In Australia, Bosses May Get Power To Snoop On Emails

Numerous readers noted the proposal by the Australian government for legislation to allow employers to snoop on employees' email and IM conversations. This is being proposed in the name of protecting the infrastructure from terrorism. The attorney-general cited the Estonian cyber-attacks as a reason why such employer monitoring is necessary in Australia — never mind that the attacks were perpetrated by a lone 20-year-old and not by a foreign government or terrorist. The law permitting intelligence agencies to snoop on citizens without permission expires this June, leading to the government's urgency to extend and expand it. The chairman of Electronic Frontiers Australia said, "These new powers will facilitate fishing expeditions into employees' emails and computer use rather than being used to protect critical infrastructure. I'm talking about corporate eavesdropping and witch-hunts... If an employer wanted to [sack] someone, they could use these powers."

Re:In Kiwi New Zealand

[SHaFT7]

can't you already do this in the states?

Re:In Kiwi New Zealand

[speedingant]

Also in NZ. It makes complete sense! They have every right to see what is going on inside their own company, and what activity is going on inside their network.

Re:Confused

[_merlin]

Corporations have EVERY right to watch what you do at work.

No they don't. In fact, in most of the world, they aren't allowed to spy on you without your consent. The USA just has a pathetic lack of privacy laws. Judging from your post and others like it, they've also brainwashed the population into accepting it. I don't want my freedom eroded any more than it already has been.

Re:really?

[JustShootMe]

No, which is why you shouldn't send sensitive personal emails over a corporate network.

Thanks for being condescending.

Re:really?

[wvmarle]

As an employer actually I consider it a right to know what my employees are doing. When using company resources (telephone, e-mail, Internet, whatever) then of course an employee has a right to use it for personal matters, but that should be limited to the necessary.
For example, if they have to call their bank, then it always always must be done during office hours. But calling their lover that can be done after office hours.
For e-mail: most people these days have an e-mail address already. Personal things they should send using that e-mail address. Work things are for the company provided address.
It would be scary for me to not be allowed to check on my employees, to see that they are doing what they are paid for. Scary to be never allowed to read their e-mails, when I deem necessary (hasn't happened yet but it's possible) - the most likely situation for me would occur when a customer says "I sent that to this employee", who happens to be on vacation then, upon which I'd start looking through their company mail box.
An employee should know that this is company resource, and the company also should have a right to check/limit the usage.

Re:Confused

[Asic Eng]

Spying on someone and watching someone are two distinct different concepts. When your boss watches you, you know that he's there doing that - when your boss is spying on you, you may not be aware of it. Using your concept of watching what the plumber is doing: in the first case you are standing around looking at his work - in the second you install a video camera to secretly observer him. People are very uncomfortable with the second scenario - they feel violated. That's why companies shouldn't be permitted to do it.

If a person isn't comfortable being watched by the people that are paying him to do the job, he is always free to quit and not be paid for it.

If a company doesn't like to observe a countries privacy laws - well too bad then, they have to do it anyway. Companies don't have rights, people do.

It's a beatup about a non-story.

[Jacques Chester]

First I rang my local member, who referred me to Julia Gillard's office (she made the original idiotic statements). Her office referred me to the Attorney-General's office, as that's where it's coming from.

The nice functionary I spoke to there said it's a media beatup. Under Australian law it's illegal to intercept the communications of a third party without a warrant. There was some wondering about whether passing emails through a virus scan qualified as warrantless interception.

Rather than going through some court case about to settle the matter, it was felt that it would be easier just to amend the Telecommunications Interception Act instead.

So that's it. There's actually no story here at all. Though it did provoke me to write an angry rant [clubtroppo.com.au] before I started doing what the journalists should have done in the first place - check the facts.

Re:Sound stupid to me....

[JustShootMe]

I agree with this. The lines are a little more blurry - they have my cell and home numbers. But if someone calls it and it's not an emergency they get yelled at. My boss even told me, if I'm not on call, I don't have to take any work calls after hours - *especially* because my phone is not company issued.

I'm never on call, at least for now.

In principle, though, I'm with you. If the site isn't down in such a way that I'm the only one that can fix it - they can leave me alone, and they know it.

Re:really?

[Architect_sasyr]

Ok as an Australian SysAdmin and after discussing this with a few of my Sydney based counter-parts today we've come to the following couple of points:

1. A phone conversation may not be monitored or recorded without prior consent from both parties. This is exemplified in calling the local telco and being told that our calls may be recorded for training purposes (my ass) and if you don't like it tell them so
2. Web traffic log generation is covered by the usage policy on the network. Providing they've signed off on this there is no invasion of privacy.
3. This is the tricky one. Out here in Australia, as we understand it, Murder is a state-based crime whereas reading a mail message that is not yours counts as a federal crime (so yes you can go to gaol for longer if you read someone's mail as opposed to murdering them - WTF?!). So even if we have agreed to allow our SysAdmin permission to read our emails, should we wish to it can be taken to a federal agency and acted apon. It is thus illegal to read emails, regardless of what they have signed. If someone with more info on this than me could enlighten me further, be much appreciated.

Everyone's an expert

[Anonymous Coward]

Wow... with so many experts commenting on the matter I'm sure my 2c aint going to count for much. Anyway, as someone who works for a managed services provider providing services to a Federal Government department in Australia I find the spectrum of comments rather amusing. Obviously few of the commentators on the subject actually work in government or big enterprise.

When you enter into an environment such as the one I manage you sign away your rights to privacy the second you accept the IT security policies that govern the particular workplace. Don't want to accept the IT security policy? Find somewhere else to work.

Everything you do on the infrastructure provided to you by your employer is owned by the employer. Sure, the IT policy generally includes allowances for the fact that people have a life outside work and need to be able to conduct some personal activities from their workplace however there should be no assumption of privacy.

I illustrate. Another Federal government department recently contacted ours over a potentially problematic email containing sexual content. We, as a Federal government agency, are required by law to investigate. We are not required to disclose the fact that we are doing this investigation. Should I be investigating you then you'd better hope it was a misunderstanding and that nothing incriminating is found in your mailbox because regardless of whether we find the item in question from that point on we are looking for a demonstrated course of action. i.e., does the person regularly conduct email activities that could result in a sexual harrassment case being built against them and in turn harming the reputation of the agency. Is that an invasion of privacy? Possibly.. if I was snooping into emails sent on infrastructure you owned, such as your webmail (which incidentally is also prohibited by policy and blocked by technological controls). Given that I have conducted my investigation on your government owned mailbox then sorry Jack, you have no expectation of privacy.

As for whether Americans have different rules, legislations etc is not the point. The law being discussed is relevant only to Australia, Australian work places and Australian laws. Frankly any attempt to dilute the argument by referencing what other nations do is completely irrelevant and totally pointless.

Do I agree with the proposals? Actually, yes I do. Given that my workplace already has such policies and the reasonableness of an employer being able to protect their property and infrastructure I don't see why this is an issue. If you don't like it, then don't do anything to warrant your activities being examined.

Do I think that some employers could abuse the ability? Sure, but what makes you think that such employers don't already do so without your knowledge?

I'm of this mind too...

[Cyno01]

Its a little different because im hourly, but the principal still applies. If im on the clock, thats their time, and vice versa, i'm a real bastard about it too.

I've been paged to the floor while on my lunch more than a few times, sometimes more than once durring my lunch break. I'm punched out for lunch (company policy) and required to take one (state law) i made my bosses fill out the apropriate paperwork for me to get paid for those interrupted lunch breaks every time. Although personally i'd rather not even take a lunch and not be stuck at work for an hour while not getting paid.

I dont even answer my phone on my days off if i see that its work. One time i was just getting in for the day and my boss said something like "Why didnt you answer your phone yesterday, we coulda really used you, so and so called in." I just laid into him, with the HR lady right there too, i was like

"My days off are MY time, if i dont show up for work on the days i AM scheduled then we have a problem, but i am not coming in other days unless you work something out with me ahead of time. I am NOT on call, and if you want me to be you're gonna have to pay me a salary, starting now."

They havnt called me on a day off since then.