Thought for the day:Do you trust your employer?

Hard-hitting IT columnist Simon Moores gives his personal take on the hot issue of the day.Employers and vendors of surveillance...

Hard-hitting IT columnist Simon Moores gives his personal take on the hot issue of the day.Employers and vendors of surveillance software are, it seems, resistant to Michael Fabricant's plan for a Private Member's Bill to outlaw e-mail "snooping" in the workplace.

One argument used in defence of the right to intercept private correspondence in the workplace is that e-mail differs from more conventional forms of communication because it contains a header with the company's domain name and frequently other details in the body of the message, making it company property. Therefore, the company is indirectly responsible for its content and might be held liable if that content is later shown to be offensive or illegal.

Without doubt, the question of employer liability has to be clearly resolved and the Norwich Union case - in which the insurer had to stump up £450,000 after its employees sent out e-mails insulting a market rival - illustrates the problems associated with defamation.

But interception is not a solution and, given the sheer volume of e-mail traffic, is an impossibility. After all, reading someone's e-mail will only tell you what has happened or simply demonstrate a pattern of behaviour.

The philosopher Alfred North Whitehead once said: "For any argument, the opposite can be maintained, regardless of logical error or factual mistake." So let's try a couple of examples to judge whether the case for the right to trawl other people's e-mail in the workplace holds water:

  • The company gives you a mobile phone. Does it have the right to intercept and listen in on your conversations or your text messages?

  • You use company letterhead to write to a third party. Is the employer entitled to remove the letter from the post room and read it?

  • You are on the company network but are corresponding via your own Hotmail account or Instant Messenger. Can the company legally monitor this traffic?

The last one of these represents an interesting grey area, but in general, if the answer is no in all three examples and is supported by existing legislation, then you have to ask where the logical justification might be for employers establishing their own equivalent of GCHQ.

At the very best, what employers should aim for is something resembling a watered-down RIP (Regulation of Investigatory Powers) Act. In other words, a company should be entitled to monitor network traffic and record where that traffic from individual IP addresses is going outside of the firewall.

It should also have the right to place a proxy server behind the firewall and filter or prevent access to "inappropriate" sites.

In addition, as long as a written content security policy is in place and is appended to an employee's contract, any company should be relatively safe from the liability concerns associated with confidentiality and inappropriate content involving electronic mail.

On a personal note, I believe it's time we drew a line in the sand and stopped the insidious spread of the surveillance society going any further. If the right to read e-mail is protected in law, then one has to ask what comes next.

What is your view?
Should e-mail snooping be banned by law? Tell us in an e-mail >> reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Zentelligence Setting the world to rights with the collected thoughts and opinions of the futurist writer, broadcaster and Computer Weekly columnist Simon Moores.

Read more on IT risk management