In the US, it's mostly assumed that when you work for a company, your e-mail, web, and chat traffic may be monitored by IT staff. This is usually meant to ensure that you're not leaking company information, wasting too much time e-flirting with the person the next cube over, or downloading porn on company time. Still, most people (who don't work in government) operate under the assumption (mistaken at times) that, unless something goes horribly wrong at work, they have some level of privacy in their office communications. That may no longer be the case in Australia, though, if certain changes go into effect that will give companies and law enforcement the right to snoop on all employee communications whenever they please, without employee consent.

The legislation, if enacted, isn't intended to stop e-flirting—or at least not on the surface. Instead, Australian Attorney General Robert McClelland told the Sydney Morning Herald that it would be for the purposes of fighting terrorism. McClelland said that he had been advised that a cyberattack that could impact the stock exchange, electric, or transportation systems would cause more economic havoc than a physical terrorist attack: "It's unquestionable that it's necessary from time to time for network supervisors to open emails addressed to people to identify viruses and the like," he told the paper. "There needs to be protocols and guidelines developed so companies can protect their own networks. It will need new legislation."

Some of that new legislation could come by way of modifications to Australia's Telecommunications Interceptions Act, which currently only allows security companies and those who deal with the government to monitor employee communications without permission. In fact, Parliament has been attempting to modify the Act for years now—Electronic Frontiers Austria said last July that it was continuing a four-year-long fight to ensure that law enforcement agencies would not have full access to people's stored communications without cause.

It's not surprising, then, that EFA chairman Dale Clapperton was skeptical of the changes proposed by McClelland. He told the Herald that such freedom would not only enable employers to abuse the system by snooping on things that are not threatening, but also slow down efforts to truly secure Australia's IT networks. "These new powers will facilitate fishing expeditions into employees' e-mails and computer use rather than being used to protect critical infrastructure," he said.

McClelland cited last year's DDoS attacks on Estonia as an example of debilitating cyberattacks that Australia wants to avoid. (The attacks severely impacted Estonia's businesses and government for several weeks.) Although officials in Estonia originally blamed the Russian government for the incident, it turned out that the whole thing was carried out by an Estonian student that authorities believe was acting alone. The 20-year-old launched the attacks using his own PC and the help of a botnet—a fact that turned out to be both cause for relief (the Russians were, in fact, not attempting to take down Estonia's network infrastructure) and unsettling (a single person should not be able to cause such havoc so easily).

Despite all this talk, though, none of the proposed changes are going into effect... yet. McClelland said that he planned to discuss any new legislation with privacy experts and civil rights groups before making any changes. Of course, "discussing" doesn't necessarily translate to "taking their concerns seriously," and the fact that the government is open to discussions may not be enough to mollify Australian civil rights groups. And if even if the proposal becomes law, we don't think we're alone in feeling that if there are terrorists working at companies scattered throughout Australia, they are probably not trying to coordinate attacks on the country and its infrastructure through their work e-mail.