In Australia, Bosses May Get Power To Snoop On Emails

Numerous readers noted the proposal by the Australian government for legislation to allow employers to snoop on employees' email and IM conversations. This is being proposed in the name of protecting the infrastructure from terrorism. The attorney-general cited the Estonian cyber-attacks as a reason why such employer monitoring is necessary in Australia — never mind that the attacks were perpetrated by a lone 20-year-old and not by a foreign government or terrorist. The law permitting intelligence agencies to snoop on citizens without permission expires this June, leading to the government's urgency to extend and expand it. The chairman of Electronic Frontiers Australia said, "These new powers will facilitate fishing expeditions into employees' emails and computer use rather than being used to protect critical infrastructure. I'm talking about corporate eavesdropping and witch-hunts... If an employer wanted to [sack] someone, they could use these powers."

Eh.

[JustShootMe]

If the company owns the machines and the network, then the company is able and allowed to watch everything you do - particularly if you signed an employment agreement consenting to it.

This is not news. Frankly sometimes I think privacy advocates overreact - and I think this is one of those times.

Re:In Kiwi New Zealand

[JustShootMe]

Funny story - where I work there is a very liberal network use policy - you can use it how you like as long as your manager is happy with your work and you don't shut the network down.

Someone shut the network down, I think with a P2P site.

The network guys sit right next to me. They were having a great time tracking down the culprit. And even funnier is people were coming out of the woodwork saying "my bad!" when it wasn't even them!

But I was very much OK with that. That person was saturating the network connection and stopping real work from getting done.

Re:Sound stupid to me....

[CodeBuster]

Then you take out your trusty knoppix CD and boot the machine into a Linux session before connecting to your g-mail account. Unless they are monitoring the computer at the hardware level (unlikely) then you are secure in the knowledge that that particular communication will remain private.

Employers can already legally snoop on emails

[dropbearsrus]

IANAL, but my understanding is that it is already legal for employers to monitor any and all use of employees emails, IM, etc. The company owns the computers so they can do what they want with them. There is no distinction between work-related and personal emails if they were sent or received using company resources.
The Attorney-General says otherwise which is a surprise to me, and also I'm sure to much of the business and legal community. The legal advice to several businesses I've worked at, is that they are well within rights to intercept employee emails.
Any Australian lawyers that can comment on this?

Re:In Kiwi New Zealand

[Moridineas]

I am not a small business owner, but I work at a small business in the US, and I would just add that at my company, there's little to no privacy. There are only about 15 people, and if someone is out sick, on vacation, on a business trip, etc--someone else will read their email to see if there's anything that has to be replied to immediately.

This goes for the bosses computer+email too.

There have never been any problems that I've heard of--I mean the general standard is, if you're reading someones email and you see its personal, dont read it. Just look at the business email. Not always possible, but it hasn't been a problem in my experience.

I don't really think most people use their business addresses for personal email very often incidentally--everyone seems to use yahoo/gmail/whatever. (I know I do)

Re:Sound stupid to me....

[Martin Blank]

I go to great lengths to keep my work and personal lives separate. If work wants to get in touch with me when I'm not on-site, they can call my company-issued Blackberry. Aside from HR, which is not allowed to pass around my contact information, and my manager, who I trust to not pass around the information I allow to him, no one has my home phone number, and no one at all has my personal cell number.

If my friends or family want to get in touch with me when I'm at work, they can call me on my personal cell phone. If they want to send an note, they can use my Gmail account. They don't get my work phone numbers or e-mail address.

Not! by a lone 20-year-old

[frn123]

> -- never mind that the attacks were perpetrated by a lone 20-year-old and not by a foreign government or terrorist.

This quote is far from reality. The lone 20-year-old was the only one who got convicted, because he was the only russian caught who
lived in Estonia. Meanwhile the bulk of the attackers got away, because they live in Russia. And russia don't extradite their citizens (remember the Litvinenko case?). If you can read estonian, :-) see this link: http://www.epl.ee/artikkel/392271 [www.epl.ee]

A crude translation: On june 28th 2007, the reply from russian authorities denied all help to estonian government regarding the cyber-attack investigations.

Re:really?

[coaxial]

It would also be scary if you couldn't listen into their phone calls. But alas, that's already illegal. Why? The telephone privacy laws were passed in a much simpler time, when employees were viewed as people and partners, rather than "human resources."

Re:In Kiwi New Zealand

[stupidflanders]

I'm from the US. I work in IT. At every company I have worked for, you must sign a technology use policy form. Here are some real life examples of people who have been fired for misusing company technology:

• * Using your company email address to apply for other jobs (lead to early termination).
• * Installing a cracked copy of a video game on your company laptop, and being found in possession of 2,000+ illegally downloaded MP3's (proved by network and IP logs). The cracked game also happened to contain a trojan downloader.
• * "Killing your laptop": downloading so many viruses, infected emails, toolbars, and keyloggers that the computer is utterly unusable. Visiting pr0n sites on company time did not help this person's case either.
• * Using the color laser printer to make 100's of fliers for your garage sale, bake sale, poetry reading, and printing out every email "just in case" (everything is tracked by cost-code, $0.08 per page).
• * Using company-provided internet access to hire someone to kill your spouse.
• * Pulling up outside of a hotel to leeching off their "free wi-fi", not using the company provided VPN, and then have the employee's connection snooped causing loss of company data.

Re:really?

[rtb61]

The reason why employers are entitled to read employees email sent from the employers email server with the employers email address is because the employer is legally liable for the contents of the email. The employee as far as any receiver of the email is concerned sent that email of behalf of employer and the contents of that email reflect the intents of the employer.

To avoid hassles, I simply opened up the email log file to all employees, so that any employee could peruse any other employees email, no secrets, it calmed down the contents of email significantly and saved me the disgusting chore of monitoring for legally dangerous content, and as I was in charge of the servers I had the initial legal liability for email contents until I could prove someone else was responsible.

In this case patience will be a virtue as mobile internet connections get cheaper and 2nd notebooks get even cheaper, simply send and receive personal emails on your own personal hardware and do not use company infrastructure for personal communications. Now if your company attempts to ban personal communications hardware, or attempts to intercept and monitor personal communications on your own hardware, than use the unions to rip in up the employers and work to ensure management can ponder the error of their ways from the confines of a prison cell.