrassing if a boss saw it.
Finally, it is a mistake, I think, to characterize corporate e-mail
use as business or non-business. I cannot think of a computer system
of which the following statement is not true:
"Informal, 'playful' use is required if the system's formal, 'serious'
use is to reach its full potential."
The corporate cultures of most computer-related firms (and many other
firms too) inculcate the attitude that learning how to use a system is
a higher priority than limiting one's use to 'justifiable'
circumstances. I wouldn't be surprised if Epson employees, prior to
their fateful discovery, had thought that using e-mail for private
purposes was tolerated, and perhaps even encouraged, by Epson
management.
But this last is a side issue. The irreducible fact, it seems to me,
is that almost everyone who is given access to a corporate e-mail
system is given the impression, directly or indirectly, that her
communications are private. Since this is true, the employees may well
have acted in reliance on that impression that their e-mail
communications would be private, and may thus have been 'tricked' into
making statements they otherwise would not have made.
>The Epson employees deserve to lose this suit, and I hope the court
>requires them to compensate their employer for his expense in
>defending it.
Obviously, I think this issue is a little subtler than any question
of property rights.
From: Colin Plumb <colin@array.uucp>
Organization: Array Systems Computing, Inc., Toronto, Ontario, CANADA
It is legitimate to complain when it costs the company money, either
in phone bills or a material impact on employee work, but I believe
minor use of communications facilities is more of a right than a gift.
I'm using company equipment to send this message, which is only
peripherally related to my work. But I know they don't object.
How many repair men and delivery trucks need a daytime phone number?
How do you call the hospital to ask how your child/spouse/relative's
surgery went? It's silly to expect that work consumes one's undivided
attention for hours on end; you have to accept the fact that you're
paying people when they're not at top efficiency as well as when they
are. Similarly, you have to allow some humanity overhead on
communications lines.
And if, say, a close friend calls me up in tears after a breakup, I
expect to be able to comfort them with some reasonable expectation of
privacy. No, not perfect, but anyone who hears part of it should not
stick around to hear it all. I need to know more of the details, but
Epson's organized eavesdropping efforts seemed excessive.
(Note: I'm in the programming business, where there's a very high
premium on Keeping Them Happy, so I may have different experiences
than others. I've heard stories about A Certain Company that has
people keeping in regular touch with girlfriends in Japan and neglects
to block long distance from the front-door intercom phone. That seems
just a *trifle* cavalier!)
From: Jordan Kossack <JKOSS00@ricevm1.rice.edu>
In general, I agree with you and John Higdon that a company has a
right to know what their computers, telephones, etc. are used for. On
the other hand, there are legitimate privacy concerns on the part of
the employees and the persons they communicate with.
In your article, you say:
-
- [ ... ] The right to privacy in email or on the telephone
- means privacy on computers *you own or control* (i.e. lease or rent a
- mailbox, etc), and on telephone lines *you pay for*.
[ ... ]
- Likewise with telephones: Your employer has the legal right to monitor
By a direct extension of this, I should be allowed to record all
telephone conversations in my house/apartment. After all, since I am
paying the telephone bill, I am the only one who has a right to
privacy on these phone lines. However, if I recall correctly, some
states require the permission of both parties before a call can be
legally recorded. Now, one may argue that the Epson employee has
given his/her implicit agreement by using an Epson owned telephone,
but what about the other party? Do they have any 'rights' in this
situation?
I don't intend this as a flame, since I agree that Epson, or any
other company, should be able to control company resources. However,
there are privacy concerns to be considered - primarily on the part of
the non-employees who sent electronic mail to Epson employees.
~~~~~~~~~~~~~
------------------------------
End of TELECOM Digest V10 #612
******************************telecom@eecs.nwu.edu (TELECOM Moderator) (09/01/90)
TELECOM Digest Sat, 1 Sep 90 01:42:00 CDT Epson Email - Part 1 of 2
Inside This Issue: Moderator: Patrick A. Townson
Re: Class Action Suit Against Epson Charges Email Spying [Many of You]
----------------------------------------------------------------------
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Re: Class Action Suit Against Epson Charges Email Spying
Date: Sat, 1 Sep 1990 01:00:00 CDT
Here are several responses received this week from readers of the
op-ed on the Epson email case. Quotes have been severely cut back.
This is part one of two parts -- yes, I told you the mail came
flooding in this week! :)
From: bei@halley.uucp
Organization: Tandem Computers, Austin, TX
If I have any opinion at all, it's a gut reaction that a company can
legally monitor the phones of its workers, but ethically shouldn't
unless their job involves phone contact with the public. The best
justification for this comes from a friend who works at one of those
big three-letter companies, when he was explaining why his company
should relax its restrictions on Usenet news. He said that the
company should provide space, time and access for news for the same
reasons they have soda machines and a jogging track: To make a better
work environment.
From: "Dennis G. Rears (FSAC)" <drears@pica.army.mil>
John Higdon and the TELECOM Moderator make extremely good points from
the business viewpoint on the subject. The business is paying and
they own everything on the computer. However, like most subjects
there is more than one side: the employee, employer, and the third
party ...
What about the non-Epson employee who sends email to the Epson
employee over the internet or their paid account on Compuserve or
somewhere else? (I realize this is probably not the case but we are
talking about privacy of email.) Does the company have a right to
read mail from him to an epson employee? To employ the paper analogy,
If I send US mail to John Doe at his Acme, Inc. place of work, does
Acme have the right to open it? If you say no, Acme can say that it
costs them money to distribute it internally so they have a right.
Sure they can refuse it but then they could have refused the email
from the remote site.
At my government work site, the telephone book states that I consent
to telephone monitering by using the phone. That means they have my
consent but what about the person I am calling. What happens when a
another person calls me; have they consented to thier call being
monitored?
I believe the contents of email, telephone, or paper mail should be
kept private. A company should be able to prohibit personal use and
enforce but never be able to read mail. In my job I send lots of mail
that is 100% business related that is meant for only a few people. It
would be damaging to some people and the mission itself if other than
the people who it was intended for saw it.
I don't want my boss or my boss'es boss to know than I am dealing with
certain people or organizations. If I found out he could read my
mail, I wouldn't send it and productivity would go down. Do your
business search maintain the right to search your desk? Personally, I
am disgusted that things like this have to go to court in the first
place. Employees should respect the property rights of the employer
and employers should respect the privacy rights of the employee.
There are privacy concerns on email that has nothing to do if that
email is personal or not.
From: hkhenson@cup.portal.com
Pat, re this topic, could someone post the court filings? I suspect
the case is a little more complex than you make it out. While I agree
with you that email/phone calls on company resources are converting
the company resources to private use, spying on mail/listening to
phone calls is not considered "polite" behavior, and is normally not
done unless the abuses become obvious. For employeees to be in a
court case with an employer is a sign of *serious* problems of trust.
From: Dave Levenson <dave%westmark@uunet.uu.net>
Organization: Westmark, Inc., Warren, NJ, USA
There is a case pending in NJ today. The state claims that the owner
of a business in this state monitored telephone calls to/from his
employees, while they were at work, without their permission or
knowlege. He is charged with several counts of wiretap. Because he
is in a heavily-regulated industry, he may be in danger of losing his
right to operate his business.
The press coverage does not indicate whether the monitored phone calls
were considered 'personal', either by the employer or by the
employees. A company spokesperson has stated that the monitoring was
done by a private investigator hired by the owner to investigate
possible fraud by employees. It is further claimed that the
monitoring was done without the knowlege of the owner who hired the
investigator.
Others have stated that the employees whose phones were monitored were
believed to be making arrangements to start up a new business in
competition with that of their employer.
It is not clear that any charges of fraud were ever brought against
any current or former employees as a result of the investigation.
The case has not come to trial.
From: Brendan Kehoe <kehoe@scotty.dccs.upenn.edu>
Organization: University of Pennsylvania
Uh, sorry that doesn't jive -- I've been running with the assumption
that the ECPA gave me the right to *NOT* have email read on, for
example, a bulletin board, unless the owner explicitly says that
he/she will be doing so to protect their system. Supposedly that whole
idea is the BASIS of the ecpa; if it were as you propose, then
theoretically you could say that if a call placed by an AT&T
subscriber were routed to a US Sprint trunk, for whatever reason
(lines down, etc), then US Sprint has the legal right to do whatever
they wish with the traffic they forward, since the person that "owns"
that traffic isn't a Sprint subscriber? C'mon.
If I'm wrong about the way I see this law being interpreted, please
correct me ... (but keep the flames to email, ok?).
From: Mike Godwin <mnemonic@walt.cc.utexas.edu>
Organization: The University of Texas at Austin, Austin, Texas
This suggests that the right to privacy depends on ownership of
property. Does a landlord have the right to plant a listening device
in an apartment just because the tenant doesn't actually own it?
Maybe, according to Pat, since the tenant paid for something, and
maybe privacy was part of that something. But suppose I'm a
housesitter or a houseguest who hasn't paid a dollar of rent, and
suppose the landlord installs a listening device to hear *my*
conversation. Does our Moderator *really* want to say that privacy is
something one has only if one has paid for it?
Suppose the Epson employees testify that they were under the
impression that e-mail was private and would not be reviewed by anyone
other than the recipient. Suppose they then can testify that they
wrote things they would not have written if they had known Epson
supervisors were spying on them.
[regarding if the company should be able to see all business-related
email]
This, to me, seems naive. I have never had a job in which it was not
true at some point that I had a business-related communication I did
not want my boss to review. For example, if I wrote a note to X
telling her to include charts in her presentation because the Boss is
more impressed by graphics than he is by reasoned logical argument, it
is quite likely that I wouldn't want the Boss to see that I had
written that, even if the Boss himself knew it to be true.
Nor is it always the case that such e-mail would concern something
negative about supervisors. Sometimes, communication among peers,
while business-related, is informal to a degree that would make it
embarrassing if a boss saw it.
Finally, it is a mistake, I think, to characterize corporate e-mail
use as business or non-business. I cannot think of a computer system
of which the following statement is not true:
"Informal, 'playful' use is required if the system's formal, 'serious'
use is to reach its full potential."
The corporate cultures of most computer-related firms (and many other
firms too) inculcate the attitude that learning how to use a system is
a higher priority than limiting one's use to 'justifiable'
circumstances. I wouldn't be surprised if Epson employees, prior to
their fateful discovery, had thought that using e-mail for private
purposes was tolerated, and perhaps even encouraged, by Epson
management.
But this last is a side issue. The irreducible fact, it seems to me,
is that almost everyone who is given access to a corporate e-mail
system is given the impression, directly or indirectly, that her
communications are private. Since this is true, the employees may well
have acted in reliance on that impression that their e-mail
communications would be private, and may thus have been 'tricked' into
making statements they otherwise would not have made.
>The Epson employees deserve to lose this suit, and I hope the court
>requires them to compensate their employer for his expense in
>defending it.
Obviously, I think this issue is a little subtler than any question
of property rights.
From: Colin Plumb <colin@array.uucp>
Organization: Array Systems Computing, Inc., Toronto, Ontario, CANADA
It is legitimate to complain when it costs the company money, either
in phone bills or a material impact on employee work, but I believe
minor use of communications facilities is more of a right than a gift.
I'm using company equipment to send this message, which is only
peripherally related to my work. But I know they don't object.
How many repair men and delivery trucks need a daytime phone number?
How do you call the hospital to ask how your child/spouse/relative's
surgery went? It's silly to expect that work consumes one's undivided
attention for hours on end; you have to accept the fact that you're
paying people when they're not at top efficiency as well as when they
are. Similarly, you have to allow some humanity overhead on
communications lines.
And if, say, a close friend calls me up in tears after a breakup, I
expect to be able to comfort them with some reasonable expectation of
privacy. No, not perfect, but anyone who hears part of it should not
stick around to hear it all. I need to know more of the details, but
Epson's organized eavesdropping efforts seemed excessive.
(Note: I'm in the programming business, where there's a very high
premium on Keeping Them Happy, so I may have different experiences
than others. I've heard stories about A Certain Company that has
people keeping in regular touch with girlfriends in Japan and neglects
to block long distance from the front-door intercom phone. That seems
just a *trifle* cavalier!)
From: Jordan Kossack <JKOSS00@ricevm1.rice.edu>
In general, I agree with you and John Higdon that a company has a
right to know what their computers, telephones, etc. are used for. On
the other hand, there are legitimate privacy concerns on the part of
the employees and the persons they communicate with.
In your article, you say:
-
- [ ... ] The right to privacy in email or on the telephone
- means privacy on computers *you own or control* (i.e. lease or rent a
- mailbox, etc), and on telephone lines *you pay for*.
[ ... ]
- Likewise with telephones: Your employer has the legal right to monitor
By a direct extension of this, I should be allowed to record all
telephone conversations in my house/apartment. After all, since I am
paying the telephone bill, I am the only one who has a right to
privacy on these phone lines. However, if I recall correctly, some
states require the permission of both parties before a call can be
legally recorded. Now, one may argue that the Epson employee has
given his/her implicit agreement by using an Epson owned telephone,
but what about the other party? Do they have any 'rights' in this
situation?
I don't intend this as a flame, since I agree that Epson, or any
other company, should be able to control company resources. However,
there are privacy concerns to be considered - primarily on the part of
the non-employees who sent electronic mail to Epson employees.
~~~~~~~~~~~~~
------------------------------
End of TELECOM Digest V10 #612
******************************telecom@eecs.nwu.edu (TELECOM Moderator) (09/01/90)
TELECOM Digest Sat, 1 Sep 90 02:35:00 CDT Epson Email - Part 2 of 2
Inside This Issue: Moderator: Patrick A. Townson
Re: Class Action Suit Against Epson Charges Email Spying [Many of You]
----------------------------------------------------------------------
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Re: Class Action Suit Against Epson Charges Email Spying
Date: Sat, 1 Sep 1990 01:00:00 CST
Here are more of the many responses received to the op-ed on Epson.
This is part 2 of 2 parts.
From: "Carl M. Kadie" <kadie@cs.uiuc.edu>
In comp.dcom.telecom Patrick Townson writes:
>Several employees of Epson America have filed a class action suit
>against their employer, accusing Epson of spying on them for several
>months by monitoring thousands of their electronic messages.
I don't think "monitoring" is the right word; I think "spying" is more
accurate. Here is how the OED2 defines "monitor":
"In more general use: to observe, supervise, or keep under review;"
It defines "spy" as:
"To watch (a person, etc.) in a secret or stealthy manner;"
Regardless of the the legality of Epson's actions, they behaved
unethically by spying on their employees. The ethical alternative
would have been to 1) tell all employees that e-mail was to be used
for business purposes only 2) to tell employees that their e-mail
might will be read by management 3) to tell an employee every time his
or her e-mail is actually read.
When my manager looks over my shoulder while I work, he or she is
monitoring. When my manager watches me through the office keyhole, he
or she is spying.
From: Charles Bryant <ch@dce.ie>
Organization: Datacode Communications Ltd, Dublin, Ireland
In some places (such as Ireland, and I think the UK) it is illegal for
the owner of the phone to record conversations without the knowledge
and consent of the other party. This obviously implies that an
employer is not entitled to record employees' conversations without
the consent of both the employees and the parties they call. Is there
any similar law in the US?
From: Robert E Stampfli <res@cblpe.att.com>
Organization: AT&T Bell Laboratories
I must say that I currently presume that any e-mail I send thru my
employee account may, at some point, be read by others, even though my
company has strict guidelines about such things. The privacy of
telephone conversations, however, is protected by a long history of
legal standards and societal mores, which make it a somewhat different
animal. For instance, the misguided and untenable Electronic
Communications Privacy Act of 1986 provides a legal assumption of
privacy with regards to cellular calls even though, in this case,
privacy cannot be assured.
An employer certainly has the right to control company resources, and
that includes at some point the right to listen-in on phone
conversations made on company lines. However, if such is done prior
to notifying those affected that they have no expectation of privacy,
then in my opinion, a privacy violation has occurred and those
affected have every right to seek legal redress. That is what the
courts are for.
Maybe one day, when electronic mail is more mature and accepted, we
will employ the same standards with this media.
From: peter da silva <peter@ficc.ferranti.com>
Organization: Xenix Support, FICC
Pat makes a few unfounded assumptions here. I'm not going to comment
on the E-mail aspects of things, but there's a bit much big-brother in
the following.
> Likewise with telephones: Your employer has the legal right to monitor
> your business phone calls to evaluate your performance, etc. If you do
> not like him listening to your personal calls, then a counter-question
> would be in order: why are your personal phone calls being made on
> company phone facilities?
Because there is no alternative?
> Use the payphone in the cafeteria.
What payphone? What cafeteria? The nearest payphone is in a Circle-K over a
mile away.
I use my own Sprint account (via 1-800-877-8000) for long distance
calls. Would my employer have the right to tap those?
From: David Dick <decvax!siia.mv.com!drd@decwrl.dec.com>
Organization: Software Innovations, Inc.
Do you believe it is reasonable for the administrator of their
telephone system to record and review all phone calls made on their
phone system? How about salary discussions?
Do you believe it is reasonable for the people responsible for
maintaining offices and meeting rooms to be privy to everything that
goes on in those rooms? Including salary discussions and employee
discipline and firings?
I don't think that the fact that Epson owns the machines that the
email was carried on *necessarily* implies that the company or *more
importantly* a mere functionary, who is supposed to administer the
email facility, is entitled to violate the confidentiality of those
communications.
I agree that, in the matter of personal use of company machines (or
resources of any kind), Epson is entitled to be upset with
misappropriation. However, even in the conduct of company business, I
don't think it is an absolute that the "company" deserves every
detail, and I think an administrator of a communications facility (of
whatever kind) is not entitled to eavesdrop, except when authorized
for specific purposes (and possibly not even then).
From: Thomas Lapp <thomas%mvac23.uucp@udel.edu>
I read an article in {Information Week} which had this as a cover
article. The lady in question was upset because she was sending
business-related e-mail to person B. Her supervisor intercepted the
mail (which was not addressed, nor intended to be seen by him), and
after viewing it, fired her for insubordination (and in a way which
wasn't exactly professional, either).
If I recall that article from memory, she had asked her boss for an
account on a public e-mail system so that she could use it to do work
from home, or somesuch. He refused. Her message that was intercepted
was to someone else in the company asking the procedures for getting
this account. I don't think she had actually TOLD the other fellow to
get her one, just asking how to go about it. (Shucks, I've done the
same thing: send e-mail asking about the procedure before I ask my
boss for the okay. If she approves, it gets done even faster, and if
she doesn't it isn't a lot of time wasted -- it may be approved later
anyway as things change.)
I don't disagree with you Patrick, on the idea of not using business
resources for personal use. And I agree that anything I type on my
company owned terminal and e-mail system has every right to be audited
by the company. Same as making personal calls at work.
I think that based upon your message and the article I read in
{Information Week}, I think that the suit is going for the wrong
thing. There seems to be three possible suits here, and only the
first two are worth pursuing: Firing the lady in a most unprofessional
way, supervisor reading confidential documents (ie. the BUSINESS
e-mail message not sent nor intended for him), and the privacy of
corporate e-mail in general. I say that the second is worthwhile as
well, but I'll save that for another posting if there is any interest.
From: kdb@macaw.intercon.com (Kurt Baumann)
Organization: InterCon Systems Corporation, Herndon, VA
In article <11387@accuvax.nwu.edu>, john@bovine.ati.com (John Higdon)
writes:
> You should have heard the squeals when we put the hard copy in front
> of these people. Offers to pay were ignored -- my company was not in
> the telecom reselling business. The point was: we wanted people to
> stop using the bloody phone for personal business. It blocked REAL
> calls, distracted the person from doing his job cheating us out of the
> time we were paying for, and the cost of the calls took the money out
> of our pockets.
> Everywhere I have gone, people treat the phone on their desk as their
> own personal service. It also happens to be handy for use in their
> work. Oh well, who wouldn't want to save 100% on his long distance
> calls?
The above happened to me as well. I made a point of asking people to
not use the phone for personal use, quick phone calls were "ok", but
certainly not to extend to 90 minutes talking to ones significant
other. My pleas went unheard until we shut the long distance off
except at my desk. It is sad that things like this happen. However,
I hope that there was a policy in place stating that the messages were
being monitored.
People have come to expect that thier incoming US mail will not be
opened while at work, I think that this expectation has been extended
to cover Email as well. I don't know what the answer is here, but it
seems that some legislation is in order here.
From: Linc Madison <rmadison@euler.berkeley.edu>
Organization: University of California, Berkeley
I disagree entirely. If you use a piece of company-owned stationery
to write a personal letter, the company has no right whatsoever to
read it, not even if you use a company-owned pen to write it on
company time and use a company postage meter. They can ask you to
reimburse them their costs, they can fire you for misuse of their
property, but they CANNOT read the message. PERIOD.
As to the point about telephone lines, the company does not have the
right to monitor its employees' telephone conversations without PRIOR
NOTICE AND CONSENT of the employee. I rather doubt that any of these
employees was notified and gave consent that any e-mail sent could be
monitored and printed out. Furthermore, if I am a guest at someone's
house and use her telephone and she (unknown to me) taps the line, she
has committed an illegal act. (At least that's how the law reads to
me.) It doesn't matter if she let me use the phone under particular
conditions which I violated; she has tapped a phone conversation
without the consent of either party, and that's illegal, even though
it's her phone.
The company is entitled to keep records of to whom e-mail was sent and
the size of the message. If they are concerned about private e-mail,
they have the right to call an employee in and say, "We see that on
August 26 at 11:35 you sent 126 KB of e-mail to foo@bar. What was the
purpose of this message?" If the employee cannot provide an
acceptable answer, the company can take action against the employee
(including requesting reimbursement for the cost of sending the e-mail
or firing the employee or docking the employee's pay for the time
spent). However, unless the employee has made a prior agreement that
e-mail is to be used only for business purposes, the employer's case
is tenuous except on the misuse of company TIME.
If the company reads the e-mail without prior consent, it's wiretapping,
it's invasion of privacy, it's illegal, and they deserve to get sued.
The right to privacy is in no way contingent on ownership of the premises.
------------------------------
End of TELECOM Digest Special: Epson Email Spying Part 2 of 2
******************************Rich Kulawiec <rsk@oldfield.cs.colostate.edu> (09/02/90)
In article <11351@accuvax.nwu.edu> you write: >The right to privacy in email or on the telephone >means privacy on computers *you own or control* (i.e. lease or rent a >mailbox, etc), and on telephone lines *you pay for*. I disagree, at least in the case of computer systems. Below is a copy of memorandum that appear at PRIVACY@RUTGERS a few years ago and was forwarded to me by Dave Curry (then of the Purdue Engineering Computer Network). This memo is a preliminary attempt to assess the impact of the ECPA, and contains the comment that clarification of the intent and scope of the ECPA will probably be determined in the courts; my guess is that the Epson class action lawsuit might be one of the cases which does exactly that. BEGIN MEMORANDUM To: The MIT Community From: James D. Bruce, Vice President for Information Systems Re: The Electronic Communications Privacy Act The Electronic Communications Privacy Act of 1986 was enacted by the United States Congress in October of last year to protect the privacy of users of wire and electronic communications. Legal counsel has advised MIT that its computer network and the files stored on its computers are covered by the law's provisions. Specifically, individuals who access electronic files without appropriate authorization could find themselves subject to criminal penalties under this new law. At this time, we can only make broad generalizations about the impact of the Act on MIT's computing environment. Its actual scope will develop as federal actions are brought against individuals who are charged with inappropriate access to electronic mail and other electronic files. It is clear, however, that under the Act, an individual who, without authorization, accesses an electronic mail queue is liable and may be subject to a fine of $5,000 and up to six months in prison, if charged and convicted. Penalties are higher if the objective is malicious destruction or damage of information, or private gain. The law also bars unauthorized disclosure of information within an electronic mail system by the provider of the service. This bars MIT (and other providers) from disclosing information from an individual's electronic data files without authorization from the individual. MIT students and staff should be aware that it is against Institute policy and federal law to access the private files of others without authorization. MIT employees should also note that they are personally liable under the Act if they exceed their authorization to access electronic files. END MEMORANDUM Based on my own reading of the ECPA, this memo, and other discussions (some of which appeared in TELECOM), I've formulated a policy which is used here [Colorado State CS Dept.; I'm the systems manager]. We will access the "envelope" of a mail message if necessary to see that it's delivered correctly, but not the "body". This is possible when using Unix sendmail because enqueued messages in the process of delivery are stored as two separate files, one of which contains the message itself, the other of which contains information such as the sender, recipient(s), etc.. This information is publicly accessible by use of the "mailq" command or by examination of the publicly-readable logs written by sendmail; it seems to me to be reasonable for us to rewrite it when necessary to ensure delivery of messages. (I would compare this to the US Postal Service's use of forwarding stickers to ensure delivery of paper mail.) But we will not access the contents of a mail message whether it's enqueued or has actually been delivered. Rich Kulawiec
annala%neuro.usc.edu@usc.edu (A J Annala) (09/02/90)
The right of employee privacy in telephone conversations on employer owned equipment was settled a few years ago in a suit brought against one of the major air carriers. My recollection is vague, but I seem to remember an air carrier tried to dismiss a reservations employee for some kind of union organizing activity. The dismissal was based on surrepticious monitoring of an employee telephone conversation. The court ordered the employee reinstated ... with probable damages. Email is a bity more complicated. My gut reaction is that there is a reasonable expectation of privacy on the part of the employee in the absence of any official notice that email will be monitored. I also suspect outside individuals will have some right of action in the event their communications are intercepted. Frankly, I believe all email should be encrypted and not made available in any form to an employer without probable cause to believe a crime is committed. AJ Annala
dricejb@husc6.harvard.edu> (09/08/90)
In article <11759@accuvax.nwu.edu> annala%neuro.usc.edu@usc.edu (A J Annala) writes: X-Telecom-Digest: Volume 10, Issue 622, Message 6 of 12 >The right of employee privacy in telephone conversations on employer >owned equipment was settled a few years ago in a suit brought against >one of the major air carriers. My recollection is vague, but I seem >to remember an air carrier tried to dismiss a reservations employee >for some kind of union organizing activity. The dismissal was based >on surrepticious monitoring of an employee telephone conversation. >The court ordered the employee reinstated ... with probable damages. It would be difficult to draw a general principle from such a ruling. Union-oriented activity has become specially enshrined in American jurisprudence. I wouldn't be surprised if union organizing was held to be a legitimate business activity of any employee. If the employee was doing something more obviously personal, such as using the telephone to run a business on the side, it might not relate to this decision. Craig Jackson dricejb@drilex.dri.mgh.com {bbn,axiom,redsox,atexnet,ka3ovk}!drilex!{dricej,dricejb}