NJ Court Upholds Privacy of Personal Emails At Work 172
chiguy sends word of a ruling from the New Jersey Supreme Court which found that a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer. This ruling is likely to set precedent for other workplace privacy cases around the country.
"'The court has recognized the very legitimate and real concerns with regards to privacy. This gives some guidance to employers in terms of how explicit (e-mail) policies need to be,' [attorney Marvin Goldstein] said. The ruling stems from a harassment and discrimination lawsuit Marina Stengart of Bergen County filed three years ago against Loving Care of Ridgefield Park. Stengart, then the executive director of nursing, sent her attorney eight e-mails from her company-loaned laptop about her issues with her superiors. Stengart used her Yahoo e-mail account. 'Under all of the circumstances, we find that Stengart could reasonably expect that e-mails she exchanged with her attorney on her personal, password-protected, web-based e-mail account, accessed on a company laptop, would remain private,' Chief Justice Stuart Rabner wrote in the decision, which upholds an appeals court’s ruling last year."
Still probably violates company policy (Score:4, Insightful)
a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer.
I agree with the general principle - if someone doesn't use the company account there should be a reasonable expectation of privacy for a personal webmail account. However she still may be violating company policy about using work assets for personal affairs. The computer is owned by the company and they have every right to reprimand her for making the emails regardless of the content.
Re:Still probably violates company policy (Score:4, Insightful)
> ... they have every right to reprimand her for
> making the emails regardless of the content.
Ok. But if what she did was wrong "regardless of the content", why did the employer have to read them?
Reading not required (Score:3, Insightful)
But if what she did was wrong "regardless of the content", why did the employer have to read them?
They didn't. That was just stupid on their part - at least according to the judge. Unless they didn't have their usage policies written out (also stupid) they could have fired her, without reading the content, for violating corporate policy on acceptable use of company assets.
Court said she didn't violate the company policy (Score:5, Informative)
The company did have their usage policies written out and the court noted that they explicitly said "occasional personal use is permitted."
So she didn't violate the company's acceptable use policy.
If the company policy had said that personal use is never permitted, the court might well have ruled differently.
Re: (Score:2)
What about breach of attorney client privilege?
IIRC the conversations were with her lawyer.
Re:Still probably violates company policy (Score:5, Informative)
Ok. But if what she did was wrong "regardless of the content", why did the employer have to read them?
Before she resigned, she was planning to sue the company.
After she resigned and filed her lawsuit, the company went back and dug through her work laptop.
Then the company lawyers quoted, to her, Yahoo e-mails between her and her lawyer...
Which is how the whole thing turned into a clusterfuck.
Unfortunately, this only sets a binding precedent in New Jersey (AFAIK).
Re: (Score:3, Interesting)
And they should get smacked for that right there.
There's something called attorney client privilege. If the company WILLFULLY breached that there should be some MAJOR league hell to pay.
Re:Still probably violates company policy (Score:5, Insightful)
The company does not have the right to read her personal mail either, but if she wrote it using a company pen or paper she may be violating company policy about using work assets for personal affairs... Or maybe the company phone, or maybe the rental car when she decided to stop at a store on a business trip, etc...
The costs of the items involved, like a personal email, can be minimal to non-existent so it is not about money. These things are not being done in the companies name, so it is not about being a representative of the company. The person is probably an exempt employee, which means that the person is expected to do their job, whatever that is, not punch a clock. As long as the job is getting done, the so called time lost is irrelevant.
These policies are rules made by busy bodies that feel a need to insert their nose into someone's business. That it involves "Company property" is just the excuse. Why these people believe that the companies rights are so superior to the individual is rather pathetic. Especially since the Constitution was really set up to protect the individuals right to privacy, that the government seems so willing to defer that right because a business is involved is very scary.
Re: (Score:2, Insightful)
Re: (Score:2, Funny)
Why even add "over their networks and any computer they own"? She is an asset of the company, an inventory item. Why should she be expected to have any privacy at all? The company owns here as soon as she signed her work contract.
Re:Still probably violates company policy (Score:5, Interesting)
What's stopping her from putting a file into her briefcase/backpack and taking it home and sending it there? What about thumbdrives or synched cell-phones (which allow file-storage)?
Face it, unless the worker is in a secured area, the "need to monitor all traffic to prevent leaks" is borderline paranoiac. There needs to be an appropriate level of trust (this includes carrots and threats-of-sticks) for any worker to be productive.
Re: (Score:3, Interesting)
Especially since the Constitution was really set up to protect the individuals right to privacy, that the government seems so willing to defer that right because a business is involved is very scary.
This demonstrates a remarkable misunderstanding of Constitutional law.
First off, the issue here is not "privacy" per se, but rather the right to be secure against unreasonable searches. The Constitution (as other comments have noted) says nothing about "privacy" per se, but rather mentions only a few related rights. "Privacy," as a legal concept, was founded in Supreme Court jurisprudence of the 20th century to strike down laws outlawing birth control, abortions, sodomy, etc. The "right to privacy," as
Re: (Score:2)
Most companies do not absolutely prohibit any personal usage, allowing some reasonable usage.
Usually right up until the point they want an excuse to get rid of you.
Re:Companies are easier to regulate than governmen (Score:5, Insightful)
First of all there is NOTHING in the Constitution explicitly protecting privacy. Nothing. Everything relating to privacy in the Constitution has been inferred. Go ahead and read it. You won't find the word privacy or anything like it mentioned even once.
The fourth [wikipedia.org] and ninth [wikipedia.org] amendments taken together. See also the fourteenth [wikipedia.org].
Re: (Score:3, Insightful)
Can't forget the tenth. If it's not spelled out in the Constitution, the Federal government doesn't have it. Since there is no Amendment saying the government can poke its nose into your business, you still have your privacy with which you were born.
Re: (Score:2)
The topic isn't the federal government doing something, so that's irrelevant.
Re: (Score:3, Informative)
Since Federal law always trumps state law, you're wrong. A State can no more restrict my freedom of speech any more than the Feds could.
Re: (Score:2)
Ah, but the corporation can.
Re: (Score:3, Interesting)
Have you actually read the first amendment? It says that Congress shall not... it says nothing about states rights. The SCOTUS decided some time back that it would be unconcionable for states to restrict some rights and hence the first amendment applies to states also. Other amendments provided the rationale for this decision.
Why is this distinction important? Well, what about gun rights? the SCOTUS has not yet decided if gun rights can be restri
Re: (Score:2)
Re: (Score:2, Interesting)
When I read the Constitution I found this section called the Fourth Amendment. This is what is said:
Amendment 4 - Search and Seizure.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
I think reading private, off-site, email that is completely separate from work with a password you found cached in work equipment is a violation the "security" of the person in the story. I find that "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" and privacy regarding a person's home and private correspondence to be synonymous. T
Reality vs rights (Score:2)
Always remember you have rights because you are a person , not because the constitution says so.
Ideally true but not in reality. If what you were saying was true then why do dictatorships exist? After all I "have rights because I am a person". It's a nice dream but it's not reality.
If the law isn't written in such a way as to afford you a right, you don't have it. The Declaration of Independence declared all men are created equal, yet few would argue that was actually true under the law for most of the history of the US. The basis of US law is the Constitution so ultimately any discussion of US l
Re: (Score:2)
I am protected against unreasonable searches; how does that not explicitly protect privacy?
If it was so obvious, why did it take until 1967 [wikipedia.org] for the Supreme Court to interpret the law to include a "reasonable expectation of privacy"? Fact is that the 4th amendment could be interpreted a number of ways other than how it has been.
Re: (Score:2)
To clarify a point for "At will" employment. You can be fire for "NO Reason", but you cannot be fired for "ANY Reason". Simple examples would be Age, Race though there is a huge area dictating what is acceptable and what is not.
An example that I had in business school was an VP accidentally left a paper who was copying. The paper was an advertising for a gay party(he was in the closet). The company fired him for violating the Company Usage Policy for him making a personal copy. The company lost the laws
Re: (Score:2)
I agree however, she was a stupid cunt for using a company computer to send letters to her lawyer about her complaints about the company.
I don't know that your crass characterization of the woman really says anything about her, but it speaks volumes about you.
Re:Still probably violates company policy (Score:5, Insightful)
"However she still may be violating company policy about using work assets for personal affairs."
Maybe. That's another can of worms. I use my personal computer to work from home. I'm expected to be available every few weeks for a week of "on-call" activity where work can intrude quite firmly into my home.
The line between working at home and "homing" at work, to badly coin a phrase, is getting blurrier every year.
And companies have a choice of either shutting people out of their personal lives completely for 8-10 hours a day (and getting the exact same shutout when those people go home) or learning to be modestly flexible. So far the trend is that companies are learning to bend just a bit.
Re: (Score:2)
imho, you friend is an idiot for allowing that to happen. if the company insists that all internet traffic from a personal phone go through the company's network, the company should be providing the device. quite frankly, the fact that the company isn't providing the device is stupid on their part.
Re: (Score:2)
This is generally the sort of "bargaining power imbalance" that unionization is supposed to remedy.
Re: (Score:3, Insightful)
Re: (Score:2)
No, FTFA, the policy permitted 'occasional personal use'. I'd definitely consider 8 emails over the course of employment occasional.
Re:Still probably violates company policy (Score:5, Insightful)
If you do something on someone else's property, they don't have a right to observe it?
Like use their toilet?
Re: (Score:2)
there's an expectation of privacy there. Is there an expectation of privacy when you're logged into someone elses computer? i really don't think so. but meh. whatever.
Re: (Score:2, Insightful)
If I use your phone to make a private call, you do NOT have the right to listen in.
Re: (Score:2)
If i give you permission to use my cell phone in a private matter, sure. If i don't give you permission, then no. And chances are, they did not give her permission to do that sort of thing.
Re: (Score:2)
They gave her an employee manual that stated the laptop could be used for occasional personal use. Chances are you didn't read the article.
Re: (Score:2)
That alone should tell the company to GTFO of her emails.
I'm pretty sure that willful breach of attorney client privilege gets you in serious trouble if a judge finds out about it.
Soon To Be Overturned! (Score:3, Interesting)
Re:Soon To Be Overturned! (Score:5, Insightful)
I could use company paper and company pens to write my letter, and mail it with a company stamp. I would be misusing company resources for personal business, but that doesn't give the company the right to read its contents. I could sit on the company toilet and use company water to take a shit, but that doesn't give them the right to watch. I could even be masturbating in there, misusing the time, and they still wouldn't have the right to monitor my activities. They would be in their rights to discipline an employee for taking long breaks and doing who knows what in the restroom, but they wouldn't be allowed to watch their employees to check just how they're spending their time in there. In this case, they can discipline her for misusing company resources, but can't violate the privacy that she has a reasonable expectation of.
On a closer note, it's the same privacy standard as if she'd had the conversation with her lawyer on the company phone -- a misuse of resources, but not within their right to listen in.
Re:Soon To Be Overturned! (Score:5, Informative)
On a closer note, it's the same privacy standard as if she'd had the conversation with her lawyer on the company phone
I'm too lazy to get you a citation, but the "lawyer" half isn't necessary - the courts long ago ruled that an employer can not snoop on her phone calls to ANYONE even if she is using a company phone.
Re: (Score:3, Insightful)
Re: (Score:2)
Translation: Bullshit
The only time that has ever held true is when a company has specifically said the conversation ARE private.
Re: (Score:2)
Translation: Bullshit
The only time that has ever held true is when a company has specifically said the conversation ARE private.
Translation: suck my iPenis.
The company does not get to say when the conversation is private - if it isn't company business, it is personal.
Under federal case law, when an employer realizes the call is personal, he or she must immediately stop monitoring the call. (Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983)). [privacyrights.org]
Re: (Score:2, Informative)
True, but there is no reasonable expectation of privacy in the workplace, only misguided ignorance and stupidity.
(Glances at the discussion title...)
It appears that you are mistaken, at least according to the Supreme Court of New Jersey, and I think they know more about following the precedents than you do.
Re:Soon To Be Overturned! (Score:5, Insightful)
The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company
How far do we take this logic? Does the company have a right to search an employee's pocketbook because it's sitting in a company-owned office? Can the company take samples of an employee's lunch for drug testing (or health insurance purposes_ because it's sitting in a company-owned refrigerator, powered by company-paid-for electricity? Can a company search an employee's car because it's sitting on a company-owned parking lot?
Re:Soon To Be Overturned! (Score:4, Insightful)
Re: (Score:2)
But it's her data; just because it's being transmitted through their property doesn't give them rights over it.
They have the right to prevent the communication, just like they have the right not to allow the lunch box to sit in their refrigerator, but they don't have the right to inspect it.
Re: (Score:2)
Your examples refer to property that is not owned by the company - just because its on their property doesn't give them rights over it. The article and this discussion pertains to company owned property.
The implication here is that the employee's information and data aren't 'property' and therefore is fair game to be accessed by the owner of whatever resource it travels over. Again, how far do we take this? Does Comcast have the implicit right to read the emails in my Gmail account because the data goes over their pipes? Does the government have the right to read emails that may pass through a Fed-owned router in some AT&T closet out there?
Re: (Score:2)
Re: (Score:2)
(Checks username of GP, ensures it's not BAG.) No, that's probably a good analogy.
Re:Soon To Be Overturned! (Score:4, Insightful)
The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company. Unless the company accessed her email account at Yahoo using this data, there doesn't seem to be an issue to me.
From that logic, it follows that if you send a letter by snailmail, where the letter exist in the offices of the postal service, the postal service workers have the right to open and read your letter. In my opinion, my employers have no more right to read my personal email than a postal worker has reading my letters. Usage of company email may be a gray zone, but my personal email account is not. They may argue that I sent a mail during work hours and fire me for that (if it is against company policy), but that is something very, very different.
Re: (Score:2)
Your employer is not tasked with sending/delivering your electronic mail. Therefore anything going over their *private* network is indeed fair game for them. They do not have a right to access her yahoo mail account itself, but certainly they can intercept and read
Re: (Score:2)
Well but if they can't listen to your personal phone call even though its a company phone, why should email be different?
Re: (Score:3, Informative)
Linky [privacyrights.org]
"An important exception is made for personal calls. Under federal case law, when an employer realizes the call is personal, he or she must immediately stop monitoring the call. (Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983)) However, when employees are told not to make personal calls from specified business phones, the employee then takes the risk that calls on those phones may be monitored."
So i
Re: (Score:2)
If my lunch is in my company's fridge, they can access it. If it is in my personal bag, they cannot
That makes no sense. What if your lunch is in your personal bag, and your personal bag is in the company fridge?
If you access yahoo email via your personal laptop over your personal wi-fi connection (not over company network) then no they can't see it because you aren't using anything of theirs.
What if you are explicitly allowed to use the company laptop and network for personal use during breaks provided with
Re: (Score:2)
Case in point, it's in the company fridge so it's fair game. What it is inside is irregardless at that point. Your personal bag is your personal property, not like the fridge. You have no expectation of privacy in a communal refrigerator, period.
What if you are explicitly allowed to use the company laptop and network for personal use during breaks provided within an acceptable use policy
Re: (Score:2)
From that logic, it follows that if you send a letter by snailmail, where the letter exist in the offices of the postal service, the postal service workers have the right to open and read your letter.
Actually it doesn't follow, because the United States Postal Service is operated by the federal government, which is explicitly banned from searching you without cause by the Fourth Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things
Re: (Score:2)
Actually, if you use the company's mailbox for snail mail the courts have already ruled that companies *cannot* access your mail. This ruling seems to be the natural extension of that.
Re: (Score:2)
No, the article was quite clear: they retrieved cached copies of the emails from the hard drive, most likely forensically (probably Firefox/Flash/etc.'s cache). The case was about reasonable expectation of privacy vs. the wording of the company policy. Notice the article quotes all these corporate lawyers having a wet dream about the ruling telling them how to word their policies in the future. You're right in that the article does not specify whether the 'company-loaned' laptops could be taken home, or whe
Narrow interpretation (Score:2, Insightful)
Re:Narrow interpretation (Score:5, Informative)
MARINA STENGART v. LOVING CARE AGENCY, INC., [and others]
http://www.employerlawreport.com/uploads/file/Steingart%20v_%20Loving%20Care.pdf [employerlawreport.com]
As part of the employment relationship, the company
provided plaintiff with a laptop computer and a work email
address. Prior to her resignation, plaintiff communicated with
her attorneys, Budd Larner, P.C., by email. These communications
pertained to plaintiff's anticipated suit against the company,
and were sent from plaintiff's work-issued laptop but through
her personal, web-based, password-protected Yahoo email account.
After plaintiff filed suit, the company extracted and
created a forensic image of the hard drive from plaintiff's
[New Page]
computer. In reviewing plaintiff's Internet browsing history,
an attorney at Sills Cummis discovered and, as he later
certified, "read numerous communications between [plaintiff] and
her attorney from the time period prior to her resignation from
employment with [the company]." Sills Cummis did not advise
Budd Larner that the image extracted from the hard drive
included these communications.
Many months later, in answering plaintiff's
interrogatories, the company referenced and included some of
plaintiff's emails with her attorneys.
That sounds like the type of shit that should get the company lawyer disbarred.
Reading the facts of the case, I'm not at all surprised the Judge ruled the way he did.
Re: (Score:2)
Another lesson here: Don't use IE on a public computer. It's the only browser that saves HTTPS sessions to disk [stackoverflow.com].
Re: (Score:2)
This is why, whenever I've turned in a company laptop (even if just exchanging it for a new one), I'll boot off a CD (or floppy, back in the day) and run "dd if=/dev/zero of=/dev/hda" or the equivalent. Gets rid of everything on there, incriminating or not.
Re: (Score:2)
Oops, that was the Appellate Court decision
Here's the NJ Supreme Court decision:
http://www.judiciary.state.nj.us/opinions/supreme/A1609StengartvLovingCareAgency.pdf [state.nj.us]
FYI: The actual opinion is prefaced by a Clerk's summary which tells you where in the opinion to look.
Spoiler: The NJSC sent the case back to the Appellate Court to decide what, if any, sanctions to impose on the company's lawers.
Course the government could just ask to see it. (Score:2)
How does this mesh with the other ruling that says that you have no expectation of privacy if your email is stored on a third-party server?
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
The policy isn't against the use, its simply a statement that what you do on your company issued laptop isn't private, regardless of what it is.
Re: (Score:2)
This Is Good News (Score:2)
In an era where privacy is slowly being eroded online, it's good to see a judge take a stand and at least draw the line somewhere.
Consent to Monitor? (Score:2)
IANAL, but don't I give consent to monitoring when prompted by nearly any government computer system (and any private corporations who do something similar)? If I don't want to be monitored, I don't use that system...seems simple enough.
l2federalism (Score:2)
"ruling from the New Jersey Supreme Court ... is likely to set precedent for other workplace privacy cases around the country."
No, it's likely (100% likely, in fact!) to set precedent for other workplace privacy cases in New Jersey. For the rest of the country, it sets nothing, even if it might be useful for other courts dealing with similar problems.
Unless, of course, poster is just being ridiculous optimistic and think that the logic of this ruling is so impressive that all other judges will simply bow in
Re: (Score:3, Insightful)
As my second point notes this is a narrow ruling, as such even if it do
Re: (Score:2)
Actually attorney-client privileges are intended to protect the client, not the lawyer. The privilege belongs to the client, in fact, who may waive it if he or she wishes.
Re: (Score:2)
Re: (Score:2)
People here just don't understand the difference between persuasive precedent [wikipedia.org] and binding precedent [wikipedia.org], and they make this mistake repeatedly.
New jersey did something right (Score:2)
Finally my home state shows some common sense. Though this is a state supreme court, not federal, so I don't know how much precedet it will be.
This is a special case, not the norm. (Score:2)
It's communication between an individual and their attorney. That's legally protected six ways from Sunday far beyond normal communication. I'm pretty sure that is the thing that saved her.
It's absolutely dumb to be sending and receiving personal mail on work computers. Doubly so if you're communicating with a lawyer, discussing the possibility of filing a lawsuit against your company. I've seen some seriously dumb email usage in my day. Like using a company account to communicate with a mistress. Tha
NJ vs. rest of US states (Score:2, Redundant)
I just gotta say... (Score:2)
legalities and ethical issues aside...
when, the fuck, are people going to learn to use encryption for important stuff. I mean, seriously, it's not *that* hard.
Supreme Court (Score:2)
I got excited when I glanced and read Supreme Court... I'm thinking NO WAY - they actually did the right thing?!?!?! Then realized it was just the New Jersey Supreme Court.
If this get appealed I'm prepared for it to be overturned by the U.S. Supreme Court. They're not one's to let personal privacy get in the way of well... anything.
-[d]-
Easy Solution (Score:2)
Re: (Score:2)
My employer doesn't block the common email services. They do, however, block Google Docs for obvious reasons. I can't be allowed to save data onto public servers, and they can't be bothered to figure out if the data is corporate or personal.
I can live with this. There are other ways to deal with that situation.
I'm a little annoyed that they won't let me have Facebook here, but they gave us back Linkedn recently. I betcha some VP has a profile there.
Now, am I gonna write anything incredibly sensitive on
This is why I use HTTPS... (Score:2)
As we all know, encryption means probably never having to say you're sorry.
Except maybe to the NSA.
Re: (Score:2)
Re: (Score:2)
"Delete browsing history on exit".
At work, I have IE8. At home, Firefox, much easier.
Of course, there is memory. The work PC uses PGP FDE with a recoverable certificate, so I have to clear it myself.
Don't Miss the Irony (Score:2)
Employer who violated an employees privacy:
"Loving Care"
"Loving care", indeed.
Expectations of privacy (Score:5, Insightful)
A person has no reason to expect anonymity on a computer or network that is not their own.
That's rather like saying you have no reason to expect privacy because you rent an apartment instead of owning a house. You send letters through the postal service which is a network you don't own either but you still have an expectation of privacy in many cases. I'm not sure the logic of your argument is on solid footing there.
I agree that she was probably naive in assuming that the company couldn't read her correspondence. Many people assume email is much more private than it actually is. Ignorant but probably nothing worse.
Re: (Score:2)
You send letters through the postal service which is a network you don't own either but you still have an expectation of privacy in many cases. I'm not sure the logic of your argument is on solid footing there.
Flawed analogy. When you send your postal mail, you contracted with the postal service that they won't open your letter. Not so with most corporate computers and networks that I've heard of. Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.
REASONABLE privacy (Score:3, Insightful)
Flawed analogy. When you send your postal mail, you contracted with the postal service that they won't open your letter.
All analogies are flawed. Doesn't mean they are useless. To address your criticism however, you missed the point of my analogy which is that just because you don't own a network does not mean you have no expectation of privacy at any time. It's just not that simple.
Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.
That's a FAR different thing from saying the corporations have a right to monitor anything they want without limitation. Companies generally don't have a right to install a camera to watch me take a crap. It violates the principle of reasona
Re: (Score:3, Insightful)
They can say what they want. Doesn't mean it's legal.
Re: (Score:2)
When you are an employee, you usually enter a contract too. And just because it's not explicit in the contract, doesn't mean it's OK for them to trample your privacy.
Re: (Score:2)
But if you live in someone else's house without paying rent, and they walk on you on the crapper, then that's kinda to be expected.
If you have someone boarding with you, and you setup a hidden camera to watch them on the toilet, I sincerely doubt the law is going to come down on your side if it goes to court based on the argument "it's my house, I can do what I want".
Re:Networks and proxies and firewalls oh my (Score:4, Insightful)
Instead, the court should have asked: if Stengart had left a written letter to her attorney in her desk when she left Loving Care, could Loving Care have used that letter in preperation for court cases?
Actually, if the letter was still in a sealed, addressed envelope... Then she could reasonably expect that the company would not be able to open it and read the contents, much less use anything they read in court. If the letter was NOT sealed it would be a different story.
IANAL, but I would think that the correlation of sealed envelope -> password protected personal email account would be an easy one to make.
Re: (Score:3, Insightful)
From reading the article, it looks like it has nothing to do with networks and proxies and firewalls (oh my). They scanned her hard-drive and probably found them in the browser cache. Since it was a laptop, it entirely possible, if not likely, that she emailed her attorneys from home using her own network.
what you CAN do vs. what you are ALLOWED to do (Score:4, Insightful)
Re: (Score:2)
If she left a sealed, stamped letter to her lawyer I would expect them NOT to open it.
Further, almost every State's legal code of ethics requires any lawyer, once they realize what they're looking at, to stop reading privileged communications and notify the sender or the sender's lawyer about what has happened. After that, it's up to a judge to decide what to do with the information.
Re: (Score:2)
While I might not like that google reads all my email, at least I can be sure that it gets from their servers to my computer without being read by snoopers.
Unless you verify that the cert your browser gets for mail.google.com has not been replaced by SSL interception software, you cannot be certain your mail isn't being snooped by your employer (or even your employer's upstream provider). A nice tool for detecting changed SSL certs is the Certificate Patrol add-on for Firefox (https://addons.mozilla.org/en-US/firefox/addon/6415).
Re: (Score:2)
Would this not also require a redirect to a domain other then mail.google.com?
Nobody other then google should be able to generate a certificate for mail.google.com
Re: (Score:2)
Would this not also require a redirect to a domain other then mail.google.com?
Nobody other then google should be able to generate a certificate for mail.google.com
SSL interceptors (such as the one made by Bluecoat) work by intercepting IP traffic bound for port 443. They pull a MITM attack on you by making a new SSL connection to the actual site, extracting the site's public key from the real cert, wrapping it in a forged cert that is signed by their CA cert. All the IT department has to do is install the interceptor's CA cert into each employee's browser (IE lets the domain admin do it remotely) so that the forged cert appears to be valid. So you either check for
Re: (Score:2)
One man's flamebait is another man's satire.