eclecTechs Internet Access + Web Hosting Web Site Development Technical Support About Our Company Custom Programming Classes and Workshops Web Mail
-------------------------
 
Search: Web   eclecTechs™
----------------------

Ethical Implications of
Privacy in Electronic Mail

by
Victoria A. White

From "Proceedings of Technical Conference on Telecommunications R&D in Massachusetts" University of Massachusetts Lowell, October 25, 1994

Abstract

The ethics dilemma surrounding privacy issues within electronic mail use on the Internet was explored. This communication mechanism utilized by the cyberspace community offers ethical as well as technical challenges. An attempt is made to blend ethics into the technology of this form of media, aided by concepts of computer ethics. Perspectives from organizational as well as individual entities were used to examine the ethical implications.

Keywords: computer ethics, privacy, electronic mail

1. Introduction

Cyberspace, the electronic frontier, may be perceived as a lattice of communities; some linked, some isolated. Communities heretofore have shared the commonality of a hierarchy of virtues; intra-group civility, loyalty and tolerance, and common pursuits. However the current online community as a whole does not share a hierarchy of virtues, though some localized segments do. Among such segments, as noted by Licklider [1], "the people with whom one interacts most strongly will be selected more by commonality of interests and goals than by accidents of proximity", and as such will share some values. This online community as a whole does place great stock in words in order to communicate ideas and concepts through the virtual world.

2. The Community

In this community, one's identity is defined by their electronic mail (email) address. This transient assemblage of letters and digits provides a non-physical basis of identity. This virtual self may act as a proxy of the physical being holding a similar name, or it may not. This metaphysical puzzle is created by the technology and networks employed to gain access to this community. The technology offers its own conceptual, ethical and technical challenges. Therefore the cyberspace community exhibits an inherent basic ethical dilemma of what one (individual cyberistic community member) has a right to do versus what is right to do. This may also be reframed as what  can be perceived as good in the community may also be perceived as bad; technological availability may or may not equal technological adoption; orientation may or may not affect or equal behavior; perspective taken whether from or towards a corporate, organizational or individual entity; and so on.

3. Identity

Once one has entered this community and received an identity (unlike other communities where one originally arrives with some appearance of an identity), individuality and inherent personal rights within the community become an issue. One such right would be the right to privacy, generally thought of as being free from unnecessary intrusion into one's private affairs.

Since the most common denominator of the online community is communication among the members as defined by their email addresses, email is the most significant mechanism of communication transfer and therefore group interaction.

Thirty (30) to fifty (50) million people are estimated to use email, with growth rate at greater than twenty-five (25) percent per year [2]. Twenty (20) million users and businesses are currently on the Internet, with expectations of one-hundred-twenty-five (125) million by the year 2000 [3]. Ten (10) million of theseusers have come on-line within the last nine months [4].

4. Privacy

This discussion of privacy with email will be explored as a personal rather than a technical issue, in order to identify potential ethical implications. The attempt of the discourse would be to blend existing ethics into today's technologies, aided by the concepts of computer ethics. Ethics as such are not to be viewed as prescriptive, but as preferable to prevent problems prior to presentation rather than punishment after commission of unethical actions.

The concept of individual privacy with email would suggest users' expectations of an exclusive access and account usage. Personal problems with email transmission arising from the technology employed and current legal framework include the following [2,5,6]:

Received mail

  • Can be from anyone other than the account holder ("spoofing")
    • hackers forging the "From" field
    • someone with access to the account
  • Can arrive via anonymous remailer
  • From mailing lists, where the email addresses of everyone on the list is accessible

Sent mail

  • Computer systems crash and can't resolve names into addresses
  • Computer and domain names at destination sites frequently change
  • Anonymous remailers not secure

In general

  • Bounced mail will be seen by a human
  • System administrators and operators can read messages in spool files at local sites - source or destination
  • Many companies consider individual's email corporate property, and are entitled to do so under the 1986 Electronic Communications Privacy Act
  • Service provider specifications, such as Prodigy, which reserved right to edit any public messages prior to posting.

If "Finger" tool is available on system, anyone can learn any and all of the following: one's email address, name, location looged in, if currently on computer and if so for how long, how long since mail ,last checked and who sender of mail is.

Therefore one cannot hold a valid expectation of privacy with email transmission.

While the majority of transmissions may indeed retain the right of privacy between sender and recipient, one cannot expect that they will. As the Internet advances into the age of the National Information Infrastructure (NII), individual expectations of privacy rights may rise while simultaneously becoming less sustainable. Privacy enhancing technologies such as cryptography will continue to advance as will popularity of encrypted messages.

So since absolute security to maintain privacy is impossible, one can only strive for what may be considered an acceptable level of individual vulnerability.

     Common user technical steps to take include:

  • Storing files
    • note system backup times and delete any files not wanted stored there
    • if message sensitive to sender or recipient encrypt before storing on system
  • Password
    • choose a secure one
    • don't let anyone see it being entered
    • change it frequently
    • never mention in email
  • Logout completely
  • Don't leave account online attended, or use 'xlock' if not inconvenient to others
  • Check .rhost file.

5. Need for better protocol

While the forerunner of today's Internet, ARPANET, may be viewed as a social construct for those early users (Defense Department sponsored researchers), the modern Internet is definitely society shaping. While this technology will continue to shape society, it need not exhibit technological determinism. The destiny and perception of the users' experience need not be led simply by the available technology, and the minority segment able to master it. While those for whom the project was a social construct are a majority of those able to master the technology, the majority of the new users exhibit more aspects of popular culture and inherent desires and interests.

Aristotle used the term praxis, separating it from pure knowing (theoria) and and doing (poiesis). As such, praxis is goal directed and developed through action and experience (7). This term may be applied in an attempt to develop a theoretical process to manage privacy vulnerability with email. Rather than development of an alienating praxis of attempting to fight technology with itself; instead to consider development of an emancipatory praxis.

6. Computer Ethics

In 1985, the Coalition for Computer Ethics was formed with individuals from "the religious ethics, corporate and public policy communities". In 1991, the group, then composed of the Brookings Institution, the Washington Consulting Group, IBM and the  Washington Theological Consortium, changed into the Computer Ethics Institute (CEI) and continued existence as a "formalized research, education and policy study organization" (8).

The first National Computer Ethics Conference in 1992 was entitled "in Pursuit of a "Ten Commandments" for Computer Ethics". The Ten Commandments, page 5, were presented by Dr. Ram¢n C. Barquin, President of the CEI Board of Directors. Dr. Barquin noted that: the work was a result of involvement with computers over a quarter of a century and years of interaction with ethicists dealing with these types of issues; and that the intent was "not to come up with a definitive code for all time and for all people, but rather to have a first cut at coming up with some simple rules that would be easy to understand" (9).

"The Ten Commandments of Computer Ethics"

  1. Thou shalt not use a computer to harm other people.
  2. Thou shalt not interfere with other people's computer work.
  3. Thou shalt not snoop around in other people's computer files.
  4. Thou shalt not use a computer to steal.
  5. Thou shalt not use a computer to bear false witness.
  6. Thou shalt not copy or use proprietary software for which you have not paid.
  7. Thou shalt not use other people's computer resources without authorization or proper compensation.
  8. Thou shalt not appropriate other people's intellectual output.
  9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.
  10. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.

7. The 10 Commandments and  Email

The Commandments are readily applicable to the topic of privacy in email. Some general examples and illustrations are listed below.

Respect confidentiality (s 1, 2 and 8) If you desire to forward or otherwise share received mail, check with the sender to make sure it is permissible. If that is somehow impossible, strip off all personal and identifying information including routing.

Don't "flame" (Commandments 1,10) To send an inflammatory remark or message can cause great harm to another individual. As discussed by Seabrook [4], such words delivered electronically are expereinced differently than any other type of media with potential for long lasting effects.

Don't use anonymous remailers (Commandments 1,5,10) Don't use these services, unless whistleblowing or otherwise fear recrimination for telling the truth. This would be a teleological decision, based on the extrinsic value [Henderson] of the action.

Don't look at other's messages (Commandment 3) Gaining access to another's account is not justifiable unless expressly acting as their agent. Looking at someone's printed out mail is equally incorrect.

Don't misrepresent or lie (Commandment 5) Given the issue of the lack of privacy with email transmission, the potential exists for a misrepresentation or falsehood to revisit the sender. While the old adage of "what goes around comes around" may not be universally true with positive energies and deeds [11], it often is realized via negative actions and perspectives.

Follow EMA guidelines (Commandment 7) Check to see if the service provider, or company, has an electronic messaging privacy policy. If one in place, learn what is delineated. If not, follow guidelines for development summarized below. Anything transmitted may be publicly aired if a privacy policy is not in effect.

Consider presentation of message (Commandment 10) Evaluate the physical appearance of the message to be sent. Consider starting with a blank line, don't shout (all caps) and eliminate sexist language from email via use of gender neutral pronouns and titles [2]. Try to be aware of cultural differences or other issues that may affect the reader adversely.

8. Application of Computer Ethics to Problems Identified

What can one do within this framework about problems earlier identified?

Receiving mail

  • Should not be on a mailing list if don't want the world to know
    • Can '/Conceal' but will not avoid general problems noted previously
  • Try not to become a "lurker", instead be a contributory participant as a member of the community

Sending mail

  • Be aware of and respect comfort level of recipient(s) with your words
  • If involved as a mailing list editor, recognize the significance of the role as a publisher with the acquisition, use and dissemination of information

In general

  • In an organization that has or is considering email usage develop and distribute an email privacy policy (Rotenberg)
  • Follow the Electronic Messaging Association (EMA) guidelines for formulating a privacy policy for corporate electronic messaging
  • Upon discovery of uncomfortable situations specific to a service provider such as Prodigy example, encourage ethical competition.

Bill Morone (1994) notes that if a company does not have an email privacy policy, it should, as well as establish privacy solutions that deal with all methods of employee communication media . He suggests consideration of the following six questions by employers, along with the additional concerns listed.

Policy Questions

  1. "Who has a stake in establishing a responsible policy regarding access to and disclosure of company electronic mail? How will the policy affect the employer, employee, third parties, law enforcement authorities and electronic communications service providers?"
  2. "What baseline legal rights and duties constrain any policy?"
  3. "What operational features of electronic communications systems should affect any policy on access, use and disclosure?"
  4. "What analogies can be used to help formulate a consistent set of policies?"
  5. "What criteria should be used to evaluate a proposed policy?"
  6. "Has your policy been disclosed in advance to all concerned?"

Additional Concerns

  1. "Who from the organization should participate in the development of the policy?"
  2. "What corporate assets should be considered in formulating overall workplace privacy policies?"
  3. "What information will you want to gather in advance or during the course of formulating your policy?"

Morone [12] noted that the most important concept is  development of a privacy policy with procedures for implementation and communication to employees.

9. Summary

While some of the ethical implications of privacy with electronic mail have been identified and explored, the uncontrollable communication and therefore information flow will continue to pass and grow through the Internet backbone as a form of media.

The value of, and right to, privacy will continue to compete with other values in our global society within the virtual community. The pending FBI Wiretap proposal is directly contrary to the Universal Declaration of Human Rights (adopted in 1948) which is definitively applicable to the right of privacy through any media [14].

The implications of the individuals' right to privacy as a duty of restraint [15] upon other entities will magnify. It could be considered possible that those identities with the societally transforming medium passing through their fingertips be channelers of virtue, transforming moral ideas into daily actions.

The clash of old inherent freedoms and new emergent technologies will continue to generate ethical issues for discussion, reflection and action.

For further exploration of this topic:

FTP
cpsr.org:/cpsr/cpsr_info.
ftp.eff.org
ftp.eff.org/pub/cud/networks/email
ftp.eff.org/pub/cud/papers/const.in.cyberspace
ftp.eff.org/pub/cud/papers/privacy
ftp.eff.org/pub/EFF/legal-issues/email-privacy-biblio-2
ftp.eff.org/pub/EFF/email-privacy-research

Listservers
CEI-L            CEI-L@AMERICAN.EDU
CNI-COPYRIGHT     LISTSERV@CNI.ORG
COMP-PRIVACY      COMP-PRIVACY-REQUEST@PICA.ARMY.MIL
CYBERIA-L         LISTSERVER@BIRDS.WM.EDU
ETHICS-L          LISTSERV@VM.GMD.DE

Newsgroups
alt.comp.acad-freedom.news
alt.comp.acad-freedom.talk
alt.cyberpunk
alt.hackers
alt.politics.org.nsa
alt.privacy
alt.privacy.anon-server
alt.privacy.clipper
alt.security
alt.security.pgp
alt.security.ripem
alt.whistleblowing
bit.listserv.ethics-l
comp.org.eff.news
comp.org.eff.talk
comp.security.misc
comp.society.privacy
misc.legal.computing
misc.legal.moderated
news.admin
news.admin.policy
sci.crypt
talk.politics.crypto

Additional Resources:

Electronic Messaging Association, 1655 North Fort Myer Drive, Suite 850, Arlington, VA 22209. 703 524 5550 (tel) 703 524 5558 (fax) info@ema.org.

Electronic Privacy Information Center (EPIC),  666 Pennsylvania Ave., SE, Suite 301, Washington, DC  20003.  202 544 9240 (tel) 202 547 5482 (fax) info@epic.org.  EPIC publishes the biweekly EPIC Alert and EPIC Reports on emerging privacy issues.

International Privacy Bulletin, 666 Pennsylvania Ave., SE Suite 301, Washington, DC  20003  pi@epic.org.  Published quarterly. $50 for individuals, $200 for organizations.

Network Security Observations, Suite 400, 1825 I Street NW, Washington, DC 20006. Five issues annually commencing November 1994. $195 a year if ordered by email by November 1. subnso@aol.com.

Privacy Journal, P.O. Box 28577, Providence, RI 02908  401 274 7861 (tel) 000510719@mcimail.com.  Published monthly.  $109 per year ($135 overseas)

Privacy Times, P.O. Box 21501, Washington, DC  202 829 3660 (tel) 202 829 3653 (fax).  published bi-weekly, 23 times a year. $310 a year.

BIBLIOGRAPHY

  1. J.C.R. Licklider, R. Taylor, E. Herbert, "The Computer as a Communication Device", International Science and Technology, April 1968.

    2.  D. Angell and B. Heslop, "The Elements of E-Mail Style", Addison Wesley, Reading, MA 1994.

  2. W. Schwartau (p00506@psilink.com), Computer Privacy Digest, V5 38 9/26/94.
  3. J. Seabrook, "My First Flame", The New Yorker, June 6, 1994.
  4. L. Detweiler, (ld231782@longs.lance.colostate.edu), "Identity, Privacy and Anonymity on the Internet", FTP rtfm.mit.edu:/pub/usenet/news.answers/net- privacy/ .
  5. H. Rheingold, "The Virtual Community: Homesteading on the Electronic Frontier", Addison Wesley, Reading, MA 1993 p. 278.
  6. L.C. Becker and C.B. Becker, "Encyclopedia of Ethics", Garland Publishing, Inc., New York, 1992.
  7. Computer Ethics Institute, "Computer Ethics Institute", 1994.
  8. R. Barqu¡n, personal communication to V. A. White, September 9, 1994.
  9. V. Henderson, "Ethictionary", Revehen Consultants, Brookline, MA, 1994. 
  10. J. Halberstam, "Everyday Ethics", Penguin Books, NY, NY, 1993.
  11. M. Rotenberg, "Protecting Privacy", CompuServe CEthics, posted August 1994.
  12. B. Morone, "Formulating a Privacy Policy for Corporate Electronic Messaging", CompuServe CEthics, posted August 1994.
  13. M. Rotenberg (rotenberg@washofc.epic.org), Computer Privacy Digest, V5 40 9/29/94.
  14. D. Johnson, "Computer Ethics", Prentice Hall, Englewood Cliffs, NJ, 1985, p. 19.
  15. email list server , "Conferences That May be of Interest", cpsr@cpsr.org, 09 Sep 1994.
  16. M. Gibbs and R.Smith, "Navigating the Internet", Sams Publishing, Carmel, IN, 1993.
  17. V.A. White, personal notes and files.

For further information, mail Victoria White at info@eclectechs.com

Back to top

eclecTechs™
35 State Street
Northampton, MA 01060

413.584.8600
800.471.4638
Fax 413.584.0562

info@eclectechs.com
www.eclectechs.com

All Contents Copyright © eclecTechs™, All Rights Reserved