taylor@hplabsc.UUCP (Dave Taylor) (04/11/86)
Sooo...pretty interesting topic we're all talking about here. I'm rather disgusted by the attitude John Gilmore has towards the whole issue though. I can just imagine sending someone encrypted mail because I DON'T WANT ANYONE along the way reading it and getting a message back from john_gilmore@hoptoad saying "You were using my machine for your mail and I couldn't ascertain if it was legit or not so I removed it. If you don't like it, USE ANOTHER MAIL ROUTE!" Such a friendly attitude. So willing to help. As one of the local mail "folks" here in HP, I've actually been known to propose built-in encryption routines that would be part of SENDMAIL or some other ``second level'' transport mechanism that would know the public encryption keys for specific machines. The mail packet going off of the local machine would then be encrypted as it left (regardless of the protocol - SMTP/UUCP/ACSnet/??) and then decrypted as it was received on the destination machine. While nosy twits (no names needed) could still go through the pain of decrypting, it would in reality be such a hassle that they'd just find themselves out of a source of amusement. By the same token, that's why my mailer, Msg, has a built-in encryption facility that's so incredibly easy to use... ------------------ On the other hand, it seems we're all dealing with this in an adversarial sort of way... That is, if John wants to limit the mail that goes through his system to small packets only, or whatever, then what we need to do is to modify the SYSTEM to support that. For example, let's have mailers that use different routes according to the size of the message...think of it - machines that could perhaps direct connect long-distance phone line type connections NOW if the message is small (under 2K, say) or queue any larger messages for that evening (or a different route even). This is, from what I understand, somewhat akin to the ACSnet bit about prioritized message packets... If I had a machine of my own I'd make my uucp map entry something that made calling to my machine reasonably cheap, but calling OUT of my machine, even if to a local host, incredibly expensive. This would mean that my machine would be a 'last resort' route if absolutely needed, but otherwise I'd never see mail. You can't have it both ways - you can't be a "mini-hub" and still ask not to have too much mail go through your system... ------------- In a ramblin' sort of way, this afternoon, -- Dave Taylor taylor@hplabs
bch@ecsvax.UUCP (Byron C. Howes) (04/21/86)
In article <168@dione.rice.EDU> salex@iapetus.rice.edu (Scott Alexander) writes: >If you rely on any utility of mail being private, especially if it >goes through machines not controlled by sender or recipient, you are >fooling yourself. I don't rely on it being private. I do rely on it being unmolested by other Systems Administrators. Mail's utility is predicated on it being as reliable as the network will allow. > It has been my observation that >all mail administrators that I have dealt with have very few qualms >about reading others mail. Perhaps, it shouldn't be that way, but >it's not going to change any more quickly than any of the other >problems which result from a system of decentralized control of the >network. I'm sorry that's the case. *I* figure my users have some right to privacy. For those SAs that go out of their way to read mail, I hope they read something about themselves. -- Byron Howes Systems Manager -- NCECS usenet/bitnet address: bch@ecsvax
bch@ecsvax.UUCP (Byron C. Howes) (04/21/86)
In article <105@cbmvax.cbmvax.cbm.UUCP> grr@cbmvax.UUCP (George Robbins) writes: > >Perhaps the best course is to look at a parallel service - handling third party >traffic in radio service. > >The essence is that you may read the messages, but may not divulge them, or use >the information for your own benefit. You are also responsible for checking >that the messages you retransmit do not violate appropriate regulations - i.e. >obscenity or illegal content. >As a system/mail administrator it is perfectly reasonable to monitor the mail >through your site, however one should do so in the role of a dispassionate >observer. You are not interested in who the messages are from or why the were >sent - just that the content is allowable and that the use of your system is not >abusive. I both agree and have problems with this. I agree that the role of the systems administrator with respect to others' mail that must be read should be that of a dispassionate observer. I think also, however, that one should *avoid* reading others' mail unless it is unavoidable. With respect to abuse of the system, it would take considerable probable cause for me to want to regularly monitor mail (yuck -- distasteful!) Obscenity is somthing I'm not qualified to judge on. -- Byron Howes Systems Manager -- NCECS usenet/bitnet address: bch@ecsvax
andrew@stc.UUCP (04/22/86)
First, let me go on record: I have neither the time, nor the inclination to read any mail not addressed to me, and not causing a snarl-up in stc's e-mail system. On the other hand I think one has to regard e-mail much as a picture postcard, ie as published material, and any defamatory comments in an e-mail message as libel - it is easy to apply any sort of encryption to secure your message from casual snooping (Rot13 for instance would, I believe, suffice to change it to a private communication) Hmm yes I think this picture-postcard is a good analogy, since there is the text right alongside the address... comments? -- Regards, Andrew Macpherson. <andrew@tcom.stc.co.uk> {aivru,btnix,concurrent,datlog,iclbra,iclkid,idec,inset,root44,stl,ukc} !stc!andrew
gadfly@ihuxn.UUCP (Gadfly) (04/22/86)
-- > Even if csuh only connects to lll-crg, you have no right to tell other > sites what to do with your mail. I don't make a practice of reading > mail going through my site but that's no promise I won't. UUCP is > always leaving little turds around for me to clean up. Sometimes I > look at them to figure out what they are. And my users have access > also. (I run uucp 777 mode, to keep things simple.) > > If you don't like it, set up your own connection. I have no > responsibility for your traffic. > -- > Phil Ngai +1 408 749 5720 You have a moral responsibility, Phil. The very concept of mail assumes privacy between sender and receiver. You know that. I can't stop you from reading my mail (if it happens to blow by in the night), but if you do snoop you are doing something wrong. I'm glad you "don't make a practice" of reading mail. You should, as a generic upstanding human being, promise that you won't. I'm flabbergasted at how many system administrators feel it's permissible to snoop simply because they own or maintain the computer resource. It's sad what happens when people are well trained but poorly educated. Get your heads out of your respective tty's and into some Maimonides, Aquinas, Aristotle, or Kant. Or even Mill. -- *** *** JE MAINTIENDRAI ***** ***** ****** ****** 22 Apr 86 [3 Floreal An CXCIV] ken perlow ***** ***** (312)979-7753 ** ** ** ** ..ihnp4!iwsl8!ken *** ***
gadfly@ihuxn.UUCP (Gadfly) (04/22/86)
-- > Even if csuh only connects to lll-crg, you have no right to tell other > sites what to do with your mail. I don't make a practice of reading > mail going through my site but that's no promise I won't. UUCP is > always leaving little turds around for me to clean up. Sometimes I > look at them to figure out what they are. And my users have access > also. (I run uucp 777 mode, to keep things simple.) > > If you don't like it, set up your own connection. I have no > responsibility for your traffic. > -- > Phil Ngai +1 408 749 5720 You have a moral responsibility, Phil. The very concept of mail assumes privacy between sender and receiver. You know that. I can't stop you from reading my mail (if it happens to blow by in the night), but if you do snoop you are doing something wrong. I'm glad you "don't make a practice" of reading mail. You should, as a generic upstanding human being, promise that you won't. I'm flabbergasted at how many system administrators feel it's permissible to snoop simply because they own or maintain the computer resource. It's sad what happens when people are well trained but poorly educated. Get your heads out of your respective tty's and into some Maimonides, Aquinas, Aristotle, or Kant. Or even Mill. -- *** *** JE MAINTIENDRAI ***** ***** ****** ****** 22 Apr 86 [3 Floreal An CXCIV] ken perlow ***** ***** (312)979-7753 ** ** ** ** ..ihnp4!iwsl8!ken *** ***
phil@amdcad.UUCP (Phil Ngai) (04/23/86)
In article <1416@ihuxn.UUCP> gadfly@ihuxn.UUCP (Gadfly) writes: > >You have a moral responsibility, Phil. The very concept of mail >assumes privacy between sender and receiver. You know that. Nonsense. UUCP mail has always been unreliable and insecure. Don't go comparing UUCP mail with USmail. If you don't like the (free) service my site provides, don't use it. I didn't ask you to send mail through my site. I didn't set it up as a relay site. Relaying happens by default and it would be an effort to turn it off. >I'm glad you "don't make a practice" of reading mail. You should, >as a generic upstanding human being, promise that you won't. You missed my point that as a system admin one can not promise not to. But then, you probably don't know anything about running a system anyway. -- Cats are alien beings sent here to sit on our cars. Phil Ngai +1 408 749 5720 UUCP: {ucbvax,decwrl,ihnp4,allegra}!amdcad!phil ARPA: amdcad!phil@decwrl.dec.com
gadfly@ihuxn.UUCP (Gadfly) (04/24/86)
-- [A discussion between Phil Ngai & me on privacy of e-mail] > >You have a moral responsibility, Phil. The very concept of mail > >assumes privacy between sender and receiver. You know that. > > Nonsense. UUCP mail has always been unreliable and insecure. Don't go > comparing UUCP mail with USmail. If you don't like the (free) service > my site provides, don't use it. I didn't ask you to send mail through > my site. I didn't set it up as a relay site. Relaying happens by default > and it would be an effort to turn it off. The comparison is valid. The contents of UUCP mail, like US mail, are assumed to be confidential. The mail may get lost or munged--it often does--but it is not written for public dissemination. > >I'm glad you "don't make a practice" of reading mail. You should, > >as a generic upstanding human being, promise that you won't. > > You missed my point that as a system admin one can not promise not to. > But then, you probably don't know anything about running a system > anyway. > > Phil Ngai +1 408 749 5720 I was vague in my use of the word "promise". Having been a system administrator a few years back, I'm well aware of the lengths you go to in putting broken files and file systems back together. Analogously, postal workers certainly have to read pieces of letters that were inadvertently shredded in order to put them back together as best they can. I do not consider this a violation of privacy. When these accidents happen, what you are reading is not exactly mail. Also by analogy, letters fall out of envelopes, addresses get erased or smeared, etc. The promise refers to an intention to maintain the sender-receiver privacy. Aiding in the delivery or return of the mail, or examining parts of it during the recovery of your system's resources, clearly does not violate that intention. It's a promise not to be knowingly malicious. I didn't think there'd be much debate about that. You are correct that you didn't ask for this headache, that you never told anyone they could send mail through your site, and that they are not paying for the service. I maintain, however, that you have moral obligations beyond the sum total of those things you have entered into contracts for, moral obligations to people you don't even know. I'm sure you feel that way too, or haven't you ever given to charities? -- *** *** JE MAINTIENDRAI ***** ***** ****** ****** 24 Apr 86 [5 Floreal An CXCIV] ken perlow ***** ***** (312)979-7753 ** ** ** ** ..ihnp4!iwsl8!ken *** ***
phil@amdcad (04/25/86)
In article <1451@ecsvax.UUCP> bch@ecsvax.UUCP (Byron C. Howes) writes: >In article <168@dione.rice.EDU> salex@iapetus.rice.edu writes: > >>If you rely on any utility of mail being private, especially if it >>goes through machines not controlled by sender or recipient, you are >>fooling yourself. > >I don't rely on it being private. I do rely on it being unmolested by >other Systems Administrators. Mail's utility is predicated on it being >as reliable as the network will allow. Sounds like you agree there. I agree too. Except that if reliability is important to you, you should set up a direct link. Don't complain about other people when you have the most direct means of solving the problem. Especially when the other people are doing you a favor by relaying your mail. >> It has been my observation that >>all mail administrators that I have dealt with have very few qualms >>about reading others mail. Perhaps, it shouldn't be that way, but >>it's not going to change any more quickly than any of the other >>problems which result from a system of decentralized control of the >>network. > >I'm sorry that's the case. *I* figure my users have some right to >privacy. For those SAs that go out of their way to read mail, I hope >they read something about themselves. I'm not sure but I think Scott meant that mail admins read mail going through their machine. As far as I'm concerned, my machine is there for my users and they have a right to as much privacy as can reasonably be given. (if they leave a temporary file in /tmp and I need to clean out /tmp, I'll read it before rm'ing it.) But people who send mail *through* my machine have no rights to privacy. -- Cats are alien beings sent here to sit on our cars. Phil Ngai +1 408 749 5720 UUCP: {ucbvax,decwrl,ihnp4,allegra}!amdcad!phil ARPA: amdcad!phil@decwrl.dec.com
gam@amdahl (04/25/86)
On the one hand, you can use the -d flag of Peter Honeyman's pathalias(1) to declare as DEAD any site which you do not want your mail to go thru. That way that site will only be used when it is the only available choice. On the other hand, I doubt that such exclusions from the network would improve the security or privacy of electronic mail. I suspect there are many many mail peekers out there that we will never know about. -- Gordon A. Moffett ...!{ihnp4,seismo,hplabs}!amdahl!gam ~ How can I tell you ~ ~ That I love you? ~ ~ ... I can't think of right words to say ~ -- [ This does not represent Amdahl Corporation ]
lauren@vortex (04/26/86)
I could comment at length on this topic from a variety of angles, but due to time constraints I'll just make a simple statement to those people thinking about encryption as a "solution" to the "problem" of mail privacy: The legal ramifications of allowing encrypted messages (I don't mean "fake" encryption like rot13--I mean the real thing) through your system are decidedly unclear. If anyone tells you that they understand all of the legal issues involved in handling such traffic they simply don't know what they are talking about. Courts have been bouncing back and forth regarding whether or not third parties have some responsibility for materials passing through their facilities. The issues of common-carrier responsibilities, who is and who is not a common-carrier, etc. are also complex to say the least. The argument that "the material was encrypted so he didn't know he was being used for something illicit" has not proven to be a convincing one to various courts. Given the fluidity of this situation, and impending new laws which may complicate the situation even further, it would seem best to avoid, whenever possible, putting third parties in the position of possible problems. I recommend against passing encrypted materials through intermediate sites unless you have the explicit (written!) permission from those sites to do so. ---- But of course, there's a far simpler solution. If you have something really private to say to someone else, either don't send it via e-mail or set up a direct link to that person's site. --Lauren--
dricej@drilex (04/26/86)
This whole discussion about reading other peoples' mail has been raging because some important distinctions between rights and courtesies are being missed. 1. The owner of a computer has the right to control the uses to which that computer is put. This means that the owner, or the owner's agent (the system administrator) has the right to look through any file on the system. Some owners may enter into contracts which relinquish this right, promising file security for the user. This does not apply to inter-system mail, though, because: 2. Unix mail is transmitted as a matter of courtesy, not a matter of contract. Although we all transmit it, it is in a spirit of cooperation, not because we were paid to do so. Therefore, there is no formal obligation of privacy for intersystem mail. 3. Nonetheless, we transmit mail out of courtesy. Another aspect of courtesy is the expectation of reasonably privacy for that mail transmission. For a system administrator to look through mail routinely, in search of competitive secrets for example, is very discourteous. But he or she still has the right to do it (as delegated by the owner of the computer). -- Craig Jackson UUCP: {harvard,linus}!axiom!drilex!dricej BIX: cjackson
george@gvax (04/27/86)
In article <11447@amdcad.UUCP> phil@amdcad.UUCP (Phil Ngai) writes: >In article <1416@ihuxn.UUCP> gadfly@ihuxn.UUCP (Gadfly) writes: >> >>You have a moral responsibility, Phil. The very concept of mail >>assumes privacy between sender and receiver. You know that. > >Nonsense. UUCP mail has always been unreliable and insecure. Don't go >comparing UUCP mail with USmail. If you don't like the (free) service >my site provides, don't use it. I didn't ask you to send mail through >my site. I didn't set it up as a relay site. Relaying happens by default >and it would be an effort to turn it off. > >>I'm glad you "don't make a practice" of reading mail. You should, >>as a generic upstanding human being, promise that you won't. > >You missed my point that as a system admin one can not promise not to. >But then, you probably don't know anything about running a system >anyway. One question: What is "amd"? Do they sell any products or services? If so, I would like to urge everyone to boycott this company and any other which employs a system administrator with this type of attitude. It gives the rest of us a bad name. George Boyce, george@gvax.cs.cornell.edu
jad@hpcnoe.UUCP (04/29/86)
Reading other people's mail is tacky. Sure you "can" do it; I "can" shoot your [insert pet name here], too. I understand the need to clean up after uucp; until you get a better system, there's not much choice. But that's different from saying "if you send your mail through my machine I will read it if I feel like it", which I find totally irresponsible and appalling. Besides being a massive waste of time. Personally, it makes no difference to me as I know enough not to trust anything I care a whit about to electronic mail (encrypted or not). It's the poor ignorants who lose, yet again ... -- jad -- John A Dilley Phone: (303)229-2787 Email: {hpfcla,hplabs} !hpcnoe!jad (ARPA): hpcnoe!jad@hplabs.ARPA
bch@ecsvax (04/29/86)
In article <128@drilex.UUCP> dricej@drilex.UUCP (Craig Jackson) writes: >Unix mail is transmitted as a matter of courtesy, not a matter of contract. >Although we all transmit it, it is in a spirit of cooperation, not because we >were paid to do so. Therefore, there is no formal obligation of privacy >for intersystem mail. I disagree. It is my opinion that when we agree to forward others' mail, we are doing so because others have agreed to forward *our* mail. It is an agreement implicit in becoming a member of usenet. Perhaps it should be explicit -- systems administrators of sites on usenet should have to have a signed agreement on file before they are permitted to forward mail onto the net. Money is not the only recompense in a contractual agreement. If I thought that the System Adminstrator at a neighboring site was deliberately interfering with mail being forwarded through his or her system, I would not only route around the site but would probably take steps to terminate the link. The agreement must work both ways. Part of the guarantees of service I attempt to make to our own users *includes* guarantees to users at other sites temporarily using our facilities. -- Byron Howes usenet/bitnet address: bch@ecsvax Any opionions expressed herein are purely my own, and do not represent the views of the General Administration of the University of North Carolina or those of the North Carolina Educational Computing Service.
phil@amdcad (04/29/86)
In article <339@gvax.cs.cornell.edu> george@gvax.UUCP (George R. Boyce) writes: >One question: What is "amd"? Do they sell any products or services? If so, >I would like to urge everyone to boycott this company and any other which >employs a system administrator with this type of attitude. It gives the rest >of us a bad name. I am not an official spokesman for the company but I expect that if you asked them what policy on reading mail going through this machine was, they would say "We don't want people sending mail through this machine. Let them pay for their own phone calls." -- Cats are alien beings sent here to sit on our cars. Phil Ngai +1 408 749 5720 UUCP: {ucbvax,decwrl,ihnp4,allegra}!amdcad!phil ARPA: amdcad!phil@decwrl.dec.com
gam@amdahl (04/29/86)
In article <919@vortex.UUCP> lauren@vortex.UUCP (Lauren Weinstein) writes: > Given the fluidity of this situation, and impending new laws which > may complicate the situation even further, it would seem best > to avoid, whenever possible, putting third parties in the position > of possible problems. I recommend against passing encrypted materials > through intermediate sites unless you have the explicit (written!) > permission from those sites to do so. Laws that inhibit the free flow of information in a securely encrypted form are a threat to the Freedom of Speech and the implied freedom of communication. By all means, use encrypted mail whenever possible, as it is your only guarentee of privacy in transit. A judge who would claim that a courier holds responsability for what the message says is nothing more than a naive re-statement of the old stories about killing the bearer of bad news .... > But of course, there's a far simpler solution. If you have something > really private to say to someone else, either don't send it via e-mail > or set up a direct link to that person's site. > > --Lauren-- Here we both strongly agree. -- Gordon A. Moffett ...!{ihnp4,seismo,hplabs}!amdahl!gam Moderation in all things, including moderation. -- [ This does not represent Amdahl Corporation ]
bch@ecsvax (04/30/86)
In article <11447@amdcad.UUCP> phil@amdcad.UUCP (Phil Ngai) writes: >If you don't like the (free) service >my site provides, don't use it. I didn't ask you to send mail through >my site. I didn't set it up as a relay site. Relaying happens by default >and it would be an effort to turn it off. (1) The service isn't free. I'm obligated to forward on mail from your users just as you are from mine. It's real simple. It's also simple to set up a filter to drop mail sent from amdcad on the floor if that's what you have in mind. (2) I just took a look at my uucp maps. There is a very extensively commented entry for amdcad written by Phil. To me, if Phil advertises his machine and its connectivity to the net, he is volunteering it as a relay site. He could as easily portray himself as a leaf node and thus not have to deal with relaying mail. It is more than just the software that causes relaying...you have to announce you are a node which will relay. -- Byron Howes usenet/bitnet address: bch@ecsvax Any opionions expressed herein are purely my own, and do not represent the views of the General Administration of the University of North Carolina or those of the North Carolina Educational Computing Service.
good@pixar ("Pravda nyet isvetsia, Isvetsia nyet pravda") (04/30/86)
Assuming that uucp mail is private seems extremely naive to me. Not that I, as a sysadmin, go deliberately poking through mail. I don't think that administrators *should* read mail unless they have to (for any of the reasons already mentioned in this debate). But I never send anything confidential via uucp, and I hope nobody else does. It's got to be just asking for trouble. Someone said that e-mail should be treated like US Mail. In the case of uucp I think the more correct analogy is CB radio, as mentioned by another author. Uucp uses a "free", decidedly anarchistic network to disseminate the mail. There is no mechanism to guarantee privacy nor delivery. In contrast, for example, Pixar rents an electronic "mail box" from MCI Mail. We pay for the service, and use MCI's organized network to send and receive e-mail and telexes, etc. In that case I feel we can reasonably expect and insist on privacy in our communications. The lesson for usenet users should be that confidential material should not be sent via uucp -- unless you are hoping it will leak. But that is yet another discussion... -- --Craig ...{ucbvax,sun}!pixar!good
Unknown@decwrl (04/30/86)
This message is empty.
mouse@mcgill-vi (04/30/86)
In article <3068@amdahl.UUCP>, gam@amdahl.UUCP (G A Moffett) writes: > On the one hand, you can use the -d flag of Peter Honeyman's pathalias(1) > to declare as DEAD any site which you do not want your mail to go thru. > That way that site will only be used when it is the only available choice. Exactly what I did with lll-crg (bandy's machine). Oooh, maybe I shouldn't have said that, I can see the bandygrams now....but he seems to be saying to the world "I'm not interested enough in carrying your mail to be ethical about it", so, well, he's not carrying ours. On the other hand, seems to me that being a member of USEnet is a privilege, not a right. Hmmmm.... Or, I suppose you could diddle the input files to declare all links to a given machine (say, lll-crg) as cost -1000000, then every letter will get routed through lll-crg (I would suppose, I haven't tried it!). If many sites did this, I doubt bandy would be ABLE to read every piece of mail passing through his machine. For that matter, would his MACHINE be able to handle it?? (:-), for those lacking in humor. -- der Mouse USA: {ihnp4,decvax,akgua,utzoo,etc}!utcsri!mcgill-vision!mouse philabs!micomvax!musocs!mcgill-vision!mouse Europe: mcvax!decvax!utcsri!mcgill-vision!mouse mcvax!seismo!cmcl2!philabs!micomvax!musocs!mcgill-vision!mouse ARPAnet: utcsri!mcgill-vision!mouse@uw-beaver.arpa "Come with me a few minutes, mortal, and we shall talk."
jer@peora (05/01/86)
> Courts have been bouncing back and forth regarding whether or not > third parties have some responsibility for materials passing through > their facilities. The issues of common-carrier responsibilities, > who is and who is not a common-carrier, etc. are also complex to > say the least. The argument that "the material was encrypted so he > didn't know he was being used for something illicit" has not proven > to be a convincing one to various courts. Well, now, Lauren, I must admit that this is a bit of a problem... because if it *is* advisable not to pass encrypted mail by this argument, it is also essentially mandatory that you read every piece of mail that passes through your site! In fact, the legal ramifications are so severe that it would seem inadvisable to let *anyone* send mail through your site... because if anybody ever sends anything illicit through your site, and you could be held liable because they did, then you're taking on a terrible responsibility in letting anyone use your site to transport mail. Or could that be ... um ... no, surely you didn't mean that... :-) -- E. Roskos
gds@sri-spam (05/01/86)
I think we've all gotten off the point a bit here. This all started because Andy Beals was reading a piece of mail not addressed to him, but what's more he intercepted it and returned it, saying "it wasn't worth *his* (emphasis mine) time to send it". I can appreciate the difficulties of UUCP mail administration (after all, I had to do it myself not too long ago) and sometimes you have to read the mail that gets left in your queues, but you should only do this in the course of administration. What Andy was doing, in my opinion, was outside the bounds of administration, and more along the lines of censorship. Unless he is authorized by Lawrence Livermore Labs to intercept mail at his site and return it if he (personally) feels it is not worth his time to send, he shouldn't be intercepting it. This is the kind of thing I was warning about in net.news.*, when people would start thinking because they were backbone administrators they could do whatever they felt like because otherwise they would eliminate certain newsgroups. I hope the rest of the net is satisfied with these forms of net.censorship, I'm sure not. --gregbo
mrl@oddjob.UUCP (05/01/86)
In article <2744@pixar.pixar> good@pixar.UUCP ("Pravda nyet isvetsia, Isvetsia nyet pravda") writes: > > Assuming that uucp mail is private seems extremely naive to me. Not >that I, as a sysadmin, go deliberately poking through mail. I don't think >that administrators *should* read mail unless they have to (for any of the >reasons already mentioned in this debate). But I never send anything >confidential via uucp, and I hope nobody else does. It's got to be just >asking for trouble. I just came across this fortune which seems unusually appropriate for this discussion, and exhibits a useful analogy: Mencken and Nathan's Second Law of The Average American: All the postmasters in small towns read all the postcards. -- * * * * * * * Scott Anderson * * ** ihnp4!oddjob!kaos!sra * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
phil@amdcad (05/02/86)
In article <1500@ecsvax.UUCP> bch@ecsvax.UUCP (Byron C. Howes) writes: >(2) I just took a look at my uucp maps. There is a very extensively >commented entry for amdcad written by Phil. To me, if Phil advertises >his machine and its connectivity to the net, he is volunteering it >as a relay site. He could as easily portray himself as a leaf node >and thus not have to deal with relaying mail. It is more than just >the software that causes relaying...you have to announce you are a node >which will relay. I did that to be a good neighbor. However, I can not guarantee privacy of mail sent through my site. If my map entry somehow implys that I do, I'll have to withdraw it. I don't understand your reaction. It's not as though I or anyone at this site makes a practice of spying on others' mail. But stuff gets stuck and has to be cleaned out. I'm not going to let my disk fill up. And I'm not going to blindly delete data. So there is a chance your mail will get read. I don't think it's a great thing but it seems to be the best alternative. -- If a reactor melts down in Russia will they call it the America syndrome? Phil Ngai +1 408 749 5720 UUCP: {ucbvax,decwrl,ihnp4,allegra}!amdcad!phil ARPA: amdcad!phil@decwrl.dec.com
lauren@vortex.UUCP (Lauren Weinstein) (05/02/86)
Given some of the laws that are pending, it may well be the case that ultimately, the letter of the law would require that every piece of mail passing through an intermediate site be screened before being passed on. There is all sorts of legislation pending involving child pornography and other illicit activities that doesn't seem to draw any distinction between active and "passive" participation in the passing on of material. Similar examples can be drawn from the world of BBS's. There have been several BBS cases where operators were prosecuted when "patterns of abuse" indicated that they encouraged the use of their facilities for illicit purposes. The board operators claimed they didn't know what sorts of messages were being sent. In one case at least, this argument was rejected by the court. Now, obviously not all cases involving BBS operators have gone in that direction, but the point I'm making is that there is considerable fluidity in the laws in this area, and it looks, at this time, as if pending legislation may put increasing responsibility on intermediaries in message transmission. I don't propose at this point to discuss the pros and cons of such responsibility. Nor would I want to hazard a guess about what these various pieces of legislation will look like if and when they become law. One can only hope that such laws will be "reasonable" and take into account the technical realities of the situation. But in the meantime, while everything is in such a state of flux, it seems only prudent to avoid putting other people into a possibly risky situation. Since at least some courts view message encryption with a "if they have to hide what they're saying they must be trying to do something wrong" attitude, avoiding the use of encryption except with the permission of the third parties would seem the best course, for the time being, anyway. I certainly hope the law doesn't put people into the position of being legally required to read all mail that they handle. But I can imagine a requirement that certain sorts of mail be blocked once you are made aware of the fact that your site is passing illicit traffic. If you're faced with large volumes of encrypted mail, you may not be able to implement such controls, which could well anger the courts. But this is all academic, since nobody knows which way the courts will ultimately rule on any of this. That's the whole point--nobody knows! If someone wants to send a message that contains material so personal or so sensitive that reading by an intermediate party would be a disaster, then setting up a direct connection would seem the most appropriate course of action by far. As for the general topic of reading other people's mail (legal issues aside for now)... My own feeling is that mail shouldn't normally be read unless some abnormality makes it appropriate. Such abnormalities may include failed/misaddressed mail and "bizarre" usage patterns. By "bizarre" I mean extremely high volume. I once saw about 500 messages in a queue, all of almost identical length (about 1000 bytes) to sites scattered all over the place. Given that kind of volume, I wanted to know what the hell was going on. I discovered it was somebody just playing loop-d-loop with the network, trying to pass the same message which essentially said "test" back and forth through every site he could find--a total waste of the money of many sites. I sent the person a message telling him he shouldn't do this, and he said, "Gee, thanks! I didn't know it was costing anybody money! I was just playing." Wonderful. Luckily for all of us, these sorts of situations don't come up very often, so normally we can leave things pretty much alone. I don't think it's polite or appropriate for a system admin to randomly read mail just for "fun" when there's no administrative reason to do so and I would never suggest or condone such actions. --Lauren--
philip@axis.UUCP (Philip Peake) (05/05/86)
During this debate, some reference has been made to the possibility of encrypting mail. There is only one potential drawback here - some sites seem to have developed a nasty habit of stripping the eighth bit of any data passing through them. I discovered this by accident when someone recently sent me some files which had been 'pack'ed to reduce transmission costs. They were (of course) useless with the eighth bit stripped off ... This doesn't seem like reasonable behaviour to me. I suppose that the moral is to convert your encrypted mail to a hex representation before sending it ...
bzs@bu-cs.UUCP (Barry Shein) (05/06/86)
>From: lauren@vortex.UUCP (Lauren Weinstein) >Given some of the laws that are pending, it may well be the case that >ultimately, the letter of the law would require that every piece of mail >passing through an intermediate site be screened before being passed >on. There is all sorts of legislation pending involving child pornography >and other illicit activities that doesn't seem to draw any distinction >between active and "passive" participation in the passing on of material. The law is strange, but I doubt very highly it is (or will be) this strange. What I could imagine is requiring a site which sends mail through you to sign a contract limiting liability, declaring responsibility and specifying what is and is not agreed to be sent. I mean, c'mon, this is a little apocalyptic isn't it? Yes, I saw the various disclaimers...I dunno, it is a crazy world tho isn't it. -Barry Shein, Boston University
elw@netexa.UUCP (E. L. Wiles) (05/06/86)
> > The argument that "the material was encrypted so he > > didn't know he was being used for something illicit" has not proven > > to be a convincing one to various courts. > > In fact, the legal ramifications are so severe that > it would seem inadvisable to let *anyone* send mail through your site... > because if anybody ever sends anything illicit through your site, and you > could be held liable because they did, then you're taking on a terrible > responsibility in letting anyone use your site to transport mail. > > Or could that be ... um ... no, surely you didn't mean that... :-) > -- > E. Roskos I'd like to see someone try to sue the U.S. Post Office for one of the multitude of explosive devices sent through their service. It should be interesting to see the sparks fly! :-) -- E. L. Wiles @ NetExpress Comm. Inc. Vienna, Virginia. "Opinions?....Opinions?....WHAT Opinions?!?"
pete@uqcspe.OZ (Peter McMahon) (05/06/86)
Reading other peoples' mail is just one activity of the abuser of (perhaps naive) trust. I have a heard of a certain site (no names, hey Cheryl?) where the SA installed a device driver that allowed that person to peruse /dev/null!! So keep safe. Cat ALL unwanted output to your terminal. -- Peter McMahon ACSnet: pete@uqcspe.oz ARPA: pete%uqcspe.oz@seismo.css.gov CSNET: pete@uqcspe.oz UUCP: ..!seismo!munnari!uqcspe.oz!pete JANET: uqcspe.oz!pete@ukc Phone: (07) 377 4276
gam@amdahl.UUCP (G A Moffett) (05/08/86)
In article <951@bute.tcom.stc.co.uk> andrew@stc.UUCP (Andrew Macpherson) writes: > Hmm yes I think this picture-postcard is a good analogy, since there is > the text right alongside the address... comments? I agree with this analogy for the most part. On the one hand, it is ridiculous to expect privacy on a postcard. On the other hand, it is rarely necessary to read any more than the address. But the kinda stuff I'm hearing around here sounds like some people sit back and read the mail like some people watch soap operas! I think the obvious solution is to use crypt(1) and uuencode/ uudecode(1). (Be sure that you transmit the key for the encryption over a *secure* medium) crypt(1) is now once again permitted to be exported to other countries. I don't know if a public domain uuencode(1) exists but it would be easy to write. -- Gordon A. Moffett ...!{ihnp4,seismo,hplabs}!amdahl!gam "Will the *real* Dr. Fedderman please report to neurosurgery *immediately*?!" -- [ This does not represent Amdahl Corporation ]
ado@elsie.UUCP (Arthur David Olson) (05/08/86)
> I have a heard of a certain site. . .where the SA installed a device driver > that allowed that person to peruse /dev/null!! > > So keep safe. Cat ALL unwanted output to your terminal. Won't work. If the SA is in a position to *divert* stuff directed to /dev/null, they're in a position to *copy* stuff directed to /dev/tty. So keep safe. Share computers only with people you can trust. -- UUCP: ..decvax!seismo!elsie!ado ARPA: elsie!ado@seismo.ARPA DEC, VAX, Elsie & Ado are Digital, Borden & Shakespeare trademarks.
phil@amdcad.UUCP (Phil Ngai) (05/12/86)
In article <5662@sri-spam> gds@sri-spam writes: >I think we've all gotten off the point a bit here. This all started >because Andy Beals was reading a piece of mail not addressed to him, but >what's more he intercepted it and returned it, saying "it wasn't worth >*his* (emphasis mine) time to send it". > >I can appreciate the difficulties of UUCP mail administration (after >all, I had to do it myself not too long ago) and sometimes you have to >read the mail that gets left in your queues, but you should only do this >in the course of administration. What Andy was doing, in my opinion, >was outside the bounds of administration, and more along the lines of >censorship. You've lumped everything Andy into the category of censorship. Under some circumstances I don't consider reading a piece of mail not addressed to me as censorship. My neighbors go down all the time. My UUCP queues clog up. And I have to clean it up. Under those circumstances I look at whatever I have to. I consider this part of UUCP mail administration. As for bouncing junk mail back, that could be called censorship. However, I think of censorship as something like the Federal government telling a newspaper it can't run an article critical of Ronnie. What we have here is a newspaper refusing to run a 50 page letter to the editor. The author is free to start his own newspaper and probably should. The author does not have any right to complain about "freedom of the press". It's not his press. >Unless he is authorized by Lawrence Livermore Labs to >intercept mail at his site and return it if he (personally) feels it is >not worth his time to send, he shouldn't be intercepting it. I'm sure that if you asked the Department of Energy they would say LLL should not pass *any* mail for others. You know, of course, the policy of the ARPAnet has always been that messages must be in support of government work. DOE probably has the same policy as DOD about misuse of government resources. (I claim DOE is a branch of DOD but that belongs in net.politics.) >This is the kind of thing I was warning about in net.news.*, when people >would start thinking because they were backbone administrators they >could do whatever they felt like because otherwise they would eliminate >certain newsgroups. I hope the rest of the net is satisfied with these >forms of net.censorship, I'm sure not. So start your own backbone. -- Phil Ngai +1 408 749 5720 UUCP: {ucbvax,decwrl,ihnp4,allegra}!amdcad!phil ARPA: amdcad!phil@decwrl.dec.com
broman@noscvax.UUCP (05/13/86)
In article <919@vortex.UUCP> lauren@vortex.UUCP (Lauren Weinstein) writes: > But of course, there's a far simpler solution. If you have something > really private to say to someone else, either don't send it via e-mail > or set up a direct link to that person's site. The direct link gives only a slight increase in privacy, because leaks can happen either in your system or in the addressee's, unless you trust ALL system administrators involved. Also, phone communications can be intercepted when they get transmitted by microwave through the atmosphere. Monitoring the phone company's transmissions is not all that hard. You need encryption for real privacy. Vincent Broman, code 632, Naval Ocean Systems Center, San Diego, CA 92152, USA Phone: +1 619 225 2365 Starship: 32d 42m 22s N/ 117d 14m 13s W Arpa: broman@bugs.nosc.mil Uucp: {floyd,moss,bang,gould9,sdcsvax}!noscvax!broman When everyone's out to get you, paranoia is just good thinking.
sakw@cvaxa.UUCP (Sak Wathanasin) (05/15/86)
Granted that as uucp administrator, you have to unblock the queues by hand, I think that over 95% of the time you don't have to read other people's mail to do this. I can get enough info most of the time by using "head" to just look at the mail headers. A lot of these problems would go away if uucp could generate a correct return path for stuff it can't deliver instead of just sending it to "uucp" at the last site. I'm actually *grateful* to other SA's for forwarding misdirected mail that was intended for me even if it means that they have had to read it to find out where to send it - and I'd feel the same way about real (paper) mail. -- Sak Wathanasin, U of Sussex, Cognitive Studies, Falmer, Sussex BN1 9QN, UK uucp: ...mcvax!ukc!cvaxa!sakw arpa: sakw%cvaxa.sussex.ac.uk@ucl.cs.ac.uk janet: sakw@uk.ac.sussex.cvaxa
davidw@sjfc.UUCP (David White) (05/16/86)
EXPERIMENTAL PHILOSOPHY COURSE The course described below is a privately sponsored experiment in education and is not connected with any college or university. Classes will be organized throughout 1986 (at least), and a serious effort will be made to place all who apply. The brief application form will not ask about your educational background; all are welcome. The only real requirement is a seriousness of purpose. The course will also be lots of fun. for applications: EX.C.PHL 35 LUELLA ST ROCH NY 14609 or 716-482-2616 or seismo!rlgvax!cci632!sjfc!davidw EX.C.PHL Course description and materials are available on request. No charges of any kind. No credit of any kind. Biographical information on the instructor available on request.
richl@tektools.UUCP (Rick Lindsley) (05/18/86)
One should never count on full 8 bit transmission for mail. If any sites use SMTP to transfer their mail it will fail. Mail is not designed for binary transfer; it is designed for textual transfer. The fact that uucp *may* be used to transfer mail may lull you into thinking you can count on full 8 bit transmission, but you can't. Rick Lindsley Postmaster@tektronix