E-mail goes into space without privacy file Open letters: Electronic mail writers have practically no privacy, and their lack of legal protection is opening the way for punishment in courts and workplaces.


You dash off an angry electronic message to a friend about your unreasonable boss. No big deal: you're just blowing off steam.

Big deal: you're fired.

Even if your friend believes she has erased the message, that note can be read or reproduced legally by your boss, or your friend's boss, or by anyone working for the computer services that generate, process or receive electronic mail.

Despite privacy concerns, there is little federal law protecting electronic mail. Policies concerning privacy vary greatly among the companies and universities that provide access to the Internet. Increasingly, people in Maryland and elsewhere are finding that they can be held responsible for their often hastily created messages.

"It's become a cliche that e-mail is more like a postcard than a letter in a sealed envelope," said David Sobel, an attorney with the private Electronic Privacy Information Center in Washington. In fact, he suggested, e-mail is "like a postcard that might be getting xeroxed in every post office it might pass through."

And electronic mailings are becoming more commonly used as evidence in courtrooms and corporate boardrooms.

Prosecutors, for example, are likely to draw upon the pleading electronic messages of Johns Hopkins University senior Robert J. Harwood during his trial for the shooting death of Hopkins sophomore Rex T. Chao earlier this month. Excerpts from those messages, provided by a confidential source, were published in The Sun this week.

University officials, who were given printed copies of messages from Mr. Harwood by Mr. Chao weeks before his death, said they did not search Mr. Harwood's computer mailbox or other files before the shooting April 10. A campus spokesman would not comment about what subsequent measures have been taken by the university.

In the last six months:

A federal court in Pennsylvania held that the Pillsbury Co. was entitled to fire a woman who had sent e-mail critical of a superior, even though the company had explicitly promised that it would not monitor its employees' messages.

A San Diego supercomputing company running a federally sponsored research center retrieved the electronic mail of three company executives, two of whom had recently resigned. The company sought to learn more about the relationship of the two departing officials, who joined a rival research group.

A librarian at the University of California at Irvine refused to tell her supervisor her computer password when she took a personal leave of absence. So he had all e-mail addressed to her routed to his electronic mailbox. A draft for a new University of California System policy would generally consider e-mailings private but notes that they are potentially disclosable under state law.

A private Washington research group published a book based on 500 electronic mailings taken from the Reagan White House, after court battles forced each presidential administration to record and ultimately release such correspondence.

"The White House e-mail should be a shot across the bow for e-mail users," said Tom Blanton, director of the National Security Archive in Washington and editor of the published e-mail collection.

It's well accepted that people accused of computer-based crimes -- such as breaking into someone else's files or harassing through electronic messages -- are likely to have their computer files investigated.

Public property

Less well known, however, is that your e-mailings are not your own and can live on past your ability to see them. "I wouldn't send anything you don't want public," said Bruce Schneier, a Minneapolis computer consultant who is the author of the 1995 book "E-mail Security."

"E-mail is not private," Mr. Schneier said. "E-mail is private most .. of the time. But it can be made public, especially if you're using a company computer."

When you send your e-mail, you are first forwarding it to the network of the company, campus or agency that is your "host" -- that provides you with your computer account. That host typically saves your message on computer tape or disks, then transmits a copy out to the Internet itself.

The Internet was initially created as a communications network to link university, government and military contractor researchers. The message you send is transmitted through this network, which sends it by any of a seemingly infinite number of routes to the organization through which your friend has access to the Internet.

Generally, that company holds onto the message in its data banks and informs the recipient that an e-mail awaits. The message usually is held in the memory of the firm's system -- not the files of the recipient. When you delete your e-mail, it doesn't actually disappear; it goes into a hidden location.

The record lasts anywhere from several days to several years, depending on the policy of the company, campus or agency involved. Copies are also made of similar communications, such as postings on electronic bulletin boards or Web sites.

Many private on-line companies, like the Virginia-based America On Line, profess to treat electronic mail with the privacy accorded written notes, and say they hold onto copies for the convenience of their customers alone.

"E-mail is considered private communication," said Judy Tashbook, a spokeswoman for AOL, which processes more than 7 million pieces of electronic mail a day. "We do not read e-mail."

Yet most customers have agreed to regulations -- allowing the company to respond, for example, to complaints of profanity in ++ on-line exchanges -- to which they paid little attention, observers said.

On-line restrictions

If other AOL subscribers complain, or if the company receives requests from law enforcement agencies, however, the company often reviews correspondence. Like its primary competitors, Prodigy and CompuServe, AOL is largely restricted only by its own policies.

Last year, for example, AOL cooperated closely with federal investigators in nabbing people who traffic in child pornography. That prompted a few observers to suggest that the nation's largest provider of e-mail accounts had become too willing to forfeit its clients' privacy to government agencies.

Computer professionals acknowledge that computers can easily be programmed to follow all traffic or mail involving a particular person. Marketers already hire firms to track who "visits" electronic sites, revealing interests that could translate to an appeal for consumer products.

Experts say those seeking true security should encrypt every message. The computer program Pretty Good Protection offers a code considered virtually unbreachable by crack federal code- breakers.


Safety in numbers

When it comes to every-day use of electronic mail, your greatest safety is in the numbers, experts say.

"We handle over 300,000 e-mail messages a day," said Margie Hodges, an attorney who advises Cornell University's information technology division. "It's impossible for us to monitor the content of those messages." Since 1992, when Cornell's current computer policy was put in place, the university has only once intervened to read the electronic mail of a student -- and that was in response to a subpoena, Ms. Hodges said.

One major question, say people who advocate greater protection of privacy on-line, is whether the companies or universities inform those whose files have been requested by government investigators. People cannot fight subpoenas they don't know about for records they don't know exist.

"The big problem with this issue is that the average user does not have a very good idea about how any of this works," said Mr. Sobel, who watches these issues closely. "I don't either."

Pub Date: 4/27/96

Copyright © 2021, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad