Ethical Implications of
Privacy in Electronic Mail
Victoria A. White
From "Proceedings of Technical Conference on Telecommunications R&D in Massachusetts"
University of Massachusetts Lowell, October 25, 1994
The ethics dilemma surrounding privacy issues within electronic mail use on the
Internet was explored. This communication mechanism utilized by the cyberspace
community offers ethical as well as technical challenges. An attempt is made to
blend ethics into the technology of this form of media, aided by concepts of
computer ethics. Perspectives from organizational as well as individual entities
were used to examine the ethical implications.
Keywords: computer ethics, privacy, electronic mail
Cyberspace, the electronic frontier, may be perceived as a lattice of
communities; some linked, some isolated. Communities heretofore have shared
the commonality of a hierarchy of virtues; intra-group civility, loyalty and
tolerance, and common pursuits. However the current online community as a
whole does not share a hierarchy of virtues, though some localized segments do.
Among such segments, as noted by Licklider , "the people with whom one
interacts most strongly will be selected more by commonality of interests and
goals than by accidents of proximity", and as such will share some values. This
online community as a whole does place great stock in words in order to
communicate ideas and concepts through the virtual world.
2. The Community
In this community, one's identity is defined by their electronic mail (email)
address. This transient assemblage of letters and digits provides a non-physical
basis of identity. This virtual self may act as a proxy of the physical
being holding a similar name, or it may not. This metaphysical puzzle is
created by the technology and networks employed to gain access to this community.
The technology offers its own conceptual, ethical and technical challenges.
Therefore the cyberspace community exhibits an inherent basic ethical dilemma of
what one (individual cyberistic community member) has a right to do versus what
is right to do. This may also be reframed as what can be perceived as good in
the community may also be perceived as bad; technological availability may or may
not equal technological adoption; orientation may or may not affect or equal
behavior; perspective taken whether from or towards a corporate, organizational
or individual entity; and so on.
Once one has entered this community and received an identity (unlike other
communities where one originally arrives with some appearance of an identity),
individuality and inherent personal rights within the community become an issue.
One such right would be the right to privacy, generally thought of as being free
from unnecessary intrusion into one's private affairs.
Since the most common denominator of the online community is
communication among the members as defined by their email addresses, email is
the most significant mechanism of communication transfer and therefore
Thirty (30) to fifty (50) million people are estimated to use email, with
growth rate at greater than twenty-five (25) percent per year . Twenty (20)
million users and businesses are currently on the Internet, with expectations
of one-hundred-twenty-five (125) million by the year 2000 . Ten (10) million
of theseusers have come on-line within the last nine months .
This discussion of privacy with email will be explored as a personal rather
than a technical issue, in order to identify potential ethical implications.
The attempt of the discourse would be to blend existing ethics into today's
technologies, aided by the concepts of computer ethics. Ethics as such are
not to be viewed as prescriptive, but as preferable to prevent problems prior
to presentation rather than punishment after commission of unethical actions.
The concept of individual privacy with email would suggest users'
expectations of an exclusive access and account usage. Personal problems with
email transmission arising from the technology employed and current legal
framework include the following [2,5,6]:
- Can be from anyone other than the account holder ("spoofing")
- hackers forging the "From" field
- someone with access to the account
- Can arrive via anonymous remailer
- From mailing lists, where the email addresses of everyone on the list is accessible
- Computer systems crash and can't resolve names into addresses
- Computer and domain names at destination sites frequently change
- Anonymous remailers not secure
- Bounced mail will be seen by a human
- System administrators and operators can read messages in spool files at local sites - source or destination
- Many companies consider individual's email corporate property, and are entitled to do so under the 1986 Electronic Communications Privacy Act
- Service provider specifications, such as Prodigy, which reserved right to edit any public messages prior to posting.
If "Finger" tool is available on system, anyone can learn any and all of the following: one's email address, name, location looged in, if currently on computer and if so for how long, how long since mail ,last checked and who sender of mail is.
Therefore one cannot hold a valid expectation of privacy with email transmission.
While the majority of transmissions may indeed retain the right of privacy
between sender and recipient, one cannot expect that they will. As the Internet
advances into the age of the National Information Infrastructure (NII), individual
expectations of privacy rights may rise while simultaneously becoming less
sustainable. Privacy enhancing technologies such as cryptography will continue to
advance as will popularity of encrypted messages.
So since absolute security to maintain privacy is impossible, one can only
strive for what may be considered an acceptable level of individual vulnerability.
Common user technical steps to take include:
- Storing files
- note system backup times and delete any files not wanted stored there
- if message sensitive to sender or recipient encrypt before storing on system
- choose a secure one
- don't let anyone see it being entered
- change it frequently
- never mention in email
- Logout completely
- Don't leave account online attended, or use 'xlock' if not inconvenient to others
- Check .rhost file.
5. Need for better protocol
While the forerunner of today's Internet, ARPANET, may be viewed as a
social construct for those early users (Defense Department sponsored
researchers), the modern Internet is definitely society shaping. While this
technology will continue to shape society, it need not exhibit technological
determinism. The destiny and perception of the users' experience need not be led
simply by the available technology, and the minority segment able to master it.
While those for whom the project was a social construct are a majority of those
able to master the technology, the majority of the new users exhibit more aspects
of popular culture and inherent desires and interests.
Aristotle used the term praxis, separating it from pure knowing (theoria) and
and doing (poiesis). As such, praxis is goal directed and developed through action
and experience (7). This term may be applied in an attempt to develop a theoretical
process to manage privacy vulnerability with email. Rather than development of an
alienating praxis of attempting to fight technology with itself; instead to
consider development of an emancipatory praxis.
6. Computer Ethics
In 1985, the Coalition for Computer Ethics was formed with individuals from
"the religious ethics, corporate and public policy communities". In 1991, the group,
then composed of the Brookings Institution, the Washington Consulting Group,
IBM and the Washington Theological Consortium, changed into the Computer
Ethics Institute (CEI) and continued existence as a "formalized research,
education and policy study organization" (8).
The first National Computer Ethics Conference in 1992 was entitled "in
Pursuit of a "Ten Commandments" for Computer Ethics". The Ten
Commandments, page 5, were presented by Dr. Ram¢n C. Barquin, President of
the CEI Board of Directors. Dr. Barquin noted that: the work was a result of
involvement with computers over a quarter of a century and years of interaction
with ethicists dealing with these types of issues; and that the intent was "not to
come up with a definitive code for all time and for all people, but rather to have
a first cut at coming up with some simple rules that would be easy to understand"
"The Ten Commandments of Computer Ethics"
- Thou shalt not use a computer to harm other people.
- Thou shalt not interfere with other people's computer work.
- Thou shalt not snoop around in other people's computer files.
- Thou shalt not use a computer to steal.
- Thou shalt not use a computer to bear false witness.
- Thou shalt not copy or use proprietary software for which you have not paid.
- Thou shalt not use other people's computer resources without authorization or proper compensation.
- Thou shalt not appropriate other people's intellectual output.
- Thou shalt think about the social consequences of the program you are writing or the system you are designing.
- Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.
7. The 10 Commandments and Email
The Commandments are readily applicable to the topic of privacy in email. Some
general examples and illustrations are listed below.
Respect confidentiality (s 1, 2 and 8)
If you desire to forward or otherwise share received mail, check with the
sender to make sure it is permissible. If that is somehow impossible,
strip off all personal and identifying information including routing.
Don't "flame" (Commandments 1,10)
To send an inflammatory remark or message can cause great harm to another
individual. As discussed by Seabrook , such words delivered electronically
are expereinced differently than any other type of media with potential for
long lasting effects.
Don't use anonymous remailers (Commandments 1,5,10)
Don't use these services, unless whistleblowing or otherwise fear recrimination
for telling the truth. This would be a teleological decision, based on the
extrinsic value [Henderson] of the action.
Don't look at other's messages (Commandment 3)
Gaining access to another's account is not justifiable unless expressly
acting as their agent. Looking at someone's printed out mail is equally
Don't misrepresent or lie (Commandment 5)
Given the issue of the lack of privacy with email transmission, the
potential exists for a misrepresentation or falsehood to revisit the sender.
While the old adage of "what goes around comes around" may not be universally
true with positive energies and deeds , it often is realized via
negative actions and perspectives.
Follow EMA guidelines (Commandment 7)
Check to see if the service provider, or company, has an electronic
follow guidelines for development summarized below. Anything transmitted
Consider presentation of message (Commandment 10)
Evaluate the physical appearance of the message to be sent. Consider
starting with a blank line, don't shout (all caps) and eliminate sexist
language from email via use of gender neutral pronouns and titles .
Try to be aware of cultural differences or other issues that may affect
the reader adversely.
8. Application of Computer Ethics to Problems Identified
What can one do within this framework about problems earlier
- Should not be on a mailing list if don't want the world to know
- Can '/Conceal' but will not avoid general problems noted previously
- Try not to become a "lurker", instead be a contributory participant as a member of the community
- Be aware of and respect comfort level of recipient(s) with your words
- If involved as a mailing list editor, recognize the significance of the role as a publisher with the acquisition, use and dissemination of information
- Upon discovery of uncomfortable situations specific to a service provider such as Prodigy example, encourage ethical competition.
Bill Morone (1994) notes that if a company does not have an email privacy
policy, it should, as well as establish privacy solutions that deal with all methods
of employee communication media . He suggests consideration of the following six
questions by employers, along with the additional concerns listed.
- "Who has a stake in establishing a responsible policy regarding access to and
disclosure of company electronic mail? How will the policy affect the employer,
employee, third parties, law enforcement authorities and electronic communications
- "What baseline legal rights and duties constrain any policy?"
- "What operational features of electronic communications systems should affect
any policy on access, use and disclosure?"
- "What analogies can be used to help formulate a consistent set of policies?"
- "What criteria should be used to evaluate a proposed policy?"
- "Has your policy been disclosed in advance to all concerned?"
- "Who from the organization should participate in the development of the
- "What corporate assets should be considered in formulating overall workplace
- "What information will you want to gather in advance or during the course of
formulating your policy?"
Morone  noted that the most important concept is development of a privacy
policy with procedures for implementation and communication to employees.
While some of the ethical implications of privacy with electronic mail
have been identified and explored, the uncontrollable communication
and therefore information flow will continue to pass and grow through
the Internet backbone as a form of media.
The value of, and right to, privacy will continue to compete with other
values in our global society within the virtual community. The pending
FBI Wiretap proposal is directly contrary to the Universal Declaration
of Human Rights (adopted in 1948) which is definitively applicable to
the right of privacy through any media .
The implications of the individuals' right to privacy as a duty of
restraint  upon other entities will magnify. It could be considered
possible that those identities with the societally transforming medium
passing through their fingertips be channelers of virtue, transforming
moral ideas into daily actions.
The clash of old inherent freedoms and new emergent technologies will
continue to generate ethical issues for discussion, reflection and
For further exploration of this topic:
Electronic Messaging Association, 1655 North Fort Myer Drive, Suite 850,
Arlington, VA 22209. 703 524 5550 (tel) 703 524 5558 (fax) firstname.lastname@example.org.
Electronic Privacy Information Center (EPIC), 666 Pennsylvania Ave., SE, Suite
301, Washington, DC 20003. 202 544 9240 (tel) 202 547 5482 (fax)
email@example.com. EPIC publishes the biweekly EPIC Alert and EPIC Reports on
emerging privacy issues.
International Privacy Bulletin, 666 Pennsylvania Ave., SE Suite 301, Washington,
DC 20003 firstname.lastname@example.org. Published quarterly. $50 for individuals, $200 for
Network Security Observations, Suite 400, 1825 I Street NW, Washington, DC
20006. Five issues annually commencing November 1994. $195 a year if ordered
by email by November 1. email@example.com.
Privacy Journal, P.O. Box 28577, Providence, RI 02908 401 274 7861 (tel)
firstname.lastname@example.org. Published monthly. $109 per year ($135 overseas)
Privacy Times, P.O. Box 21501, Washington, DC 202 829 3660 (tel) 202 829 3653
(fax). published bi-weekly, 23 times a year. $310 a year.
- J.C.R. Licklider, R. Taylor, E. Herbert, "The Computer as a
Communication Device", International Science and Technology, April 1968.
2. D. Angell and B. Heslop, "The Elements of E-Mail Style", Addison
Wesley, Reading, MA 1994.
- W. Schwartau (email@example.com), Computer Privacy Digest, V5 38 9/26/94.
- J. Seabrook, "My First Flame", The New Yorker, June 6, 1994.
- L. Detweiler, (firstname.lastname@example.org), "Identity, Privacy and
Anonymity on the Internet", FTP rtfm.mit.edu:/pub/usenet/news.answers/net-
- H. Rheingold, "The Virtual Community: Homesteading on the Electronic
Frontier", Addison Wesley, Reading, MA 1993 p. 278.
- L.C. Becker and C.B. Becker, "Encyclopedia of Ethics", Garland Publishing,
Inc., New York, 1992.
- Computer Ethics Institute, "Computer Ethics Institute", 1994.
- R. Barqu¡n, personal communication to V. A. White, September 9, 1994.
- V. Henderson, "Ethictionary", Revehen Consultants, Brookline, MA, 1994.
- J. Halberstam, "Everyday Ethics", Penguin Books, NY, NY, 1993.
- M. Rotenberg, "Protecting Privacy", CompuServe CEthics, posted August
Messaging", CompuServe CEthics, posted August 1994.
- M. Rotenberg (email@example.com), Computer Privacy Digest,
V5 40 9/29/94.
- D. Johnson, "Computer Ethics", Prentice Hall, Englewood Cliffs,
NJ, 1985, p. 19.
- email list server , "Conferences That May be of
Interest", firstname.lastname@example.org, 09 Sep 1994.
- M. Gibbs and R.Smith, "Navigating the Internet", Sams Publishing,
Carmel, IN, 1993.
- V.A. White, personal notes and files.
For further information, mail Victoria White at email@example.com