Search, Seizure, and Monitoring

‚  < ‚  Free Open Study ‚  > ‚  

Search and seizure of employee computers is a sensitive subject. Although employees might be told that their computers are for work purposes only, most people will have some personal data, whether it's email, phone numbers , or personal documents.

There are a number of misconceptions about search and seizure. Within the United States, people are protected by the Fourth Amendment, which prohibits "unreasonable search and seizure." However, that prohibition only applies to searches by agents of the government. As a general rule, employers can search the work areas (including computers) of their employees without any special requirements and even without cause. Some of the rules change if the employer is a government agency or contractor, but essentially private employers have few restrictions.

Some local jurisdictions have adopted tougher limitations on employee searches and monitoring. As always, you should always consult with proper legal authority prior to conducting a search.

Employee monitoring is especially sensitive. Employees can be monitored directly or by video surveillance, and most people, if they are informed, generally accept such monitoring as long as it is not intrusive (for example, cameras in the bathrooms). Monitoring of computer traffic, however, might be perceived differently. Even if employees are told that the company might monitor email, web traffic, or computer activity, many employees still expect those activities to be private. Policies addressing this monitoring will be discussed later in this chapter, but the human cost of intrusive monitoring might be great, even if there are no legal barriers.

Monitoring of employee activities might also be technically difficult. For example, in most configurations, it is not possible to monitor web content if the employee connects to a secure (SSL) site. Most corporations content themselves with monitoring the connection only in that case. In a similar situation, an employee can send an encrypted email that the company will not be able to read.

Search and Wiretap Warrants

Search warrants can be used by law enforcement to seize and search computer systems. A qualified law enforcement agent can obtain a search warrant by presenting probable cause to a judge. The Electronic Communications Privacy Act, however, protects data in transit (as opposed to data stored on the computer). If the agent wants to intercept communications, he or she must obtain a wiretap order, which is much harder to obtain.

At the time of this writing, there is an organized crime case pending in New Jersey. Federal agents, using a search warrant, raided premises they believed were being used by organized crime and seized personal computers. One of the computers had files encrypted with the PGP (Pretty Good Privacy) program.

Using another search warrant, the agents placed a keystroke logger on the PCs to capture the user 's pass phrase. When it was obtained, the encrypted files were used to obtain an indictment.

The defense is arguing that the keystroke logger, by its nature, intercepted data in transit because it did not (presumably) distinguish between keystrokes to files on the computer and keystrokes to, for example, email. If true, the agents would have required a wiretap order instead of a search warrant to emplace the logger.

The U.S. government has so far refused to discuss the technical details of the keystroke logger. The defendant is being supported by privacy advocates who are worried about the precedent that might be set, and the outcome of the case is being closely watched.

A number of technologies are available to monitor an employee's use of his or her computer. These products are available both in hardware and software. Companies can buy specialized monitoring tools or can use freely available tools (including trojan programs such as Back Orifice). Again, the technology and legal implications are fairly clear-cut , but the human impact might be much more subtle.

Encryption is generally treated by law enforcement as a locked container. If the agency has the legal authority to search an area (for example, a house) and finds a locked file box in the area, they can compel the owner to open the box. In the same way, if law enforcement has the right to search a computer and finds encrypted files, it can compel the owner to provide the keys.

‚  < ‚  Free Open Study ‚  > ‚  


Incident Response. A Strategic Guide to Handling System and Network Security Breaches
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
ISBN: 1578702569
EAN: 2147483647
Year: 2002
Pages: 103

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net