Quote:
Originally Posted by leagleaze
He may not be a lawyer, but I am. Of course this requires me to say we are not in an attorney client relationship, I am offering generalized advice, it is worth what you paid for it, yadda yadda.
I've actually been watching this debate for a while. Find it pretty interesting.
All I can say is this, and you'll pardon me if my tone is blunt.
There are some recent cases that might suggest that this could be a violation of the act in question. Normally the cases involve reading other people's emails or putting key caps programs on people's computers without their permission or knowledge. If people believe, reasonably, that their private messages are private, you could have a problem.
Now a lot of you will say they don't reasonably believe that, nothing on the Internet is private. My response is you need to take a look at the type of people who use your site. Are they aware enough to appreciate this fact? A court will look at what is reasonable based upon the knowledge base of the people. So if you have a hacking board or something your argument is a good one. Not so good for a board where the people don't know the first thing about vbulletin, how it works, what can be read, so on and so forth.
Yes, we can view the PMs by going through the databases. Sysadmins can also view emails easily. And without proper cause, if a sysadmin for an email provider started reading your email, he'd be liable for all sorts of things. It's a definite no no. Once you place something out there for people to use it becomes more complicated then it is my property so tough to you. And if you had a problem and you went into court and said hey, it is my board, it is my property I can do what I want, I promise you that answer won't cut it.
On the other hand, if you can say, I had a problem with a stalker or with someone trading warez, and I had a note on my sign up page that said you are consenting to being monitored with just cause, then you have a very good argument. Is it a winnable argument? Honestly, I don't know. Any more then I know for certain you would be found liable for violating the Act(s).
In the end, I'd suggest that if you want to install this hack and you want to protect yourselves, it probably wouldn't hurt to put something in your TOS noting that they are consenting to monitoring or that nothing posted through the board is private or what have you. It is not a difficult thing to put in your TOS and it is better to be safe. I would also be very careful to limit your reading of pms to when it is a necessity.
Of course, this only applies to US law. The EU has even more stringent privacy laws. Your mileage my vary.
By the way, if you are wondering if I, as an attorney, would ever install this hack, the answer is no. I think it is unwise, and I think, as our IT person thinks, that it could get you in a lot of trouble, even with warnings to the users.
L
|
Let me ask you a question - realizing that the answer falls under the heading of freindly advice, not a legal advice.
The problem I see with someone installing this hack is removing the reasonable expectation of the users that their messages are indeed private.
You correctly point out that all users would need to be informed that messages are monitored and usage constitutes agreement to monitoring and you suggest this via a TOS.
How does a sysadmin protect himself in such a way that he can PROVE that a user consented to monitoring. As I understand it, the courts always side with the person whose privacy has been invaded in cases of ambiguity, the right to privacy being paramount.
For users from the hack install date on, one should edit their sign-up templates to warn of monitoring and the fact that they continued with the sign-up process is proof enough.
But what about existing users? Users who:
1. Signed up before monitoring was the norm
2. Sent private messages before monitoring was initiated under the expectation of privacy that can now be read.
The only way I see this being possible is that, at the time the hack is installed, all existing users have PMs turned off and all existing PMs deleted. Then, the user has to provide some positive consent to monitoring - maybe just a customized user field.
The reason all existing PMs need to be deleted is every PM involves two people: the person who sent it and the one that received it. If the receiver consents but the sender does not, the sysadmin still can't read that PM without being in violation of the law.
What are your thoughts? Assuming you HAD to install this hack, how would you protect yourself?