Date: Mon, 02 Aug 93 16:43:29 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#007
Computer Privacy Digest Mon, 02 Aug 93 Volume 3 : Issue: 007
Today's Topics: Moderator: Dennis G. Rears
Re: Computer Privacy Digest V3#006
Re: First Person broadcast on privacy
Re: First Person broadcast on privacy
Re: First Person broadcast on privacy at work
Re: America Online censor
Censorship
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Fri, 30 Jul 1993 18:25:17 -0500
From: "Patrick A. Townson" <ptownson@delta.eecs.nwu.edu>
Subject: Re: Computer Privacy Digest V3#006
> Todd Jonz <Todd.Jonz@corp.sun.com> wrote:
> I agree with your basic premise that all company resources belong to
> the company, may only be used as sanctioned by the company, and may be
> monitored, accessed, and controlled as deemed appropriate by the
> company. However I find it difficult to apply a common standard to
> seemingly similar situations. If we assume, for sake of argumument,
> that it's acceptable for my employer to monitor and access my
> "private" e-mail, then:
> o Is it also acceptable for my employer to do monitor my telephone
> calls as well? It is, after all, their telephone, and they put it
> on my desk for business use. Does this then give them the right to
> monitor my calls, with or without my knowledge?
Yes, it is acceptable for the company to monitor phone calls. In
response to the argument that one's personal calls might be overheard,
the answer is that personal phone calls have no place on company phone
systems. Make your personal calls from the payphone in the cafeteria
or employee lounge, etc. It is very unlikely the company monitors or
'taps' those lines. The company does have the right to insure that
phone calls from customers (as one example) are being dealt with in an
accurate, effecient and courteous manner; thus, they can listen to the
phone calls.
> o How about voice mail? Isn't voice mail the moral equivalent of
> e-mail that just uses an alternate storage and I/O format? Should
> different rules apply to voice mail and e-mail?
By the same reasoning as above, are employees handling their voicemail
correctly? Are customers who leave messages in voicemail getting prompt
and accurate callbacks?
> o Let go the limit: when the mail robot stops by and I drop a bill
> payment in the "Outbound" box, does my company have the right to
> open it? (Please, debate the ethics, not the legalities; I'm not
> sure when the mail in this box formally becomes U.S. Mail with
> which it would be illegal to tamper.)
Does the company normally open all mail at a central source regardless
of who it is addressed to? In some mail rooms (here it depends on the
size of the company and the nature of the business) all *incoming* mail
is routinely opened by a letter-opening machine and given to clerks
(sometimes known as 'readers') who examine it for payments sent in by
customers along with other correspondence, etc. If it is a routine
type of thing (change of address for customer, etc) it may go to a
data entry person and never reach the person to who it was addressed
at all.
Did you put a stamp on the letter or are you expecting the mail room
to meter it? I would say the company has the right to open mail
addressed to itself or sent by itself, particularly if you are asking
the company to pay for the postage.
> o How does the previous example change if the "Outbound" box is, by
> policy, for business related mail only, but I ignore policy and use
> it for personal use? Have I relinquished any rights?
If it is for business mail only, then the presumption is a letter in
the box is a business letter; the company has a right to examine
letters written in the coduct of its business. Like the personal phone
call, the personal letter has no place in company facilities. I am
sure the company does not examine what is in the mailbox outside the
building any more than they listen to calls on the payphone in the
lunchroom.
> I'm not as interested in who has what rights as I am in how anyone can
> justify applying *different* policies for these various scenarios. It
> seems to me we need a single, consistent policy that covers all these
> bases.
I don't really think you want what you are asking for. 'Single and
consistent policies' tend to work to the employer's favor, not yours.
If you tell your employer you don't think he is being consistent by
examining your email but not listening to your phone calls, your
employer might well decide to start listening to phone calls as well
in order to provide that consistency which is so important to you. Ask
why he doesn't open your personal mail as well, and he'll start doing
that also. If there must be a single consistent standard, it should
probably be that company facilities are subject to inspection by the
company at any time. If you'll be so kind as to not remind your
employer of his rights when he forgets to exercise them, your fellow
employees will be very grateful.
Patrick Townson
------------------------------
Date: Sat, 31 Jul 93 04:12 GMT
From: Christopher Zguris <0004854540@mcimail.com>
Subject: Re: First Person broadcast on privacy
I didn't see the piece, but I have to think the whole concept of having
"privacy" on a company computer network is kind of iffy. Even if the company
is legally prevented or restricted, that won't stop someone - say, another
employee - from snooping. We all know there's always someone smarter out
there who'll find a way to break ANY sort of system. By the same token,
exposing these facts forces people to realize what private really means and
how to take steps. Making snooping illegal won't stop it. I don't want to
pick a fight, but I think in general there is a certain "trust" in
technology to be more secure than it really is, and people should certainly
know the facts about the real security of the technology they use.
For example, cellular phones have been monitored for a long time because
they operate in readily-tunable frequencies. This is now becoming an issue
because it has become public knowledge- the result is pressure on cellular
providers to go with digital cellular to help keep calls private.
Christopher Zguris
CZGURIS@MCIMail.com
------------------------------
From: John De Armond <gatech!dixie.com!jgd@uunet.uu.net>
Subject: Re: First Person broadcast on privacy
Date: Sat, 31 Jul 93 20:51:05 GMT
Organization: Dixie Communications Public Access. The Mouth of the South.
Todd Jonz <Todd.Jonz@corp.sun.com> writes:
>I agree with your basic premise that all company resources belong to the
>company, may only be used as sanctioned by the company, and may be monitored,
>accessed, and controlled as deemed appropriate by the company. However I find
>it difficult to apply a common standard to seemingly similar situations. If
>we assume, for sake of argumument, that it's acceptable for my employer to
>monitor and access my "private" e-mail, then:
> o Is it also acceptable for my employer to do monitor my telephone
> calls as well? It is, after all, their telephone, and they put it
> on my desk for business use. Does this then give them the right to
> monitor my calls, with or without my knowledge?
Yes. And many companies do.
> o How about voice mail? Isn't voice mail the moral equivalent of
> e-mail that just uses an alternate storage and I/O format? Should
> different rules apply to voice mail and e-mail?
No, voice mail is just as monitorable as E-mail.
> o Let go the limit: when the mail robot stops by and I drop a bill
> payment in the "Outbound" box, does my company have the right to
> open it? (Please, debate the ethics, not the legalities; I'm not
> sure when the mail in this box formally becomes U.S. Mail with
> which it would be illegal to tamper.)
> o How does the previous example change if the "Outbound" box is, by
> policy, for business related mail only, but I ignore policy and use
> it for personal use? Have I relinquished any rights?
Yes, In my opinion, the company DOES have the moral right to examine any
mail placed in its outgoing mail facility. How do I (as management)
know that the envelope actually contains a payment and not proprietary
information?
>I'm not as interested in who has what rights as I am in how anyone can justify
>applying *different* policies for these various scenarios. It seems to me we
>need a single, consistent policy that covers all these bases.
You can't. The owner of the facility has the right to do with it as he
pleases. Maybe it is because I've worked in government classified facilities
where it is always assumed that ANYTHING can be and usually is monitored, but
I just don't see the beef. If you want private E-mail, rent an account
on a system unrelated to work. If you want private voice-mail, do the same.
And if you want private paper mail, drop it in a US Postal service box.
IF working for a company that monitors its communications facilities
bothers you, either make a case to the company to change the policy or
find another employer.
John
--
John De Armond, WD4OQC | (Pardon the inconvenience while we
Performance Engineering Magazine(TM) | remodel this .signature)
Marietta, Ga |
jgd@dixie.com |
------------------------------
From: Stephen M Jameson <sjameson@atl.ge.com>
Subject: Re: First Person broadcast on privacy at work
Date: 2 Aug 93 12:45:04
Organization: GE Advanced Technology Laboratories
In article <comp-privacy3.3.4@pica.army.mil> tmis1692@altair.selu.edu writes:
> After all it is the employers computer and it is the employers right to know
> what is there. Simply, don't put your private information in the company's
> computer.
>
> Kevin Calmes - TMIS1692@selu.edu
>
I am curious about something. This seems like a perfectly reasonable argument
to me, and I have never seen even an incoherent rebuttal to it, yet people keep
debating the issue as though this idea had never been advanced. In all
seriousness (i.e. non-rhetorical question here) I ask those of you who like to
talk about "privacy rights" on company-owned computer systems:
1) Have you never heard nor thought of this line of reasoning?
2) If so, do you know of a reasonable rebuttal?
Responses by email are welcome.
--
Steve Jameson Martin Marietta
sjameson@atl.ge.com Advanced Technology Laboratories
Moorestown, New Jersey
****************************************************************************
** . . . but I do not love the sword for its sharpness, nor the arrow **
** for its swiftness, nor the warrior for his glory. I love only that **
** which they defend . . . **
** -- Faramir, "The Two Towers" **
****************************************************************************
------------------------------
Date: Sat, 31 Jul 1993 9:55:36 -0400 (EDT)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Re: America Online censor
In Computer Privacy Digest V3 #005 Matthew Lyle <matt@ra.oc.com>
writes:
>Christopher Zguris <0004854540@mcimail.com> writes:
>> I've seen this issue about PRODIGY and AMERICA ONLINE come up over
>>and over- censorship, reading mail, forcing users to adopt double-speak for
>>words the system (big brother?) finds offensive. My question is this, _WHY_
>>does PRODIGY and AMERICA ONLINE management find it necessary to go to all
>>the trouble and expense of scrubbing their system to keep it "clean" to
>>their specs (are they employing humans to bounce "offenders" off, or simple
>>keyword-checking by computer- either way there must be people being paid to
>>do this nonsense)?
>I'm a charter subscriber of AOL and I have never seen AOL take any
>actions that are inconsistant with their Terms of Service. Admittidly
>some of the terminology is the TOS is a little broad but I haven't
>seen them abuse it.
>Here are a couple of excerpts, cut and pasted, from AOL's Terms of Service.
>ONLINE CONDUCT
>
>Any action by a Member that, in AOL, Inc.'s sole opinion, restricts or
>inhibits other Members from using and enjoying America Online (such as
>but not limited to, the use of vulgar language; inappropriate screen
>names; committing, or discussing with the intention to commit, illegal
>activities), is strictly prohibited. Member specifically agrees not to
>submit, publish, or display on America Online any defamatory, inaccurate,
^^^^^^^^^^
That is a VERY broad word. Just what does inaccurate mean in this
situation? If, in the course of a discussion, I make a mistake on
something, I expect to be notified about it by the person to whom I'm
corresponding. If I state that New York City is the cleanest in the
world, which is totally inaccurate, will AOL cancel my membership?
Technically, I've violated that word.
>abusive, obscene, profane, sexually oriented, threatening, racially
>offensive, or illegal material; nor shall Member encourage the use of
>controlled substances.
I won't disagree with most of the words above, but what is illegal in
this context? Is it something that has been prohibited by law from
somewhere?
>Transmission of material, information or software in
>violation of any local, state or federal law is prohibited and is a breach
>of the Terms of Service. Member specifically agrees not to upload, post or
>reproduce in any way any materials protected by copyright without the
>permission of the copyright owner.
I have no disagree with this part but the rest is really broad-banded
to say the least.
As one person put it "...Sears and IBM are scared big time about a lawsuit..."
but to use as broad a paintbrush as they did makes me wonder.
Time to have a serious discussion with a friend who uses AOL.
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, LI, NY 11973 (516)-282-3093
Senior Technical Specialist: Scientific Computer Facility
------------------------------
Date: Sat, 31 Jul 93 14:37 EDT
From: WHMurray@dockmaster.ncsc.mil
Subject: Censorship
I must be missing something. I do not understand the relationship
between censorship on a public bulletin board and privacy.
Is it because the censoring authorities have to read it in order to
censor it? Is it because they are authorities? If I post to a public
bulletin board, do not I then have an expectation that everyone,
including the authorities, is going to read it? Is it because I use
email to post and the authorities are not supposed to read email? Does
anyone have evidence that they are censoring private email between
consenting adults? Is email to a bulletin board as privileged as email
between consenting adults? Must the authorities wait until it is
publicly posted before censoring?
I must be missing something fundamental.
William Hugh Murray, Executive Consultant, Information System Security
49 Locust Avenue, Suite 104; New Canaan, Connecticut 06840
1-0-ATT-0-700-WMURRAY; WHMurray at DOCKMASTER.NCSC.MIL
------------------------------
End of Computer Privacy Digest V3 #007
******************************