Re: Keybord Entry Capture Programs

From: Mike Brown (mikebrownat_private)
Date: Thu Jul 12 2001 - 17:14:03 PDT

Next message: Anders Thulin: "Re: Where is the data written?"

Previous message: adam: "Re: Anonymity"
In reply to: Bill Benner: "Keybord Entry Capture Programs"
Next in thread: JohnNicholsonat_private: "Re: Keybord Entry Capture Programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> My question is twofold:
>
> 1.)  What are the legal ramifications (real or potential) of a keyboard
> entry capture program installation on corporate desktops?  Do civil
> issues exist?  Must one have clear evidence of wrong-doing before silent
> installation?  Precedence?  How well does this type of 'evidence'
> present itself in the courts?  How to 'prepare' outcome for Chain of
> Evidence compliance?
>

IANAL  but courts have ruled that company owned computers can be searched
and monitored. Even if you look at the larger picture it is my understanding
that company phones are open to wiretapping and the like. It only makes
sense to assume that the same would extend to the computer.
    From a practical stand point I wouldn't just start installing keyloggers
everywhere. Not only do you have privacy issues but security issues as well.
Are you confident that the computer that is being monitored to secure? The
log file could contain very sensitive data the would have been housed on a
server that you watch closely, but if left on the desktop it could be very
vulnerable.
    In addition you may not want to collect data at that level. Allot of
companies have been embarrassed by ICQ logs or secret memos that where never
meant to see the light of day. If you record it, it can be collected by
third parties, i.e. courts and reporters.
    if you feel the need to install it on an employees computer send out a
memo to everyone saying that it can be done, this might tip off the employee
but it will also make people watch what they do. It's sort of like leaving a
kid at home, if you tell them that they are being watch by the old lady
across the street they might just behave on their own.

Mike Brown



--
************************************************************************************

Just a standard disclamer...

This e-mail is confidential and solely for the use of the intended
recipient. If you are not the intended recipient, you are obligated to
kill yourself and others who might have seen it immediately. Thank you.

*************************************************************************************




-----------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Anders Thulin: "Re: Where is the data written?"
Previous message: adam: "Re: Anonymity"
In reply to: Bill Benner: "Keybord Entry Capture Programs"
Next in thread: JohnNicholsonat_private: "Re: Keybord Entry Capture Programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 17:49:32 PDT