In Australia it is legal to monitor staff emails as long as all employees are aware of the fact this is happening.
There was a recent motion to pass legislation requiring the company to obtain a court order/warrant before the company could look at anyone's email. The motion failed to pass.
It's part of our corporate IT policy. We inform all staff.
this is very country specific. It is however certain that intercepting employess e-mail even on your own company LAN is absolutely illegal in some countries. That is not absolutely true. Intercepting is perhasp OK but reading is not.
My point is that hilst I think this is a good idea for a feature you may find that Sys Admins who just click away activating features may leave their employers open to a law suit. So if it is added as a feature it should be surrounded by the appropriate warning boxes.
You'd have to know what you were doing as you would have to enter an email address for the traffic to be sent to. I think it should definately be there.
Companies these days are required by law to at least keep the messages in storage so they can be produced as evidence. This is especially true of governments as well.
My mail server has this feature but I now route all SMTP through my ASL to make life easier for roaming users.
With the Sarbanes-Oxley broo-ha-ha [that's a piece of legislation in the States that requires listed companies to archive Emails -NOT a homeland security thing, but a corporate corruption thing, since insider trading is (theoretically?) illegal in the States], I am quite sure Astaro has kicked it around, because it would be child's play for them to do. But quite right about the other observation above: it's looked upon quite dimly in other jurisdictions, and Astaro could be party to a nasty whirlpool of litigation.
Fortunately, SMTP is such an easy and standard protocol, it would be a snap to configure a Mail archiving appliance to work with Astaro (many are made in the States now...). Also, since they use Exim for their SMTP proxy, I'm sure with a little Searching you can find how to adjust Astaro to meet this need...
P.S. You are a fool if you don't think that everyone in the world might end up reading every mail message that you compose, in this age of keystroke loggers. But it certainly is at the very least fair and ethical behavior to put employees on notice that they are under surveillance.
But then again, some companies aren't ethical, are they?
perhaps it could be enhanced with public key crypography (as strong as we can get) where the firewall only knows the public key i.e. the private key is not on the firewall and never has been.
That way should the firewall be breached the e-mails are still secure.
Come to think of it, that is part of a clever technology that a guy here in the States has used to address privacy concerns with Homeland Security monitoring. He uses an encrypting technology where it is known what patterns of "dangerous" terms look like when they're encrypted, but nothing else. Then he Searches for those terms. Obviously not proof-positive that you're dangerous, but if a crime later happens you have something better at your disposal than "round up the usual suspects..."
The key would have to be managed by an outside bonded organization to stand muster with some though. And others still wouldn't like it (the WestWorld syndrome: "Where nothing can go wrong...go wrong..."). We have the same problem now in the States with electronic voting systems. But the ones which have the brightest prospects are OpenSource based ones, since at least they are open for inspection and, consequently, challenge...
[Lnicoln: "If you give people the truth, the republic will be safe..."]
I don't see why Astaro would be open to litigation by adding this as a feature. Most mail servers already have this facility, as others have said this is a very easy feature to add. Whether you implement the feature or not is up to individuals not Astaro.
If I shoot someone with a legally owned gun, its me who goes to jail, not the gun manufacturer.
[ QUOTE ] I don't see why Astaro would be open to litigation by adding this as a feature. Most mail servers already have this facility, as others have said this is a very easy feature to add. Whether you implement the feature or not is up to individuals not Astaro.
[/ QUOTE ]
I think Simon's hit the nail on the head there. Why would Astaro be liable? The option of being able to ship off carbon copies of all the email is a superb idea, it would be another tool in the security belt, and yet another reason why Astaro is such a great firewall. Employee internet abuse is a HUGE problem and as far as I know it's perfectly legal to spool off copies of all the email, as long as the employees know about it and sign a usage and consent agreement. If they don't consent, they can find other employment where they can spend hours goofing off rather than working. Heck, might as well spool off whatever passes through the POP3 proxy, too. Many office goof-offs use webmail, though -- that might be a bit tricky to monitor and record.
But that's the kicker! Gun companies ARE getting sued now. And maybe these first few trials won't succeed, but who would have thought in the 70s that the cigarette companies would be
getting nailed in court??
I think it would be well received in the States, where Sarbanes-Oxley rules. I just speculated on the only reason they didn't fall over themselves to do it. I seem to remember reading somewhere that the EU has stringent privacy rules. Let's see what Astaro says...
Feature suggestion: if you use such an option, an MPEG of Falco's "Der Kommissar" plays in the webadmin when you turn it on...
Back then in my first post in this thread, I didn't mean that this feature could not be usefull, but am just not really sure I would like to have it. Otherwise if it is already there, we (administrators) can still be quiet about it, as long as stuff doesn't ask for it. I agree with Simon that at any case employee have to be informed of the fact that their mails are duplicated and stored and that can be read if needed. Besides all this there is still existing PGP or any other encripton, which can prevent unauthorized person to read your mails.
