Friday, June 26, 2009

Investigating Personal Web-Based E-Mail

You are in-house counsel at a public company and you suspect an employee may be leaking inside information. You decide to conduct an internal investigation. A computer forensic analysis reveals that the employee has accessed a personal Web-based e-mail account from a company computer and that the login information (username and password) has been recovered from the computer's memory. Can you log in to that account and read the e-mail?

Unlike an employer's internal e-mail system, which is generally understood to be under the ownership and control of the employer, personal Web-based accounts accessed at work raise new and unsettled questions about an employee's expectations of privacy. A computer that accesses a Web-based account -- such as an e-mail account, social networking Web site or instant messaging service -- merely provides a window into an account that is physically stored elsewhere. Information viewed or created using a company computer may be accessible without logging in to the account by accessing "temporary Internet files" on the company's computer, and is therefore arguably fair game to review. Other information in the account that was not viewed or created from a company computer, however, is likely only accessible by logging in and exploring the Web-based account. How far can you go?

LIABILITY UNDER THE STORED COMMUNICATIONS ACT

A significant risk you face if you exceed your authorized access to an employee's Web-based account is liability under the Stored Communications Act. The SCA creates a criminal offense and civil liability for whoever "intentionally accesses without authorization a facility through which an electronic communication service is provided" or "intentionally exceeds an authorization to access that facility" and by doing so "obtains, alters or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system." 18 U.S.C. §2701. The SCA has been used to prosecute e-mail hackers in the past -- such as the college student who allegedly hacked into Sarah Palin's e-mail account -- and there is also a portion of the statute which creates a private cause of action through which a plaintiff can recover damages, including punitive damages if the violation "is willful or intentional." 18 U.S.C. §2707(c).

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Marjorie J. Peerce and Daniel V. Shapiro
Posted by Jeffery Fehrman at 7:17 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)