[BUGS] Assumed Privacy of E-Mails?

Wed Apr 9 15:27:21 EST 2008

On Wed, Apr 09, 2008 at 02:37:09PM +1000, Edwin Groothuis wrote:
> On Wed, Apr 09, 2008 at 01:39:42PM +1000, Jerahmy Pocott wrote:
> > Not a technical question here, not really bsd specific, but since many  
> > people here admin mail servers and such..
> > 
> > The question is about the privacy expectations of assumptions of your  
> > e-mail, okay so we all know that anything you send in the clear over  
> > the internet is pretty much not private, but we also pretty much  
> > expect that only the recipients are going to read our mail, right?
> > 
> > Now what about a company account? Do you expect mails sent or received  
> > via a company address to be private? Some companies I'v worked for  
> > have had clauses in their employee agreements like "while your company  
> > address is private, your mail may be viewed by system administrators  
> > inadvertently and will be surrendered if by court order" etc etc.. But  
> > others have had nothing.
> > 
> > Obviously I'm not a lawyer and don't really know the legal ins and  
> > outs of it, but if you haven't got them to sign an agreement and you  
> > went and read their mail or made it available to others or even just  
> > printed a list of the addresses they had sent or received mail to/from  
> > that would be some sort of violation of privacy?
> 
> There is a difference between "me reading your email for fun and
> profit" and "me reading your email because something is wrong with
> the mail system which I'm administring and I'm trying to figure out
> what is happening.". The first one is a privacy violation, the
> second one is normal operations.
> 
> If you want an analogy with the non-IT world: "the postman reading
> your read postcards and discussing the places where you have been
> with friends" and "the postman looking over the card to figure out
> where the address is written down".
> 
> 
> Signing or not signing an agreement about it will not help you much:
> If a court-order comes in to handover information then you have to
> comply within the law. If I accidently read something in your email
> while investigating the problem which is related to a criminal
> action, I have to act on it otherwise I will be liable as well. Of
> course the first thing is get rid of the responsibility by shoving
> it to my boss and let him deal with it. But it won't be the thing
> I will be looking for.
> 
> 
> The company you work for owns the equipment you work with and is
> responsible for it. It is responsible for the things you do during
> your work and for the communications you have during your work.
> 
> 
> Do what your parents taught you: keep business and pleasure, or
> work and private life, seperated.

i've left the above bit intact in an effort to make my bit make
some sence .. this communications things gets so hard some
times, too hard to meka it worth the effort, sell some times...

i was involved in a situation (with a client) a while ago that
lead to laywers being involved, at ten paces so to speak.

as far as i can remember the final outcome is that underlaw
(aust commwealth law) there is no expectation of privacy
attaxhated to "electronic mail" be it bbs (the old style
bulletin baord systems) netmail delivery system or teh now
called elactronic mail delivery systems .. why ? because the
"electronic mail" is not accordered teh privilege attached
letter based mail, i.e, paper and ink type mail, because it is
not on paper . i don't think that this has been changed in teh
commonwealth statutes. it is written on paper and put in an
envelope ergo privacy asured, to get teh same level of privacy
one need do teh same electronicly. write letter,
cryptographically encode teh letter and send teh encoded text,
you are assured (within reason) of teh privacy of your post and
it could be argued legally that you have teh expectation of
privacy because you 'hid' you plain text post from 'plain
sight' so to speak. i think that this is what is at stake
concerning the whole concept of teh expectation of privacy,
plin text cannot be private, nor does it have the expectation
of privacy legally .. teh endusers expectation is another
thing.

endusers need to be educated as to what the situation is or
they will get really weird about thier ideas concerning what
they think is private and what is not private, legally these
two things are completely differenct and seperate. 

ok this leaves teh question open aboout how to keep your mail
"private" there are two simple ways of keeping yoru mail
private, the forst is teh most simple but most awkward, do not
send it !!!

the second is the only way to ensure the privacy of ones mail
is to send it encripted, if you do not want your mail to be read
then encrypt it.

this discussion about whats legal and whats not means nothing
unless its on letterhead and compay seal od .. pick your
faverite laywers. while this discussion can go on forever it
will not resolve anything, unless it is compared to the
relevent statutes or an opinion is given by a member of teh
court as teh americans would put it .. something like that. 

sorry fro using so many words, if you really need an opinion go
to a laywer get an opinion in writing then you will know where
you stand otherwise it is all conjecture, mealyr conjecture,
that does more damage that teh 'confusion' it might clear up. 

apologies for being a wet blanket,  on teh disusion, i thought
i knew the law before i get entangled with my client, it tirned
out that i was more right than being wrong but at teh end of
the day itwas teh client who walked because his expectations
were not meet, it is those expectations that need to tempered
with current legal precepts not the chatroom banter.

most kind regards and sincere appreciations.

jonathan

> At least my 2 cents, Edwin

perhaps another 0.2 cents ?

-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====