{"id":5975,"date":"2014-03-17T14:35:18","date_gmt":"2014-03-17T07:35:18","guid":{"rendered":"http:\/\/blog.flexispy.com\/?p=5975"},"modified":"2016-11-09T10:35:44","modified_gmt":"2016-11-09T03:35:44","slug":"keyloggers-in-the-workplace","status":"publish","type":"post","link":"https:\/\/blog.flexispy.com\/ko\/keyloggers-in-the-workplace\/","title":{"rendered":"Keyloggers In The Workplace – Is It Legal And Should it be Mandatory?"},"content":{"rendered":"

\"Keyloggers<\/p>\n

The use of Keyloggers by employers is becoming commonplace. As an employer, you should be asking, what is a Keylogger? Is it legal to monitor my workforce, and, should I be monitoring my employees?<\/p>\n

A Keylogger is a computer program designed to record every action on a personal computer. This not only includes every keystroke, but also every website visited, every email read or sent, every password entered, and any applications or programs run on the PC.<\/p>\n

In examining U.S. law in this area, it has been noted that there is no federal statutory framework which covers the use of Keyloggers by employers. The Electronic Communication Privacy Act<\/span><\/a> (ECPA), the Federal Wiretap Act<\/a><\/span> (FWA) and the Stored Communication Act<\/a><\/span> (SCA), all of which could reach Keylogger activity, have never been extended to protect computer privacy in the workplace, or even in the home.<\/p>\n

So, while judicial interpretation of the ECPA has broadened its scope, it still does not reach Keylogger technology. As a result of that legislative gap, state courts have searched their own legislative schemes in an attempt to protect the privacy of computer operators.<\/p>\n

For instance, a federal court in Indiana heard a case in which a woman was authorized by her employer to access her personal checking and email accounts from her work computer. The employer failed to notify her that they had installed Keylogger software on her work computer. Rene v. G.F. Fishers, Inc., 817 F.Supp.2d 1090 (S. Ind. 2011)<\/a><\/p>\n

The employer used the password discovered through the Keylogger software, and reviewed both her personal email and checking account history. There were several emails between company management, discussing the contents of those histories.<\/p>\n

Importantly for employers, the federal court ruled that the FWA was inapplicable, because the keystrokes recorded by the Keylogger software remained on the PC, and were never transmitted through interstate commerce.<\/p>\n

The court, however, went on to review whether the employer\u2019s conduct violated the state of Indiana\u2019s wiretap act. The court noted that the Indiana statute does not include the requirement that the communication be intercepted through interstate commerce, and, therefore, held that the state wiretap law was applicable to Rene\u2019s claim.<\/p>\n

Additionally, the federal court ruled that the Stored Communications Act, was also applicable to Rene\u2019s claim. The Keylogger information itself, which included passwords, opened emails and viewed webpages, did not infringe on the Act.\u00a0 However, the employer\u2019s conduct in using the passwords to review Rene\u2019s histories (stored communications) would be covered by the SCA.<\/p>\n

Other states have held that the use of a Keylogger violates state privacy laws. In a New Hampshire decision, a court held that obtaining a password through use of a Keylogger, and then using the password to access the computer user\u2019s email history does violate the state\u2019s wiretap act. In State of New Hampshire v. Walters<\/span><\/a>, the court excluded any evidence related to emails which were uncovered by the former housemate of the defendant, because the emails were obtained in violation of the wiretap act which protects privacy from illegal interception of wire communications.<\/p>\n

The WPA is a criminal wiretapping law, so it is no surprise that the use of a Keylogger by an employer can be prosecuted. In Ropp v. United States<\/span>, 347 F.Supp.2d 831 (CD Cal. 2004), a California federal court considered whether an employer\u2019s use of a Keylogger could violate the criminal provisions of the WPA.<\/p>\n

Ropp, worked as a manager for an insurance company and installed a Keylogger on the computer of one of his subordinates. The court began its inquiry by noting that the WPA affords greater privacy protection to wire and oral communications as opposed to electronic communications.<\/p>\n

The federal court dismissed the indictment against Ropp, finding the Keylogger only intercepted internal communications between the keyboard and the CPU, as opposed to the signal being intercepted on transmission to the company\u2019s network, which was attached to interstate commerce.<\/p>\n

The Ropp<\/span> decision, however, did not put the issue to rest in California. In Brahmana v. Lembo<\/span><\/a>(N.D. Cal. 2011), the federal court questioned Ropp\u2019s restrictive interpretation of the definition of electronic communications found in the WPA.<\/p>\n

Brahmana was a sales manager for a VOIP company located in Silicon Valley. Brahmana discovered that emails he had sent on his work computer had been read by the company president through a Keylogger which was installed on Brahmana\u2019s computer. In light of the fact that the keystrokes had been read over the company\u2019s network, the court concluded that there were sufficient facts to allow the case to proceed through discovery as the network might have affected interstate commerce.<\/p>\n

We started this discussion by asking what a Keylogger is. The Keylogger in Ropp<\/span> was actually a machine which recorded the keystrokes of a PC\u2019s keyboard as they were traveling from the keyboard to the PC. In Brahmana<\/span>, the Keylogger was a network analyzer, which records all the activity of a PC through a network connection to a server.\u00a0 The advancement of Keylogger technology probably puts it squarely within the prohibitions of the ECPA and WPA.<\/p>\n

The second question was whether the use of a Keylogger by an employer is illegal. Here\u2019s a list of points to ensure that the employer\u2019s use of a Keylogger stays within both state and federal law:<\/p>\n