acm - an acm publication


Question time: online privacy

Ubiquity, Volume 2000 Issue July, July 1 - July 31, 2000 | BY UBIQUITY 


Full citation in the ACM Digital Library

Who should be able to read your e-mail? Your government? Your employer? Do we need new laws to protect privacy in the information age?

The law is the law

Reading Robert Tannenbaum's article (Theoretical Foundations of Multimedia, Ubiquity August 1-7) on the concerns of a slow, conservative legal system, followed swiftly by the responses to the issue of online privacy, I get the distinct impression that the electronic community wants some specific legal framework on which to base its ethic. I would suggest that we already have the framework, one that is not a knee-jerk response to a new problem. Why should there be a distinction between e-mail and US mail? Why can we not apply the same legal framework? It is illegal in this country to tamper with the US mail while in transit. There is no reason why e-mail could not be afforded the same right. There is no law concerning the privacy of contents of mail before being mailed or after it has been delivered and opened. At those points it is not legally mail. If you leave copies of your incoming or outgoing correspondence on a corporate-owned machine it is not in transit, it is not e-mail, it is simply a copy of a document. It is not afforded the same protection as e-mail. To use existing mail law to protect e-mail would imply protecting en route and not at the desktop. In a similar way I would argue that software piracy is simply theft, hacking is either unlawful entry with intent or espionage/terrorism depending on the scope and the target. A similar connection can be made for most e-issues. For a community that has spent the last 20 years promoting code reuse, do we really mean it when it comes to the law?

-- Peter Cooper

FBI's Carnivore devours privacy rights

Without going into detail, I agree with some of the posted comments and disagree with others. As a preface, let me state that I am a leftover from ARPANET, thus not new and wet-between-the-ears. The subject of privacy must be addressed in its various contexts.

  1. Using an employer's facilities for private e-mail should not be condoned even if the employer has not published a stated policy. At work, one is paid to devote their efforts on the employer's behalf -- not on personal affairs. I do have difficulty with environments that employ keyboard sniffers and other big-brother watchdogs. If an individual does not have the appropriate ethics to conduct oneself on one's employers behalf then that individual has serious problems.

  2. Personal e-mail conducted on one's own personal system and on one's own time -- either at home or at a public terminal (library, cyber cafe, etc.) -- should enjoy a modicum of privacy. In this, I disagree with one writer regarding recording of phone conversations. But then, I live in a state, Maryland, which requires that both parties be aware of a telephone conversation being recorded.

  3. I am deeply concerned over the FBI's Carnivore program for the following basic reasons: a) there are technical fallacies in their statements regarding what will be captured by Carnivore, and b) any reasonably knowledgeable bad guys will have no problem circumventing the objective of the system leaving the public's personal mail open to others. So, what will Carnivore really accomplish? Further, those who created Carnivore have demonstrated their ignorance of both the ACM and the IEEE Code of Ethics. In this same context, I am deeply disturbed over the legislation recently passed in the UK. Both the UK's RIP Act and Carnivore are examples of hype and hysteria compounded by unbelievable ignorance on the part of their proponents.

-- Paul D Lane

Mind your own business, boss

E-mail created at work or on a machine supplied by my employer for work is open to review by my employer, but not by the government. E-mail created on my home computer and not connected with work should be as private as my regular mail. Violation of the privacy of my e-mail should carry the same penalties as violation of the privacy of my regular mail. Governments should need warrants to read my e-mail, either work-related or home-related. My employer should not have access to my e-mail that is not done on his equipment or at his request. No one should have access to copies of my e-mail left on servers without a warrant directed at me.

-- Albert W. Harrell

And don't look in my briefcase, either

While we must display an ID on our vehicle while driving, the mapping from that ID to a person is a privacy-protected mapping. In general, if I have your license plate number, I cannot legally determine who you are, where you live, what your phone number is, etc. Knowing that I am [email protected] does not entitle you to read my e-mail, the files on my machine, or anything else. You may send me e-mail, but no other rights are conferred by knowing that ID. . . . I think that at worst (best is total privacy unless there is suspicion of crime) the company's right to read the e-mail of its employees should be limited to exactly those limitations that would apply to reading the contents of a briefcase the employee takes out of the company. This means that beyond issues of the impact on the company (for example, reading a novel on company time is Bad; having the novel in my briefcase and reading during lunch is OK), "censorship" of the contents of the e-mail becomes questionable. Could a company fire an employee for having a sexually explicit magazine or novel in a briefcase? Probably not. But the extension to e-mail does not seem consistent. . . . The right to privacy is a traditional right, but it has been pointed out that it is not a Constitutional right. And while we have a body of law that enforces what we treat by consensus, this body of law has not kept up with the technology.

� -- joseph m. newcomer

As Simple as A-B-C-D

No one is entitled to read my personal mail. A) Use of computer terminals at work for generating personal e-mail should be either specifically forbidden by the company, or should be private and not intercepted by the company. B) The government, unless it is the employer, never has any right to see the content of personal mail. C) Business mail is not private and should be both interceptable and reviewable by the company for which we work. D) The government, unless it is the employer, has no review rights or authority. I would have thought the above are self-evident. We do need to create a mechanism to indicate, on an electronic envelope, that the contents are private and not to be reviewed.

-- Leon Rogson

You'll Need a Search Warrant to Read This

The government should be able to read our e-mail -- or browse our hard drives -- only under the most extreme circumstances, and after getting a search warrant that clearly identifies what will be looked for and what will be looked at. The employer owns the computer system on which an employee receives e-mail, so that e-mail should be only for business purposes, and the employer is within his/her rights in verifying that this is the case.

-- Mary Forsht-Tucker

The Internet Driver's License?

Before addressing privacy on the Internet, we must first understand why we feel e-mail is something private. Part of the dilemma is that we have had at least 6,000 years to evolve the notion that what we do within the walls of our "castle" is private. No one can see nor hear us when we are within our walls. For someone to know about the activities within our walls one had to peer inside and that is considered to be an invasion of privacy. Today, because we write our e-mail while within the protective womb of our walls, we feel that we are doing something private. Another part of the problem is that United States citizens have lived with the idea that the U.S. mail is protected and private. US citizens have summarily extended this "right" to private communication to e-mail. As a nation we have decided that the US mail is private and should be protected by laws, which we saw fit to pass into being. These laws and protection do not extend to cyber-mail. We believe that because the word "mail" is in the phrase "electronic mail" and because we create these e-mails in the privacy of our walls, that e-mail is private and should be viewed in the same context as the US mail. With the above justifications, it is easy to see why we feel e-mail is private once we send it into cyberspace. For the most part, when in public the right to privacy extends only to your private property and the US mail. Once we step outside we are in the public eye and have no expectation of privacy. When we send an e-mail, it goes into the public arena and by definition is not private. It is no more private than a conversation held in a baseball park. Even phone conversations are not private. Many states have laws on the books that indicate the recording of phone conversations is legal as long as at least one of the parties taking part in the conversation is aware of the recording. Using cyberspace should be viewed in the same context as driving your car. I have not encountered anyone concerned about having his/her vehicle ID on display for everyone to view. Nor have I heard anyone voice concern about others being able to view inside their vehicles while on public highways. This is because we have no expectations of privacy while in public. It is also interesting to note that while we feel comfortable with our vehicle ID being on public display, we do not feel that this concept should be applied to our cyberspace activities. Keeping in mind that cyberspace is a reflection of a society, there will be people forever engaged in nefarious activities. This being a given, I believe that there should be a requirement in place for an Internet driver's license. Without an Internet driver's license how will law enforcement be able to track down the "bad guys?" In summation, we cannot reasonably expect to extend our right to privacy into cyberspace without legislative activity on the part of our government. Without some cyber-governing body in place, we cannot expect law enforcement agencies to police cyberspace.

-- Gene Sheppard


Leave this field empty