On Friday, 30 March 2018 11:42:23 CEST Vakul Garg wrote:
> Hi Martin
> 
> > -----Original Message-----
> > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Rex
> > Sent: Thursday, March 29, 2018 4:47 AM
> > To: Steve Fenter <steven.fente...@gmail.com>
> > Cc: tls@ietf.org
> > Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do
> > it)> 
> > Steve Fenter <steven.fente...@gmail.com> wrote:
> > > To clarify for anyone who has confusion on the enterprise TLS
> > > visibility use case, I think enterprises need to be able to do
> > > out-of-band decryption anywhere in the network that they own.
> > 
> > This is argument is so lame.
> > 
> > In Germany, monitoring communications between individuals or between
> > individuals and legal entities, including communications over corporate
> > networks, was made a serious crime in 2004 (TKG 2004) with a penalty of up
> > to 5 years in prison for listening into such communication.
> > 
> > The world didn't end.  Really, consider it proven that there is no need.
> 
> Could monitoring could be legally done if user provided his consent at the
> time of login into enterprise managed terminal?
> I guess that's the case in enterprise managed networks.

No, even then the employer needs to establish a concrete case for inspection 
of the communications of an employee.
Employer also must not continue inspection of an email as soon as it has 
noticed that it is part of a private message.

https://www.lexology.com/library/detail.aspx?g=f946064a-05d0-4603-ace9-3846b1c7536d

and this is true, to a large degree, for the whole of EU:
https://www.theguardian.com/law/2017/sep/05/romanian-chat-messages-read-by-employer-had-privacy-breached-court-rules

From the ECHR ruling:
"An employer[...] cannot reduce private social life in the workplace to zero. 
Respect for private life and for the privacy of correspondence continues to 
exist, even if these may be restricted in so far as necessary."

> > There may be _desires_.  For me, those desires are no less unethical as
> > data collections by apple, camebridge analytica, facebook, google,
> > microsoft, whathaveyou...
> > 
> > .... and fortunately, for corporations in germany, such data gathering is
> > not just unethical, but truely criminal by law.
> > 
> > 
> > -Martin
> > 
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww
> > w.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7Cvakul.garg%40n
> > xp.com%7C17aacd25ee5c49568aca08d595021677%7C686ea1d3bc2b4c6fa9
> > 2cd99c5c301635%7C0%7C0%7C636578758559728633&sdata=sa3hcM4C94
> > %2BX826Xcu4BwvfkIFzfJiB8cjPjOh7s8pI%3D&reserved=0
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls


-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to