On Dec 16, 2013, at 4:50 PM, Andrew Sullivan
<ajs(_at_)anvilwalrusden(_dot_)com> wrote:
I claim that the first of these is not one of the forms of "attack",
as long as the users affected know that this is happening (because,
for example, the existence of the tool is disclosed as part of the
corporate policies).
In the case of corporate email, the "user" is the corporation, including, but
not limited to, the person who is the intended recipient of the mail. So the
"user" is not under attack, because the "user" is the only entity looking at
the mail.
In the case of an email service, the situation is a bit different, but still
essentially you are signing up for a service which includes certain features,
which you agree to, and then they happen.
The concern here is not about "surveillance" that happens with the user's
knowledge and consent. It is not even about surveillance that is done
overtly, but without the user's intent. It is specifically with surveillance
that is done covertly, without the user's consent.
At least, that's how I understood it.