barry@ames.UUCP (Kenn Barry) (04/17/86)
From John Gilmore (hoptoad!gnu): >I posted something earlier that said basically "if you ask me to relay mail >at my expense, don't expect privacy". I got three or four responses, >none of which understood my position. Let me try again. > > If you send mail through other peoples' machines, *don't expect* it to be > private. No argument. I see a lot of difference between this statement, though, and the earlier article. There's a world of difference between a simple *caveat emptor*, and saying "if you're that dumb, I have a right to exploit it." More below. > Furthermore, if I am in business and my >competition is dumb enough to pass sensitive data through my machine, >at my expense, why should I ignore this? Sense of fair play? Or is that obsolete? Here's an example for you: it's well known that con men depend on the greed and stupidity of their victims, and some of them are quite vociferous in defending their own morality on that basis. What's your opinion? I once had a burglar who'd ripped off my apartment the previous day call me in the middle of the night to inform me it was my fault I was hit. He told me that the lock on my door was a joke (probably true), and I had no right to expect anything else. What's your opinion? I know these aren't perfect analogies; con games and burglaries are illegal, reading others' email is not. But it's not a legal point I'm trying to make, it's one of ethics and simple good taste. Even as a matter of law, though, I would suggest that you not mention it publicly if you gain some benefit from reading competitors' email. Computer privacy law is mostly untested, and you can never be sure what precedents some judge might decide were relevant if you were taken to court. Perhaps a lawyer could comment on this point. >I could try to make a case that innocently reading mail in transit is like >amateur computer hacking: it keeps people honest so they don't get burned >by *serious* spying, hacking, etc. But I won't; I don't need to. If >you want to be absolutely *sure* I won't read your email, don't send it >through hoptoad. I won't. But wouldn't it be simpler, since you seem to be a small site, to just be a leaf node? As you yourself point out, forwarding mail that's neither from nor to your site gains you nothing but phone bills. I may be wrong, but I'd be surprised if your feeds would demand more of you when your resources are limited. I also can't see what service you provide the rest of us by forwarding mail if you're going to pick and choose what mail is worthy to forward. Why bother? My statement that I won't send mail through hoptoad is not temper, it's practicality. I get no benefit from having my mail swallowed up without trace, and I have no desire to burden a minor node with my mail if they can't afford to forward it. >PS: Mail policy at Sun was twofold: > >(1) Anyone caught snooping through anyone else's personal mail would be fired. >(2) Don't send very private stuff through email because it fails, gets >misrouted, bounced, etc and could be disclosed even without anyone's >malicious intent. > >I think it's a good policy. Me, too. But, how does this square with your stated willingness to check out the mail of any competitor dumb enough to route sensitive information through your site? I know there can be an honest difference of opinion about what the proper tradeoffs are between system costs/security, and the cooperation and courtesy we have a right to expect from any site that voluntarily participates in the net. But I honestly can't think of a worse way to handle this problem than what you appear to be suggesting: that every site, really every SA, decide on a case-by-case basis what they will forward, and what they won't. As a responsible SA, I hope you will seriously consider what the likely end result would be if every site took an "I'll think about it" policy to the forwarding of mail. And as for privacy, you said it yourself: no one can keep you from reading others' mail; the corollary is that no one can *make* you read it, either. If you seriously assert the right to take advantage of someone else's carelessness by reading private mail in pursuit of business success, I hope you're prepared to accept that others will judge you *personally* for it. "Everybody does it" cuts no ice with me, and has the nasty ability to become a self-fulfilling prophecy when it's asserted publicly. If I am still misinterpreting your position, my apologies. Your article doesn't state you'd ever refuse to pass on anyone's mail, but it's certainly implied that one of your reasons for watching mail through your site is to decide if you want to let it pass. Further clarification will be welcome if this is not the case. - From the Crow's Nest - Kenn Barry NASA-Ames Research Center Moffett Field, CA ------------------------------------------------------------------------------ ELECTRIC AVENUE: {ihnp4,vortex,dual,hao,menlo70,hplabs}!ames!barry
tim@ism780c.UUCP (04/23/86)
In article <1480@ames.UUCP> barry@ames.UUCP (Kenn Barry) writes: >> >> Furthermore, if I am in business and my >>competition is dumb enough to pass sensitive data through my machine, >>at my expense, why should I ignore this? > > Sense of fair play? Or is that obsolete? Here's an >example for you: it's well known that con men depend on the greed >and stupidity of their victims, and some of them are quite >vociferous in defending their own morality on that basis. What's >your opinion? I don't think the con men analogy is correct. It would be correct if I called up a machine at my competitors, noticed that they had no root password, logged in as root, and read secret files. They _are_ being stupid for doing this, but I would not feel right about reading their stuff. But the E-mail case is different. They are the ones putting their stuff on my machine. It seems to me that they are the ones taking advantage of me! They are using my machine to compete with me. If they are dumb enough not to encrypt their data, then I see nothing wrong with reading it. -- Tim Smith sdcrdcf!ism780c!tim || ima!ism780!tim || ihnp4!cithep!tim
barmar@mit-eddie.MIT.EDU (Barry Margolin) (04/25/86)
In article <1974@ism780c.UUCP> tim@ism780c.UUCP (Tim Smith) writes: >But the E-mail case is different. They are the ones putting their >stuff on my machine. It seems to me that they are the ones taking >advantage of me! They are using my machine to compete with me. If >they are dumb enough not to encrypt their data, then I see nothing >wrong with reading it. By that reasoning, it would be OK for a mail order company to use the credit card number I conveniently provided them in order to make purchases from my account. Whether or not it is wise of me to make such purchases using a credit card rather than a check, the fact remains that it is wrong of them to take advantage of it. If you advertise your willingness to pass on mail, I think it would not be unreasonable of me to expect you to act in good faith. However, I agree with the opinion that it would be stupid to make such an assumption if you were a competitor of mine. Corporate spying may sometimes be unethical, but it takes place nonetheless. -- Barry Margolin ARPA: barmar@MIT-Multics UUCP: ..!genrad!mit-eddie!barmar