> My question is twofold: > > 1.) What are the legal ramifications (real or potential) of a keyboard > entry capture program installation on corporate desktops? Do civil > issues exist? Must one have clear evidence of wrong-doing before silent > installation? Precedence? How well does this type of 'evidence' > present itself in the courts? How to 'prepare' outcome for Chain of > Evidence compliance? > IANAL but courts have ruled that company owned computers can be searched and monitored. Even if you look at the larger picture it is my understanding that company phones are open to wiretapping and the like. It only makes sense to assume that the same would extend to the computer. From a practical stand point I wouldn't just start installing keyloggers everywhere. Not only do you have privacy issues but security issues as well. Are you confident that the computer that is being monitored to secure? The log file could contain very sensitive data the would have been housed on a server that you watch closely, but if left on the desktop it could be very vulnerable. In addition you may not want to collect data at that level. Allot of companies have been embarrassed by ICQ logs or secret memos that where never meant to see the light of day. If you record it, it can be collected by third parties, i.e. courts and reporters. if you feel the need to install it on an employees computer send out a memo to everyone saying that it can be done, this might tip off the employee but it will also make people watch what they do. It's sort of like leaving a kid at home, if you tell them that they are being watch by the old lady across the street they might just behave on their own. Mike Brown -- ************************************************************************************ Just a standard disclamer... This e-mail is confidential and solely for the use of the intended recipient. If you are not the intended recipient, you are obligated to kill yourself and others who might have seen it immediately. Thank you. ************************************************************************************* ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 17:49:32 PDT