Privacy
Ron Graham
with Joe Geluso, Lisa Henn, Fred Klingener, and Mark Rogers
You will often find that your service provider, or your company, attaches a note at the end of your e-mails. An independent ISP may use that attachment to advertise itself - a justification made by free e-mail providers such as Hotmail and Yahoo.

Your company, on the other hand, may attach a legal disclaimer to messages you send. It says something like "this e-mail may contain information that is confidential and intended for the original recipient. If you received this in error, please delete it immediately." Such tags may be at the request of the company's legal department.

Subscribers to RHETENGR-L sometimes have problems with this approach:

  • the resulting signature is in excess of the four lines dictated by proper netiquette;
  • the tag may be accompanied by electronic "letterheads" that can't be read by plain-text mail readers, which instead interpret the tag as some sort of file attachment and may then have trouble opening the e-mail;
  • the way the tag is written may seem less than friendly to others outside the company;
  • some workers will wonder if the company has a good deal of misdirected e-mail, and whether their own messages will go where they're sent;
  • the sender of the message will be associated (even if wrongly) with the tag, and the sender's credibility may suffer somewhat if the message isn't confidential or misdirected at all;
  • some will wonder at what point after a message received in error is to be "forgotten." (I receive a message by mistake. Why must I be responsible for correcting the mistake?)
Most people who send e-mail have gotten on the Internet since the Web became a popular marketing tool: 1995 or later. This means that they may be quite casual, even cavalier, with their e-mails, and this can cause trouble for companies in court. The disclaimer may be a way that our company is reminding us that it's not going to guarantee our privacy.

Though the more common use of mail readers that support more than plain text appears to be changing standards (e.g. fewer people interpret all caps as "shouting"; more regard it instead as similar to "boldface"), some still have an implicit assumption that their e-mails are private if nobody looks over their shoulders as they write the messages.

They're not. If the message isn't encrypted, it isn't (for practical purposes) confidential and maybe not even then, if it's important enough to be interesting to someone else. On it's way from sender to recipient, it's written on a postcard or blowing down the street - the digital equivalent of public domain.

Some larger companies are implementing e-mail search programs, as a means of heading off risk of

  • workplace violence
  • drug abuse
  • sexual harassment
  • racial discrimination
  • side businesses
and so forth. The FBI's new program "Carnivore" is an example of such measures. Though the FBI assures us that Carnivore is only installed in cases where there's suspicion of such major crimes as terrorism, some net users wonder if it signals the end of net privacy.

Programs that sift through corporate e-mail will target keywords that managers think are relevant to the at-risk behaviors they want to eliminate from the workplace. Similarly, programs exist that flag corporate security if an employee visits a Web site that might not be relevant to the job. In those cases, it's up to you to defend your use of keywords, or the sites you visit. The company who uses such programs has already indicated that it feels no obligation to ensure your privacy if it thinks that its computers are not being used for company business.

The flip side of this e-mail sifting is that words may be found that are completely out of context of any kind of behavior that could be considered "inappropriate" by a reasonable person. Consider the following word list compiled by Tom McNichol in Wired, March 2000:

  • bimbo
  • alarm pad
  • David Duke
  • resume
  • fondle
  • ATF
  • job offer
  • ammonium nitrate
  • reefer
  • I'll show him/her
  • fertilizer
  • anarchy
  • signing bonus
  • bacteriological
  • meth
  • copyright
  • Puerto Rican
  • stress
  • pipe bombs
  • unfair
  • Aryan
  • performance review

Assignments

The above words are just a few detected by Cameo, a MicroData e-mail sifter designed for Microsoft Exchange Server. Since Cameo, or any other e-mail sifter, must rely on human input to know what to search for, how would you instruct it? What would you look for? Why?

Review this list of keywords from security provider Echelon. What do you think they're looking for? Why?

References

Electronic Frontier Foundation
EFF's Top 12 Ways to Protect Your Privacy

What You Can Do

  1. Don't assume that e-mail you send is really private. This means that if you want to send confidential information, you should consider encrypting it first. If you want to send mail you really don't want your boss to see (e.g. looking for a new job), you'd be better off sending it from home. :-)
  2. Your employer is not obligated to pay for your right to free speech.
  3. Your employer may think that the name of a newsgroup or discussion forum alone indicates fully whether it is appropriate for corporate participation. This is likely to be a misunderstanding, but you have to check before participating.
  4. Remember that your personal information is being collected when you're online. It's usually because you fill out forms or respond to ads, but not always - some programs (and individuals) assume your habits based on Usenet newsgroups or Web sites or chat rooms that you visit.
[Table of Contents] [Previous] [Next]