E-mail Privacy

Thu May 30 03:05:27 AEST 1991

The ethics and legality pertaining to the privacy of electronic mail are
subtle and important issues.

As regards ethics:

Surely, the ethicality of reading other people's mail depends upon
the specific setting.  Where a machine is owned by a commercial or government
enterprise and is clearly provided as a tool for the work of its employees,
there may be grounds for acting as if all information on that machine is
the property of the collective body concerned.  However, given the scope for
ambiguity here, it would still seem desireable to somehow make this explicitly
clear to users--as, for example, with a one-line notice upon login or the
invokation of the mail program.  Where the rights and responsibilities of
all parties are spelled out in advance, there is less scope for ethical
murkiness.

Even where it was stated that a host could be used for personal communications,
there might be limitations placed upon users--as for example, with regard to
the amount of system resources (esp. disk space) to be allowed such uses.
This could lead to a situation where information would have to be archived
or destroyed to free communal resources.  Again, a clear (preferably written)
policy would help alleviate future problems.

As a joint system administrator/researcher in an academic research setting,
I personally feel it a sacred duty to avoid any situation where I could even
accidentally read another person's mail, which I consider to be private
information.  I am not certain that the Regents of UC share this opinion.  
Furthermore, I am troubled by the possibility that other users do
not share this point of view, and by the ease with which a determined user
could invade the privacy of others.  To the extent that I do not take
explicit action to prevent such abuses, I suppose that I share the blame.
One technical point which has been insufficiently discussed here is the
"secretmail" mechanism of certain (all?) UNIX hosts.  I have not experimented
with this, but as I understand, this uses a DES-like mechanism to send
mail securely.  I don't know how it is stored at either end (perhaps the
encryption applies only to transmission?).  A good technical discussion
is in order here, conducted by someone more knowledgable than myself.

As regards legality: the discussion thus far has been notable for the lack
of participation by someone with legal training.  Does anyone know a lawyer
who might be interested in providing a more informed opninion on this point?

Cheerio, Rick Rodgers
R. P. C. Rodgers, M.D.         (415)476-2957 (work) 664-0560 (home)
UCSF Laurel Heights Campus     UUCP: ...ucbvax.berkeley.edu!cca.ucsf.edu!rodgers
3333 California St., Suite 102 Internet: rodgers at maxwell.mmwb.ucsf.edu
San Francisco CA 94118 USA     BITNET: rodgers at ucsfcca