As someone in the IT industry there is no difference to this vs. other countries legislative directives. Therefore there's no real interest of a story here as most employers have the rights that's more than likely in your contract about acceptable workplace monitoring. The only difference here's the Lemming culture of Oz is now going to shroud things like Duhbuh's done with the Orifice of Homeland Insecurity. Cruely this has surfaced in the press the day our PM has just returned -- part of his electoral promises were of maintaining privacy, so not sure where'll this end up

There's nothing in *my* contract about my company monitoring my email, and if I ever found out that the were doing it, I'd be out the door, and on the way to appoint a lawyer, faster than I could explain why Paris!

You mean that until now what you did at work was still private?? everyday I log on to my PC states that im being monitored. D'OH now ive gone and done it...will be posting from home now....

The thought that Australia is moving to align its legislation with the UK and US is somehow not as comforting as one might expect.

In the U.S. there doesn't have to be anything in your contract. If you are using any aspect of company property you can be monitored (including email, phone conversations, and even your office) A lawyer would do you no good here as this is old news and was settled nearly a decade ago.

This is also relevant in that if you are doing something on company time the company has a right to know what they are paying for. If it's sending personal emails, looking at porn, or visiting FaceBook (or communicating with terrorists) - then it's not fair for them to be paying you for that time wasted.

Doesn't have to be in your contract, will normally be in an "acceptable use policy" which you sign upto by coming into the office and using your computer.

I'd ask your Information Security team...

Steve,

They are not monitoring your personal emails, they are monitoring the use of the tool they have given to you (ie. email account & internet access).

Good luck with your legal advice but the way the things currently are in UK (assuming you are based in UK), you will be, at best, out of pocket.

"Gillard said the move was about protecting "critical infrastructure", but not about "who did what at the Christmas party".

"This is not about X, but about Y" is one of those sentence structures that automatically indicates a lie by a politician. Well, ok, pretty much everything they say is a lie, from "I am a valuable human being" downwards, but that phrasing usually indicates an incoming whopper. Within a few months the law in question will be used almost exclusively for Y, and frequently not at all for X.

"This fast-track extradition treaty is about terrorists, not white-collar crime"

"These ASBOs are for targeting persistent yobs, not anyone whom we find annoying but hasn't committed an actual offence"

"This DNA database is about catching criminals, not putting everyone in Britain on a government database"

Why cant these sorts of policies be introduced to us in terms of risks and their impact on them?

They always seem to come out as "vital to prevent cyber crime/terror/war/men" which is patently ridiculous but a nifty soundbyte nonetheless.

It smacks of deputising IT geeks and CIOs and implies that crime/terror/war (and possibly cybermen) may flourish if good IT men fail to act.

Of course, more technically literate minds are talking about intrusion detection/prevention, malware measures and endpoint security which you might think are, or should be, covered by company acceptable use policies and would probably fall well into the realm of automated monitoring and exception detection.

If you fear your admins or supervisor might flick through your mail or tip-toe through your web history fear on. If they are intent on doing so, the law is the least of your worries. Best to assume you have zero real privacy, much as you would assume its unsafe to park your unlocked soft-top beamer in a dark inner-city alley with the key in the ignition and keep your privates suitably covered.

Will reserve actual judgment till I read the legislation.. meanwhile, 'ware the cybermen!

Hmm, whilst I'd be a bit unimpressed if I found out my employer was doing anything questionable with the information they found out, I've long been of the opinion that companies provide email, and come to think of it Internet access and telephony, as a tool for COMPANY business. If I'm doing anything with those facilities that I don't want them to know about, well y'know the simple answer is to wait until I get home, surf and send emails then, and use my home phone or moby!

Of course if they started bugging the offices I guess I rightly be outraged :-S

Paris, 'cos she knows the value of personal privacy :-D

Unless you've agreed to explicit monitoring of your email your employer has no right to read an email which appears to be personal.

They do have a right to collect statistics about how many and the size of your personal emails, but reading them would probably be a breach of the DPA and/or other legislation.

Hmm, perhaps you're right, but about legal grounding (tbh, I probably wouldn't go looking for a lawyer), but I'd still walk out on general principle if I found out that they were reading my personal email, especially as I and colleagues have been given a separate email account specifically for that purpose.

@Solomon Grundy

Fair enough, if they thought I was wasting time at work, by for example reading and posting comments to a popular IT news website, then they're entitled to check on this, but reading the *contents* of my personal email is way out of line.

This is only true it there is a clear policy in place stating so.

I think its a bit of a retarded policy, sure the UK and US are already retarded in that sense, but doesn't make it right. I think the content of personal emails or websites visited should remain private, I don't object to an employer being able to log personal usage, that's reasonable, i just don't think the specifics should be also exposed in the process.

Julia / Rudd are doing what they think is the right thing to do, but yeah i think much like they have to put signs up where there are cameras they should be forced to include notices where monitoring occurs, otherwise im sure a lawsuit would have to be possible if no paperwork included any mention of it (as the paperwork is the conditions by which you agree to work under in that work place, if its not in there it can be claimed it was never agreed on).

Internet security filters have an ability to make custom rules, so it would be entirely possible to include a single catch all rule for any sites/email which break policy or are not allowed, that way the only information the employer would need is that the particular content was not work related, and could act accordingly, if they want further details then they should have to provide evidence first as to why they should have the right to intrude on their privacy, not the guilty until proven innocent method this brings.

if the equipment, software, and/or connection used for your "personal" communication, belong to a third party you do not control, like your employer, your government (yeah, don't kid yourself), or an internet cafe in Beijing, YOU SHOULD REALISTICALLY HAVE NO EXPECTATIONS OF PRIVACY WHATSOEVER.

many of these platforms are possibly infested with one or more of the following:

[1] monitoring/compliance software

[2] RDP or similar remote admin software

[3] trojan or other spyware/malware

any of which may also be open to someone else's exploits. the transiting communication will likely pass through other devices, which are also monitored (at&t, Verizon, etc.) and/or exploitable (Cisco, Microsoft, Apple, etc.). snooping IT people are the least of your problems, and i speak as a senior "IT person". the only times i've ever viewed someone else's emails or files, was when my boss or the HR director were staring over my shoulder, pointing to what they wanted to see. not that this isn't WIDE OPEN to abuse (it most definitely is), but there are SO many other reasons you should not trust the stuff provided by others, be it a mainframe, a UNIX laptop, or a mobile phone.

legal or not, moral or not, anyone who trusts connections under someone else's control, is a fool or worse; moreover, if one wants to keep something hidden, one should never commit it (unencrypted) to ANY medium, including print, audio recording, photography or film (though steganography and one-time cyphers are still adequately secure).

old Russian saying:

don't think.

if you think, don't speak.

if you speak, do not write it down.

if you write it down, do not sign your name.

if you sign your name, do not be surprised at what happens after.

Agreed. That's one more potential bolt hole gone. But I suppose it should have been expected, as they always have been part of ECHELON.

I just assume that anything I do on my work PC will be monitored. In practice I doubt if most of it is, but given that port 25 outbound is blocked and I wouldn't send personal mail via the company server, the most I do for mail is https to my home webmail.

It's not paranoia if they really are out to get you. Mine's the coat with the bug in the pocket.

1) It's not YOUR hardware;

2) It's not YOUR internet connection;

3) and since you're supposed to be at work, it's not YOUR time either.

And before anyone replies: I am Australian, I work in the IT industry (both private and public) and I consider any Internet time given to me by my employers a privilege not to be abused, not a right.

You want privacy, get your own ISP and pay your own way. Otherwise, lump it - you are using someone else's property.

Next, people will be bitching about how they can't take their computer home because they're so much better than the one they own. Sheesh.

...The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

Lawful interception of a communication

3. - (1) For the purpose of section 1(5)(a) of the Act, conduct is authorised, subject to paragraphs (2) and (3) below, if it consists of interception of a communication, in the course of its transmission by means of a telecommunication system, which is effected by or with the express or implied consent of the system controller for the purpose of -

(a) monitoring or keeping a record of communications -

(i) in order to -

(aa) establish the existence of facts, or

(bb) ascertain compliance with regulatory or self-regulatory practices or procedures which are -

applicable to the system controller in the carrying on of his business or

applicable to another person in the carrying on of his business where that person is supervised by the system controller in respect of those practices or procedures, or

(cc) ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties, or

(ii) in the interests of national security, or

(iii) for the purpose of preventing or detecting crime, or

(iv) for the purpose of investigating or detecting the unauthorised use of that or any other telecommunication system, or

(v) where that is undertaken -

(aa) in order to secure, or

(bb) as an inherent part of,

the effective operation of the system (including any monitoring or keeping of a record which would be authorised by section 3(3) of the Act if the conditions in paragraphs (a) and (b) thereof were satisfied); or

(b) monitoring communications for the purpose of determining whether they are communications relevant to the system controller's business which fall within regulation 2(b)(i) above; or

(c) monitoring communications made to a confidential voice-telephony counselling or support service which is free of charge (other than the cost, if any, of making a telephone call) and operated in such a way that users may remain anonymous if they so choose.

(2) Conduct is authorised by paragraph (1) of this regulation only if -

(a) the interception in question is effected solely for the purpose of monitoring or (where appropriate) keeping a record of communications relevant to the system controller's business;

(b) the telecommunication system in question is provided for use wholly or partly in connection with that business;

(c) the system controller has made all reasonable efforts to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted; and

(d) in a case falling within -

(i) paragraph (1)(a)(ii) above, the person by or on whose behalf the interception is effected is a person specified in section 6(2)(a) to (i) of the Act;

(ii) paragraph (1)(b) above, the communication is one which is intended to be received (whether or not it has been actually received) by a person using the telecommunication system in question.

(3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector[2] so permits.

I am wndering what possesses the Pollie's that they think the laws they try to introduce will actually do any good in stopping the "bad" people or bad things from happening.

Gun buy-back scheme anyone. What a friggin' waste of money that was. Did the government at the time actually think those criminals with the guns would gasp with horror and tremble with fear until they handed over their ill-gotten firearms

Do they actually think that anyone would be planning any terrorist act through their work email. Come on. Anyone that would be stupid enough to be caught through these expanded laws certainly doesn't have the intelligence to be able to plan it in the first place.

</Rant>

1) Your company monitors your emails. That means your IT department, and they do it for fun and profit, not because they care about you. These people confiscate your porn, but they keep it private. Normally your supervisor does not monitor your email because (i) It's not his/her job, and (ii) It would be an invasion of privacy.

So normally you would be entitled to be offended if your supervisor was reading your mail.

This won't change a thing.

Anyone not routinely encrypting all their email might as well write it all on the back of a postcard and leave it on their desk.

Unfortunately, there are a lot of fools out there. I'm still trying to convince a damn medical research client of mine that sending client personal info by unencrypted email is not only not a good idea, but potentially a fucking crime in the country he's in. Will he listen? Hell no, because his regular Microsoft sales rep assures him that Outlook is secure. I'm sorely tempted to fire that particular client. I'd probably have better luck with Paris.

ooo let me add that to my dictonary of weasal phrases right next to "think of the children" and "we need this to catch x" (where x is somthing scary like pedos or terriorists)

I dabble at home, I have my own ISP, my own equipment, does this mean I get to read all my emails?

You work in the IT industry, yet you seem to have forgotten that computers are used in quite a few more situations than just the IT industry these days, and thus there are quite a few more scenarios and businesses than just the one you work in.

I too live in Australia. I too work with IT. I don't work in the IT industry. I have in the past, both here, in Holland, and the UK though and I stress that you might want to look out the window one day...There's a whole world of activity in IT these days...

Boring your employees to death can be counter-productive...

Paris wins the icon, as she's having a Blonde moment.