Ethics (was: [lug] Monitor Email)

[Bear Giles]

Zan Lynx wrote:
> We IT people shouldn't work like that.  I definitely think we should be
> concerned with ethics and legality, in that order.
> 
> I wouldn't work to implement something I thought was wrong.

Sometimes things are black and white, sometimes there's a lot of gray.

Whether we agree with it or not, the courts have upheld the right 
of a company to monitor employee's work email since the employees 
are acting as agents for the company and it's provided by the 
company, blah blah blah.

Given that, I think it's often better for us to handle this work 
than to leave it to the people who see no problems whatsoever. 
For instance, in this case it sounds like the mail server is 
shared with others, and it is absolutely imperative (for both 
moral and legal reasons) that whatever monitoring tool is used 
does not capture information about other users of that mail 
server.  Even the ISP may be unable to perform the necessary 
monitoring, since your company's right to examine its own mail 
does not translate to your ISP having the right to capture and 
discard the mail of other clients.

On the other hand, there are solutions that affect nobody else. 
Setting up your own mail server may not be convenient - you'll 
have to get hardware, an IP address for it, etc., but it's 
possible.  Given the constraints I know today, it may be the only 
viable solution.  And it makes it easy to add that stupid 
boilerplate to all messages, so anyone responding to a message 
knows that their message may be read by somebody other than the 
employee.