employer monitoring act proposed

actually taken seriously, when it shouldbe relegated to the scrap heap of badideas). Some governments are waking upto the fact that all of this is pointless andis just going to cause economic harm.Real criminals who have the knowledgeand skills to hide their activities withcryptography can easily work around thisby using techniques such as steganogra-phy. Some governments have long real-ized that unfettered cryptography isbetter for a society built on human rights(especially the right to privacy) and for astrong economy in the information age(which is still in its infancy). That said,there are ways for people to reduce therisks and damage that could be caused bythis kind of legislation. These ways can be

tedious and require pre-negotiationbetween communicating parties, but theycan be done. Some of them would be ille-gal in terms of the legislation, but crimi-nals, who are supposedly the targets ofthis sort of legislation, won’t have anyproblem with doing any or all of them.Plus, using these methods it would bevery hard for the authorities to prosecuteand obtain a conviction, thus renderingthe purpose of the Bill null and void.Legitimate business will just go else-where. • Instead of having a single public/pri-vate key pair, separate key pairs can beused for each different entity with whichcommunication takes place. That meansthat when a key is handed over, only

the communication with that specificparty is compromised, rather than allcommunication.• There can be pre-arranged signals thatcan be used to indicate that the key hasbeen compromised (this is illegal, but it can be done in such a way that itwould be hard to detect and obtain aconviction).• Keys can be changed often. Old keysand communication can be destroyed,hidden, concealed using stegano-graphy, or moved to safe data havens(incidentally, data havens could become big business if more of this kind of legislation happens. They are like Swiss bank accounts for information.)

Under the provision, employers mustgive one-time notice plus notice onceper year and when the employer changesany aspect of the monitoring policy. Incases of an employee engaged in “con-duct that significantly harms theemployer or any other person in viola-tion of their legal rights”, notice is notrequired.

If employers are found by a court to bemonitoring employees without propernotice under the law, they would be heldcivilly liable. Compensatory damages peraggrieved employee are capped at US

$5000 with total compensatory damagesper employee capped at US $20 000. Inclass action cases involving many employ-ees, per incident damages are capped atUS $500 000.

In his statement announcing the Bill,Schumer cited the availability of softwareprograms like CAMEO, which can beinstalled in minutes to monitor employee

E-mail. Schumer feels that corporationswill abide by the notice requirement toavoid potential lawsuits. Barr cited the bi-partisan nature of the legislation. Barrand Canady are conservative Republicans

while Schumer is a liberal Democrat. Itshould be stressed, however, thatSchumer’s liberal philosophy has notdeterred him from supporting a numberof FBI-inspired Internet monitoring pro-posals. NEMA has also been endorsed bya wide range of organizations spanningthe political spectrum: the AmericanCivil Liberties Union on the left to theEagle Forum on the right.

In answer to a question about employ-ers monitoring the content of Internetchat rooms and bulletin boards for negative comments by employees,Schumer stressed that his Bill only cov-ers those situations where an employeeaccesses such chat rooms from anemployer-owned or operated site, incl-uding cases when telecommuting emp-loyees access such sites at home oncompany accounts.

8

reports

Employer monitoring ActproposedWayne MadsenOn 20 July, Senator Charles Schumer of New York and Representatives Bob Barrof Georgia and Charles Canady of Florida introduced the Notice of ElectronicMonitoring Act (NEMA). The legislation seeks to end unjustified secret monitor-ing of employees by their bosses. The Bill does not prohibit electronic monitor-ing but merely requires that employers give their employees clear notice aboutwhat types of communications are being monitored. Whether it be by E-mail ortelephone notice should include the means for such interception, the kinds ofinformation obtained from the surveillance, the frequency of the monitoring, andhow the intercepted information is stored, used, or disclosed. If passed, NEMAwill amend the Electronic Communications Privacy Act (ECPA) of 1986.

“legislation seeks to end unjustified secret

monitoring of employeesby their bosses”

“NEMA has also beenendorsed by a wide rangeof organizations spanning

the political spectrum”