ejbjr@ihlpg.UUCP (03/05/87)
> >> In case anyone doesn't know this, the new version of news software has > >> something called FASCIST mode, which gives the news administrator a > >> convenient way to see every posting from his/her site. [As noted in other articles, administrators reading all articles has nothing to do with `fascist' mode.] Anyone at a large (or even small) technology-oriented company should expect all network transmissions - netnews and email - to be monitored. Any company NOT checking out all transmissions is leaving a very large hole for proprietary info to slip through (both through unintentional discussion of topics deemed sensitive and deliberate espionage). People have been fired for deliberately trying to leak sensitive information via email. For articles posted to a public news network there is no basis to complain about this behavior - they are as much a part of the public as the poster. For private, directed email this seems to be a violation of privacy, but it is very legal (after all it is their machine your using) and very necessary in this dog-eat-dog corporate world - its far better than the alternative of NO email network and no netnews. If you don't want your system netnews administrator or company to read it, don't post it to netnews or send it with email - plenty of alternative media are available for your use which your company has no legal right to intercept. Assume even private email messages might be read by anyone. -- ----------------- Ed Branagan ihnp4!ihlpg!ejbjr (312) 369-7408 (work)
dave@viper.UUCP (David Messer) (03/05/87)
In article <2990@ihlpg.ATT.COM> ejbjr@ihlpg.ATT.COM (Branagan) writes: > >Anyone at a large (or even small) technology-oriented company should >expect all network transmissions - netnews and email - to be monitored. > >For articles posted to a public news network there is no basis to complain >about this behavior - they are as much a part of the public as the poster. > >For private, directed email this seems to be a violation of privacy, >but it is very legal (after all it is their machine your using) and very >necessary in this dog-eat-dog corporate world - its far better than the >alternative of NO email network and no netnews. There was a bill introduced last year to make reading of private mail illegal. I don't know if it passed, but it should have. Companies have no more moral right to read private mail than they do to bug telephones. -- | David Messer - Lynx Data Systems If you can't convince | amdahl \ them, confuse them. | ihnp4 --!-- dayton --!viper!dave -- Harry S. Truman | rutgers / \ meccts /
wendyt@unisoft.UUCP (03/05/87)
In article <294@unisoft.UUCP> wendyt@unisoft.UUCP (Wendy Thrash) writes:
<that Andy B. "apparently" used to have copies of all news postings mailed
to him at lll-lcc>
Alas, what is "apparent" is not always true. Although Andy may have suggested
this to Carl, I have been informed that he DID NOT do it at lll-lcc. My
sincere apologies to Andy.hankb@midas.TEK.COM (Hank Buurman) (03/06/87)
In article <2990@ihlpg.ATT.COM> ejbjr@ihlpg.ATT.COM (Branagan) writes: > >Assume even private email messages might be read by anyone. Administrators: Is this a common practice? Regardless of the argument put forward in your article, I consider e-mail to have the same privacy privilidges (sp?) as snail mail.
beattie@netxcom.UUCP (Brian Beattie) (03/06/87)
In article <1180@midas.TEK.COM> hankb@midas.UUCP (Hank Buurman) writes: >In article <2990@ihlpg.ATT.COM> ejbjr@ihlpg.ATT.COM (Branagan) writes: >> >>Assume even private email messages might be read by anyone. > >Regardless of the argument put forward in your article, I consider e-mail >to have the same privacy privilidges (sp?) as snail mail. Your employer may read *ANY* mail addressed to it's place of business. I am the system admistrator of this system and I will always try to respect the privacy of my users. If however, I have need to look at any file, including mail, I will do so without hesitation. I do not however go snooping with out a good reason. Moral: If you don't want me to know about it don't put it on my system because I may see it. -- ----------------------------------------------------------------------- Brian Beattie | Phone: (703)749-2365 NetExpress Communications, Inc. | uucp: seismo!sundc!netxcom!beattie 1953 Gallows Road, Suite 300 | Vienna,VA 22180 |
woods@hao.UCAR.EDU (Greg Woods) (03/07/87)
In article <1180@midas.TEK.COM> hankb@midas.UUCP (Hank Buurman) writes: >In article <2990@ihlpg.ATT.COM> ejbjr@ihlpg.ATT.COM (Branagan) writes: >> >>Assume even private email messages might be read by anyone. > >Administrators: Is this a common practice? > >Regardless of the argument put forward in your article, I consider e-mail >to have the same privacy privilidges (sp?) as snail mail. What's your definition of "common"? Here, mail messages are occasionally scanned for the header information when new mailers are being installed or current mailers are being changed. I'm not interested in the message content, but I cannot 100% guarantee that I won't see something in the content of the message as I do this. I am a human being; certain patterns will catch my eye. No, I'm NOT going to peruse the rest of the message, but are YOU willing to take the risk that I or someone else in my position WON'T do so? All moral arguments aside, you are foolish if you make that assumption. Secondly, E-mail is NOT legally the same as USmail. You can consider what you like, but you're living in a fantasy world. At present, as administrator of this machine, I'm bloody well entitled to look at ANY file stored on OUR disk (whether I *wish* to do so is an entirely separate issue), and as long as I'm expected to continue my job competently, there's NO WAY I'm going to give up that right. --Greg -- UUCP: {hplabs, seismo, nbires, noao}!hao!woods CSNET: woods@ncar.csnet ARPA: woods%ncar@CSNET-RELAY.ARPA INTERNET: woods@hao.ucar.edu
dyer@spdcc.UUCP (03/07/87)
I hope this won't turn into the perennial harangue about the non-privacy of
Email. At least, I hope it won't turn into that on soc.motss. Regardless
of the way people should act as a matter of honor or are required to act by
statute, it's only reasonable that anyone who really cares for privacy in their
electronic mail should use encryption. There are just too many opportunities
for malicious snooping or well-intentioned system administration at every
point in the chain. Do you think there's any protection from your mail being
read while it sits in a UUCP spool directory waiting to take the next hop?
How about when it sits in the sendmail queue? As long as we're really being
paranoid, why don't I just use my PC and ethernet card to listen to all the
traffic on the net?
The fact that many systems impose their own concept of access permission
within the delivery mechanism means nothing when you start talking about
private machines or folks with root permissions or machines which can listen
to all packets on a network. If your privacy is breached, you can feel
indignant, but don't feel surprised.
--
Steve Dyer
dyer@harvard.HARVARD.EDU
dyer@spdcc.COM aka {linus,wanginst,bbnccv,harvard,ima,ihnp4}!spdcc!dyerjimb@dopey.UUCP (03/07/87)
in article <1180@midas.TEK.COM>, hankb@midas.TEK.COM (Hank Buurman) says: > Xref: dopey soc.motss:835 news.misc:150 > > In article <2990@ihlpg.ATT.COM> ejbjr@ihlpg.ATT.COM (Branagan) writes: >> >>Assume even private email messages might be read by anyone. > > Administrators: Is this a common practice? > > Regardless of the argument put forward in your article, I consider e-mail > to have the same privacy privilidges (sp?) as snail mail. Regardless of what you consider, it doesn't work that way. A bad address or mailer anywhere can result in your letter being sent to any number of system administrator/postmasters. That's the way it works. Just like a postcard that gets misaddressed will end up in the hands of a postal worker. And e-mail, like a postcard, has no opaque external covering to prevent observing the contents. The right of privacy you mention for US mail only applies to sealed mail. Postal departments are forbidden to open a sealed letter or parcel without a search warrant. e-mail cannot be considered sealed. ======================================================================== In addition, as regards the right of a system administrator to read outgoing mail if he wants: 1. US mail has certain rights of privacy guaranteed as a result of the laws and constitution. 2. Any similar private postal organization (UPS, MCI) is not bound by the same requirements, but by a different set of civil rules. 3. Any private internal mail system set up by a company for communication between members of the company FOR THE BENEFIT OF THE COMPANY are bound by neither of these. A company merely has to define intra-company mail as non-private, for business use only, and at that point NO rules of privacy applies to that mail. Every bit of it belongs to the company. PERIOD. Now most companies have something called their 'corporate culture' which defines the way the company treates things like intra-company mail use, intra-company phone use, and e-mail. The company can change these definitions at a stroke of a pen. For instance, our corporate directives don't say a word about e-mail, probably because they don't know it exists. They do refer to phone usage, and intra-company mail usage. Therefore, currently, the rules concerning e-mail here are purely the sort of 'common law' the users have defined. They *expect* the mail to be private. They know the system administrator can read anything on the system, they *expect* him not to *SNOOP*. This, therefore is a somewhat binding, common law definition of their rights to the e-mail privacy. The company can change this policy by announcing and documenting a new one. PERIOD. After such an announcement, the users right to privacy on this company owned intra-company communication facility will be exactly as defined by the rules of the company. -- Room for growth: +==== Jim Budler ==== Advanced Micro Devices, Inc. ==== (408) 749-5806 ====+ | Compuserve: 72415,1200; Delphi: JIMBUDLER; Usenet: jimb@amdcad.AMD.COM | +=== Disclaimer: My company wouldn't let ME speak for them, would they? ===+
uusgta@sw1e.UUCP (03/09/87)
Why do administrators have (or believe they do) a Right to read any file
on a disk? Is this security? Is this space management? Does a building
administrator have a right to go through my briefcase because it rests on
*his* floor? What make "Greg"'s disk different? I've run machines, I've
snooped, but it's snooping, not administration. There's no need to review
the user's files (*not* just no time). If users make your job rough there
are other ways of effecting a change. Just cause the corporation says it's
policy don't make it justifiable.
--
# ---Tom Adams---
# {bellcore,ihnp4}!sw1e!uusgta St. Louis MO 314-235-4237
# Opinions expressed here are mine, not those of Southwestern Bell Telephoneedg@micropro.UUCP (Ed Greenberg) (03/10/87)
>The right of privacy you mention for US mail only applies to >sealed mail. Postal departments are forbidden to open a sealed letter >or parcel without a search warrant. Sorry, the postal service opens undeliverable mail in the "dead letter office" in order to try and find an addressee or sender. -- Ed Greenberg {well,dual,pyramid,ptsfa,lll-crg}!micropro!edg
sanjour@cvl.umd.edu (Joe Sanjour) (03/11/87)
In article <494@sw1e.UUCP> uusgta@sw1e.UUCP (uusgta) writes: > >Why do administrators have (or believe they do) a Right to read any file >on a disk? Is this security? Yes. If I suspect someone is trying to break the security on my machines I am going to look in to what he/she is doing. >Is this space management? Yes. Many places want to prevent games, excessive personal files or just three copies of the same four meg file. If disk space is tight, admins. have to play cop. >Does a building administrator have a right to go through my briefcase >because it rests on *his* floor? You bet. In places that are zealously security minded (The U.S. Congess, courthouses, etc.) they do exactly that. All users of a system should realize that the system admins. can and occasionaly need to read personel files. A good example of a benevolent use of this ability is if a file needs to be reattached. Then the only way to figure out whose it is and where is goes it to look at it's contents. >-- ># ---Tom Adams--- ># {bellcore,ihnp4}!sw1e!uusgta St. Louis MO 314-235-4237 ># Opinions expressed here are mine, not those of Southwestern Bell Telephone ^-^ Joseph Sanjour ARPA: sanjour@cvl.umd.edu (- -) Center for Automation Research UUCP: seismo!cvl!sanjour \_/ University of Maryland (301) 454-4526 College Park, MD 20742
root@hobbes.UUCP (03/11/87)
+---- <494@sw1e.UUCP> (Tom Adams) ---- | Why do administrators have (or believe they do) a Right to read any | file on a disk? [...] Does a building administrator have a right | to go through my briefcase because it rests on *his* floor? What | make "Greg"'s disk different? +---- The big difference between Computer files and US-Mail, your briefcase, and "Greg's disk" has to do with tangable personal property. You own the paper + envelope used for the letter, you own your briefcase; you do *not* own "Greg's disk" or [the administrator's/Company's] computer. If you rent an apartment, you enter into a legal contract with the building's owners which gives you certain rights - Privacy is one of them. Thus, the building adm *can not* enter/search your room without a court order which overrides your privacy. If you rent/lease/etc a computer system, you can (in your contract, you do have this in writing, don't you?) try to include such things as "My files MAY not be looked at by the sys-admin"; if you succeed, great! I'd guess that *right now* you don't have any such protection. So, you are in the same boat as someone who writes a note on a sheet of paper and tapes it up in a corner of the boss's corkboard - Most people won't have any reason to look at the note (after all, it isn't in *their* office), and if the board is covered with 5000 other notes one could gamble that this note might not get seen by the Boss. But, since it is the Boss's *job* to be aware of what is happening on her corkboard, she just *might* get around to reading the note. To argue that the note shouldn't be read by *anyone* is rather naive! Switching back to computer files, follow these guidelines: 1) Don't put anything on the computer which you *wouldn't* want your boss (or the whole company) to read. 2) If you don't want others to read it, don't put it on the computer 3) If you feel that you MUST put it on the computer, and you don't want anyone to read it, then by all means encrypt it so no one *can* read it!
robert@jimi.UUCP (03/11/87)
>In article <2990@ihlpg.ATT.COM> ejbjr@ihlpg.ATT.COM (Branagan) writes: >There was a bill introduced last year to make reading of private >mail illegal. I don't know if it passed, but it should have. >Companies have no more moral right to read private mail than they >do to bug telephones. Has anyone done anything about implimenting encryption as put forth in the paper "A Method for Obtaining Digital Signatures and Public-Key Crypto- Systems" by RS&A? Seems as though this would not only make legislation unnecessary, but would also solve the problem of stuff getting bounced to sysadmins. Isn't there a header in RFC822 for this purpose? Of course one can always encrypt things by hand, but this is a nuisance, it would be nice if the mail agent did this automatically, and if a public-key system were available. As to people inadvertantly posting propriatary code to the net, a good dose of education would do a lot more good than reading private email, --robert - CSNET: robert%jimi.cs.unlv.edu@relay.cs.net UUCP: {akgua,ihnp4,mirror,psivax,sdcrdcf}!otto!jimi!robert seismo!unrvax!tahoe!jimi!robert
phil@amdcad.UUCP (03/12/87)
In article <298@unisoft.UUCP> wendyt@unisoft.UUCP (Wendy Thrash) writes: >In article <294@unisoft.UUCP> wendyt@unisoft.UUCP (Wendy Thrash) writes: ><that Andy B. "apparently" used to have copies of all news postings mailed >to him at lll-lcc> > >Alas, what is "apparent" is not always true. Although Andy may have suggested >this to Carl, I have been informed that he DID NOT do it at lll-lcc. My >sincere apologies to Andy. If I were Andy, I would respond that apologies are unneeded. In case you've forgotten, news postings are intended to be publically available and read by anyone. If, for example, you want to stay in the closet, posting to net.motss is not the way to do this. Having local articles mailed to the news administrator poses no moral problems to me. Reading someone else's e-mail is somewhat rude but within the rights of the owner of the system the mail is on. I (we) do not have local postings sent to anyone, nor do we as a matter of course read e-mail. If a bad address causes a letter to be bounced to me as postmaster, I'll read what fits on a screen or as much as needed to handle it. But let's not confuse my current behavior, which I maintain out of politeness, with what I (the owners of this system) have the right to do, which is anything we please. And if you don't like it, find another relay. Consider this posting to be in the nature of the little metal plaques you find imbedded in the sidewalks outside some skyscrapers: "Right to pass by permission of owner and revocable at any time." E-mail is not private and all the screaming in the world won't make it so. -- Our mail is unreliable so if I don't respond, please resend. Phil Ngai +1 408 982 7840 UUCP: {ucbvax,decwrl,hplabs,allegra}!amdcad!phil ARPA: amdcad!phil@decwrl.dec.com
dlc@zog.cs.cmu.edu.UUCP (03/13/87)
>In article <2990@ihlpg.ATT.COM> ejbjr@ihlpg.ATT.COM (Branagan) writes: >There was a bill introduced last year to make reading of private >mail illegal. I don't know if it passed, but it should have. >Companies have no more moral right to read private mail than they >do to bug telephones. I'm really going to stick my foot in my mouth, but here goes. I see no problem in doing this as long as it is not just malicious snooping i.e. there is reason to believe that something secret is contained in the mesage or mail box. There are many cases where special searches are allowed whenever something of yours is at a place you do not own. Examples: 1) Stores reserve the right to inspect packages, bags, etc. If a store suspects that say some woman (not a sexist remark) put an item from the store in her pocket book, they may examine it when she leaves. Of course, that can't snoop too far. 2) In some public schools, a search warrant is not needed to search a kids locker. I think this issue has been kicked around in courts, and I don't know what has come about. Is it really absolutely disallowed in all states, or state by state determinable? I do feel that it would be nice to have the same privacy, not just for mail but other data on a computer storage medium, as US mail, but right now it is not technically feasible. Of course, if you own the machine, then it should be possible to maintain as much privacy as you wish. The point is, whenever you have property stored in a location that you do not own, the same privacy rights often times do not hold that you would have otherwise. Another example. Let's say that you have a secret note on your desk. Do you expect that your boss be legally bound not to look at it? How would you enforce it? Where do you draw the line? There are certain areas of morality that can not be legislated, even if you probably wanted to, because they can not be enforced. Computer storage devices can be thought of as buildings with offices. The person who owns the building should be able personally or by designating someone be able to get into any office to look for something. If this right is abused i.e., malicious snooping, there should be some policy for its treatment, even if its the owner. If someone breaches security e.g. breaks into your office, then of course security measures should be tightened. There are many areas in life that have no legal status as far as moral or immoral, but we have personal implicit ideas of what is moral/immoral. Sometimes there are conflicts. Would you keep something that is yours and very private in your office, even if it were in a locked drawer? I suspect not since you don't want to assume anything about everybody's sense of morality and you thus want more direct control over who can access/see the item. I see this as no different on computers. Don't store, send, or expect anything that you consider private from everyone. If you must, then make it unreadable via encryption. If you want to leave interoffice memos in a place that everyone can read them, you may want to make encrypted copies of some and destroy the original. I hope this stuff doesn't seem too bogus. Daryl