[BUGS] Assumed Privacy of E-Mails?

jonathan michaels jlm at caamora.com.au
Thu Apr 10 10:25:21 EST 2008 

On Thu, Apr 10, 2008 at 08:20:14AM +0930, Piers Rowan wrote:
> Edward Irvine wrote:
> >
> >
> > Conclusion
> > ----------------
> >
> > In short, there can be no realistic expectation of privacy with email. 
> > Pretending 
> > there is is not a realistic expectation. Educate users, up front and out 
> > loud, that email is like a postcard, that it is *not* private 
> > communication, and
> > that there is nothing anyone can do about it.
> >
> 
> "...there can be no realistic expectation of privacy with email...."
> 
> I think that this statement hit the nail on the head. It is however 
> human nature that many people try to filter / block / legislate that 
> which is unable to be completely filtered / blocked / legislated against.

this very discussion was had nearly 20 years ago, back then it
concerned the transmission of pornography (as i recall it) over
a bulleting board system(s) mail traversal system. it ended up
in a social conflagration about personal privacy and teh the
american concept "freedom of speach".

cutting a long story somewhat short, as regards this whole
discussion, there is one thing teh do gooders, teh h&r types
have missed completely is that there is absolutely no concept
of privacy in any form of electronically transmitted "mail",
material, any form of content at all unless and untill all
electronic mail is 1/ cryptographically encoded/encrypted 2/
cryptographically signed (i think is teh term) and then this
'package' is attached to a simple envelope 'header' to get teh
'package' to its final recipient.
 
> Another idea that I heard somewhere was that email was private in 

say teh people who havent heard of teh concepts of piggy in teh
middle  (or what ever teh contemptious politically corrected
term is these days) method of capturing any data stream while
it is being transmitted from any point 'a' to point 'b'
waypoints in teh data streams passage from sender to recipient.

> transport (like traditional mail). So an employer could not look at it

see, this is teh whole problem/"issue" electronic mail is
absolutely nothing like "(like traditional mail)" at all unless
and untill all electronic mail is 1/ cryptographically
encoded/encrypted 2/ cryptographically signed (i think is teh
term) and then this 'package' is attached to a simple envelope
'header' to get teh 'package' to its final recipient.

because this is how traditional mail is delivered .. you write
your letter (teh private bit/the content bit) then you put it
in an envelope, the privacy ensuring mechanism , then attach
teh address to be delivered to on teh front and the senders
detail on teh back ... once this same kind of mechanism is
emploved to deliver the electronic mail, then you will have teh
expectation of privacy.

using 'technology' to "ensure" privacy is a furfey assumed
technologically ignorant epople and or teh fuctionally
illiterate .. of which i am one, it took me many years to
understand this simple concept, i read many witepapersh many
books and when a disacussde this witha friend in terms of teh
basic paper mail analogy .. tehn teh penny dropped !!! for me
at any rate. 

> until after it was delivered. I think this has something to do with a 
> private communique becoming a file on someone's (the employer) property. 
> If you have a P&C letter deliver to work (eg: you latest ebay purchase) 
> and you choose to leave it on your desk for all to see then you cannot 
> expect any privacy, however you could expect a degree of privacy in that 
> it should not be opened before you receive it (unless this has been 
> communicated to you in policy & employment contract that no personal 
> mail is to be delivered to your place of work).
> 
> With this transition (an email traversing the net and becoming a file on 
> the company's server) is a transfer of responsibility to the employer. 
> For example if the email contained a fathers day picture from a man's 
> daughters titled do_you_like_your_little_girls.jpg and the sys. admin. 
> took the file name to mean something disgusting / offensive / etc and 
> that had a negative impact on them then it would be the liability of the 
> employer for exposing the employee to the material.

this is a sad commentary on our societies more's and has
nothing to do witht he discussion at  hand unless we are
discussing mail content .. again this would nto be a problem if
teh content were encripted and all that was displayed was tehg
senders detail/recipients details, like in a real mail item,
with its envelope, etc. 
 
> The 3rd issue is how it is handled - for example the Sys Admin reports 
> the material to the IT Manager who tells her to "...get over it..." 
> because they do not see the issue. Sure this manager may be the best and 
> the brightest @ IT but that leaves no real account for their competence 
> at HR. This is a typical issue as people can take offence / go on compo 
> / etc for how things are handled (not just the content matter itself). 
> [This can be a causative factor or more likely a factor that exacerbates 
> existing factors].
> 
> One Remedy:
> 
> @ induction tell new employees that:
> 
> * All business systems are provided solely for the activities of the 
> business
> * No business system is considered private from a personal POV
> * This includes your email account and any activity on the web

i asked around abit and most of teh people that i asked told me
that teseh days this is teh case i.e. employees are informaed
of teh responcibilites with respect to themselvs, teh company
and its hardware .. no private electronic mail, they go further
to deinef what private means.

it is not possible to legislate fro peoples stupidity and or
'greed' however ones describe concept of 'getting away with
some of teh employers stuff'. back when i started this meant
paper. pens, general stationary, latter the odd soldering iron,
stuff for my hobby projects and so on untill i got to teh
computer age at my last contract .. i was teh only person in
teh office that had a virtually zero content foot print on teh
companies mail servers. we were actually given a private mail
alolocation that we could use as we saw fit, as long as it
didn't contain 'porn'/illegal stuff, we were also told that
this chunk of network folders would not be part of teh nightly
network backup .. pretty enlightened i guess.
 
> And the other one:
> 
> "Yes, it says "My Computer" on the screen but it isn't".
> 
> 
> Sorry for the long post from a list lurker..!

don't apologise for being able to write, it is a dying art in
this so called 'computer age' were poor writing/communications
skill are covered up as brevity or worse still 'efficient
communications' it is no wonder teh is so muc missunderstand
int eh world today .. my own chunk excepted.

i'd give my eye teeth to be able to write properly and to
communicate, one day i will, it is a slow process i need to
persist, as we all do, in teh face of this whole misare.

keep up teh good work

kind regards

jonathan 

-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====

More information about the BUGS mailing list