In a lawsuit between a web developer and his former employer, a media agency, a judge has ruled that using keylogger spyware to monitor one’s employees is against the law. The specific identities of all of the involved parties are private for now.
There are keylogger devices that can be plugged in between a keyboard and a PC. But, most keyloggers today are purely software and come with additional features, such as viewing a target’s monitor output and transmitting screenshots of it. That’s what the malware the employer used was found doing.
The web developer sued his former employer for wrongful dismissal. During April 2015, the employer sent out a group email announcing that internet traffic and other work-computer use would be permanently logged and saved. The email didn’t explain how, but company policy forbade the personal use of their computer and networking equipment.
Shortly after the announcement, the former employee was accused of working on a computer game for another company. He was soon fired.
The former employee claims that he was doing work for his father’s company, but only during his breaks, for only ten minutes per day.
This case highlights that spyware isn’t the preserve of foreign militaries and script kiddies, it can also come from people you interact with in person, such as jealous partners or employers.
Is using keyloggers and other forms of spyware on employees still legal in the United States? The spyware industry certainly hopes so.
Controversial Spyware developer Flexispy describes a “legislative gap” that “does not reach Keylogger technology”. In a nutshell, their advice to potential customers is that it usually is legal for employees to use keyloggers on their employees in the United States, but regulatory specifics vary from state to state.
I’m Canadian, so what about Canada?
Spyware developer Gecko Monitor suggests that people are free to spy on others using its keyloggers “as long as the person who installed the keylogger program is the owner of the computer or device that the software is being installed on”.
Those companies operate legally but have a clear interest in making the legal path look as smooth as possible. If your conscience is OK with keylogging you’d be well advised to seek independent legal advice before you do.
Just because it’s legal does it make it ethical? Tell us what you think in the comments below.