ebh@cord.UUCP (Ed Horch) (04/15/86)
I think whether or not one has a right to read e-mail passing through one's system is probably delimited by just what "one's" means. If I'm a grunt, employed by a company that owns the system I administer, then the answer would be "no," since I'm not responsible for policing it, just keeping it alive. However, if I *OWN* the machine, then I not only have the right to watch what goes through my system, but also an obligation. The right comes from the fact that forwarding mail costs me money. If you're going to consume resources which I'm paying for, then you do it on my terms, or not at all. I'm not being net.police in this regard, but I am being my-system.police. The obligation comes from the fact that material transmitted through my machine may have legal implications for me. Suppose someone at greedy-vax posts a request for Unix source. Someone at naive-vax falls for this and mails it to greedy-vax through my-system. When I see huge amounts of e-mail traffic where there used to be just a trickle, I should check it out, since I may be accessory to unlawful transmission of proprietary material. Although I'm not entirely responsible for the acts of people who communicate through my-system, I am responsible for at least main- taining some integrity. Consider the U.S. Postal Service. They are not allowed to randomly open mail, and they are not obligated by law to search for illegal substances being sent through the mail, but at the same time, they do have facilities for dealing with parcels suspected of containing drugs, explosives and the like. As to the specific issue of Andy Beals: If he's just someone that you call to get your name spelled right in /etc/passwd, i.e. a "minor" member of a team of administrators, then he's probably overstepping his bounds. But if he's in charge, or takes orders from someone in charge, than I can't see anything wrong with him keeping an eye on what's going through his system. Don't forget: nobody *ever* guaranteed that UUCP mail is private. DISCLAIMER: I am not a lawyer, nor do I claim to be one. You are free to agree or flame (by mail, please) as you see fit, but if you act on what I say and it turns out to be faulty, I accept no responsibility. These are just the thoughts of a soon-to-be system owner/administrator who pays his own phone bills. -Ed Horch ihnp4!cord!ebh P.S. Nothing personal, Andy, keep baking those cookies! :-)
mark@cbosgd.UUCP (Mark Horton) (04/18/86)
Under normal circumstances, I won't read mail sent through cbosgd. It would be unethical to just go randomly browsing through the spool directory. However, there are times when I have to read it. Sometimes mail gets stuck here, and I have to read it to figure out who it's from and who it was supposed to be to, in order to try to deliver it. (The postal service does this too, at the dead letter office.) More often, a piece of mail is sent through cbosgd with an invalid To address AND an invalid From address. (Happens a few times a week.) The To address is bounced by cbosgd, and a message is sent from MAILER-DAEMON@cbosgd back to the sender. But since the sender address is also wrong, somebody else bounces this message, and it goes back to MAILER-DAEMON@cbosgd. In order to avoid a loop, that's forwarded to root, which is forwarded to me. So such mail gets dropped right into my personal mailbox. I have to read it to try to deliver it or return it (if I can.) Sometimes I can tell from a signature or a header what was intended. Given the anarchistic nature of UUCP, and the lack of any laws to the contrary, if the SA on a site, say hoptoad, chooses to read all the mail through that machine, there isn't anything you can do to stop them. While I consider such browsing unethical, I have to assume that some places will do this. So I sure won't send any mail containing company trade secret information via places outside the company. If it's REALLY secret, I won't use EMail at all, I'll use the phone or face-to-face contact. At the very least, I'll make sure there's a direct route to the other machine. People should also be aware that some versions of UUCP leave the files in /usr/spool/uucp unprotected. Any random user on the system can browse there, possibly even edit files. More recent UUCPs protect the spool files, but there are plenty of older UUCPs out there. So don't assume somebody is providing you a secure service when you send UUCP mail via a scenic tour of the world. While it may be unethical to browse, it's naive to assume that it won't happen, and your message may even legitimatly wind up in someone elses mailbox. By the way, there is a logging mechanism in smail which logs each message passing through: the sender, destination, and length. This log can be used to detect abusers of our phone bill. I don't consider this logging unethical at all, I don't consider it to be "reading of other people's mail." Also, during debugging, sometimes I tee a copy of every message passing through into a short-term log file; this permits me to reproduce bugs that may appear when they are pointed out to me shortly thereafter. I don't intentionally read this verbose log (which includes the entire message) but sometimes I see the message being complained about, and possibly some near it in the log. And yes, I know that the phone company listens to conversations sometimes, too, for the same reasons (monitoring line quality.) But I consider the phone network more secure, because it's more debugged, and because most of the monitoring is now done by programs listening for special tones and generic "voice", instead of people. Mark
bzs@bu-cs.UUCP (Barry Shein) (04/19/86)
Hmm, I wonder how many of the people who think e-mail is different than US Mail (at an ethical level, eg. postal workers reading your mail) also have told their users that the reason they won't retrieve their mail they wished they hadn't sent is cause it's like the post office, once it's in the box it's gone (spooled systems where it could have been retrieved by a local s/a.) Just wondering, I've heard it. -Barry Shein, Boston University
zben@umd5.UUCP (04/19/86)
In article <2022@cbosgd.UUCP> mark@cbosgd.UUCP (Mark Horton) writes: >However, there are times when I have to read it. Sometimes mail >gets stuck here, and I have to read it to figure out who it's >from and who it was supposed to be to, in order to try to deliver >it. (The postal service does this too, at the dead letter office.) Clearly, and I don't think anyone can object to this. If it had been correctly addressed in the first place, it would have stayed secret. >More often, a piece of mail is sent through cbosgd with an invalid >To address AND an invalid From address. (Happens a few times a week.) >The To address is bounced by cbosgd, and a message is sent from >MAILER-DAEMON@cbosgd back to the sender. But since the sender address >is also wrong, somebody else bounces this message, and it goes back >to MAILER-DAEMON@cbosgd. In order to avoid a loop, that's forwarded >to root, which is forwarded to me. So such mail gets dropped right >into my personal mailbox. I have to read it to try to deliver it or >return it (if I can.) Sometimes I can tell from a signature or a header >what was intended. In the ARPA Internet domain, advisories get sent with a null back-path, so any error trying to deliver the advisory gets dropped on the floor. So I have my advisory generator CC: postmaster. If it's an obvious one like "user not known at this site" I just delete it, but if it might confuse I send an additional manual advisory. >By the way, there is a logging mechanism in smail which logs each >message passing through: the sender, destination, and length. This >log can be used to detect abusers of our phone bill. I don't consider >this logging unethical at all, I don't consider it to be "reading of >other people's mail." ... The analogous operation on physical mail (writing down the addresses to which you send mail without actually opening the envelopes) is called a "mail cover", and last I looked was a bit easier to get authorization to do than for either a wiretap or a mail trace. >... Also, during debugging, sometimes I tee a copy >of every message passing through into a short-term log file; this >permits me to reproduce bugs that may appear when they are pointed >out to me shortly thereafter. I don't intentionally read this verbose >log (which includes the entire message) but sometimes I see the message >being complained about, and possibly some near it in the log. One could process this log file and replace the body of the text with one line saying (body removed here), but we both know that some bugs will be sensitive to message length, "shape", or even actual contents. If one were really hard-core one could ROT13 the text. This would preserve enough of the shape for most debugging, while making sure that even an inadvertant glimpse of the text would not reveal anything. Plus, if the bug DID turn out to be dependant on the actual contents, one could always ROT it back... But it hardly seems worth the work... -- "We're taught to cherish what we have | Ben Cranston by what we have no longer..." | zben@umd2.umd.edu ...{seismo!umcp-cs,ihnp4!rlgvax}!cvl!umd5!zben
cda@ucbentropy.UUCP (04/30/86)
In article <580@jade.BERKELEY.EDU> mwm@ucbopal.UUCP (Mike (I'll be mellow when I'm dead) Meyer) writes: >On the other hand, Bandy sending people notices (I got one - it wasn't a >flame, even thought it wasn't exactly polite) is in keeping with the way the >net should be run. This is a concept called "peer pressure." You do >something obnoxious enough, and you'll get such notes in your mailbox. Be >really obnoxious, and you'll get *LOTS* of them. In the future, you'll >probably think twice before doing it again; even if the second thought is >only "good, this'll make that sob mad again." > >If you don't like those notes from bandy, quit doing things that he >considers obnoxious on the net. That applies for me, too - you do something >I consider obnoxious on the net, and I'll send you a nasty note about it. On >the other hand, if you want to do those obnoxious things, you'll have to put >up with notes from people who consider your actions obnoxious. > > Keep our net clean: help police it. > <mike I consider using root privileges to read other peoples' mail pretty high on the obnoxiousness scale... maybe I better appoint myself to the civilian review board of the net police and start auto-mailing. Two of the things we certainly don't need any more of in this country are mental cleanliness and police. charlotte allen