Slashdot Mirror
Where To Draw the Line When Punishing Email Snooping?
CWmike writes "While it might seem like a practical joke or a harmless, furtive glance, e-mail snooping could land you in more hot water than you'd ever expect — you could be charged with a federal crime. The recent case of a Philadelphia TV news anchor charged with breaking into his co-anchor's e-mail accounts shines a light on the seriousness of such snooping. Scott Christie, a former federal prosecutor who headed up the computer hacking section at the U.S. Attorney's Office, said, 'You look over someone's shoulder and read a personal letter and that's not a crime, so how can it be a crime to access someone's e-mail? It's not the same thing, of course... What you're doing when you're accessing e-mail is affirmatively exceeding your access to electronic documents and systems.' He adds: 'Usually, you're doing that by pretending to be that person to break into their account.'"
It's worth noting that the Philadelphia man accessed his co-worker's email over 500 times, and his use of the information he found was hardly harmless. However, the rules and conventions for email privacy are much less familiar to most people than the laws regarding snail mail. At what point does a privacy breach demand punishment?
The other FA goes on to state that the reporter being charged accessed his coworker's email over 500 times ! So IMO it is really not possible to "go too far" punishing someone with that level of utter disregard for the rights of others. According to wiki.answers:
"The deliberate withholding and/or opening of US mail that is addressed to another party is a violation of federal law. The penalty for tampering with US mail is a maximum of 5 years in a federal facility and/or a $250,000 fine."
Sounds reasonable to me. The thing I find incredible is that people aren't making that correlation between email snooping and tampering with the mail? Oh well, ignorance of the law has never been an excuse for violating it. Maybe after a few people get big sentences and fines for their asshattery everyone will know it is illegal.
Caveat Utilitor
Email snooping doesn't exclusively occur in the workplace- what if this furtive reading of emails occurs within the home? i.e. in the midst of a divorce, one party accesses the others email in an attempt to get material to use against them in court? Is that means for punishment as well?
After beating my head against the wall trying to get my company to enforce strong passwords, I instead started advising my employer to not put anything in an email he doesn't want someone else to read. Use the phone and FAX instead.
What this guy did was obviously against the law (the impersonating part, not the email reading part), but if he gets a good lawyer he'll get off with a small fine and some community service time counseling kids not to put anything in email they don't want others to see.
It should be the same as physically opening up someone else's mail from the snail-mail box. Being electronic changes nothing.
Sec. 1702. - Obstruction of correspondence
Whoever takes any letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier, or which has been in any post office or authorized depository, or in the custody of any letter or mail carrier, before it has been delivered to the person to whom it was directed, with design to obstruct the correspondence, or to pry into the business or secrets of another, or opens, secretes, embezzles, or destroys the same, shall be fined under this title or imprisoned not more than five years, or both.
Gone!
The "looking over the shoulder" vs. "read someone's email" analogy is flawed. This would need to be two separate analogies. Looking over their shoulder to read a letter vs. looking over their shoulder to read an email on the screen, and accessing someone's email account vs. breaking onto their house and reading the letters they keep in a drawer in their bedroom.
The former is rude, but not generally prosecuted. The latter is a crime.
You read someone's snail mail without permission - it is an action punishable by law. You read someone's electronic mail without permission - it should very much be punishable by law, because the punishable action of reading snail mail is not that you read a letter written on paper, but that you read information addressed to someone else than you.
And privacy is only as dead as anyone wants it to be. If you say, go ahead, here are my login and password, read my mail, fine. But you know what? Some politicians in Germany have argued in favour of the infamous law for mass data retention. They have done so on this exact argument, that "on the Internet, everybody gives away all private information anyway."
Bullshit!
The grass is always greener on the other side of the light cone.
Isn't this the same government that reads our e-mails as a matter of course and tells the courts that intercepting electronic communications isn't as serious as reading someone's mail?
Lacking <sarcasm> tags,
At what point does a privacy breach demand punishment?
The problem's in the question.
If you look for a single point, you create a system where it reinforces bad behavior...
Minor breach: "You pesky perisher, you!" "Hmm, guess I can do it again, no consequences."
Medium breach: "Tut, tut, very naughty!" "Hmm, guess I can do it again, no consequences."
Major breach: "That was very naught!" "Hmm, still no consequences, this shit really is risk free."
Marginally less major breach that someone makes an issue of, "YOU ARE EVIL, YOU MUST DIE!" "WHOA! That's kind of unfair. No one had an issue before!"
Instead of reinforcing that a behavior is consequence free, how about an escalating scale that allows for minor infractions to be punished suitably, ensuring most people learn before major punishments become necessary and those that do get the major punishments truly deserve them.
Make every case of a snooping ex punishable by a $500, easy to obtain, civil judgment in small claims - with more serious ones slowly gaining criminal records, probation, jail time, etc. Let them know that there are consequences there and then you likely won't have them learning it's OK and your giving a sudden and apparently inconsistent sentence when they do it hundreds of times, accessing more sensitive information.
The company owns the computers and network, that gives them a right to monitor it and decide who gets access to what. It is the same at your house, in many (most?) states. I can, if I wish, bug my house. I can have cameras record everything, I can tap my own phones, etc. It's my house, so I can do what I please. However I can't bug YOUR house, at least not without your permission. To do so is a fairly serious crime.
Basically, I have an expectation of privacy in my house, but you don't. Likewise you have an expectation of privacy in your house, but I don't. If it is your stuff, you get to determine how it is used, how it is watched and so on. You don't get to make that determination for someone else though. Thus a company can monitor what you do at work, but not at home. If they want to install monitoring software on your work computer, that's their right. If they try to install it on your home computer without your permission, that's breaking the law.
Disclaimer: Posting as AC so that current employer will not recognise me.
here in switzerland, there is no legal distinction between email and snail mail. Both of them are covered by a law known as breifgeheimnis, and opening or viewing either belonging to another person will get you into serious legal trouble.
I was accused in a previous job of accessing the boss' email (I was a sysadmin, and he had actually asked me to look why his email wasn't functioning correctly). It was pretext to fire me and I had of course looked at his email having been asked to do so, and he denied having asked me to do so.
In the end I couldn't defend myself and he couldn't prosecute (after my lawyer contacted his lawyer) but I had to go in any case.
Moral: Be VERY careful when accessing other people's email. Make sure, that if you do because you are asked to, that there are witnesses.