At 11:47 AM 6/20/2003 -0600, Vernon Schryver wrote:
> From: Evan Harris <eharris(_at_)puremagic(_dot_)com>
> > As with any whitelist, there are potential privacy concerns, but
> > these concerns would be greater here because of the additional data
> > tracked in the database. Of greatest concern would be:
>
> I disagree. One of the nice things about this method is that it keeps
> very little profiling info. It certainly doesn't look at the body or
> even the headers of the messages. The only statistics kept are things that
> could easily be retrieved from the mailer logs anyway.
Please reconsider. Contemplate the value of knowing that Bill Gates has
recieved a message from Steve Case (or vice versa) even without knowing
the contents. Your database doesn't contain messages, but traffic analysis
can be very valuable. That's why "pen recorders" are used by the police.
It's why the legitimacy of some traffic analysis of email and phone
calls is a continuing issue in federal criminal court cases.
There are ways to reduce the problem by storing the sensitive information
not in plain text, perhaps using some one way function like many systems do
for passwords. Still it is an issue.
[..]
> Most mail servers
> keep logs for longer than that anyway.
"Most" is a strong word, particularly on issues like this that are
subject to corporate "document retention" policies. Those policies
should be called "burn after reading policies" because they require
the desctruction of archives and backups lest they be used in future
court cases.
Some time ago I was in touch with a CIO-level executive of a major
university. Their retention policies call for ALL logs to be destroyed
after merely 10 days due to the increased number of court orders.
Also, the SEC/NASD rules require all email to be stored for three years at
US-based investment firms. These whitelists just add to the equation.
Note also that some few librarians are burning records as soon as books
are returned to avoid their use by snoopers.
Being a former librarian I definitely agree with that. I had also recently
wrote a library program used for small schools and specifically put in a
feature to erase records after the books are returned.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg