Can deploying monitoring software put you in jeopardy?

Share this article:
Can deploying monitoring software put you in jeopardy?
Can deploying monitoring software put you in jeopardy?

Some probation and parole officers are using computer monitoring software to manage risk associated with their cases, particularly sex offenders. 

Recently I discussed the legal hazards associated with its correctional use. The same legal hazards related to wiretap laws are oftentimes present for employers and parents who deploy monitoring software.

Employers have a legitimate interest in supervising their employee's actions on company computers and systems. Parents are also rightfully concerned about their children's welfare, with media reports of internet predators and cyberbullying.

There now are hundreds of products to capitalize on this high-tech need to protect life and property. Additionally, monitoring software has gone beyond just laptops and desktops to now include mobile phones. Unfortunately, the legal implications of its use is not always considered. 

Federal and/or state wiretap laws, collectively referred to as Title III laws, prohibit the interception of “real-time” communication by someone not a party to the communication. Federal law provides a minimum privacy protection level, with some states providing greater protections.

Many hear the word “wiretap” and think of someone tapping into their phone calls. However, Title III can also pertain to electronic communication, such as chats, emails, etc.

There are two kinds of consent. The first is one-party consent, which is contained in the federal law and 38 state statutes. The other type is called two-party consent. This means that both parties to the communication have to consent to the monitoring for it to qualify for this exception. There are 12 states that require two-party consent 

Some employers and parents in two-party consent states may be skirting legal requirements for “real-time” computer monitoring.

For instance, a company's employees know about the monitoring, but what about individuals they communicate with who are outside the company?  How can they be made aware of and give consent to the interception of their electronic communication?

Meanwhile, a parent may be consenting on their child's behalf, but what about other individuals who communicate with their child, such as relatives, friends, teachers, coaches?  They likewise are unaware of the monitoring and their consent can't be implied.

Companies and parents located in one-party states should also be cautious. Many employees are assigned laptops and/or or mobile devices with monitoring software and travel on business to two-party states, such as California. 

What was legal at the corporate location in a one-party state may very well be prohibited in a two-party state. These concerns may also be present when children travel with monitored devices, such a mobile phones, to two-party states.

Wiretap law violations can be criminal and/or civil. But the very evidence a company finds of civil malfeasance through monitoring may be suppressed due to Title III violations. Evidence of a crime might be admitted, but at what cost if the “victim” is subject to criminal or civil sanctions as well? 

Clearly some thought has to go into computer monitoring, beyond just buying and installing. Beside knowing the monitoring software's capabilities and limitations, seek legal advice on its appropriate use.

Here are also some additional considerations for employers.

  • Avoid capturing everything if you don't need it. For instance, if you are worried about pornographic browsing, why capture web-based email?
  • Have monitoring triggered on key events such as pornographic websites or intellectual property you are trying to protect. This further limits the scope of your monitoring.
  • If possible, consider adjusting the monitoring software to exclude programs that may result in the capture of two-party communications.
  • Consider blocking programs, such as chat or web email, that may lead to two-party consent issues.
  • Consider only capturing outgoing communication, as the sender has presumably consented to the monitoring.
  • Try to accomplish your objective without extensive use of monitoring software. A forensic computer search can sometimes locate evidence and would not trigger Title III concerns.

This area, like so many involving technology and law, is evolving.

There have been employer cases dealing with the right to monitor. However, two-party consent issues may be an area ripe for contention.

A recent case in a one-party state involving telephone interception provides support for the parental right to record telephone calls in custody cases. However, it may take legislative action to ensure parents can use computer monitoring to help protect their children from predators and cyberbullying.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.