>From: "Craig A. Finseth" <fin(_at_)unet(_dot_)umn(_dot_)edu>
>Subject: archival of Federal email, fun topic.
>Date: Mon, 21 Nov 1994 08:07:13 -0600
> ...
> If the opposite of public is private, then the policy removes all
> notions of email privacy for the individual who is using official govt
> equipment.
> ...
>It is not by any means clear that there should have ever been an
>expectation of privacy. When using stuff paid for with public funds
>(be it computers or bulldozers), one always gives up much in control.
Email communication tends to involve two parties, or more. The average
member of public probably cannot tell when he/she is originating a
message communicated to a party who will be obliged, if not otherwise
ruled, to archive (and make public) the content the communication.
The policies for the recipients archival will have to be evaluated
beforehand, if the individual notion of privacy is not to be misled.
For each of his/her communicants... A daunting task.
Note, carefully. In choosing to send a mail to an official body, you
the private individual are "using" (by default) official equipment.
Lets see how...
>I work for a public University and have always assumed that the bulk
>of my activites were subject to public scrutinty.
>
>If I wished privacy, I would contract privately with someone to handle
>it for me.
As a member of the public, you cannot (by defn) communicate privately
with your govt, then, unless you take personal steps to protect the
exchange. For the recipient will archive the unsensitive message. If
its sensitive (though unclassified) then you (joe.public) must declare
it so, and protect it. Yes you, not the govt employee. Else you have
given up your right to privacy, which the relevant agency might have
otherwise made available to you.
Put it bluntly, the policy (and the "threat" I allude to) could remove
from the IRS the need for IT to safeguard your electronic tax return,
but pass now the responsibility on to you, should your choose to file
your taxes electronically. This passing of responsibility would be a
social event! Worthy of some debate, perhaps. Now what technology will
you all be using to protect all this private interaction with your
govt.?
>In my opinion, the threat/danger is that people have been making
>false-to-facts assumptions all along. If my use of paper clips is
>subject to an outside audit and is part of the public record, why
>should my computer use become suddenly off-limits to the same
>auditors and records?
You are thinking of yourself, as a public servant. What about the other
end, a "private" individual, engaged in conventionally-understood
personal communication?
That your student asked you for a job reference over your campus mail
system, and you replied that you have chosen to decline for reason X
(and the mail exchange used is archived given you all used govt
equipment), is now a matter of public record. This may turn out to be
bad for Fred(a); who knows?
Even if Fred(a) PGP protects the message, if its not labelled
sensitive, you (the good public servant) must archive it in the clear
as public info. Its its labelled (securely) as sensitive, then your
must archive it in a sensitive bin. Should you trust PGP to protect the
label? well you the public servant are sponsible for ensuring that the
message is properly handled re archiving. Should a wiretapper have
interfered with the label, having attacked your notion of the PGP's
trustworthyness, then who is responsible?... There seems nowhere to
pass on buck, unless someone is willing to state that there is a
technology which is certified for such purposes, and will be backed in
court a propos...
Now its interesting to note, that personal sensitivity categories are
not recognized by the US govt. Only official categories. So how one as
an individual protects ones privacy when communcating with ones govt.,
is a mystery. For an individaul may not designate labels officially,
unless one has the authority to do so. Therefore one may not obtain
privacy before the public archive process, when communicating
electronically with ones govt. (The concept of a "offical" reply
envelope doesn't seem to exist in the email world.)
Remember this is a speculative fun topic. But one which has social
ramifications. The whole area reminds me of Kafka's Castle.
Whilst protections exist in society for the relationship between
postal mail, official use, and the responsibilities of carriers,
and individuals, in the form of Postal Law, the same do not exist for email.
One should not assume that the use of electronic messaging,
metaphorically known as email, has the significant protections of
regulated and constitutionally protected postal mail (in countries
where these matters are based on original French precepts of postal
law, anyway).
(Any implied criticism of PGP is limited wholly, and exclusively,
limited to any use for protecting the privacy of information flowing
between an individual and his/her govt.)