TELECOM Moderator <telecom@eecs.nwu.edu> (08/26/90)
Several employees of Epson America have filed a class action suit against their employer, accusing Epson of spying on them for several months by monitoring thousands of their electronic messages. According to the suit, Epson's computer operations manager made printed copies of electronic mail sent and/or received by 700 workers. The plaintiffs claim this type of act violates a state wiretap law. Epson responds that the suit is entirely unfounded, and I agree with that assessment. The right to privacy in email or on the telephone means privacy on computers *you own or control* (i.e. lease or rent a mailbox, etc), and on telephone lines *you pay for*. Whoever legally controls the computer controls the information on it. Obviously if you lease a mailbox from MCI Mail, then you legally control that part of the MCI computer. If you subscribe to phone service, then you are entitled to privacy on *your phone and line*. If the Epson employees can demonstrate that their employer granted them the right to receive and send personal mail, then a case might be made in their favor. But I doubt any such right was given. And if the email is all business related, then what gives the employees the right to say their employer cannot supervise or review their work? Likewise with telephones: Your employer has the legal right to monitor your business phone calls to evaluate your performance, etc. If you do not like him listening to your personal calls, then a counter-question would be in order: why are your personal phone calls being made on company phone facilities? Use the payphone in the cafeteria. Use your own MCI Mail or ATT Mail account to send and receive personal stuff. Don't complain because the owner of the equipment wants to see how it is being used. The Epson employees deserve to lose this suit, and I hope the court requires them to compensate their employer for his expense in defending it. Patrick Townson ------------------------------ End of TELECOM Digest V10 #596 ******************************
john@bovine.ati.com (John Higdon) (08/26/90)
On Aug 25 at 19:46, TELECOM Moderator writes: > Epson responds that the suit is entirely unfounded, and I agree with > that assessment. The right to privacy in email or on the telephone > means privacy on computers *you own or control* (i.e. lease or rent a > mailbox, etc), and on telephone lines *you pay for*. My initial reaction to all of this was, "Pat, lighten up. People shouldn't have their private mail read." And then I remembered the days of owning a "real" business myself. And then I started to steam. There really is an attitude that saturates the workplace. The assumption is that employees have some god-given right to use the communications facilities of their employer for personal messages. Facing ever escalating telephone bills, we decided to investigate and possibly crack down on personal calls. We started with a memo that re-stated company policy that personal calls were not permitted. Further, any calls so detected would be charged back to the employee and repeated abuse could result in termination. So we fired up the SMDR and set a scan for calls over five minutes in length. A hodge-podge of what we discovered: The sales manager lived in Sacramento and apparently had to call the wife several times a day. A service rep would wyle away the (slow) hours by chatting with a friend in San Francisco. The general manager (!) conducted her Werner Erhard volunteer business off and on all day long. You should have heard the squeals when we put the hard copy in front of these people. Offers to pay were ignored -- my company was not in the telecom reselling business. The point was: we wanted people to stop using the bloody phone for personal business. It blocked REAL calls, distracted the person from doing his job cheating us out of the time we were paying for, and the cost of the calls took the money out of our pockets. Everywhere I have gone, people treat the phone on their desk as their own personal service. It also happens to be handy for use in their work. Oh well, who wouldn't want to save 100% on his long distance calls? John Higdon | P. O. Box 7648 | +1 408 723 1395 john@bovine.ati.com | San Jose, CA 95150 | M o o ! [Moderator's Note: Thanks for your input on this. The same thing is true of computer terminals and email systems. Most companies overlook a small amount of personal phone calls and a small amount of personal email. But when the employees take the attitude it is their property, and that the employer has no right to see or know what is being done with his phones and his computer, then the time is ripe for a crackdown on personal calls and email, cutting out or restricting this privilege for everyone. I suspect what will happen at Epson once the suit is dismissed or the employees lose is that Epson might will go on the warpath and cut out all personal use of their facilities. So all employees will suffer from the arrogance of a few. And speaking of arrogance, is it true that Los Angeles attorney Noel Shipman, representing the handful of *former* employees of Epson who brought this suit named all present Epson employees as members of the class? Is it true he has received demands from *very angry* current employees demanding to have themselves removed from the class, saying 'you do not represent me in anything'? Just asking. PAT]
telecom@eecs.nwu.edu (TELECOM Moderator) (09/01/90)
TELECOM Digest Sat, 1 Sep 90 01:40:00 CDT Epson Email - Part 1 of 2 Inside This Issue: Moderator: Patrick A. Townson Re: Class Action Suit Against Epson Charges Email Spying [Many of You] ---------------------------------------------------------------------- From: TELECOM Moderator <telecom@eecs.nwu.edu> Subject: Re: Class Action Suit Against Epson Charges Email Spying Date: Sat, 1 Sep 1990 01:00:00 CDT Here are several responses received this week from readers of the op-ed on the Epson email case. Quotes have been severely cut back. This is part one of two parts -- yes, I told you the mail came flooding in this week! :) From: bei@halley.uucp Organization: Tandem Computers, Austin, TX If I have any opinion at all, it's a gut reaction that a company can legally monitor the phones of its workers, but ethically shouldn't unless their job involves phone contact with the public. The best justification for this comes from a friend who works at one of those big three-letter companies, when he was explaining why his company should relax its restrictions on Usenet news. He said that the company should provide space, time and access for news for the same reasons they have soda machines and a jogging track: To make a better work environment. From: "Dennis G. Rears (FSAC)" <drears@pica.army.mil> John Higdon and the TELECOM Moderator make extremely good points from the business viewpoint on the subject. The business is paying and they own everything on the computer. However, like most subjects there is more than one side: the employee, employer, and the third party ... What about the non-Epson employee who sends email to the Epson employee over the internet or their paid account on Compuserve or somewhere else? (I realize this is probably not the case but we are talking about privacy of email.) Does the company have a right to read mail from him to an epson employee? To employ the paper analogy, If I send US mail to John Doe at his Acme, Inc. place of work, does Acme have the right to open it? If you say no, Acme can say that it costs them money to distribute it internally so they have a right. Sure they can refuse it but then they could have refused the email from the remote site. At my government work site, the telephone book states that I consent to telephone monitering by using the phone. That means they have my consent but what about the person I am calling. What happens when a another person calls me; have they consented to thier call being monitored? I believe the contents of email, telephone, or paper mail should be kept private. A company should be able to prohibit personal use and enforce but never be able to read mail. In my job I send lots of mail that is 100% business related that is meant for only a few people. It would be damaging to some people and the mission itself if other than the people who it was intended for saw it. I don't want my boss or my boss'es boss to know than I am dealing with certain people or organizations. If I found out he could read my mail, I wouldn't send it and productivity would go down. Do your business search maintain the right to search your desk? Personally, I am disgusted that things like this have to go to court in the first place. Employees should respect the property rights of the employer and employers should respect the privacy rights of the employee. There are privacy concerns on email that has nothing to do if that email is personal or not. From: hkhenson@cup.portal.com Pat, re this topic, could someone post the court filings? I suspect the case is a little more complex than you make it out. While I agree with you that email/phone calls on company resources are converting the company resources to private use, spying on mail/listening to phone calls is not considered "polite" behavior, and is normally not done unless the abuses become obvious. For employeees to be in a court case with an employer is a sign of *serious* problems of trust. From: Dave Levenson <dave%westmark@uunet.uu.net> Organization: Westmark, Inc., Warren, NJ, USA There is a case pending in NJ today. The state claims that the owner of a business in this state monitored telephone calls to/from his employees, while they were at work, without their permission or knowlege. He is charged with several counts of wiretap. Because he is in a heavily-regulated industry, he may be in danger of losing his right to operate his business. The press coverage does not indicate whether the monitored phone calls were considered 'personal', either by the employer or by the employees. A company spokesperson has stated that the monitoring was done by a private investigator hired by the owner to investigate possible fraud by employees. It is further claimed that the monitoring was done without the knowlege of the owner who hired the investigator. Others have stated that the employees whose phones were monitored were believed to be making arrangements to start up a new business in competition with that of their employer. It is not clear that any charges of fraud were ever brought against any current or former employees as a result of the investigation. The case has not come to trial. From: Brendan Kehoe <kehoe@scotty.dccs.upenn.edu> Organization: University of Pennsylvania Uh, sorry that doesn't jive -- I've been running with the assumption that the ECPA gave me the right to *NOT* have email read on, for example, a bulletin board, unless the owner explicitly says that he/she will be doing so to protect their system. Supposedly that whole idea is the BASIS of the ecpa; if it were as you propose, then theoretically you could say that if a call placed by an AT&T subscriber were routed to a US Sprint trunk, for whatever reason (lines down, etc), then US Sprint has the legal right to do whatever they wish with the traffic they forward, since the person that "owns" that traffic isn't a Sprint subscriber? C'mon. If I'm wrong about the way I see this law being interpreted, please correct me ... (but keep the flames to email, ok?). From: Mike Godwin <mnemonic@walt.cc.utexas.edu> Organization: The University of Texas at Austin, Austin, Texas This suggests that the right to privacy depends on ownership of property. Does a landlord have the right to plant a listening device in an apartment just because the tenant doesn't actually own it? Maybe, according to Pat, since the tenant paid for something, and maybe privacy was part of that something. But suppose I'm a housesitter or a houseguest who hasn't paid a dollar of rent, and suppose the landlord installs a listening device to hear *my* conversation. Does our Moderator *really* want to say that privacy is something one has only if one has paid for it? Suppose the Epson employees testify that they were under the impression that e-mail was private and would not be reviewed by anyone other than the recipient. Suppose they then can testify that they wrote things they would not have written if they had known Epson supervisors were spying on them. [regarding if the company should be able to see all business-related email] This, to me, seems naive. I have never had a job in which it was not true at some point that I had a business-related communication I did not want my boss to review. For example, if I wrote a note to X telling her to include charts in her presentation because the Boss is more impressed by graphics than he is by reasoned logical argument, it is quite likely that I wouldn't want the Boss to see that I had written that, even if the Boss himself knew it to be true. Nor is it always the case that such e-mail would concern something negative about supervisors. Sometimes, communication among peers, while business-related, is informal to a degree that would make it embarrassing if a boss saw it. Finally, it is a mistake, I think, to characterize corporate e-mail use as business or non-business. I cannot think of a computer system of which the following statement is not true: "Informal, 'playful' use is required if the system's formal, 'serious' use is to reach its full potential." The corporate cultures of most computer-related firms (and many other firms too) inculcate the attitude that learning how to use a system is a higher priority than limiting one's use to 'justifiable' circumstances. I wouldn't be surprised if Epson employees, prior to their fateful discovery, had thought that using e-mail for private purposes was tolerated, and perhaps even encouraged, by Epson management. But this last is a side issue. The irreducible fact, it seems to me, is that almost everyone who is given access to a corporate e-mail system is given the impression, directly or indirectly, that her communications are private. Since this is true, the employees may well have acted in reliance on that impression that their e-mail communications would be private, and may thus have been 'tricked' into making statements they otherwise would not have made. >The Epson employees deserve to lose this suit, and I hope the court >requires them to compensate their employer for his expense in >defending it. Obviously, I think this issue is a little subtler than any question of property rights. From: Colin Plumb <colin@array.uucp> Organization: Array Systems Computing, Inc., Toronto, Ontario, CANADA It is legitimate to complain when it costs the company money, either in phone bills or a material impact on employee work, but I believe minor use of communications facilities is more of a right than a gift. I'm using company equipment to send this message, which is only peripherally related to my work. But I know they don't object. How many repair men and delivery trucks need a daytime phone number? How do you call the hospital to ask how your child/spouse/relative's surgery went? It's silly to expect that work consumes one's undivided attention for hours on end; you have to accept the fact that you're paying people when they're not at top efficiency as well as when they are. Similarly, you have to allow some humanity overhead on communications lines. And if, say, a close friend calls me up in tears after a breakup, I expect to be able to comfort them with some reasonable expectation of privacy. No, not perfect, but anyone who hears part of it should not stick around to hear it all. I need to know more of the details, but Epson's organized eavesdropping efforts seemed excessive. (Note: I'm in the programming business, where there's a very high premium on Keeping Them Happy, so I may have different experiences than others. I've heard stories about A Certain Company that has people keeping in regular touch with girlfriends in Japan and neglects to block long distance from the front-door intercom phone. That seems just a *trifle* cavalier!) From: Jordan Kossack <JKOSS00@ricevm1.rice.edu> In general, I agree with you and John Higdon that a company has a right to know what their computers, telephones, etc. are used for. On the other hand, there are legitimate privacy concerns on the part of the employees and the persons they communicate with. In your article, you say: - - [ ... ] The right to privacy in email or on the telephone - means privacy on computers *you own or control* (i.e. lease or rent a - mailbox, etc), and on telephone lines *you pay for*. [ ... ] - Likewise with telephones: Your employer has the legal right to monitor By a direct extension of this, I should be allowed to record all telephone conversations in my house/apartment. After all, since I am paying the telephone bill, I am the only one who has a right to privacy on these phone lines. However, if I recall correctly, some states require the permission of both parties before a call can be legally recorded. Now, one may argue that the Epson employee has given his/her implicit agreement by using an Epson owned telephone, but what about the other party? Do they have any 'rights' in this situation? I don't intend this as a flame, since I agree that Epson, or any other company, should be able to control company resources. However, there are privacy concerns to be considered - primarily on the part of the non-employees who sent electronic mail to Epson employees. ~~~~~~~~~~~~~ ------------------------------ End of TELECOM Digest V10 #612 ******************************
telecom@eecs.nwu.edu (TELECOM Moderator) (09/01/90)
TELECOM Digest Sat, 1 Sep 90 01:42:00 CDT Epson Email - Part 1 of 2 Inside This Issue: Moderator: Patrick A. Townson Re: Class Action Suit Against Epson Charges Email Spying [Many of You] ---------------------------------------------------------------------- From: TELECOM Moderator <telecom@eecs.nwu.edu> Subject: Re: Class Action Suit Against Epson Charges Email Spying Date: Sat, 1 Sep 1990 01:00:00 CDT Here are several responses received this week from readers of the op-ed on the Epson email case. Quotes have been severely cut back. This is part one of two parts -- yes, I told you the mail came flooding in this week! :) From: bei@halley.uucp Organization: Tandem Computers, Austin, TX If I have any opinion at all, it's a gut reaction that a company can legally monitor the phones of its workers, but ethically shouldn't unless their job involves phone contact with the public. The best justification for this comes from a friend who works at one of those big three-letter companies, when he was explaining why his company should relax its restrictions on Usenet news. He said that the company should provide space, time and access for news for the same reasons they have soda machines and a jogging track: To make a better work environment. From: "Dennis G. Rears (FSAC)" <drears@pica.army.mil> John Higdon and the TELECOM Moderator make extremely good points from the business viewpoint on the subject. The business is paying and they own everything on the computer. However, like most subjects there is more than one side: the employee, employer, and the third party ... What about the non-Epson employee who sends email to the Epson employee over the internet or their paid account on Compuserve or somewhere else? (I realize this is probably not the case but we are talking about privacy of email.) Does the company have a right to read mail from him to an epson employee? To employ the paper analogy, If I send US mail to John Doe at his Acme, Inc. place of work, does Acme have the right to open it? If you say no, Acme can say that it costs them money to distribute it internally so they have a right. Sure they can refuse it but then they could have refused the email from the remote site. At my government work site, the telephone book states that I consent to telephone monitering by using the phone. That means they have my consent but what about the person I am calling. What happens when a another person calls me; have they consented to thier call being monitored? I believe the contents of email, telephone, or paper mail should be kept private. A company should be able to prohibit personal use and enforce but never be able to read mail. In my job I send lots of mail that is 100% business related that is meant for only a few people. It would be damaging to some people and the mission itself if other than the people who it was intended for saw it. I don't want my boss or my boss'es boss to know than I am dealing with certain people or organizations. If I found out he could read my mail, I wouldn't send it and productivity would go down. Do your business search maintain the right to search your desk? Personally, I am disgusted that things like this have to go to court in the first place. Employees should respect the property rights of the employer and employers should respect the privacy rights of the employee. There are privacy concerns on email that has nothing to do if that email is personal or not. From: hkhenson@cup.portal.com Pat, re this topic, could someone post the court filings? I suspect the case is a little more complex than you make it out. While I agree with you that email/phone calls on company resources are converting the company resources to private use, spying on mail/listening to phone calls is not considered "polite" behavior, and is normally not done unless the abuses become obvious. For employeees to be in a court case with an employer is a sign of *serious* problems of trust. From: Dave Levenson <dave%westmark@uunet.uu.net> Organization: Westmark, Inc., Warren, NJ, USA There is a case pending in NJ today. The state claims that the owner of a business in this state monitored telephone calls to/from his employees, while they were at work, without their permission or knowlege. He is charged with several counts of wiretap. Because he is in a heavily-regulated industry, he may be in danger of losing his right to operate his business. The press coverage does not indicate whether the monitored phone calls were considered 'personal', either by the employer or by the employees. A company spokesperson has stated that the monitoring was done by a private investigator hired by the owner to investigate possible fraud by employees. It is further claimed that the monitoring was done without the knowlege of the owner who hired the investigator. Others have stated that the employees whose phones were monitored were believed to be making arrangements to start up a new business in competition with that of their employer. It is not clear that any charges of fraud were ever brought against any current or former employees as a result of the investigation. The case has not come to trial. From: Brendan Kehoe <kehoe@scotty.dccs.upenn.edu> Organization: University of Pennsylvania Uh, sorry that doesn't jive -- I've been running with the assumption that the ECPA gave me the right to *NOT* have email read on, for example, a bulletin board, unless the owner explicitly says that he/she will be doing so to protect their system. Supposedly that whole idea is the BASIS of the ecpa; if it were as you propose, then theoretically you could say that if a call placed by an AT&T subscriber were routed to a US Sprint trunk, for whatever reason (lines down, etc), then US Sprint has the legal right to do whatever they wish with the traffic they forward, since the person that "owns" that traffic isn't a Sprint subscriber? C'mon. If I'm wrong about the way I see this law being interpreted, please correct me ... (but keep the flames to email, ok?). From: Mike Godwin <mnemonic@walt.cc.utexas.edu> Organization: The University of Texas at Austin, Austin, Texas This suggests that the right to privacy depends on ownership of property. Does a landlord have the right to plant a listening device in an apartment just because the tenant doesn't actually own it? Maybe, according to Pat, since the tenant paid for something, and maybe privacy was part of that something. But suppose I'm a housesitter or a houseguest who hasn't paid a dollar of rent, and suppose the landlord installs a listening device to hear *my* conversation. Does our Moderator *really* want to say that privacy is something one has only if one has paid for it? Suppose the Epson employees testify that they were under the impression that e-mail was private and would not be reviewed by anyone other than the recipient. Suppose they then can testify that they wrote things they would not have written if they had known Epson supervisors were spying on them. [regarding if the company should be able to see all business-related email] This, to me, seems naive. I have never had a job in which it was not true at some point that I had a business-related communication I did not want my boss to review. For example, if I wrote a note to X telling her to include charts in her presentation because the Boss is more impressed by graphics than he is by reasoned logical argument, it is quite likely that I wouldn't want the Boss to see that I had written that, even if the Boss himself knew it to be true. Nor is it always the case that such e-mail would concern something negative about supervisors. Sometimes, communication among peers, while business-related, is informal to a degree that would make it embarrassing if a boss saw it. Finally, it is a mistake, I think, to characterize corporate e-mail use as business or non-business. I cannot think of a computer system of which the following statement is not true: "Informal, 'playful' use is required if the system's formal, 'serious' use is to reach its full potential." The corporate cultures of most computer-related firms (and many other firms too) inculcate the attitude that learning how to use a system is a higher priority than limiting one's use to 'justifiable' circumstances. I wouldn't be surprised if Epson employees, prior to their fateful discovery, had thought that using e-mail for private purposes was tolerated, and perhaps even encouraged, by Epson management. But this last is a side issue. The irreducible fact, it seems to me, is that almost everyone who is given access to a corporate e-mail system is given the impression, directly or indirectly, that her communications are private. Since this is true, the employees may well have acted in reliance on that impression that their e-mail communications would be private, and may thus have been 'tricked' into making statements they otherwise would not have made. >The Epson employees deserve to lose this suit, and I hope the court >requires them to compensate their employer for his expense in >defending it. Obviously, I think this issue is a little subtler than any question of property rights. From: Colin Plumb <colin@array.uucp> Organization: Array Systems Computing, Inc., Toronto, Ontario, CANADA It is legitimate to complain when it costs the company money, either in phone bills or a material impact on employee work, but I believe minor use of communications facilities is more of a right than a gift. I'm using company equipment to send this message, which is only peripherally related to my work. But I know they don't object. How many repair men and delivery trucks need a daytime phone number? How do you call the hospital to ask how your child/spouse/relative's surgery went? It's silly to expect that work consumes one's undivided attention for hours on end; you have to accept the fact that you're paying people when they're not at top efficiency as well as when they are. Similarly, you have to allow some humanity overhead on communications lines. And if, say, a close friend calls me up in tears after a breakup, I expect to be able to comfort them with some reasonable expectation of privacy. No, not perfect, but anyone who hears part of it should not stick around to hear it all. I need to know more of the details, but Epson's organized eavesdropping efforts seemed excessive. (Note: I'm in the programming business, where there's a very high premium on Keeping Them Happy, so I may have different experiences than others. I've heard stories about A Certain Company that has people keeping in regular touch with girlfriends in Japan and neglects to block long distance from the front-door intercom phone. That seems just a *trifle* cavalier!) From: Jordan Kossack <JKOSS00@ricevm1.rice.edu> In general, I agree with you and John Higdon that a company has a right to know what their computers, telephones, etc. are used for. On the other hand, there are legitimate privacy concerns on the part of the employees and the persons they communicate with. In your article, you say: - - [ ... ] The right to privacy in email or on the telephone - means privacy on computers *you own or control* (i.e. lease or rent a - mailbox, etc), and on telephone lines *you pay for*. [ ... ] - Likewise with telephones: Your employer has the legal right to monitor By a direct extension of this, I should be allowed to record all telephone conversations in my house/apartment. After all, since I am paying the telephone bill, I am the only one who has a right to privacy on these phone lines. However, if I recall correctly, some states require the permission of both parties before a call can be legally recorded. Now, one may argue that the Epson employee has given his/her implicit agreement by using an Epson owned telephone, but what about the other party? Do they have any 'rights' in this situation? I don't intend this as a flame, since I agree that Epson, or any other company, should be able to control company resources. However, there are privacy concerns to be considered - primarily on the part of the non-employees who sent electronic mail to Epson employees. ~~~~~~~~~~~~~ ------------------------------ End of TELECOM Digest V10 #612 ******************************
telecom@eecs.nwu.edu (TELECOM Moderator) (09/01/90)
TELECOM Digest Sat, 1 Sep 90 02:35:00 CDT Epson Email - Part 2 of 2 Inside This Issue: Moderator: Patrick A. Townson Re: Class Action Suit Against Epson Charges Email Spying [Many of You] ---------------------------------------------------------------------- From: TELECOM Moderator <telecom@eecs.nwu.edu> Subject: Re: Class Action Suit Against Epson Charges Email Spying Date: Sat, 1 Sep 1990 01:00:00 CST Here are more of the many responses received to the op-ed on Epson. This is part 2 of 2 parts. From: "Carl M. Kadie" <kadie@cs.uiuc.edu> In comp.dcom.telecom Patrick Townson writes: >Several employees of Epson America have filed a class action suit >against their employer, accusing Epson of spying on them for several >months by monitoring thousands of their electronic messages. I don't think "monitoring" is the right word; I think "spying" is more accurate. Here is how the OED2 defines "monitor": "In more general use: to observe, supervise, or keep under review;" It defines "spy" as: "To watch (a person, etc.) in a secret or stealthy manner;" Regardless of the the legality of Epson's actions, they behaved unethically by spying on their employees. The ethical alternative would have been to 1) tell all employees that e-mail was to be used for business purposes only 2) to tell employees that their e-mail might will be read by management 3) to tell an employee every time his or her e-mail is actually read. When my manager looks over my shoulder while I work, he or she is monitoring. When my manager watches me through the office keyhole, he or she is spying. From: Charles Bryant <ch@dce.ie> Organization: Datacode Communications Ltd, Dublin, Ireland In some places (such as Ireland, and I think the UK) it is illegal for the owner of the phone to record conversations without the knowledge and consent of the other party. This obviously implies that an employer is not entitled to record employees' conversations without the consent of both the employees and the parties they call. Is there any similar law in the US? From: Robert E Stampfli <res@cblpe.att.com> Organization: AT&T Bell Laboratories I must say that I currently presume that any e-mail I send thru my employee account may, at some point, be read by others, even though my company has strict guidelines about such things. The privacy of telephone conversations, however, is protected by a long history of legal standards and societal mores, which make it a somewhat different animal. For instance, the misguided and untenable Electronic Communications Privacy Act of 1986 provides a legal assumption of privacy with regards to cellular calls even though, in this case, privacy cannot be assured. An employer certainly has the right to control company resources, and that includes at some point the right to listen-in on phone conversations made on company lines. However, if such is done prior to notifying those affected that they have no expectation of privacy, then in my opinion, a privacy violation has occurred and those affected have every right to seek legal redress. That is what the courts are for. Maybe one day, when electronic mail is more mature and accepted, we will employ the same standards with this media. From: peter da silva <peter@ficc.ferranti.com> Organization: Xenix Support, FICC Pat makes a few unfounded assumptions here. I'm not going to comment on the E-mail aspects of things, but there's a bit much big-brother in the following. > Likewise with telephones: Your employer has the legal right to monitor > your business phone calls to evaluate your performance, etc. If you do > not like him listening to your personal calls, then a counter-question > would be in order: why are your personal phone calls being made on > company phone facilities? Because there is no alternative? > Use the payphone in the cafeteria. What payphone? What cafeteria? The nearest payphone is in a Circle-K over a mile away. I use my own Sprint account (via 1-800-877-8000) for long distance calls. Would my employer have the right to tap those? From: David Dick <decvax!siia.mv.com!drd@decwrl.dec.com> Organization: Software Innovations, Inc. Do you believe it is reasonable for the administrator of their telephone system to record and review all phone calls made on their phone system? How about salary discussions? Do you believe it is reasonable for the people responsible for maintaining offices and meeting rooms to be privy to everything that goes on in those rooms? Including salary discussions and employee discipline and firings? I don't think that the fact that Epson owns the machines that the email was carried on *necessarily* implies that the company or *more importantly* a mere functionary, who is supposed to administer the email facility, is entitled to violate the confidentiality of those communications. I agree that, in the matter of personal use of company machines (or resources of any kind), Epson is entitled to be upset with misappropriation. However, even in the conduct of company business, I don't think it is an absolute that the "company" deserves every detail, and I think an administrator of a communications facility (of whatever kind) is not entitled to eavesdrop, except when authorized for specific purposes (and possibly not even then). From: Thomas Lapp <thomas%mvac23.uucp@udel.edu> I read an article in {Information Week} which had this as a cover article. The lady in question was upset because she was sending business-related e-mail to person B. Her supervisor intercepted the mail (which was not addressed, nor intended to be seen by him), and after viewing it, fired her for insubordination (and in a way which wasn't exactly professional, either). If I recall that article from memory, she had asked her boss for an account on a public e-mail system so that she could use it to do work from home, or somesuch. He refused. Her message that was intercepted was to someone else in the company asking the procedures for getting this account. I don't think she had actually TOLD the other fellow to get her one, just asking how to go about it. (Shucks, I've done the same thing: send e-mail asking about the procedure before I ask my boss for the okay. If she approves, it gets done even faster, and if she doesn't it isn't a lot of time wasted -- it may be approved later anyway as things change.) I don't disagree with you Patrick, on the idea of not using business resources for personal use. And I agree that anything I type on my company owned terminal and e-mail system has every right to be audited by the company. Same as making personal calls at work. I think that based upon your message and the article I read in {Information Week}, I think that the suit is going for the wrong thing. There seems to be three possible suits here, and only the first two are worth pursuing: Firing the lady in a most unprofessional way, supervisor reading confidential documents (ie. the BUSINESS e-mail message not sent nor intended for him), and the privacy of corporate e-mail in general. I say that the second is worthwhile as well, but I'll save that for another posting if there is any interest. From: kdb@macaw.intercon.com (Kurt Baumann) Organization: InterCon Systems Corporation, Herndon, VA In article <11387@accuvax.nwu.edu>, john@bovine.ati.com (John Higdon) writes: > You should have heard the squeals when we put the hard copy in front > of these people. Offers to pay were ignored -- my company was not in > the telecom reselling business. The point was: we wanted people to > stop using the bloody phone for personal business. It blocked REAL > calls, distracted the person from doing his job cheating us out of the > time we were paying for, and the cost of the calls took the money out > of our pockets. > Everywhere I have gone, people treat the phone on their desk as their > own personal service. It also happens to be handy for use in their > work. Oh well, who wouldn't want to save 100% on his long distance > calls? The above happened to me as well. I made a point of asking people to not use the phone for personal use, quick phone calls were "ok", but certainly not to extend to 90 minutes talking to ones significant other. My pleas went unheard until we shut the long distance off except at my desk. It is sad that things like this happen. However, I hope that there was a policy in place stating that the messages were being monitored. People have come to expect that thier incoming US mail will not be opened while at work, I think that this expectation has been extended to cover Email as well. I don't know what the answer is here, but it seems that some legislation is in order here. From: Linc Madison <rmadison@euler.berkeley.edu> Organization: University of California, Berkeley I disagree entirely. If you use a piece of company-owned stationery to write a personal letter, the company has no right whatsoever to read it, not even if you use a company-owned pen to write it on company time and use a company postage meter. They can ask you to reimburse them their costs, they can fire you for misuse of their property, but they CANNOT read the message. PERIOD. As to the point about telephone lines, the company does not have the right to monitor its employees' telephone conversations without PRIOR NOTICE AND CONSENT of the employee. I rather doubt that any of these employees was notified and gave consent that any e-mail sent could be monitored and printed out. Furthermore, if I am a guest at someone's house and use her telephone and she (unknown to me) taps the line, she has committed an illegal act. (At least that's how the law reads to me.) It doesn't matter if she let me use the phone under particular conditions which I violated; she has tapped a phone conversation without the consent of either party, and that's illegal, even though it's her phone. The company is entitled to keep records of to whom e-mail was sent and the size of the message. If they are concerned about private e-mail, they have the right to call an employee in and say, "We see that on August 26 at 11:35 you sent 126 KB of e-mail to foo@bar. What was the purpose of this message?" If the employee cannot provide an acceptable answer, the company can take action against the employee (including requesting reimbursement for the cost of sending the e-mail or firing the employee or docking the employee's pay for the time spent). However, unless the employee has made a prior agreement that e-mail is to be used only for business purposes, the employer's case is tenuous except on the misuse of company TIME. If the company reads the e-mail without prior consent, it's wiretapping, it's invasion of privacy, it's illegal, and they deserve to get sued. The right to privacy is in no way contingent on ownership of the premises. ------------------------------ End of TELECOM Digest Special: Epson Email Spying Part 2 of 2 ******************************
Rich Kulawiec <rsk@oldfield.cs.colostate.edu> (09/02/90)
In article <11351@accuvax.nwu.edu> you write: >The right to privacy in email or on the telephone >means privacy on computers *you own or control* (i.e. lease or rent a >mailbox, etc), and on telephone lines *you pay for*. I disagree, at least in the case of computer systems. Below is a copy of memorandum that appear at PRIVACY@RUTGERS a few years ago and was forwarded to me by Dave Curry (then of the Purdue Engineering Computer Network). This memo is a preliminary attempt to assess the impact of the ECPA, and contains the comment that clarification of the intent and scope of the ECPA will probably be determined in the courts; my guess is that the Epson class action lawsuit might be one of the cases which does exactly that. BEGIN MEMORANDUM To: The MIT Community From: James D. Bruce, Vice President for Information Systems Re: The Electronic Communications Privacy Act The Electronic Communications Privacy Act of 1986 was enacted by the United States Congress in October of last year to protect the privacy of users of wire and electronic communications. Legal counsel has advised MIT that its computer network and the files stored on its computers are covered by the law's provisions. Specifically, individuals who access electronic files without appropriate authorization could find themselves subject to criminal penalties under this new law. At this time, we can only make broad generalizations about the impact of the Act on MIT's computing environment. Its actual scope will develop as federal actions are brought against individuals who are charged with inappropriate access to electronic mail and other electronic files. It is clear, however, that under the Act, an individual who, without authorization, accesses an electronic mail queue is liable and may be subject to a fine of $5,000 and up to six months in prison, if charged and convicted. Penalties are higher if the objective is malicious destruction or damage of information, or private gain. The law also bars unauthorized disclosure of information within an electronic mail system by the provider of the service. This bars MIT (and other providers) from disclosing information from an individual's electronic data files without authorization from the individual. MIT students and staff should be aware that it is against Institute policy and federal law to access the private files of others without authorization. MIT employees should also note that they are personally liable under the Act if they exceed their authorization to access electronic files. END MEMORANDUM Based on my own reading of the ECPA, this memo, and other discussions (some of which appeared in TELECOM), I've formulated a policy which is used here [Colorado State CS Dept.; I'm the systems manager]. We will access the "envelope" of a mail message if necessary to see that it's delivered correctly, but not the "body". This is possible when using Unix sendmail because enqueued messages in the process of delivery are stored as two separate files, one of which contains the message itself, the other of which contains information such as the sender, recipient(s), etc.. This information is publicly accessible by use of the "mailq" command or by examination of the publicly-readable logs written by sendmail; it seems to me to be reasonable for us to rewrite it when necessary to ensure delivery of messages. (I would compare this to the US Postal Service's use of forwarding stickers to ensure delivery of paper mail.) But we will not access the contents of a mail message whether it's enqueued or has actually been delivered. Rich Kulawiec
annala%neuro.usc.edu@usc.edu (A J Annala) (09/02/90)
The right of employee privacy in telephone conversations on employer owned equipment was settled a few years ago in a suit brought against one of the major air carriers. My recollection is vague, but I seem to remember an air carrier tried to dismiss a reservations employee for some kind of union organizing activity. The dismissal was based on surrepticious monitoring of an employee telephone conversation. The court ordered the employee reinstated ... with probable damages. Email is a bity more complicated. My gut reaction is that there is a reasonable expectation of privacy on the part of the employee in the absence of any official notice that email will be monitored. I also suspect outside individuals will have some right of action in the event their communications are intercepted. Frankly, I believe all email should be encrypted and not made available in any form to an employer without probable cause to believe a crime is committed. AJ Annala
dricejb@husc6.harvard.edu> (09/08/90)
In article <11759@accuvax.nwu.edu> annala%neuro.usc.edu@usc.edu (A J Annala) writes: X-Telecom-Digest: Volume 10, Issue 622, Message 6 of 12 >The right of employee privacy in telephone conversations on employer >owned equipment was settled a few years ago in a suit brought against >one of the major air carriers. My recollection is vague, but I seem >to remember an air carrier tried to dismiss a reservations employee >for some kind of union organizing activity. The dismissal was based >on surrepticious monitoring of an employee telephone conversation. >The court ordered the employee reinstated ... with probable damages. It would be difficult to draw a general principle from such a ruling. Union-oriented activity has become specially enshrined in American jurisprudence. I wouldn't be surprised if union organizing was held to be a legitimate business activity of any employee. If the employee was doing something more obviously personal, such as using the telephone to run a business on the side, it might not relate to this decision. Craig Jackson dricejb@drilex.dri.mgh.com {bbn,axiom,redsox,atexnet,ka3ovk}!drilex!{dricej,dricejb}