1 / 15

Use Policies

Use Policies. Deputy Attorney General Robert Morgester Robert.Morgester@doj.ca.gov. Use Policy. Communicating the use policy Word of mouth Employee manuals Banners Things that every good use policy should have. The Good Policy.

gchambers
Download Presentation

Use Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Use Policies Deputy Attorney General Robert Morgester Robert.Morgester@doj.ca.gov

  2. Use Policy • Communicating the use policy • Word of mouth • Employee manuals • Banners • Things that every good use policy should have . . . .

  3. The Good Policy • Does the banner state that the use of the network constitutes consent to monitoring? • Helps establish consent for • Provider monitoring • Law enforcement monitoring

  4. The Good Policy • Does the banner state that the use of the network constitutes consent to retrieval and disclosure of information stored on the network ? • Helps establish consent to the retrieval and disclosure of such information and/or records

  5. The Good Policy • Does the banner state that the use of the network constitutes consent to retrieval and disclosure of information stored on the computer ? • Helps establish consent to the retrieval and disclosure of such information and/or records

  6. Biby vs. Univ. of Nebraska • Search of employee computer done in response to a civil suit. • Employee sued for breach of privacy • Court found: • No reasonable expectation of privacy because computer use policy indicated computer could be searched when university was responding to discovery • Concurring opinion noted that university policy were to some degree private

  7. The Good Policy • With government networks, does the banner state that the user of the network shall have no reasonable expectation of privacy in the network ? • Helps establish that user lacks a reasonable expectation of privacy pursuant to O’Conner v. Ortega (1987) 480 U.S. 709. • And what about that “C” drive?

  8. The Good Policy • In the case of non-government network, does the banner make clear that the network system administrator may consent to a law enforcement search? • Establishes system administrator’s common authority to consent to a search under United States v. Matlock (1974) 415 U.S. 164. • And what about that “C” drive?

  9. The Good Policy • Does the banner contain express or implied limitations or authorizations relating to the purpose of any monitoring / search, and what will be done with the fruits of any monitoring / search? • Do you want to limit why you can monitor? • Where do you want to be able to use the information found?

  10. People v. Jiang (2002) 33 Cal.Rptr.3d 184 • Suspect of a sexual assault had his work lap computer produced by court order. Incriminating files were marked “Attorney” • Agreement signed by defendant did not preclude personal use of the computer • Nor did in mention anything about the company copying or disclosing the contents of the computer

  11. The Good Policy • Does the banner state what users are unauthorized to access the network, and the consequences of unauthorized use of he network? • Makes it easier to establish unauthorized use?

  12. The Good Policy • Does the banner require users to click through or otherwise acknowledge the banner before using the network? • Makes it easier to establish the user actually received the notice.

  13. Sample Banner • WARNING! This computer system is the property of the United States Department of Justice and may be accessed only by authorized users. Unauthorized use of this system is strictly prohibited and may be subject to criminal prosecution. The Department may monitor any activity or communication on the system and retrieve any information stored within the system. By accessing and using this computer, you are consenting to such monitoring and information retrieval for law enforcement and other purposes. Users should have no expectation of privacy as to any communication on or information stored within the system, including information stored locally on the hard drive or other media in use with this unit (e.g., floppy disks, PDAs and other hand-held peripherals, CD-ROMs, etc.)

  14. More Sample Banners • http://cybercrime.gov/s&smanual2002.htm • Look for Appendix “A”

  15. Bad Use Policy? • Reasonable investigations into work related misconduct • Search must be work related • Search must be justified at its inception and permissible in scope • Reasonable grounds to believe evidence will be found • Search is limited in scope • Must be “employer intrusion” rather then “police intrusion”

More Related