Re: monitoring web-based email

From: Curtis Vaughan (curtis_at_npc-usa.com)
Date: 07/25/05

  • Next message: Douglas Ward: "Re: USB Pen / Thumb / Keyring Drive" 
    Date: Mon, 25 Jul 2005 14:33:08 -0700
To: List Debian <debian-user@lists.debian.org>

    On 25 juil. 05, at 14:15, Dave Ewart wrote:

    > On Monday, 25.07.2005 at 13:48 -0700, Curtis Vaughan wrote:
    >
    >
    >> We have an issue where management wants to monitor possible leaks
    >> through the use of Hotmail, etc. web-based email accounts. They do
    >> not want to just prohibit usage of such accounts. So, the question
    >> is, using SQUID, is it possible to cache what information employees
    >> are passing through such accounts, even if they are https?
    >>
    >
    > If you are wanting to record traffic sent over https, then you
    > cannot do
    > this anywhere between the desktop and the remote server, since all
    > that
    > traffic is encrypted. You will need an application on the desktop
    > recording this data before it is encrypted.
    >
    > However, I would investigate the legal and ethical aspects of this
    > first, as there are a number of issues here.
    >
    > Dave.
    > --

    Yeh, I was afraid that the encrypted factor would cause problems. As
    for legality, it would be interesting to know what other people know,
    but it is my understanding that: whereas the computers belong to the
    business, all activities carried out on that computer are the
    property of the company. This is precisely why email, internet
    activity, etc. can all be legally monitored by a business as long as
    such activity is carried out within the business' LAN and on the
    business' computers. For example, when auditors from a hired
    accounting firm come in, then I don't we would have the legal basis
    for monitoring their computers or their traffic.

    Curtis 

    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Douglas Ward: "Re: USB Pen / Thumb / Keyring Drive"

    Relevant Pages

    • Re: monitoring web-based email
      ... > but it is my understanding that: whereas the computers belong to the ... etc. can all be legally monitored by a business as long as ... Just check the relevant policy. ... clear the employer can monitor all computer/network activity, ...
      (Debian-User)
    • Re: Active Directory Value Proposition
      ... Two or 3 computers? ... Central administration of accounts, permissions, and policy. ... What are the risks? ... > Would you recommend using Active Directory in a small-business setting? ...
      (microsoft.public.win2000.active_directory)
    • Re: ISA Monitor Shows Traffic from Computers that are powered off !
      ... on which we have ISA 2004 installed. ... Employees leave at 5:00pm and switch off their computers. ... Client computers should never have exposed ports. ... anymore since the trojan probably knows all of your accounts. ...
      (microsoft.public.isa)
    • Re: Script help
      ... A community college I used to teach night classes at (in southwest Kansas, ... I'm just glad that it wasn't my network to ... >> computers and how much routine maintenence you want to perform on them, ... >> shared on a server somewhere on campus, then yes, individual accounts are ...
      (microsoft.public.windows.server.scripting)
    • Re: Accounts Software (was Re: ChangeFSI on Iyonix)
      ... an essential part of their business? ... point was that without an accounts/stock control package ROS is not ... accounts package and is therefore unlikely to taken up in business, ... So I have always run RISCOS alongside another system and that seems to ...
      (comp.sys.acorn.apps)