Re: [tlug] Email Backup with Exim

[Jonathan Byrne <jq@example.com>]

On Thu, Feb 26, 2004 at 09:27:57AM +0900, Stephen J. Turnbull wrote:

>IANAL, either, but remember that according to the relevant
>international treaties copyright belongs to the author until s/he says

IANAL either either, but most companies also have a written policy (which
employees usually have to sign) that basically states anything you create/
write/even think up on company time or company business belongs to the
company, not to you.  This would certainly apply to business email as
well.  I have no copy right over anything I produce for my employer,
including email I send.

If they don't have such a written policy, they should.  Otherwise, they
probably are on thin legal ground (at least in some countries) if they
keep archival copies of employee email.

Of course, some companies, mostly in the financial sector, are required to
keep copies of various documents for specific retention periods, and this
no doubt applies to email as well, so in those cases there is specific
legal sanction for keeping a copy of mail, above and beyond whatever it
may say (or fail to say) in company IP or email policy documents.

Personal email written on company time with the company's computer and
sent through the company's SMTP host is a different matter, though.
To be covered there, you would want to have an explicity statement that
there should be know expectation of email privacy on the company network,
and the company reserves the right to make archival copies of all mails
and may examine those archives at any time for any reason.

If I have to send personal email at work, well, I have my personal
notebook sitting there, and it sends through an SMTP host somewhere
else (via auth. SMTP).  That doesn't mean someone couldn't intercept
my outbound port 25 connection, of course, but if they really cared
about that they probably wouldn't allow outbound 25 to anywhere but our
official SMTP host anyway.  Even so, if it's an email that I *really*
wouldn't want anyone other than the intended recipient to read, I'd
encrypt it just to be sure (good policy anytime, of course).

Now, I'll just slide in a little plug for having a GPG key here, 
even now most TLUGgers seem to not have one.  Even if you rarely encrypt
anything, having one is useful for signing mail so that recipients know that
you are really you.  If you are the author of a free software project,
it's also useful for signing packages, so that recipients of those packages
can verify that there has been no tampering.  If your FTP server is 
compromised, the person who did it can replace your packages (and of course,
the checksum as well) with trojaned ones.  If you have GPG-signed the
packages, though, then the attacker is out of luck, at least WRT anyone
who actually checks the signature.

Jonathan
-- 
gpg --keyserver pgp.mit.edu --recv-keys ACC46EF9
Key fingerprint = E52E 8153 8F37 74AF C04D  0714 364F 540E ACC4 6EF9
"99 pounds of natural-born goodness, 99 pounds of soul!"

Attachment: signature.asc
Description: Digital signature