Date: Mon, 02 Aug 93 16:43:29 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#007 Computer Privacy Digest Mon, 02 Aug 93 Volume 3 : Issue: 007 Today's Topics: Moderator: Dennis G. Rears Re: Computer Privacy Digest V3#006 Re: First Person broadcast on privacy Re: First Person broadcast on privacy Re: First Person broadcast on privacy at work Re: America Online censor Censorship The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Fri, 30 Jul 1993 18:25:17 -0500 From: "Patrick A. Townson" Subject: Re: Computer Privacy Digest V3#006 > Todd Jonz wrote: > I agree with your basic premise that all company resources belong to > the company, may only be used as sanctioned by the company, and may be > monitored, accessed, and controlled as deemed appropriate by the > company. However I find it difficult to apply a common standard to > seemingly similar situations. If we assume, for sake of argumument, > that it's acceptable for my employer to monitor and access my > "private" e-mail, then: > o Is it also acceptable for my employer to do monitor my telephone > calls as well? It is, after all, their telephone, and they put it > on my desk for business use. Does this then give them the right to > monitor my calls, with or without my knowledge? Yes, it is acceptable for the company to monitor phone calls. In response to the argument that one's personal calls might be overheard, the answer is that personal phone calls have no place on company phone systems. Make your personal calls from the payphone in the cafeteria or employee lounge, etc. It is very unlikely the company monitors or 'taps' those lines. The company does have the right to insure that phone calls from customers (as one example) are being dealt with in an accurate, effecient and courteous manner; thus, they can listen to the phone calls. > o How about voice mail? Isn't voice mail the moral equivalent of > e-mail that just uses an alternate storage and I/O format? Should > different rules apply to voice mail and e-mail? By the same reasoning as above, are employees handling their voicemail correctly? Are customers who leave messages in voicemail getting prompt and accurate callbacks? > o Let go the limit: when the mail robot stops by and I drop a bill > payment in the "Outbound" box, does my company have the right to > open it? (Please, debate the ethics, not the legalities; I'm not > sure when the mail in this box formally becomes U.S. Mail with > which it would be illegal to tamper.) Does the company normally open all mail at a central source regardless of who it is addressed to? In some mail rooms (here it depends on the size of the company and the nature of the business) all *incoming* mail is routinely opened by a letter-opening machine and given to clerks (sometimes known as 'readers') who examine it for payments sent in by customers along with other correspondence, etc. If it is a routine type of thing (change of address for customer, etc) it may go to a data entry person and never reach the person to who it was addressed at all. Did you put a stamp on the letter or are you expecting the mail room to meter it? I would say the company has the right to open mail addressed to itself or sent by itself, particularly if you are asking the company to pay for the postage. > o How does the previous example change if the "Outbound" box is, by > policy, for business related mail only, but I ignore policy and use > it for personal use? Have I relinquished any rights? If it is for business mail only, then the presumption is a letter in the box is a business letter; the company has a right to examine letters written in the coduct of its business. Like the personal phone call, the personal letter has no place in company facilities. I am sure the company does not examine what is in the mailbox outside the building any more than they listen to calls on the payphone in the lunchroom. > I'm not as interested in who has what rights as I am in how anyone can > justify applying *different* policies for these various scenarios. It > seems to me we need a single, consistent policy that covers all these > bases. I don't really think you want what you are asking for. 'Single and consistent policies' tend to work to the employer's favor, not yours. If you tell your employer you don't think he is being consistent by examining your email but not listening to your phone calls, your employer might well decide to start listening to phone calls as well in order to provide that consistency which is so important to you. Ask why he doesn't open your personal mail as well, and he'll start doing that also. If there must be a single consistent standard, it should probably be that company facilities are subject to inspection by the company at any time. If you'll be so kind as to not remind your employer of his rights when he forgets to exercise them, your fellow employees will be very grateful. Patrick Townson ------------------------------ Date: Sat, 31 Jul 93 04:12 GMT From: Christopher Zguris <0004854540@mcimail.com> Subject: Re: First Person broadcast on privacy I didn't see the piece, but I have to think the whole concept of having "privacy" on a company computer network is kind of iffy. Even if the company is legally prevented or restricted, that won't stop someone - say, another employee - from snooping. We all know there's always someone smarter out there who'll find a way to break ANY sort of system. By the same token, exposing these facts forces people to realize what private really means and how to take steps. Making snooping illegal won't stop it. I don't want to pick a fight, but I think in general there is a certain "trust" in technology to be more secure than it really is, and people should certainly know the facts about the real security of the technology they use. For example, cellular phones have been monitored for a long time because they operate in readily-tunable frequencies. This is now becoming an issue because it has become public knowledge- the result is pressure on cellular providers to go with digital cellular to help keep calls private. Christopher Zguris CZGURIS@MCIMail.com ------------------------------ From: John De Armond Subject: Re: First Person broadcast on privacy Date: Sat, 31 Jul 93 20:51:05 GMT Organization: Dixie Communications Public Access. The Mouth of the South. Todd Jonz writes: >I agree with your basic premise that all company resources belong to the >company, may only be used as sanctioned by the company, and may be monitored, >accessed, and controlled as deemed appropriate by the company. However I find >it difficult to apply a common standard to seemingly similar situations. If >we assume, for sake of argumument, that it's acceptable for my employer to >monitor and access my "private" e-mail, then: > o Is it also acceptable for my employer to do monitor my telephone > calls as well? It is, after all, their telephone, and they put it > on my desk for business use. Does this then give them the right to > monitor my calls, with or without my knowledge? Yes. And many companies do. > o How about voice mail? Isn't voice mail the moral equivalent of > e-mail that just uses an alternate storage and I/O format? Should > different rules apply to voice mail and e-mail? No, voice mail is just as monitorable as E-mail. > o Let go the limit: when the mail robot stops by and I drop a bill > payment in the "Outbound" box, does my company have the right to > open it? (Please, debate the ethics, not the legalities; I'm not > sure when the mail in this box formally becomes U.S. Mail with > which it would be illegal to tamper.) > o How does the previous example change if the "Outbound" box is, by > policy, for business related mail only, but I ignore policy and use > it for personal use? Have I relinquished any rights? Yes, In my opinion, the company DOES have the moral right to examine any mail placed in its outgoing mail facility. How do I (as management) know that the envelope actually contains a payment and not proprietary information? >I'm not as interested in who has what rights as I am in how anyone can justify >applying *different* policies for these various scenarios. It seems to me we >need a single, consistent policy that covers all these bases. You can't. The owner of the facility has the right to do with it as he pleases. Maybe it is because I've worked in government classified facilities where it is always assumed that ANYTHING can be and usually is monitored, but I just don't see the beef. If you want private E-mail, rent an account on a system unrelated to work. If you want private voice-mail, do the same. And if you want private paper mail, drop it in a US Postal service box. IF working for a company that monitors its communications facilities bothers you, either make a case to the company to change the policy or find another employer. John -- John De Armond, WD4OQC | (Pardon the inconvenience while we Performance Engineering Magazine(TM) | remodel this .signature) Marietta, Ga | jgd@dixie.com | ------------------------------ From: Stephen M Jameson Subject: Re: First Person broadcast on privacy at work Date: 2 Aug 93 12:45:04 Organization: GE Advanced Technology Laboratories In article tmis1692@altair.selu.edu writes: > After all it is the employers computer and it is the employers right to know > what is there. Simply, don't put your private information in the company's > computer. > > Kevin Calmes - TMIS1692@selu.edu > I am curious about something. This seems like a perfectly reasonable argument to me, and I have never seen even an incoherent rebuttal to it, yet people keep debating the issue as though this idea had never been advanced. In all seriousness (i.e. non-rhetorical question here) I ask those of you who like to talk about "privacy rights" on company-owned computer systems: 1) Have you never heard nor thought of this line of reasoning? 2) If so, do you know of a reasonable rebuttal? Responses by email are welcome. -- Steve Jameson Martin Marietta sjameson@atl.ge.com Advanced Technology Laboratories Moorestown, New Jersey **************************************************************************** ** . . . but I do not love the sword for its sharpness, nor the arrow ** ** for its swiftness, nor the warrior for his glory. I love only that ** ** which they defend . . . ** ** -- Faramir, "The Two Towers" ** **************************************************************************** ------------------------------ Date: Sat, 31 Jul 1993 9:55:36 -0400 (EDT) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: Re: America Online censor In Computer Privacy Digest V3 #005 Matthew Lyle writes: >Christopher Zguris <0004854540@mcimail.com> writes: >> I've seen this issue about PRODIGY and AMERICA ONLINE come up over >>and over- censorship, reading mail, forcing users to adopt double-speak for >>words the system (big brother?) finds offensive. My question is this, _WHY_ >>does PRODIGY and AMERICA ONLINE management find it necessary to go to all >>the trouble and expense of scrubbing their system to keep it "clean" to >>their specs (are they employing humans to bounce "offenders" off, or simple >>keyword-checking by computer- either way there must be people being paid to >>do this nonsense)? >I'm a charter subscriber of AOL and I have never seen AOL take any >actions that are inconsistant with their Terms of Service. Admittidly >some of the terminology is the TOS is a little broad but I haven't >seen them abuse it. >Here are a couple of excerpts, cut and pasted, from AOL's Terms of Service. >ONLINE CONDUCT > >Any action by a Member that, in AOL, Inc.'s sole opinion, restricts or >inhibits other Members from using and enjoying America Online (such as >but not limited to, the use of vulgar language; inappropriate screen >names; committing, or discussing with the intention to commit, illegal >activities), is strictly prohibited. Member specifically agrees not to >submit, publish, or display on America Online any defamatory, inaccurate, ^^^^^^^^^^ That is a VERY broad word. Just what does inaccurate mean in this situation? If, in the course of a discussion, I make a mistake on something, I expect to be notified about it by the person to whom I'm corresponding. If I state that New York City is the cleanest in the world, which is totally inaccurate, will AOL cancel my membership? Technically, I've violated that word. >abusive, obscene, profane, sexually oriented, threatening, racially >offensive, or illegal material; nor shall Member encourage the use of >controlled substances. I won't disagree with most of the words above, but what is illegal in this context? Is it something that has been prohibited by law from somewhere? >Transmission of material, information or software in >violation of any local, state or federal law is prohibited and is a breach >of the Terms of Service. Member specifically agrees not to upload, post or >reproduce in any way any materials protected by copyright without the >permission of the copyright owner. I have no disagree with this part but the rest is really broad-banded to say the least. As one person put it "...Sears and IBM are scared big time about a lawsuit..." but to use as broad a paintbrush as they did makes me wonder. Time to have a serious discussion with a friend who uses AOL. Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, LI, NY 11973 (516)-282-3093 Senior Technical Specialist: Scientific Computer Facility ------------------------------ Date: Sat, 31 Jul 93 14:37 EDT From: WHMurray@dockmaster.ncsc.mil Subject: Censorship I must be missing something. I do not understand the relationship between censorship on a public bulletin board and privacy. Is it because the censoring authorities have to read it in order to censor it? Is it because they are authorities? If I post to a public bulletin board, do not I then have an expectation that everyone, including the authorities, is going to read it? Is it because I use email to post and the authorities are not supposed to read email? Does anyone have evidence that they are censoring private email between consenting adults? Is email to a bulletin board as privileged as email between consenting adults? Must the authorities wait until it is publicly posted before censoring? I must be missing something fundamental. William Hugh Murray, Executive Consultant, Information System Security 49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840 1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL ------------------------------ End of Computer Privacy Digest V3 #007 ******************************