Okay, you made me go and look it up. Because I'm busy right now, so I only have this reference, but it's references look good:
http://www.honeynet.org/book/Chp8.pdf
Page 2: "Just because you own and are responsible for a network does not mean you have unfettered legal authority to monitor users of the network"
Two laws that affect this: Wiretap Act and the Pen Register, Trap and Traces Devices Statute.
Wiretap Act:
Page 4: "Generally forbids the interception of the content of communications (including electronic communications)"
"Sniffing traffic on a network may be considered an interception"
Page 5: "As a constitutional matter, an intruder has no reasonable expectation of privacy while in your network. This does not mean, however, that monitoring is allowed"
Pen Register, Trap and Traces Devices Statute:
Basically covers capturing of the non-content information, like what IPs they are talking to, etc.
Of course, all of this becomes nice and legal if the user to be monitored signs off on it.