More and more employers are making use of “keylogging,” or the recording of keystrokes on an employee’s computer to provide a map of what Web sites the employee is visiting. Is the process legal?
Typically, keylogging is done secretly, so the employee is unaware of it. Just as typically, it’s implemented because the employee is under suspicion of using a computer in an unauthorized or illegal way. So far, so good.
However, some targeted employees have dredged up a section of the Electronic Communications Privacy Act as a defense — and a reason to sue employers for invasion of privacy.
Title I of the ECPA amended the federal Wiretap Act covers the “interception of electronic communications,” making it an offense to “intentionally intercept . . . any wire, oral, or electronic communication.”
Test case
The issue came up in a California federal-court case, Brahmana v. Lembo. The question was whether a key logger that records keystroke information in transit between the keyboard and the computer’s central processing unit violated the EPCA.
The short story is that the court didn’t find the company general keylogging to be in violation of EPCA.
There’s a complication because, using the keylogger, the company captured some of the employee’s confidential passwords and used them to access private accounts. The court is allowing the case to continue to determine whether using the passwords violated the EPCA.
So, at this point, the verdict is:
- Keylogging to track Internet usage? Probably OK.
- Using keylogging to access private info? Probably not.