Tuesday, August 15, 2006

Lack of EOP by extension?

Here's a court case that strikes me as vaguely (but greatly) wrong, but not for any of the reasons stated by the plaintiff, the defendant or the judge. While I would agree that the employee would not have an expectation of privacy (EOP) for any action performed from a company computer, I have serious reservations about the logic that the expectation of privacy remains in "failed" mode if the employer then uses a captured password to access a system not belonging to them.

If you read the fine print in just about any TOS or contract, the account is property of the system owner and the user is allowed access to the system at the discretion of the system owner. Account termination usually can occur without warning, justification or appeal. The account (and often any data within) remains the property of the system owner. In this case, eBay.

If I were eBay, I'd be investigating the application of "accessing a system without permission" as it relates to the private investigation company.