Company Owned Celluar Extraction
CAN WE TEST FOR THAT?
It is commonplace for potential employees to undergo pre-hiring urinalyses. It is also good practice for employees to be subject to random urinalyses, as well as mandatory testing following any incidents related to work. That begs the question, "What other aspects of privacy can be broached to protect an employer?" A standard perk for many individuals within a corporation is a company cell phone. With the advent of the smart phone, this has put a powerful computer in employees' hands. If the employer is paying the bill, to what extent have they the right to know what is being done with the equipment? In general, there is no right to privacy with regards to the use of company owned equipment and company owned email. State privacy laws vary, adding certain nuances to the general rule. The United States Stored Communications Act, found at 18 U.S.C. § 2701 et seq. limits who may access communications stored elsewhere online, although viewed on another device.
WHY IS IT IMPORTANT?
Just as urinalysis is used to protect from variable issues, so can reviewing activity on a company owned device. It is important to ensure no illegal activity is taking place that would put the company in peril. No one wants an embarrassing episode to come to light, that if detected in house, would harm the business brand. Corporate espionage can be averted. Productivity is easily monitored. The reasons are limitless to access the information you are provided on a company owned cell phone. Until now, the challenge was that extracting all the data would require the device to be sent to a lab, and several weeks would pass before any report was available. In the world we live, that is just not a viable solution. Thanks to Black Swan Digital
Forensics, you can have the results over lunch. Because company email is owned by the business, it can be reviewed from the company server. Everything else that is done on the device will be packaged in a concise, easy to navigate and user friendly report. Text messages, photographs, and internet browsing history are at your fingertips. With the power to monitor the activity of the user, you will never have to be surprised by the actions of an employee again. You can address problems as they arise rather than after significant damage has already been done. The data never lies, and it is provided to you for a fraction of the cost and in a time frame not offered anywhere else.
WHAT SHOULD WE CONSIDER?
There are a number of issues to consider with regards to extraction of cell
phones provided by the company. It is good practice to have a cell phone policy in
place. Black Swan Digital Forensics can provide you with their tested policy to help
limit any questions regarding cell phone usage.
Garcia v City of Loredo, Case No. 11-41118, US Court of Appeals, Fifth Circuit,
has found that data stored on a cell phone is not controlled by the Stored
Communications Act. This allows access to all items that are permanently stored on
the device, such as the aforementioned texts, photographs, and browsing histories.
What is less clear is the access to personal email accounts (think yahoo, gmail, etc.)
even if the company-issued device is being used to check those. Levin v. Impact
Office LLC, Case No. TDC-16-2790, United States District Court, District of Maryland,
has left open the possibility that personal email, even when accessed from a company
cell phone, is private information protected by the Stored Communications Act. This
case has not reached an ultimate conclusion, and no answer has been given as to
whether or not private email becomes discoverable by a company if accessed from a
business-owned device. This does not affect the availability to view social media
interactions and other information stored on the device. It may possibly impact
access to direct messaging on social media, but that has yet to be seen.
WHAT DOES IT ALL MEAN?
Corporate espionage is real. Protecting your investment is important. Corporate image has value that can be easily diminished by one employee. You never have to be vulnerable again. Know for what your company owned device is being used. It is less invasive that urinalysis, and takes about the same amount of time. Do not let the unknown ruin your business. Cellular device extraction should be a part of your arsenal to protect your business.