« Porn | Employee Computers | Main | Sedona Principles | Record Management Policy »

October 11, 2008


Feed You can follow this conversation by subscribing to the comment feed for this post.

Benjamin Wright

Someone identified as "thefixer25@gmail.com" submitted this comment under the post above:
"f#%k you for encouraging email sniffing". My response: I appreciate people reading my ideas and commenting, even when they tell me I'm wrong or bad! I re-read the post above, and I don't see mention of sniffing. However, I do interpret modern US law as giving employers ever-stronger incentive to supervise the electronic workplace. These incentives come from our democratic society's expectation that employers do things like 1. ensure a safe work environment, and 2. deter fraud and other illegality within the employers' systems. --Ben

Benjamin Wright

The topic of "sniffing" employee e-mail is worthy of a lot more discussion. I don't pretend to know everything about it or to have all the right answers. I do welcome more comments from thefixer25@gmail.com or anyone else who will take the time to think about this. --Ben

Benjamin Wright

I keep thinking about the comment from thefixer25@gmail.com, and I've something else to add. I acknowledge to thefixer25@gmail.com that some employees might not like their employers looking at their e-mail. Some employees will think that employer "sniffing" violates their privacy. But changes in technology may rapidly be reducing the conflict here. Smart phones are quickly becoming so common and so cheap that most all employees have them, even the lowest-paid employees. What that means is that employees can easily take their personal, private, non-business communications (text, e-mail, photos, video, facebook and so on) to their own smart phones, and use their employer-provided e-mail exclusively for the employer's business, with the full knowledge that society firmly expects the employer to supervise what is going on inside the systems that it owns and administers. --Ben

Hoback Borama

Well now that I actually realize your intention isnt to spy on employees private emails with DPi or SNMP interception methods, I certainly understand the need for to retain this information.

Thanks for clarifying.

Hoback Borama

LOL, I said SNMP, I meant SMTP. Sorry

Kat Herrin

Employees should understand that emails using their employer's email account are not private or personal and should never be considered personal. It's usually a matter of security and often times productivity. If they want to converse via email with their personal friends, I suggest a hotmail or gmail account that can be accessed through the internet. Employers pay employees to work during the time they are at work...

The comments to this entry are closed.

Wright's Online SANS Education

Jackson County Case Study

IT Administrators


  • Follow benjaminwright on Twitter

Custom Professional Training

Local ARMA Quote

  • "The presentation by Mr. Wright, sponsored by Messaging Architects, was engaging and provocative. He delivered insights that challenged some of our views on retaining e-mail, and definitely shattered others." - Terry Mergele, CRM, Program Chair, San Antonio ARMA.
My Photo


  • Attorney Benjamin Wright is the author of technology law books, including The Law of Electronic Commerce (Aspen Publishers) and Business Law and Computer Security (SANS). A featured speaker at industry conferences and professional meetings, Wright teaches e-discovery, data security and cyber investigations law at the SANS Institute. Mr. Wright advises clients on digital law and forensic investigations. He helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, blockchain analysts, penetration testers and forensic investigators. His telephone is 1.214.403.6642. Wright's e-mail is ben_wright at compuserve dot com (put "BLOG" in subject line to distinguish yourself from spam). Mr. Wright graduated from Georgetown University Law Center 1984.

SANS Quote

  • "The best professional trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training


  • No public statement by Mr. Wright (blog, comment, book, article, video, speech, tweet) is legal advice for any particular situation. If you need legal advice, you should consult your lawyer.

    The purpose of this blog -- and the purpose of all of Mr. Wright's public statements -- are public education and discussion, and not the delivery of legal, technical or other professional advice. If you need advice or complete information, this blog is not the place to get it. Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

    Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

    Mr. Wright's contributions to blogs, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer Law.

    The only person responsible for Mr. Wright's words is Mr. Wright.

    Mr. Wright has received money from some organizations he mentions online, such as Netmail/Messaging Architects, SANS Institute and LabMD.

    Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to notify him at 1.214.403.6642, Dallas, TX. Also, please state publicly on Mr. Wright's blogs or pages that he is wrong. Promptness helps mitigate damage.

    Any person accessing this blog agrees not to use data from it (or from any other public activity or statement by Mr. Wright) in a way that is adverse to Mr. Wright's interests.

    Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchanging private messages with Mr. Wright does not, by itself, form an attorney-client relationship.

    Privacy/Security Vision: Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

Search Wright's Blogs

Find More on This Blog


Become a Fan

Find More on This Blog