jam@dcl-cs.UUCP (04/22/86)
In article <11414@amdcad.UUCP> phil@amdcad.UUCP (Phil Ngai) writes: >In article <132@fai.UUCP> ronc@fai.UUCP (Ronald O. Christian) writes: >>How do the rest of you system administrators feel? Is it within your >>rights to open other people's mail? > >I'm supposed to keep the system running without looking at the files? I've been following this discussion (none too closely, I admit) and I think some people are making a fundamental equation which just doesn't hold up; e-mail == ordinary paper mail (or snail mail!) Perhaps a better equation would be e-mail == telephone communication Now, hey, I'm pretty paranoid but I'm not talking about telephone tapping etc. There may well be good reasons for the operator/telephone engineer to overhear (part of) a telephone conversation (although I can't think of one now!). They may have to listen in to ensure the correct functioning of the telephone system (no?). I think SAs find themselves in much the same situation. Maybe the rule should be "we can't talk about this on the phone" (substitute e-mail). Why not use encryption (oops -- that *could* be illegal, I guess!). Basically, I think the "e-mail == paper mail" concept is *all* wrong! This issue has further ramifications : unfriendly users reading your own files etc. -- "You see me now a veteran of a thousand psychic wars...." UUCP: ...!seismo!mcvax!ukc!dcl-cs!jam DARPA: jam%lancs.comp@ucl-cs | Post: University of Lancaster, JANET: jam@uk.ac.lancs.comp | Department of Computing, Phone: +44 524 65201 ext 4467 | Bailrigg, Lancaster, LA1 4YR, UK.
snoopy@ecrcvax.UUCP (Sebastian Snoopy Schmitz) (04/24/86)
Summary: Expires: References: <703@frog.UUCP> <12400018@uiucdcs> <2410@jhunix.UUCP> <168@proper.UUCP> <132@fai.UUCP> <11414@amdcad.UUCP> <comp.117> Sender: Reply-To: snoopy@ecrcvax.UUCP (Sebastian Snoopy Schmitz) Followup-To: Distribution: Organization: European Computer-Industry Research Centre, Munchen, W. Germany Keywords: In article <comp.117> jam@comp.lancs.ac.uk (John A. Mariani) writes: >I think some people are making a fundamental equation which just >doesn't hold up; > >e-mail == ordinary paper mail (or snail mail!) > >Perhaps a better equation would be > >e-mail == telephone communication Both equations are the same really ! I have to disagree on a legal point. Here in Germany (the Germans have a law for just about every aspect of life - this may be good or bad depending on your pov). As soon as something is transmitted via a post office controlled carier (post, telephone, packet switched networks etc. are all controlled by the Post Office Ministry here, i.e. part of the state) it is immediately subject to the Postal Secrecy Law. This means that no one is allowed to look at the message, open the envelope, tap the telephone etc. Most Usenet mail gets transmitted over telephone lines and therefore underlies this restriction. The agreement postal administrations have amongst each other is that they ensure that they will ensure this integrity for international mail (i.e. the German post will rely that the American post will not oipen my letter, before it reaches its destination). This may mean that different rules apply for mail items originating in deifferent countries. Let me ask for some restraint in this matter. (I don't want to sound like Gene Spafford, but...) There are two opinions. One says "Snarl, Snarl", if you're so dumb to send mail through my machine, I will read it. This is an intentional breach of other peoples privacy (there are several users out there who don't know that you do this). I am sometimes really bewildered about some of the startling naivite' displayed by some of our American fellows. Just because you are libving in a "free" country, does not mean that you can take the freedom to mess around in his/her personal life. The attitude: "This machine's mine and I can do with it whatever I want" is insanely selfish and reflects little concern for the privacy requirements. The other opinion is to say "Snarl, snarl", the guy who reads mail is an a**hole ( I am inclined to agree ) and should not do this. Both points are extreme. I believe that there should be a workable compromise. If you forward mail, then don't read it - you may get legal hassles. Would you like AT&T to sue you, for compromising their phones into comitting a security breach for which the US govt may sue them for breach of postal regulations. If mail bounces back and you want to help it along, then do so, but don't look at the contents. This can be done, you know. Headers these days fill about a screen and so you get little other information. One cannot trust a computer system (due to bugs etc.) but the administrators should be trustworthy. I point out to every user that I can read his mail, but that I do not do so, because I respect his/her privacy. I do tell them that mails may fail and that I sometimes cannot help seeing it. We have several people here, who transmit mail to their lovers/wives/husbands on other machines. I'll be damned if I ever look at any intimate mail of theirs. I have no business with that. I want my users to feel safe and at home on my system. I tend to trust USENet a lot - I install most software from the Net without ever really looking at it. I think that most SA's do. Look at the uproar caused by the guy with the nasty shar. The fact that the shar did something nasty probably wasn't what upset everyone. I think it was the principle that someone had basically compromised the spirit of free & easy cooperation and implicit trust of the Net, that got people annoyed. I think that this is a very good reason to be annoyed. Once the trust is gone, the net will die slowly - to due a malignant node. My modus operandi is as follows: I think carefully, before I "do" something, "What would I feel like if someone did this to me or my mail ?". That settles most of my questions. Sorry about the length. I hope I have contributed a useful point of view. Love, Seb BTW Is there a feature of rn that will keep a copy of my outgoing messages into the net for me ? (like the mail "record" facility ?) -- There are three types of people: - those who make things happen - those who watch things happening - and those who wonder what happened ...\!mcvax\!unido\!ecrcvax\!snoopy /* N.B. valid csh address */
ins_anmy@jhunix.UUCP (Norman M Yarvin) (04/24/86)
> In article <11414@amdcad.UUCP> phil@amdcad.UUCP (Phil Ngai) writes: > >In article <132@fai.UUCP> ronc@fai.UUCP (Ronald O. Christian) writes: > >>How do the rest of you system administrators feel? Is it within your > >>rights to open other people's mail? > > > >I'm supposed to keep the system running without looking at the files? > > I've been following this discussion (none too closely, I admit) and > I think some people are making a fundamental equation which just > doesn't hold up; > > e-mail == ordinary paper mail (or snail mail!) > > Perhaps a better equation would be > > e-mail == telephone communication An even better one would be e-mail(on Usenet) = a piece of paper that you give to one friend to hand to another --- Norman Yarvin (seismo!umcp-cs | ihnp4!whuxcc | allegra!hopkins) !jhunix!ins_anmy "We all know what UNIX is. It's an operating system with no dick, so it can't screw you."
jim@riacs.ARPA (Jim Houston) (04/25/86)
> > I've been following this discussion (none too closely, I admit) and > I think some people are making a fundamental equation which just > doesn't hold up; > > e-mail == ordinary paper mail (or snail mail!) > > Perhaps a better equation would be > > e-mail == telephone communication > Even better e-mail == citizens band radio Even though people know others could be listening on their radios, amazing things are still said. I have to agree with the person who said if you really want your mail to be private, encrypt it. Otherwise, think of e-mail more like a broadcast medium. You have NO control over where the mail could wind up. ( In fact, this message itself could wind up on some backup tape somewhere, only to be rediscovered and re-read in the distant future. :-) )
kehres@styx.UUCP (Tim Kehres) (04/26/86)
In article <217@riacs.ARPA> jim@riacs.ARPA (Jim Houston) writes: >I have to agree with the person who said if you really >want your mail to be private, encrypt it. Otherwise, think of e-mail more like >a broadcast medium. You have NO control over where the mail could wind up. >(In fact, this message itself could wind up on some backup tape somewhere, only >to be rediscovered and re-read in the distant future. :-) ) This is probably a practical way of looking at e-mail, however it should not be used as an excuse for immoral or possible illegal reading of other's mail. Encryption (which I am very much in favor of) should be considered another tool to make the unauthorized reading of mail much more difficult. Since just the message portion need to be encrypted, this should not make much of an impact on SA'a attempting to re-route stuck mail. Tim Kehres Control Data Corporaton / Lawrence Livermore National Laboratory ---------------------------------------------------------------- UUCP: {idi,ihnp4!lll-lcc}!styx!kehres ARPA: kehres@lll-tis-b.ARPA AT&T: (415) 423-6252
jim@cs.strath.ac.uk (Jim Reid) (04/30/86)
In article <117@comp.lancs.ac.uk> jam@comp.lancs.ac.uk (John A. Mariani) writes: > >I've been following this discussion (none too closely, I admit) and >I think some people are making a fundamental equation which just >doesn't hold up; > >e-mail == ordinary paper mail (or snail mail!) > >Perhaps a better equation would be > >e-mail == telephone communication > >Now, hey, I'm pretty paranoid but I'm not talking about telephone tapping etc. >There may well be good reasons for the operator/telephone engineer to >overhear (part of) a telephone conversation (although I can't think of >one now!). They may have to listen in to ensure the correct functioning of >the telephone system (no?). I think SAs find themselves in much the same >situation. > >Maybe the rule should be "we can't talk about this on the phone" >(substitute e-mail). Why not use encryption (oops -- that *could* be >illegal, I guess!). > >Basically, I think the "e-mail == paper mail" concept is *all* wrong! Got it in one! The best analogy I heard for e-mail is it's equivalent to a postcard. Anybody handling the mail (eg postmaster, uucp for email - post office workers for postcards) has the capability to read and alter it. In practice this doesn't happen much because of the volume of mail getting shipped. This doesn't mean it can't happen, but then who would send a confidential document on the back of a postcard? On a wider security front, the telecomms networks are easily monitored by government eavesdroppers like NSA in the US and GCHQ in the UK. Even if all the mail relays and their mail administrators didn't read your mail, what's to stop these spooks? With these people, even encryption is no guarantee of keeping data secure. In short, anybody who uses the net *must* appreciate it is a public forum and anything he/she sends to someone else cannot reasonably be expected to be a purely private communication in the way that a snail mail message would. If something is secret, don't say it! Jim
hutch@hammer.UUCP (Stephen Hutchison) (05/05/86)
>In article <117@comp.lancs.ac.uk>jam@comp.lancs.ac.uk(John A. Mariani) writes: >> >> >>Now, hey, I'm pretty paranoid but I'm not talking about telephone tapping etc. >>There may well be good reasons for the operator/telephone engineer to >>overhear (part of) a telephone conversation (although I can't think of >>one now!). They may have to listen in to ensure the correct functioning of >>the telephone system (no?). I think SAs find themselves in much the same >>situation. About six years ago I worked for a company in California called "Badger Meter Electronics Division" which, among other remote control machinery, built/builds telephone test equipment. The test consoles which were once widely used by telco operators who were running tests on the integrity of the phone lines, all incorporated a randomizing filter which reduced speech to a pattern of buzzing and clicking. It was recognizable as speech if you knew what it sounded like but wasn't understandable at all. The phone companies required that this filter be added because of some government regs about phone-tapping. Supervisors and some operators could cut in on phone calls in emergencies but even long-distance calls from payphones were supposed to be sacred. Naturally since I cannot point to the specific legal requirements this all constitutes hearsay and is thus a rumor. Hutch
larry@kitty.UUCP (Larry Lippman) (05/11/86)
In article <1993@hammer.UUCP>, hutch@hammer.UUCP (Stephen Hutchison) writes: >> >> There may well be good reasons for the operator/telephone engineer to >> overhear (part of) a telephone conversation (although I can't think of >> one now!). They may have to listen in to ensure the correct functioning of >> the telephone system (no?). > > About six years ago I worked for a company in California called > "Badger Meter Electronics Division" which, among other remote control > machinery, built/builds telephone test equipment. > > The test consoles which were once widely used by telco operators who > were running tests on the integrity of the phone lines, all incorporated > a randomizing filter which reduced speech to a pattern of buzzing and > clicking. It was recognizable as speech if you knew what it sounded like > but wasn't understandable at all. The phone companies required that this > filter be added because of some government regs about phone-tapping. Actually, an operating telephone company or communication common carrier has a legal right to listen to conversations for certain purposes, such as: (1) placement and "supervision" of an operator-assisted telephone call; (2) during repair and maintenance functions on communication circuits; and (3) for "service observing" purposes, which is a quality-control function. It is, however, UNLAWFUL for an employee of a telephone company or communication common carier to disclose the nature of such intercepted communications to a third party. Under New York State law, it has been held that the above types of interception result from "normal operation" of a telephone company, and are therefore exempt from violating the eavesdropping statues under Article 250 of the NY Penal Law. Implicit permission for interception of conversations for the above purposes by a telephone company or communication common carrier is in fact conveyed by federal law. I quote from the United States Code, Title 18, Section 2511: (2) (a) (i) "It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of any communication common carrier, whose facilities are used in the transmission of a wire communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the carrier of such communication: PROVIDED, That said communication carriers shall not utilize service observing or random monitoring except for mechanical or service quality control checks." There is no legal requirement that speech be "encoded" so that a telephone company operator cannot understand the conversation. However, such a feature is desired by management of telephone companies to preclude any liability incurred by employees "misusing" verification and test facilities. One of the most deeply guarded secrets of the larger telephone companies (like the BOC's) is the extent to which service observing is carried out. There are legitimate reasons why service observing is required, such as: (1) transmission quality appraisal; (2) human factors analysis (i.e., dialing time, ringing time, etc.); (3) traffic analysis; etc. It is my understanding that telephone companies do take some steps to conceal the subscriber line identity from the service observing personnel. However, the point to remember is that ANY direct-dialed telephone call CAN be LEGALLY monitored by a telephone company or communication common carrier. My personal opinion - in case anyone cares - is that the above type of monitoring as conducted by a telephone company or communication common carrier is a normal fact of life. No one should get bent out of shape over it, since there is NO WAY to enforce absolute privacy in a telephone call - unless someone wishes to employ digital speech encoding. ==> Larry Lippman @ Recognition Research Corp., Clarence, New York ==> UUCP {decvax|dual|rocksanne|rocksvax|watmath}!sunybcs!kitty!larry ==> VOICE 716/688-1231 {rice|shell}!baylor!/ ==> FAX 716/741-9635 {G1, G2, G3 modes} seismo!/ ==> "Have you hugged your cat today?" ihnp4!/