The law is always trying to apply old rules to new technology.

The first automobile accident cases were tried by the standards set down for horse-drawn carriages, and the cutting-edge decisions on protecting computerized databases are all based on precedents established for telephone books and similar printed compilations. But the established approaches are often an uncomfortable fit for the new technology.

The newest quandary: whether reading electronic mail not addressed to you is in any way different from picking up a private letter off a colleague's desk. "The law so far is no more adept at coping with breaches of E-mail security than the technology that makes them possible," according to a discussion of the issue in the current American Bar Association Journal.

The most publicized controversy over reading another persons' electronic mail surfaced earlier this year when Robert Isaac, mayor of Colorado Springs, Colo., admitted that he had been getting prepared for city council debates by reading the electronic notes the council members had sent one another.

The city had kept printouts of all the internal communications, just in case they were ever deemed to be covered by that state open-records law. One councilman made headlines by threatening to file criminal charges against the mayor, but he did not go through with the action.

In fact, there has been little litigation on the subject. Most of the cases that have been filed allege that employers routinely read staffers' electronic mail and call that an invasion of privacy.

"It's personal stuff," said Noel Shipman, a Los Angeles lawyer who represents employees at Epson America Inc. in Torrance, Calif. They believe a systems manager there routinely printed out and read electronic correspondence between Epson employees and those outside the company.

But it is not clear that current laws against wiretapping and electronic eavesdropping apply to E-mail systems. Some experts involved in drafting the Electronic Communications Privacy Act passed by Congress in 1986 say that E-mail was well enough established by then so that the language of the statute was meant to cover at least those systems with some sort of public access.

Even if that statute, or counterparts passed by state legislatures, do apply, it is still unclear whether a boss's routinely reading subordinates' E-mail would be viewed as a violation. Chicago law professor George B. Trubow, chairman of the ABA committee on the privacy impact of information practices, notes that the law bans only "unauthorized" access.

And, he says, it is a debatable question whether an employer, by establishing the office communications system and paying for it, is therefore "authorized" to read anything that travels over it.

The key is employee expectation. If the company has assured workers that their E-mail will be private, those who are spied on probably have a good case. But without those assurances -- and with an explicit policy that management can have access to all E-mail -- the legal balance tips toward the bosses.

Probably the best answer is not suing the snoop but keeping him or her from having access to the messages in the first place. "Generally, the principal E-mail protection is recipients' passwords," says the ABA's Don J. DeBenedictis. In many systems, "without a user's system ID and password, the user's E-mail simply cannot be read."

But users tend to be less than careful about keeping their passwords secret, either selecting ones that are relatively easy to guess -- a spouse's first name, say -- or freely giving them to associates to check files during vacations or business trips.

And even with passwords, the systems at many companies involve computer operators who can, if so inclined, peek at outgoing and incoming electronic messages just as switchboard operators used to be able to open the key and listen in on supposedly private conversations.

Daniel B. Moskowitz is a Washington editor for Business Week newsletters.