'Lex Nokia' company snoop law passes in Finland A new law that will allow increased monitoring of employees’ electronic communications by their employers was passed by Finland’s parliament on Tuesday. Despite splits on the government side – most notably within the Green party – the Bill had a healthy majority: 96 in favour, 56 against, with 47 absent from the vote. The …
"This allows employers to investigate the log data of employees' emails, if the company has reason to suspect that corporate secrets are leaking out of the company or that its communication networks are being misused."
Well, duh. What do we expect here? Can employees really aspire to a right to unconditional privacy when using company resources and spending company money? If it's personal business and it needs to stay private, why are you doing it on a work computer?
If I own the kit and own (or pay for) the network then I think it's pretty natural that I expect to have the right to monitor and control how it's used. Companies are not only vulnerable to heavy costs if employees abuse their IT facilities, they can often be legally liable when their employees misbehave. It's not unreasonable for employees to hope for a presumption of privacy in normal circumstances, but it's just as reasonable that a company be able to police employees who are breaking the rules.
The office cubicle is not the same as the public square.
I'd say that if it's a company email account then I'd expect the company to have the right, especially if it was announced up-front, to check the contents. I don't know if they actually do, but I assume my employer does, which is why I don't use my company email account for things I'd much rather they didn't know.
If I was going to leak things to external parties I wouldn't email it, I'd most likely use a USB key or SD card, especially as they've thoughtfully provided us with laptops that handle SD cards. Or I'd just have it on the laptop and copy to another network using wireless. So many ways that are hard to monitor (unless you've got a really good and solid IT setup), why use the one they can spot?
Here in the US, they passed this wonderful little piece of legislation called PATRIOT.
At the time, I said that it would be useful in going after terrorists, but that what would actually happen, is that every podunk rent-a-cop outfit would start using it to go after jaywalkers.
That's EXACTLY what happened. I'm too lazy to go after the stats, but they are out there.
I believe that the British experience has been similar.
Pass the popcorn.
Not that I support this legistlation (on the contrary; I'm a member of Electronic Frontier Finland) it must be said here that, if someone missed it, for a company to gain access to an employer's email headers (and they can't access the actual message body) they have a lot of red tape to deal with. Which is of course a good thing. Yet, to repeat a cliche: who watches the watchers?
This piece of crap was forced through without much thought about practical implementation. The national privacy watchdog has been given some additional resources to deal with 'Lex Nokia', but it seems that it's not nearly enough.
I don't understand the idea that the company can snoop on you just because you're using their hardware. I find it ironic that especially Americans seem to think so - land of the free etc. Part of my benefits includes a mobile phone (and all calls, including private ones, lets make that explicit) - now should my employer be able to listen in on every phone conversation?
@Dave: the new law only allows monitoring of the recipient etc, not the actual contents.
Speaking of irony, would you believe that I'm typing this at Nokia offices on my own laptop with a 3G modem?
But you just know that in 6months someone is going to have a little word with their Jaqui Jaquidottir and claim that people are using gmail or their own phones to leak company secrets - and the law will quietly extended to allow Nokia to 'request' this data from the ISP/phone company aswell.
Otherwise Nokia will be forced to leave Finland etc ...
To Anonymous Coward (14:02)
I do not think an employer should be able to listen in on every phone conversation - however if they are paying the phone bill then they should at least be able to look at the logs of the phone numbers that have been called.
This is not the same as listening in to a possibly private phone call. If I want to talk to someone without my boss knowing about it - I will use my own private phone/email account/postal address.
That is what is being debated - the ability to check the logs of messages that are sent/received not the contecnt . As far as I am concerned there is a major difference between the two.
The corporation where I work reserves the right to monitor all calls made on THEIR phones and all traffic on THEIR network; which includes all emails sent on THEIR computers. If you want privacy, you must use your own phone or computer off company premises. What i'm typing right now can (and probably is) being monitored and/or recorded.
Quoting AC 14:02 "I don't understand the idea that the company can snoop on you just because you're using their hardware"
Are you kidding me? Doesn't the very fact that it is their hardware entitle them to use it as they see fit? I have never heard of any company whose employee policy didn't state somewhere that company email is intended for company correspondence only, or some similar words. Even if everybody knows that the rules are loosely if at all enforced and everybody emails their spouse, or passes around jokes, the language is still there and is "officially" the policy. Our emails are not only archived and retained for 7 years, they are also actively monitored. Not every message is read, obviously, only a representative random sample but if a certain flagged word is used in a message that email will be sent to a reviewer to read. And the filtered words can be added at will to flag any subject.
I am in IT so I don't get to read any of the juicy details of peoples personal lives, but if some supervisor/auditor/regulator/whoever says "I need to see all messages sent by X employee during the month of May 2003", then 5 minutes later they will have a CD in their hands to read at their leisure. Not trying to be funny here but I assumed that this was true Everywhere
People thought they were company property and were for company business.
This may not be the case in Finland. which seems to have serious privacy laws.
Let me be clear. It is not *your* PC. It is your companies.
But I do wonder about this. Your on company property and presumably company time. If its their email account as well how much expectation of privacy can you have? This can definitely get complicated with home workers. Private email account, company supplied PC? Emails stored on PC and PC returned to office?
How about the mobile phone supplied to most Sales people? UK practice is for the company to get a copy of the bill and reimburse. They retain the right to check such numbers against their customer list. Ask someone to tell you what their total bill was and just pay it for them. I dont think so.
Put simply if they pay for some degree of particular services outside of your salary why would you not think they should have some level of oversight?
Private phone, private email address, your personal PC at home. Rather different. That would be MYOFB.
As for a strip search. What is the Finnish for "What is your probable cause?"
What are they looking for anyway? Stolen goods (or "Shrinkage" as they say in the building industry) or a USB memory stick? If so that is a very clumsy way to (try to) stop data leakage.
But a strip search. What is Finnish for
Unless this law gives employers the right to snoop on their employees' PRIVATE email, I fail to see how this is the case. My guess is that if the police give you an email address, login, and passsword, and if you sit in the police station and send an email, they've probably got the power to read it.
And as some here have pointed out, what the hell happens when one of my employees is trading kiddie porn (or worse, copyrighted music) with his company email? I'm prohibited from finding out but legally liable if someone -else- does?
This is lunacy. I run a small business in the US, and I can't imagine not being able to, say, dig through an out-sick employee's email for something a customer sent to him yesterday. What am I going to tell my client - sorry, buddy, I'm not authorized to read my own company email?
Yeesh!
Quoting AC 14:02 "I don't understand the idea that the company can snoop on you just because you're using their hardware"
Never heard of remote viewing ?, this is where all of the workstations' desktops are displayed on a screen in security or the bosses office, each in it's own window -- if anything untoward is seen then a click on the window makes it go full screen so you can see what is going on, you can save the screenshot for evidence if needed.
A lot of companies use this kind of monitoring, your boss has a right to know if you are browsing Fleabay (or worse) when you should be working.
Icon is the boss going through your coat pockets looking for USB sticks etc.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
