Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site lsuc.UUCP
Path: utzoo!utcs!lsuc!dave
From: dave@lsuc.UUCP (David Sherman)
Newsgroups: net.legal
Subject: Re: computer security, privacy, and ethics
Message-ID: <671@lsuc.UUCP>
Date: Sun, 16-Jun-85 08:53:30 EDT
Article-I.D.: lsuc.671
Posted: Sun Jun 16 08:53:30 1985
Date-Received: Sun, 16-Jun-85 09:32:58 EDT
References: <250@phri.UUCP> <872@daemon.UUCP> <1682@ittvax.ATC.ITT.UUCP>
Reply-To: dave@lsuc.UUCP (David Sherman|Law Society of Upper Canada|Toronto)
Distribution: net
Organization: Law Society of Upper Canada, Toronto
Lines: 21
Summary: what if the employer "steals" the encryption key?

In article <whocares> aouriri@ittvax.ATC.ITT.UUCP (Chedley Aouriri) writes:
||Several companies have an explicitly written policy stating that
||ALL files stored on the company's computers are company property.
||In those companies, many employees encrypt their personal files
||with a hard to break encryption algorithm. Thus, they can keep
||their personal files without worring about would be pokers, and
||without violating the company's policy.
||This seems to work pretty well for both parties. 

What if the systems administrator, on behalf of the company, decides
to "get" the employee's encryption key (e.g., by modifying crypt(1)
so it quietly mails a copy of the key to the administrator)? Aside
from this not being a particularly nice thing to do, I can't see this
being illegal, given that it's clear the employer owns the system
and everything on it. Comments?

Dave Sherman
The Law Society of Upper Canada
Toronto
-- 
{  ihnp4!utzoo  pesnta  utcs  hcr  decvax!utcsri  }  !lsuc!dave