Hot Topics

  Your Network and the Law (Part 1)

Richard Love-Manager Information Technology  
Annesley College, Adelaide (formerly MLC Adelaide) 

NB:  This document is not considered “legal advice”. 
Individuals and organisations should obtain professional legal guidance.

There have been a number of incidences highlighted in the media where employees have been using their employer’s network for “inappropriate” uses.  Some of these include:

·   Employees using email attachments to distribute pornographic material.

·   Employees using the Web to access pornographic web sites.

·   A mid-level manager of a local council using the employer’s email system to indicate to a company (that supplied services to the council) that she would “never use that company again”.  The company contacted the CEO of the Council to seek clarification only to discover that the Council had no plans to cease business with the company concerned.  The issue with the staff member was a personal issue – not a council issue.  The staff member was reprimanded and received “counselling on appropriate use of the Council network”.

·   A Union representative using the employer’s email system to distribute union information.  The employer intercepted the email and consequently dismissed the employee (who was later re-instated after taking the employer to Court).

·   An employee downloading hundreds of megabytes of MP3 files.  The issues here included lost productivity, inappropriate use of the network, copyright, and the cost to the organisation of downloading 800MB of MP3 files.

·   A school network where over 200 copies of the AlienSong.exe file were discovered.  This file is over 3MB is size.  How many were downloaded via the Net or via email?  What is the cost of this?  What impact on network traffic was there as students emailed the file to each other?

How do these relate to a school network where staff and students have ready access to a range of online services such as the World Wide Web, email, listservs, chat rooms, etc?  Many would argue that our “Duty of Care” responsibilities necessitate an even more careful approach to the use of school networks compared to other organisations.

Some possible case studies or examples:

·  A student downloads 100MBs of MP3 files.

·  A student complains that s/he is being harassed by another student via the school’s email system.

·  You are told that a student has been accessing pornographic web sites at school.

·  You discover that a student is sending other students inappropriate material via email (possibly violent, pornographic, or racist material).

·  A student is using inappropriate language in the content of his/her emails.

·  You discover that a person from Company A is sending pornographic email attachments to a student at your school.  On further investigation, you find out that the person is an elder sibling of the student concerned.

·  You note or are informed that a student is “disturbed” by an email she has received from an adult external to the school.  On further investigation, you discover that she has been sent sexually explicit material with email that could be interpreted as “suggestive”.

Some questions relating to the case studies:

· How will you “discover” the content of a student’s email?

· Are you “allowed” to examine a student’s email?  Does this refer to their attachments or the actual text in the email?  Can you do “spot checks” or a detailed examination of all email?

· How do you know the web sites a student has accessed?  Have they accessed it accidentally (just for 1 or 2 seconds and then exited) or have they accessed it deliberately (remained at the site for some time)?

· For schools with notebook computer programs, are you “allowed” to inspect the hard drive on a student’s notebook computer (whether it is owned by the school or the student)?

· Has your policy been explained to the school community (parents and students)?

· Is your staff aware of the policy?  Does it apply to them?

·  Who will be responsible for checking the content of student email?

·  What is the duty of care in some of the above case studies?

·  What are your legal responsibilities in these case studies?

·   Does your school policy provide you (the IT Coordinator, Head of IT, etc) with legal protection?

There are at least four sections of Australian legislation that impact on how we might allow students access to school networks and how we might deal with some of the issues we have discussed.  
They are:

The Broadcasting Services Act (1992).  Changes to this Act occurred during 1999 and came into effect on 1 January 2000.  The changes relate to the content of, and access to, the Internet.  Included in these changes was the development of Codes of Conduct For Industry Self Regulation.  This is a Federal law.

The Privacy Act (1988).  This Act has undergone a number of significant changes.  During 1999 the Information Privacy Principles were introduced.  More recently, on 12 April 2000 the Privacy Amendment (Private Sector) Bill 2000 was introduced into Federal Parliament (this is commonly being referred to as the “light touch” privacy legislation).  This Amendment will come into effect on 1 July 2001 (if passed by Parliament).  

The Children’s Protection Act (1993).  More specifically, the sections covering Child Abuse and Neglect as well as Mandated Notification are relevant.  These are State laws but most States and Territories have very similar legislation.