Newsgroups: comp.society.privacy Subject: Re: e-Mail privacy Summary: Perhaps the ECPA applies, but it's really a question of due process Expires: References: Sender: Followup-To: Distribution: Organization: Keywords: [Important background note to readers not at MIT - this is apparently a small part of a incredibly convoluted case with several people making charges of sexual harassment and retaliation against each other. At MIT, a Dean with responsibilies of judging sexual harassment cases against students (reputed to be extremely authoritarian and arbitrary), had an 18-month long affair with another MIT employee. He and his ex-mistress made internal (within MIT) charges of sexual harassment against each other, and he and a student filed an MIT harassment complaint against Shea. Shea has filed harassment and retaliation charges against MIT with the state anti-discrimination agency. This isn't a complete account of all the MIT and legal charges, and doesn't even begin to cover all the political accusations. You can read all about it in our local newspaper, which is on-line through various paths. For hypertext programs, the URL is 'http://alexander-hamilton.mit.edu:80/The-Tech', look at issues around 11/30/93 The most informative is 'http://alexander-hamilton.mit.edu/V113/N61/issue'. Meanwhile, the irony and theater-of-the-absurd drama of it all has made campus civil-libertarians want to roll on the floor laughing, and choke out, through tears streaming down their faces, "WE TOLD YOU SO". I have no connection with this case, except for being one of the aforementioned floor-rollers.] Disclaimer: None of the following should be taken as legal advice or authoritative policy. It is opinion, albeit hopefully educated opinion. In article Sharon Shea writes: > What do you think of this invation of e-mail privacy? - > The passwords to my computer were obtained through a trusted student > worker (without my knowledge or consent, by intimidating my student > worker - who later reported the incident to me) and my saved e-mail was > read from my hard drive. This was done at work, by my supervisor. This > was done at MIT, which has no stated policy about the privacy of > personal e-mail on university computers. It's implied, however, that Actually, there are statements regarding electronic privacy. From the MIT "Policy and Procedures 1990" (which I use as it is on-line): 4.24 PRIVACY OF ELECTRONIC COMMUNICATIONS Federal laws protect the privacy of users of wire and electronic communications. Individuals who access electronic files or intercept network communications at MIT or elsewhere without appropriate authorization violate Institute policy and may be subject to criminal penalties. The law also prohibits providers of electronic mail services from unauthorized disclosure of information within an electronic mail system. This provision bars MIT departments and other providers of electronic mail services at the Institute from disclosing information from an individual's electronic files without the individual's authorization. One of the laws referred to by the above is the Electronic Communications Privacy Act of 1986. It isn't clear whether the ECPA applies to private universities. Since I'm interested in this topic, I've had some discussions with mid-level managers at MIT regarding legal protections for users. Though I couldn't get it in writing, I was told an internal decision was made at MIT that MIT would behave as if the ECPA did apply. Thus, any request to the computer maintenance staff to access an individual's private files would have to carry a fairly high level of authorization (exactly how high wasn't spelled out, but the particular people I spoke to made it clear they would, as a matter of personal protection, require a written request on official stationery.). However, it is very unclear as to whether this can be applied to your case. An important element is that the person who actually retrieved the files was "authorized" to do so, in the sense that no computer administration privileges were invoked. The request to get the files may have been improper - but here's where the political background comes in - it could easily be claimed that such was a vital part of an investigation into a sexual harassment charge. From what I've read, I'd try to frame the argument primarily in terms of lack of following due process in investigation. But then that goes right into the explosive issue of what sort of due process a private institution is required to observe (great amusement can be derived from the flip-flops that some local activist groups are doing now over when and what due process is required. I haven't heard for a while of the dire necessity of checking all computer files for potentially harassing material). > What's more, my supervisor then copied out my e-mail and passed it > around, in places where it was obviously hoped that it would do me > professional harm. Is this the other side of the following accusations? If so, then the problem of adjudicating should be clear: "These attacks have originated from MIT offices, during working hours, utilizing MIT phones and computers. I have provided MIT with copies of electronic mail that was sent on May 5, 1993 to former employees requesting any "dirt" that they might have on me. I have provided MIT with the name of the individual who sent this e-mail and the names of the individuals to whom it was sent." (_The Tech_ 11/17/93, p.4) "E-mail of the most vicious kind has been sent out over a number of MIT networks describing me as the "main problem with harassment at MIT" as "a sexual predator" etc. I have provided MIT with copies of some of this correspondence and with the names of those who received it and the name of the individual who sent it." (_The Tech_ 11/30/93) > Does anyone have any suggestions about how to deal with this, or what > legal possibilities I may have in replying to this action? Thanks. Well, several members of MIT's free-speech protection group (SAFE - Student Association for Freedom of Expression) are very interested in the whole case. Given the intense politics surrounding this, I don't know if you would want that help, or if it would be effective, but there is a desire to establish protection for electronic files wherever possible. -- Seth Finkelstein sethf@mit.edu Disclaimer : I am not the Lorax. I speak only for myself. (and certainly not for Project Athena, MIT, or anyone else). As Stallman wrote to Lotus: "Any time I can help you overturn a patent ..."