ables@lot.ACA.MCC.COM (King Ables) (08/02/90)
This topic started in news.misc, but seems more appropriate here. Our story so far.... From article <KARL.90Jul31223452@mesquite.charcoal.com>, by karl_kleinpaste@charcoal.com: > Richard.Banks@ohiont.fidonet.org writes: > How do not we know that system administrators on uucp machines are not > reading our mail as travels to its destination ? > > You don't; you trust that the postmasters between Hither and Yon are > worthy of their position. Pat McGregor/UMich took a survey on > postmaster ethics, asking 130-odd postmasters, and getting 69 > responses. A paper on the subject, "Averting One's Eyes -- Ethical > approaches to Postmastering," is the result. You can find a copy via > ftp in tut.cis.ohio-state.edu:pub/sendmail/postethics, or via uucp as > osu-cis!~/sendmail/postethics. > > --karl I don't even read news.misc but came across a reference to the paper that someone forwarded to comp.archives (I love that group!) so I grabbed the paper and read it. As a former postmaster I am very interested in this subject. I am also disappointed to see the assumptions made from information obtained in this survey. Basically the paper says "we think everybody is pretty much honest." But these results are based on only those responses from postmasters honest to actually ANSWER the survey request! There is a statement that the author hope this doesn't slant the results... Not only does it slant them, it makes them almost useless. I have personally known several postmasters who took a look at mail whenever they felt like it. Some even went so far as to have hooks in mailers to grab "interesting" messages. Now before anybody calls for my head, I do *not* believe that this is a majority or even a very signficant minority. I have nothing against postmasters, some of my best friends are postmasters. ;-) Hell, I was one (and still am from time to time). But different people have different ideas about what a postmaster should and should not do. My idea is different than others' (I am one of the strict privacy at all costs believers). But if my mail goes through a site where the postmaster doesn't play by the same rules, then all bets are off. I have seen places where the "company" takes the attitude that all mail is business oriented and takes place on "their" equipment, therefore it all belongs to the company, therefore having a properly designated person (i.e. postmaster) reading it is perfectly acceptable. Blech. But as long as the employees know those are the rules, then OK, that's their choice. And since (then and there) there was no external access, that is ok for the rest of us. But if they had been connected and I, as an outside user, sent mail through there, expecting it to be private, guess what? As for the survey, unfortunately, there is no good way to get a good cross-section of all postmasters (both with different levels of ethics as well as different rules of confidentiality within their environment). The ones who feel they are taking advantage of their position (i.e. behaving in ways that might not be acceptable to some) aren't going to respond. So naturally the conclusion drawn will be that everything is fine. In practice, most places you send your mail will maintain the confidentiality (i.e. it will pass through or go to its recipient without being seen by others). But it is misleading to conclude that there is nothing to really worry about. It depends greatly on the sensitivity of the information. The user has the ability to encrypt and select the text of a message. Anything that shouldn't be seen by eyes other than the recipient's should be encrypted or sent another way. Whether seen intentionally by some snooping privileged user with nothing better to do, or accidently by some busy postmaster during debuging of a faulty mailer, seen is seen. Once the information is out, it doesn't really matter how it got there. ----------------------------------------------------------------------------- King Ables Micro Electronics and Computer Technology Corp. ables@mcc.com 3500 W. Balcones Center Drive +1 512 338 3749 Austin, TX 78759 -----------------------------------------------------------------------------
karl_kleinpaste@charcoal.com (08/02/90)
ables@lot.aca.mcc.com writes: This topic started in news.misc, but seems more appropriate here. True enough. [quoting me:] > A paper on the subject, "Averting One's Eyes -- Ethical > approaches to Postmastering," is the result. You can find a copy via > ftp in tut.cis.ohio-state.edu:pub/sendmail/postethics, or via uucp as > osu-cis!~/sendmail/postethics. Ahem. Pat saw my posting and observed that... The paper was done as an ACM project for a conference, and I'm worrried about distribution without that copyright being there. It seems that the copy I put in my archive area was the copy of the paper mailed direct to me and the other 68 who responded to the survey. It lacked the copyright, but I didn't know it at the time. The copy of postethics has been renamed postethics.bad and chmod'd to 0400 and I will get a new copy when I find out from Pat from where I can ftp one. Those holding a copy, please get a new one when it appears "shortly." Apologies to all, and especially Pat. --karl
iacovou@cs.umn.edu (Danny Iacovou) (08/02/90)
i think that all this talk about postmasters reading mail is rather 'stupid' (net ethics stopped my from using other phrases). first of all not only the postmaster but anyone with root permissions can read your mail. second staff ethics prevents us from doing so. i am a postmaster, but i don't go reading other peoples mail. sometimes when mail bounces my way i try extremely hard to make sure i don't scroll the mail past the headers and into the body (i honestly try not to read a word of mail). i think that this is probably true for 99.9999999% of all postmasters (and staff members for that matter). secondly this point should be obvious to anyone who has been a system admin. staff members just don't have the time to spend all day reaading mail which doesn't concern them. i received 734 pieces of email in july that i felt were worth keeping. i read threw three times that much mail each month. i don't need to read anymore mail. (i am 100% sure that other postmasters have the same problem) in short anyone who might think that postmasters are around just so that they can read mail as it travels threw thier sites is just being 'stupid' (postmasters are free to replace the stupid with any other words they might be thinking of:) ) -- neophytos iacovou university of minnesota email: iacovou@cs.umn.edu computer science department
sblair@synoptics.COM (Steven C. Blair) (08/02/90)
In article <1990Aug2.003210.24459@cs.umn.edu>, iacovou@cs.umn.edu (Danny Iacovou) writes: > > i think that all this talk about postmasters reading mail is rather 'stupid' > (net ethics stopped my from using other phrases). first of all not only the > postmaster but anyone with root permissions can read your mail. second staff > ethics prevents us from doing so. i am a postmaster, but i don't go reading > other peoples mail. sometimes when mail bounces my way i try extremely hard > to make sure i don't scroll the mail past the headers and into the body (i > honestly try not to read a word of mail). i think that this is probably true > for 99.9999999% of all postmasters (and staff members for that matter). > > secondly this point should be obvious to anyone who has been a system admin. > staff members just don't have the time to spend all day reaading mail which > doesn't concern them. i received 734 pieces of email in july that i felt > were worth keeping. i read threw three times that much mail each month. i > don't need to read anymore mail. (i am 100% sure that other postmasters > have the same problem) > > in short anyone who might think that postmasters are around just so that > they can read mail as it travels threw thier sites is just being 'stupid' > (postmasters are free to replace the stupid with any other words they might > be thinking of:) ) There's a lot of credence in what Danny has to say and I for one am glad that someone said it(I was getting ready to). Regardless of content of the message it is flowing through your site(like blood through your veins), It's not morally up to me, or for that matter to *YOU* to know what's in the email/netnews/mmdf/x.400(or this weeks' new email protocol) that flow through your site(or mine!!). Has anyone besides me see a copy of the "Electronic Privacy Act"???? I'm almost sure (memory fades now), that electronically transmitted material is *not public* domain. Nor does anyone but the FCC, and the courts have the right to decide the context of the transfer media. I don't read your USMAIL because the postman on "our" street is too lazy to learn to read addresses. It`s not *my business* !! Period. If you know that you're going to be moving sensitive, confidential materials between your site, and "foo", then take the time to setup UUCP *straight* to them if you're worried about some unscrupulous type(read 0.00000001 % sleazy system administrator) getting a copy of your email, and reading it. Or, if you and some other Internet site are going to be exchanging confidential materials, then do a straight smtp(uucp over tcp) to their site, or ftp the bloddy stuff and get it off-of email. Period. There's an awful lot of net.bandwidth being wasted on a subject that less than 0.00000001 % of the *QUESTIONABLE ADMINISTRATORS* out there may/may not be doing. There's a 99.99999990 % group who's trying to make things acceptable to everyone, and we don't all situp every night trying to figure out how to get at "so & so's" email coming through "my" site. Set a precedent. Let Email Flow. The phone call you make with my email could just as easily be the phone call I later make for you. See, once upon a time, there were few of us in this glorius thing called "unix". We were all over the place, with not a chance in hell of communicating with each other. Then there was UUCP, and the obvious question, "do I call you, or do you call me??" And *we didn't worry about the issue*, we respected each other as indviduals, and as professionals, so that I wouldn't do to you, what you wouldn't do to me. The rest is history, and would go on for some time. True, there's folks morally breaking the very code we all have lived with for some time now. KARMA is a wonderful thing, and I believe that they'll get their's in the end. Period. But, you may say that I'm out of touch, and mis-guided! So what. I don't read the email of users who've left to go to another company. Never have never will. I delete their accounts, and my "deleteuser" script also deletes all copies of their mail, and checks the queue to insure that all of it is gone. I average about 1200 messages per week. 80% are from internal users, 20% from other places. Take someone like Eliot Lear, who unselfishly moderates/ collects votes, runs many email lists, and he may have 2000+ per week. Now multiply in your minds 4 weeks of traffic. Yeah, we're talking 4-10000(!!) messages potentially per month. Many folks I personally know get that type of volume, and you can damn sure bet, yep, they're postmasters. Now, do we really have time to read your piddly message? No way. But at a site that only gets 400 messages a month, the potential is there for abuse. That may be where someone mistakenly got the impression about sleaz-admins reading your message. SO, MAKE SOME HISTORY, DON'T READ WHAT'S NOT ADDRESSED TO **YOU**. -- Steven C. Blair Network Operations Center SynOptics Communications Inc. Mountain View, California INTERNET: sblair@synoptics.com sblair@nevdull.synoptics.com PROBLEMS/EMAIL: HOSTMASTER@SYNOPTICS.COM postmaster@synoptics.com
karl_kleinpaste@charcoal.com (08/02/90)
whenry@lindy.stanford.edu writes:
I just tried to ftp a copy and it isnt there.
Please see <KARL.90Aug1194352@mesquite.charcoal.com>. The phrase
"whoops" comes to mind. Fix in progress.ables@lot.ACA.MCC.COM (King Ables) (08/02/90)
In article <1990Aug2.003210.24459@cs.umn.edu>, iacovou@cs.umn.edu (Danny Iacovou) writes: > first of all not only the > postmaster but anyone with root permissions can read your mail. Yes, this is a big problem as well. Not everyone with root permissions may feel as strongly about privacy as the postmaster. This just magnifies the problem. > second staff > ethics prevents us from doing so. That's great as long as everyone follows the rules. Laws keep us from robbing banks, too, but funny thing, somebody keeps robbing them. > i am a postmaster, but i don't go reading > other peoples mail. sometimes when mail bounces my way i try extremely hard > to make sure i don't scroll the mail past the headers and into the body (i > honestly try not to read a word of mail). i think that this is probably true > for 99.9999999% of all postmasters (and staff members for that matter). I applaud you for your staff ethics. And I think your ethics are absolutely right. When I was a postmaster, I adhered to the exact same standards as you describe. However, I think your estimate of how many other places do this is a little high. I wish it were true. I've seen it, it's not. > secondly this point should be obvious to anyone who has been a system admin. > staff members just don't have the time to spend all day reaading mail which > doesn't concern them. This is true, too (I know, I've been there), but you're assuming that the sysadm in question is *doing his/her job* since, in your environment, they are. I've seen lots of sysadm people in various places who either aren't held accountable enough or just plain don't care about their quality of work and have plenty of time to sit around and play rougue or anything else. And some who really do work have nothing else to do and spend 16 hours a day at work. Either way, there's ample opportunity for someone so inclined. Certainly for someone with pride in their work, there is neither inclination nor time to do something like this. This is *not* to say this kind of behavior is the norm, I don't think it is. But to say that it never happens is to stick your head in the sand. ----- From article <21787@mvis1.com>, by sblair@synoptics.COM (Steven C. Blair): > Has anyone besides me see a copy of the "Electronic Privacy Act"???? > I'm almost sure (memory fades now), that electronically transmitted > material is *not public* domain. Nor does anyone but the FCC, and the > courts have the right to decide the context of the transfer media. But as I said above, just because we have rules that tell us how to act doesn't mean everyone will follow them. The rules only give us a means to prosecute someone who doesn't follow them. > I don't read your USMAIL because the postman on "our" street is too > lazy to learn to read addresses. It`s not *my business* !! Period. True. And that's why we shouldn't be reading ANY user's mail either. However, the analogy fails a little (as is stated in Pat McGregor's paper) when you compare a mail message to a letter. If someone opens your letter and reads it, generally you can tell (yes, they can steam the envelope, but let's not worry about that). Fear of detection of may help prevent it. If I were to *want* to read someone's USMail, it would be much harder because I'd have to: a) get it away from the postman b) open it in such a way as to be able to seal it up again c) get it back to the postman for delivery in order to read it without detection. Actually stealing mail is a seperate issue. But e-mail can be easily read from the mailbox without fear of detection by the user. [Humorous aside:] My neighboorhood has locked mailboxes now (newer ones do, I think). Apartments do. But I knew a woman in a small town where I lived as a teenager who *actively* went around during the day and *went through* people's mailboxes that were on the street to see what was in them. Nobody ever thought she actually opened things, she was just curious about what kind of mail they got. This was clearly wrong, but nobody felt very threatened (she was a bored old lady) so they let it happen. Some ordered (shall we say) exotic catalogs to give her a thrill. Yes, my big question here is "who would want to, I have enough problems of my own and enough mail to read of my own... and who cares?" Well, I think that's what most people think. But there is a section of society that really gets off to living vicariously through other people. Whether it's harmless vicarious thrills or actually spying to gather information, it's a problem. > If you know that you're going to be moving sensitive, confidential materials > between your site, and "foo", then take the time to setup UUCP *straight* This is good advice (and the major point I was trying to make initially-- if you have something that ABSOLUTELY shouldn't be seen by ANYONE else, don't send it with e-mail). The odds aren't HIGH that it will be seen, but they're not ZERO, either. Of course, even a UUCP connection is only as safe as the local phone company which we all know is almost like broadcasting your information. If someone is bound and determined to tap your UUCP link, they'll do it. Now of course, for e-mail messages about affairs between co-workers, I would doubt they'd go to the trouble. ;-) > Now, do we really have time to read your piddly message? No way. Like I said before, if you're doing your job, then no, you don't. I contend there are people out there who *make* time to read them. I even saw remnants of a filter added to a mailer to grep for interesting phrases and forward those messages. Such a filter would certainly cut down the amount of "uninteresting" mail one would have to wade through. Face it, a mailer only does what a system programmer tells it to do. ---- No, I don't think this is a wide-spread problem. But I think the problem exists and with connectivity as it is, many people can be affected by something that may itself be very isolated. The problem isn't that people *can* or *do* read a message not intended for them. The problem is that users send mail that they believe nobody will be able to see except the recipient. This assumption worries me for *their* sake. As long as users are aware that e-mail isn't 100% private and can live with it, then there really isn't a problem. Those who don't like that may find a way to influence future mailer designs and come with something they do like. ----------------------------------------------------------------------------- King Ables Micro Electronics and Computer Technology Corp. ables@mcc.com 3500 W. Balcones Center Drive +1 512 338 3749 Austin, TX 78759 -----------------------------------------------------------------------------
jef@well.sf.ca.us (Jef Poskanzer) (08/03/90)
I once caught a postmaster snooping into my mail as it passed through
his site. I guess he was bored. Or something. For the next few days
I sent through a bunch of messages to a mutual acquaintance about this
guy's personal hygiene or lack thereof, and then I stopped using that
routing.
Not a general solution, but a lot of fun.
---
Jef
Jef Poskanzer jef@well.sf.ca.us {ucbvax, apple, hplabs}!well!jef
"Good judgement comes from experience. Experience comes from bad
judgement." -- Jim Horningtr@samadams.princeton.edu (Tom Reingold) (08/04/90)
When there are problems with the mailing system, the postmaster gets
copies of private email mailed to him. It's analogous to falling in
his lap. It happened to me today. A friend had sent me mail, his
system provided a bogus address, I didn't get it, my postmaster did.
He handed me a printed copy. I was lucky that he could tell it was
intended for me. And I was lucky it wasn't very private in nature.
--
Tom Reingold
tr@samadams.princeton.edu
rutgers!princeton!samadams!tr
201-577-5814
"Brew strength depends upon the
amount of coffee used." -Black&Deckerpalkovic@linac.fnal.gov (John A. Palkovic) (08/07/90)
In article <902@lot.ACA.MCC.COM> ables@lot.ACA.MCC.COM (King Ables) writes: >In article <1990Aug2.003210.24459@cs.umn.edu>, iacovou@cs.umn.edu (Danny Iacovou) writes: >> first of all not only the >> postmaster but anyone with root permissions can read your mail. > [etc] I personally know of a person who lost their job because of something they wrote in an email message. It was read by a sys. admin type and reported to their superior. It happens.-- John Palkovic (708) 840-3527 palkovic@fnal.bitnet,palkovic@linac.fnal.gov University of Wisconsin-Madison {yclept,tellab5,obdient}!linac!palkovic & Fermilab, Batavia, IL Coor: 41 50 16 N / 88 15 46 W
pcg@cs.aber.ac.uk (Piercarlo Grandi) (08/07/90)
Tom Reingold (tr) writes:
tr> When there are problems with the mailing system, the postmaster gets
tr> copies of private email mailed to him. It's analogous to falling in
tr> his lap. It happened to me today. A friend had sent me mail, his
tr> system provided a bogus address, I didn't get it, my postmaster did.
tr> He handed me a printed copy. I was lucky that he could tell it was
tr> intended for me. And I was lucky it wasn't very private in nature.
Only a fool would send private mail or keeps private files on systems
where any root user can read any file (and it is fairly easy to become
root), especially if such systems are networked, and NFS is used or PCs
are connected to the wire. You can be nearly sure that somebody will be
snooping the wire all the time, for example.
I would like every new user on every computer or network system that is
not certified for multi level security to receive a large sign saying:
Don't count on privacy. At least the system manager
can always read your plaintext files and mail.
Systems that give dependable privacy cost *a lot*, even more than you
think.
--
Piercarlo "Peter" Grandi | ARPA: pcg%cs.aber.ac.uk@nsfnet-relay.ac.uk
Dept of CS, UCW Aberystwyth | UUCP: ...!mcsun!ukc!aber-cs!pcg
Penglais, Aberystwyth SY23 3BZ, UK | INET: pcg@cs.aber.ac.uk