How E-mail can be compromised

• E-mail Privacy FAQ
 
• E-mail sent over the Internet is not safe
 
• Administrators by definition can already read your E-mail
• Hackers can snoop the mail as it passes by their computer
• ISP's may keep archives of your old mail around, out of your reach and vulnerable to attack
• Steps you can take to protect your E-mail
• Encryption is the best solution today (PGP is king)
• Remailers can hide your address when you send mail (potential abuse by spammers)

Extent of E-mail privacy

• Comparison of electronic mail and postal mail
 
• E-mail can be instantaneous, the postal service guarantees an overnight delay
• E-mail is available to most people now and is easier to access - it has become much less formal than a physical document
• Mature legislation protects the privacy of postal mail
 
• Court must grant access for anyone other than the addressee to open a sealed document
• Electronic mail is not always regulated and when it is, it is regulated with separate legislation
• Once an ISP archives your E-mail, it becomes their property, the sender and reciever have no legal rights to the file
• While traveling through wire, the E-mail is protected by the Electronic Communications Privacy Act, but if it is intercepted it can be easily altered and sent along to it's intended receiver

Academic Case Studies

• One of Caltech's top students, Jinsong Hu, was expeled for harassment primarily based on E-mail records. His girlfriend recieved several offensive E-mail messages from him after they broke up. The court could not prove Mr. Hu sent the E-mail and he was acquitted. He was expelled from the university, though. He appealed the decision and the appeal was denied.
• Students at Cornell wrote a derogatory message about women entitled, "75 reasons why women (b------) should not have freedom of speech". The sent it to some of their friends and the message wound up in E-mail boxes across the country. The students claim to have sent it to 20 people without the intent of further distribution. Cornell considered punishing the students for the message, but decided not to expel them. The students each recieved 50 hours of community service.

E-mail Issues in the Workplace

• Does the fact that the computer is a company asset give them the right to look at employees' e-mail?
 
• Is security issue a serious enough threat for a company to look at their employees' e-mail?
• Can the right to privacy of the employee be applied inside a company?
• Must the organization ensure an employee's total personal privacy once the employee enters the workplace? 
• Do employees have a right to electronic privacy? 
• Case Study: 
• Alana Shoars
 
• In January 1990, Alana Shoars was the E-mail administrator for Epson America, Inc.
• Arriving for work one day, she discovered her supervisor reading and printing out E-mail messages between other employees
• She says she was told by the same m anager that all messages on the system were private
• She questioned the practice and said she was told to mind her own business
 
• A day later she was fired for insubordination
• She filed a $1M wrongful-termination suit
• She is now E-mail administrator at Warner Bros. Commun
• Eugene Wang
 
• Borland International Vice President accused of disclosing confidential information to a Symantec executive just before leaving Borland to work for Symantec
• California grand jury indicted both executives in 1993, the case is still unresolved
• Michael A. Smyth vs. The Pillsbury Company
 
• Manager for Pillsbury fired after executives browsed his E-mail
• In the E-mail, Smyth referred to several of his supervisors as "backstabbing bastards"
• Court decreed Pillsbury had the right to read employees' E-mail even after assuring the employees they would not

Anonymity on the Net

• Anonymous remailer FAQ
• Points to ponder:
• Is it neccessary to restrict anonymity on the internet?
• Should anonymity be protected for the sake of free speech?
• Should one be always held accountable for their posts?
• How to protect yourself from harassment in the net
• Some articles to guide you through: 
• Anonymity: Index
• Anonymity must be protected
• Unmasked on the Net
• The Church of Scientology vs. the anonymous remailers
• Feb. 22, 1995, Postcard from Cyberspace: The Helsinki Incident and the Right to Anonymity
• Anonymity and Its Enmities (Article 4) by A. Michael Froomkin.

The Jinsong Hu case

1. Does it appear that Caltech was justified in expelling Jinsong Hu? Why or why not?
2. If the allegations against Hu were true, was it a case of harassment that should be punished? If so, should it have been punished by the university, or by the courts?
3. What actions could college computer-system administrators take to prevent on-line harassment of students by other students?
4. Would any of these actions infringe on privacy of the students whose mail was divulged? Why or why not?
5. Given the possibility of forging E-mail, what kind of proof should be required before taking action against those suspected of harassment?