Assignment:
Week 5 Discussion: Email Privacy
You have zero privacy anyway. Get over it. (Scott McNealy, Sun Microsystems CEO, 1/25/99)
Scenario*: Scott Sidell, the former chief executive officer of Structured Settlement Investments (SSI) was fired in August 2007 – he claimed in a complaint filed in Federal District Court (May 8, 2008) that he was fired without cause. During his employment with SSI, Sidell had two email accounts: a Microsoft Outlook business account provided by SSI and a personal Yahoo! Mail account.
After he was fired, Sidell neglected to turn off his office computer. Apparently, his personal account remained active on his office desktop so that it could be accessed without using his password for a period of up to two weeks.
Sidell continued to use his personal account from his home. He used this account to communicate with his attorneys concerning strategies in his case regarding his termination without cause.
In his complaint, Sidell alleges that his superiors intercepted and read his private emails on his former office computer. He claims he did not authorize his superiors to access his personal Yahoo! email account nor did he provide them with his password. Richard Palma, chief operating officer for SSI, subsequently filed a statement with the court claiming that Sidell had returned to the office after being terminated and had used another employee’s computer to send trade secrets and confidential company information to his personal email account. This could constitute violation of a provision in his contract prohibiting Sidell from competing against SSI for three years after leaving the company. However, if SSI had indeed learned of this alleged breach of contract while improperly reading Sidell’s personal email, such action would support Sidell’s complaint.
Let’s talk about the ethics and professionalism issues that this case brings into question. To start (but not limit) the discussion:
- Was it ethical for Sidell’s employers to access his personal Yahoo! email account without his permission although it was open on his desktop computer? Support your answer.
- Was it ethical for Sidell’s employers to consult Sidell’s emails to his attorneys in his personal Yahoo! Mail account? Support your answer.
- As a digital forensics professional, you might be called as an expert witness – what would you do? Would it matter which side contacted you?
- What codes of conduct or professional expectations are relevant? How do they apply?
- What’s happening in the news right now to support your viewpoint?
* This scenario uses Barger (2008), Glater (2008) and documents at Justia.com.
Readings:
Required Text:
Nelson & others (2010). E-book “Guide to Computer Forensics and Investigations Chapter 16 “Ethics for the Expert Witness”:
http://www.chegg.com/
Required Online Readings:(links open in new windows)
- Computer Ethics Institue. The Ten Commandments of Computer Ethics
- Stanford Encyclopedia of Philosophy (2008). Computer and Information Ethics
- Barbara, J.J. (Aug. 01, 2008). Ethical Practices in Digital Forensics: Part 1.Forensic Magazine
- Barbara, J.J. (Oct. 01, 2008). Ethical Practices in Digital Forensics: Part 2. Forensic Magazine
Optional Online Readings: (links open in new windows)
- ASDFED Ethics and Code of Conduct. The American Society of Digital Forensics and eDiscovery
- Barbara, J. (Dec. 01, 2009). Ethical Practices for Digital Forensic Examiners.Digital Forensic Investigator (DFI) News.
- Barger, Robert Newton. (2008). E-mail Privacy Case. [Word document] included in ancillary materials for Computer Ethics: A Case-based Approach
- Beckett, J. & Slay, J. (In Press, Corrected Proof). Scientific underpinnings and background to standards and accreditation in digital forensics. Digital Investigation accepted 4 August 2011, pages 1-8.
- Casey, E. (2009). Digital forensics: Coming of age. Digital Investigation,6(1-2), 1-2.
- CDFS Interim Board (In Press, Corrected Proof). Consortium of Digital Forensic Specialists; Shape the future of your profession.Digital Investigation, pages 1-2.
- Computer Ethics Institute
- Deputy Assistant Attorney General Jason Weinstein. (May 18, 2011). Privacy, Technology, and the Law. Digital Forensic Investigator (DFI) News.
- Forte, D. V. (2010). Are you going to be a forensic examiner or a private investigator? Computer Farud& Security, 2010 (1), 15-17.
- Glater, J. (June 27, 2008). Open secrets (aka A company computer and questions about e-mail privacy. The New York Times, C1.
- IACIS Code of Ethics. The International Association of Computer Investigative Specialists
- ISFCE Code of Ethics. The International Society of Forensic Computer Examiners
- Schwerha, J.J., IV (2008). Why computer forensic professional shouldn’t be required to have private investigator licenses. Digital Investigation,5(1-2), 71-72.
- Sommer, P. (In Press, Corrected Proof). Certification, registration and assessment of digital forensic experts: The UK experience. Digital Investigation. Accepted 11 June 2011, pages 1-8.
- U.S District Court District of Connecticut. (May 8, 2008) Sidell v. Structured Settlement Investments, LP et al.(PDF)
Optional Online Web Sites
These organizations have very specific concepts, explanations and requirements for digital forensics experts in regards to a code of ethics and professional behavior on the job. The Nelson text mentions several of these organizations.
Digital Forensics Certification Board – http://www.dfcb.org/about.html and http://www.dfcb.org/DFCB_DFCB_Code_of_Ethics_and_Standards_of_Professional_Conduct_Version_1.1_Dec08.pdf
International Association of Computer Investigative Specialists – www.iacis.com/
International High Technology Crime Investigation Association – www.htcia.org/
International Society of Forensic Computer Examiners (ISFCE) – http://www.isfce.com/ and http://www.isfce.com/ethics2.htm
The Nelson text also references the following organizations:
American Bar Association – www.americanbar.org/aba.html
American Medical Association – www.ama-assn.org/
American Psychological Association – www.apa.org/