The Ottawa Citizen
Wednesday, June 3, 1998

User beware: E-mail not as private as you think

by Seymour Diener

The next time you go through your e-mail routine -- trashing the junk, answering the important stuff, and forwarding the ones you want to share -- stop and think about this for a moment: Your "personal" e-mail can be read by a lot more people than you think, and if you're not careful what you write, it could be used against you.

Most of us go about our e-mail business assuming that any correspondence is a private matter between the sender and receiver.

Someone sends you a cute little animation file via e-mail, you have a little chuckle, and send it off to some friends for their amusement.

Or you send an e-mail to a co-worker or friend and carelessly describe your spouse or your boss as a "tyrant" -- just as you might in a casual one-on-one conversation.

No real harm done, you assume; it's not like anyone else is seeing this stuff, right?

Well, think again. The truth is, in most cases e-mail is anything but private.

If you're using an e-mail system at home, it's quite likely that any number of people working at your Internet service provider can easily open your mail files as they sit on the provider's computer.

It's dead simple for them to have a read and, if it's interesting enough, perhaps pass on a copy to a buddy. No doubt this can be an amusing pass-time for the provider's lonely technical support guy who's waiting for the phone to ring while manning the help desk at 2 a.m.

If you're using the e-mail system at work, the situation is even worse. Not only can your employer's technical support people get into your e-mail files (as well as the boss's), but your employer actually has the right to do so, and to use it against you.

In fact, many companies are happily taking advantage of this, and routinely sniffing through their employees' e-mail.

(In a number of cases, employees have been sacked after the employer discovered they were sending or receiving x-rated material via the company e-mail.)

As if all this controlled invasion of privacy wasn't bad enough, unprotected e-mail files can also be easily intercepted and hacked by all kinds of bad guys, as well as government snoops, as the messages travel through cyberspace between destinations.

In the United States, the National Security Agency reportedly does just that, with ongoing wide-scale scans of e-mail messages in search of certain key words that crooks or terrorists might use.

The same lack of privacy and security that applies to e-mail also applies to your Internet browsing. Logs of what websites you visit and what files you download are just as accessible as your e-mail.

Even if you have nothing to hide from the law, your spouse, or your boss, you should feel a bit uneasy about having so many people having access to your words, your thoughts, and your deeds by tapping into your e-mail. Shades of Big Brother, indeed!

When you think about it, it's really not that much different from having your paper mail opened and read by someone at the post office, or having your phone tapped by the government, or having a camera filming your every move at the office, or having your employer bugging the tables in the staff cafeteria.

You'd probably raise quite a fuss if any of that happened, even if you had absolutely nothing to hide. Maybe it's time you thought about e-mail privacy in the same way.

Of course, unless you were the subject of a criminal investigation, the government or your employer would probably never even think of tapping your phone or bugging the water cooler. But for some strange reason, e-mail sniffing is widely accepted, and quite lawful.

How did this happen? Well, for the most part, there was nothing sinister or planned about it -- it just happened. When e-mail systems were first set up, most technical and administrative people thought about functionality, but few gave much, if any, thought to privacy. The system was open to snooping by default.

Remember, too, that e-mail for the masses is still relatively new, and still evolving. Like most new technologies, e-mail has been adopted by people and companies without the administrators and users fully understanding how it will be used or, for that matter, misused.

Systems are installed on company networks, staffers are told they've got their own e-mail, icons to launch the e-mail program suddenly appear on their desktops, and a sheet of basic instructions is handed out.

But there is no corporate policy, and no warning to users about privacy, or lack thereof.

And because governments take forever to get a handle on new technologies, there are still no laws covering e-mail usage, at least not in Canada. Nor, despite what you may think, is the right to privacy is guaranteed in the Charter of Rights and Freedoms.

You shouldn't expect governments and businesses to do much to change the situation, either, because both are only too happy to have the ability and the right to monitor your e-mail messages.

In the final analysis, though, the company that snoops on its employees and sniffs through their e-mail will eventually get burned. Sure, the employer may nab someone who's doing something he or she shouldn't be, but the downside is that staffers don't feel trusted and are nervous about what they write.

The smart company will respect its workers' rights and give them the privacy and trust that most of them deserve.

As far as legislation goes, the federal government has promised that data protection legislation for the private sector will be introduced before the turn of the century, but what the legislation will cover is unknown.

Clearly, if the situation is going to change, it's up to individuals, and groups who represent individuals, to speak up for the right to e-mail privacy.

If this is starting to bother you and you're concerned about e-mail privacy, here are some of the options you have in dealing with this:

Copyright © 1998 by The Ottawa Citizen. All Rights Reserved. Reprinted with permission.