reasons to encrypt mail and data

[steve at cyberianhamster.com (Steve)]

Bill Horne wrote:

> Well, no offense, but isn't that a little simplistic? "Companies ALLOW you..."?
> "It's not your RIGHT..."? "...expect to get VIOLATED..."?


As a company, I can tell you that I'm going to stick cameras in the warehouse to 
stop theft. I'm going to monitor your email for buzzwords. I will keep backups 
of all your email. So long as I disclose these things to you, you have no 
intrinsic expectation of privacy in these areas. If you tell the company that 
you're going to encrypt your emails so that they cannot read them or that you 
will disconnect the camera while in their warehouse so they can't see what 
you're doing while you're in there, you have that right. They also have a right 
to go after you.

It is a courtesy given by the company to give the employee a "nice" place to 
work. If a company wants to be Big Brother or make you work in a cave, they'll 
get "rewarded" accordingly by how society responds. That's where the balance is 
struck, people are going to decide where your rights end and the company's 
begins, but it's not your sole discretion as to what you can and can't do with 
somebody else's (i.e., the corporation) property and vice-versa. A company has 
no right to see the numbers on your personal cell phone or your Palm that you 
bring to work, for example.


With all of your examples, encryption is important. That point was never 
debated. You're not denied the right to communicate securely. What you can be 
denied is the method of communication for your private communications, in 
particular, using the company as your vehicle. Also, what's lost in some of your 
examples are what are really private company-related communications (e.g., 
fraud, abuse, etc.) vs. private personally-related communications where you are 
not acting as an agent of the company. David Kramer has clarified his statement 
to distinguish it from personal use. I think the courts have already ruled that 
it's not your given right to use company assets to organize union activities.

I could just as easily come up with examples showing how some abuser will use 
company resources for personal activities that put the company in some sort of 
danger. The company is suspicious and asks him what he's doing. He says go fish. 
"I have rights to use this for my personal use." It is the worker's right to 
deny access to the keys. It's also the company's right to take action.

The real issue (well, at least with respect to this subthread of a subthread...) 
is whether or not you have a RIGHT to have an expectation of personal privacy 
using company assets when the company has guidelines as to how their equipment 
is to be used. This precedes your right to secure communication over the same 
equipment. If you have no right to use the company's assets for that purpose or 
have no right to an expectation of personal privacy to use the company's assets 
in that purpose, then the right to encryption is irrelevant.

Your examples still do not show me how it is your RIGHT to use company assets 
for your personal purposes.

Steve
(hey, is that Goodwin's Law I see around the corner?)

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).