Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!decvax!decwrl!sun!hoptoad!gnu From: gnu@hoptoad.uucp (John Gilmore) Newsgroups: net.rumor,net.news.adm Subject: Re:ading other peoples' mail Message-ID: <692@hoptoad.uucp> Date: Tue, 15-Apr-86 05:21:41 EST Article-I.D.: hoptoad.692 Posted: Tue Apr 15 05:21:41 1986 Date-Received: Fri, 18-Apr-86 04:13:12 EST References: <703@frog.UUCP> <12400018@uiucdcs> <2410@jhunix.UUCP> <132@fai.UUCP> <4697@ut-sally.UUCP> Organization: Nebula Consultants in San Francisco Lines: 56 Xref: watmath net.rumor:1886 net.news.adm:593 In article <132@fai.UUCP>, ronc@fai.UUCP (Ronald O. Christian) writes: > How do the rest of you system administrators feel? Is it within your > rights to open other people's mail? In article <4697@ut-sally.UUCP>, nather@ut-sally.UUCP (Ed Nather) writes: > In my opinion the system administrator does not *own* the system, any more than > an appointed or elected official owns the system he/she administers, but power > corrupts and a system administrator has a lot of power. I assume in time we > will evolve a code of ethics for this new situation, and I hope it will follow > the pattern of our past: "Thou shalt not read other people's E-mail, either." I posted something earlier that said basically "if you ask me to relay mail at my expense, don't expect privacy". I got three or four responses, none of which understood my position. Let me try again. If you send mail through other peoples' machines, *don't expect* it to be private. For example, if you are Sun Microsystems, don't send your conversations with Motorola through AMD. If you are DEC, don't send your marketing plans for new machines through AT&T. If you are a movie star, don't send your innermost secrets through the National Enquirer. Etc. There *is* a difference between abusing your root privilege and reading mail in transit. When I had root privileges at Sun, I didn't use them to read other peoples' mail; they were fellow employees and presumed to be trustworthy, as I was presumed to be trustworthy. On the other hand, not everyone on the uucp net is trustworthy, and checking at least who is sending to who through my system has sometimes saved me *and them* some hassles, expenses, etc. Furthermore, if I am in business and my competition is dumb enough to pass sensitive data through my machine, at my expense, why should I ignore this? I don't ignore their other mistakes that give me information or market share... (I can see the scramble as companies implement mail-checkers to look for info in their uucp traffic. Maybe that's why AT&T is sponsoring ihnp4...) I could try to make a case that innocently reading mail in transit is like amateur computer hacking: it keeps people honest so they don't get burned by *serious* spying, hacking, etc. But I won't; I don't need to. If you want to be absolutely *sure* I won't read your email, don't send it through hoptoad. (PS: Besides being sysadmin, I *do* own hoptoad. I don't see that it changes things much one way or the other, though, since a sysadmin's job is to watch over usage of the machine, including usage by third parties via uucp.) PS: Mail policy at Sun was twofold: (1) Anyone caught snooping through anyone else's personal mail would be fired. (2) Don't send very private stuff through email because it fails, gets misrouted, bounced, etc and could be disclosed even without anyone's malicious intent. I think it's a good policy. -- John Gilmore {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu jgilmore@lll-crg.arpa Post no bills.