Xref: utzoo comp.admin.policy:161 comp.unix.admin:2047 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!ucsfcgl!clausius.mmwb.ucsf.edu!rodgers From: rodgers@clausius.mmwb.ucsf.edu Newsgroups: comp.admin.policy,comp.unix.admin Subject: Re: E-mail Privacy Message-ID: Date: 29 May 91 17:05:27 GMT References: <15110@ccncsu.ColoState.EDU> <7129@cactus.org> Sender: root@cgl.ucsf.edu Distribution: na Lines: 47 The ethics and legality pertaining to the privacy of electronic mail are subtle and important issues. As regards ethics: Surely, the ethicality of reading other people's mail depends upon the specific setting. Where a machine is owned by a commercial or government enterprise and is clearly provided as a tool for the work of its employees, there may be grounds for acting as if all information on that machine is the property of the collective body concerned. However, given the scope for ambiguity here, it would still seem desireable to somehow make this explicitly clear to users--as, for example, with a one-line notice upon login or the invokation of the mail program. Where the rights and responsibilities of all parties are spelled out in advance, there is less scope for ethical murkiness. Even where it was stated that a host could be used for personal communications, there might be limitations placed upon users--as for example, with regard to the amount of system resources (esp. disk space) to be allowed such uses. This could lead to a situation where information would have to be archived or destroyed to free communal resources. Again, a clear (preferably written) policy would help alleviate future problems. As a joint system administrator/researcher in an academic research setting, I personally feel it a sacred duty to avoid any situation where I could even accidentally read another person's mail, which I consider to be private information. I am not certain that the Regents of UC share this opinion. Furthermore, I am troubled by the possibility that other users do not share this point of view, and by the ease with which a determined user could invade the privacy of others. To the extent that I do not take explicit action to prevent such abuses, I suppose that I share the blame. One technical point which has been insufficiently discussed here is the "secretmail" mechanism of certain (all?) UNIX hosts. I have not experimented with this, but as I understand, this uses a DES-like mechanism to send mail securely. I don't know how it is stored at either end (perhaps the encryption applies only to transmission?). A good technical discussion is in order here, conducted by someone more knowledgable than myself. As regards legality: the discussion thus far has been notable for the lack of participation by someone with legal training. Does anyone know a lawyer who might be interested in providing a more informed opninion on this point? Cheerio, Rick Rodgers R. P. C. Rodgers, M.D. (415)476-2957 (work) 664-0560 (home) UCSF Laurel Heights Campus UUCP: ...ucbvax.berkeley.edu!cca.ucsf.edu!rodgers 3333 California St., Suite 102 Internet: rodgers@maxwell.mmwb.ucsf.edu San Francisco CA 94118 USA BITNET: rodgers@ucsfcca