Can Employer Read Employee's Mail?
How Private Is Private Email?
Let us, for the sake of having the illusion of `private' email and thus something to talk about, assume that the employer permits its employees to use the company's email system for sending and receiving personal mail. I stress that we are talking about the company messaging system because that allows them to set the rules more or less without any restrictions — something I do not necessarily approve of...
How private is this private mail? May the employer read it, censor it? Can they do that?
May An Employer Read the Employee's Mail?
Unauthorized access to electronic mail messages is regulated by the `Electronic Communications Privacy Act' (ECPA) in the U.S.
While the ECPA provides some protection of privacy its appliance to email may be limited and not far reaching. It still servers one purpose, though, in prohibiting disclosure of (private?) email to third parties. There are exceptions from this general rule, of course, namely in the form of legal demands of disclosure in litigation or by government authorities. An interesting side-effect of this is that it may be required to keep records of all email sent through the system.
The ECPA also permits access to private communication with the consent of either the sender or the recipient. Employees may (have to...) agree to such access (by authorized persons) in the email policy of the company.
But even if there is no agreement the ECPA only prohibits interception in real-time transmissions; email is usually (or at least can be) stored and can be accessed by the system administrator who usually will be the employer.
Can An Employer Read the Employee's Mail?
Frightened by what you have read so far (it indeed is not very encouraging and makes it seem worthwhile for both the employer and the employee to establish a good company email policy) you may think: ``They may be allowed to read my mail... but they can't'' and delete all records.
The problem with this tactics is that it will be hardly possible to delete all records without hacking your way into the backup disks and tapes. Back-up copies of all email traffic can and will be kept and more often than not a nasty message from the past shows up in court... or in public. (At least you can comfort yourself with the pleasant thought that you're "not the only one.")
Another, very effective solution that I already mentioned last week when we talked about how you can use free email to separate corporate and private mail is to encrypt all your precious messages. You can do that with Pretty Good Privacy (PGP) or any other encryption software.
To be really safe, you could wipe out the secret key, which provides the only way to decrypt the enciphered text. This quite effectively ensures that nobody (that also includes you) will ever be able to read it again. Be aware of any key recovery that may be built into the encryption software and may enable your company or the government to still gain access. The company email policy could also prohibit any use of encryption software or limit it to special cases; then you could have to pay for your privacy.
"In all distresses of our friends