Re: monitoring web-based email

[Curtis Vaughan <curtis@npc-usa.com>]

On 25 juil. 05, at 14:15, Dave Ewart wrote:

> On Monday, 25.07.2005 at 13:48 -0700, Curtis Vaughan wrote:
>
>
> > We have an issue where management wants to monitor possible leaks
> > through the use of Hotmail, etc. web-based email accounts. They do
> > not want to just prohibit usage of such accounts. So, the question
> > is, using SQUID, is it possible to cache what information employees
> > are passing through such accounts, even if they are https?
>
> If you are wanting to record traffic sent over https, then you  
> cannot do
> this anywhere between the desktop and the remote server, since all  
> that
> traffic is encrypted.  You will need an application on the desktop
> recording this data before it is encrypted.
>
> However, I would investigate the legal and ethical aspects of this
> first, as there are a number of issues here.
>
> Dave.
> --

Yeh, I was afraid that the encrypted factor would cause problems. As  
for legality, it would be interesting to know what other people know,  
but it is my understanding that: whereas the computers belong to the  
business, all activities carried out on that computer are the  
property of the company. This is precisely why email, internet  
activity, etc. can all be legally monitored by a business as long as  
such activity is carried out within the business' LAN and on the  
business' computers. For example, when auditors from a hired  
accounting firm come in, then I don't we would have the legal basis  
for monitoring their computers or their traffic.

Curtis