Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!accuvax.nwu.edu!nucsrl!telecom-request From: Rich Kulawiec Newsgroups: comp.dcom.telecom Subject: Re: Class Action Suit Against Epson Charges Email Spying Message-ID: <11629@accuvax.nwu.edu> Date: 2 Sep 90 01:31:50 GMT Sender: news@accuvax.nwu.edu Organization: TELECOM Digest Lines: 79 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 614, Message 9 of 9 In article <11351@accuvax.nwu.edu> you write: >The right to privacy in email or on the telephone >means privacy on computers *you own or control* (i.e. lease or rent a >mailbox, etc), and on telephone lines *you pay for*. I disagree, at least in the case of computer systems. Below is a copy of memorandum that appear at PRIVACY@RUTGERS a few years ago and was forwarded to me by Dave Curry (then of the Purdue Engineering Computer Network). This memo is a preliminary attempt to assess the impact of the ECPA, and contains the comment that clarification of the intent and scope of the ECPA will probably be determined in the courts; my guess is that the Epson class action lawsuit might be one of the cases which does exactly that. BEGIN MEMORANDUM To: The MIT Community From: James D. Bruce, Vice President for Information Systems Re: The Electronic Communications Privacy Act The Electronic Communications Privacy Act of 1986 was enacted by the United States Congress in October of last year to protect the privacy of users of wire and electronic communications. Legal counsel has advised MIT that its computer network and the files stored on its computers are covered by the law's provisions. Specifically, individuals who access electronic files without appropriate authorization could find themselves subject to criminal penalties under this new law. At this time, we can only make broad generalizations about the impact of the Act on MIT's computing environment. Its actual scope will develop as federal actions are brought against individuals who are charged with inappropriate access to electronic mail and other electronic files. It is clear, however, that under the Act, an individual who, without authorization, accesses an electronic mail queue is liable and may be subject to a fine of $5,000 and up to six months in prison, if charged and convicted. Penalties are higher if the objective is malicious destruction or damage of information, or private gain. The law also bars unauthorized disclosure of information within an electronic mail system by the provider of the service. This bars MIT (and other providers) from disclosing information from an individual's electronic data files without authorization from the individual. MIT students and staff should be aware that it is against Institute policy and federal law to access the private files of others without authorization. MIT employees should also note that they are personally liable under the Act if they exceed their authorization to access electronic files. END MEMORANDUM Based on my own reading of the ECPA, this memo, and other discussions (some of which appeared in TELECOM), I've formulated a policy which is used here [Colorado State CS Dept.; I'm the systems manager]. We will access the "envelope" of a mail message if necessary to see that it's delivered correctly, but not the "body". This is possible when using Unix sendmail because enqueued messages in the process of delivery are stored as two separate files, one of which contains the message itself, the other of which contains information such as the sender, recipient(s), etc.. This information is publicly accessible by use of the "mailq" command or by examination of the publicly-readable logs written by sendmail; it seems to me to be reasonable for us to rewrite it when necessary to ensure delivery of messages. (I would compare this to the US Postal Service's use of forwarding stickers to ensure delivery of paper mail.) But we will not access the contents of a mail message whether it's enqueued or has actually been delivered. Rich Kulawiec