Who’s reading your Unified Communications?
The answer is a very vague “Everyone and no one”. In Quon v. Arch Wireless the Ninth Circuit Court of Appeals ruled that employers cannot wiretap or review electronic communications without a warrant. However the method at which they arrived at that decision leaves a lot open to interpretation.
Richard Koman, ZDNet Government correspondent, gave a fairly clear analysis -
a three-judge panel of the Ninth Circuit held that employers can’t read employees’ text messages if they’re sent through an outside service. They can’t even read email unless it’s stored on the employers’ servers.
There are a few questions one needs to ask to get a clearer answer.
First, the method was a transfer of data from an outside firm to an employer. Does this ruling affect the method or is it more general, and overreaching, to include all communications destined outside the company? If we say the transfer was illegal, would intercepting it in transport be allowed? Network Sniffers and traffic analyzers like Packeteer can easily intercept traffic before it leaves the network. Does the “my network, my data” doctrine still apply?
Second, the court explicitly noted this constituted an unauthorized search and seizure and that if the “victim” had consented to the search there would be no issue. Many companies include a right to monitor all electronic communications clause in their HR onboarding paperwork. How many of us read all the fine print of HR paperwork when joining a new company?
Third, where does VoIP fall? Voice communications have traditionally been held to a higher standard of expected privacy than data. Where will the legal system classify voice as data? Regardless, can it be enforced?
Finally, how does this affect cloud computing. I posted some thoughts on the dangers of corporate cloud computing earlier today. As it is applies here, all traffic would be leaving the company and stored with a third party. From documents to email to VoIP, it seems corporate security groups are powerless to review and protect their data and network without a warrant. That’s a dangerous precedent and not one I’m sure the court intended. Mark O’Neill opened a good conversation and had the first independent review of the situation I’ve seen.
[...] Who’s reading your Unified Communications? The answer is a very vague “Everyone and no one”. In Quon v. Arch Wireless the Ninth Circuit Court of Appeals ruled that employers cannot wiretap or review electronic communications without a warrant. However the method at which they … [...]
Pingback by ALEX TO » Blog Archive » Who’s reading your Unified Communications? — June 22, 2008 @ 9:44 am
The Quon case may give employers incentive to broadcast multiple, repetitive privacy disclaimers. What do you think? –Ben http://hack-igations.blogspot.com/2008/06/employee-imtexte-mailvoicecomputerinter.html
Comment by Benjamin Wright — June 22, 2008 @ 4:14 pm