From: "Brett Turcotte" <turcotte@io.com>
Date: Fri, 20 Jan 95 08:48:00 PST
To: cypherpunks@toad.com
Subject: Re: "Disclosing" private email
Message-ID: <199501201647.KAA01769@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


Arthur Chandler posted to the list:
>   Greetings! I'd like to solicit your/our best thoughts on the following
> message. San Francisco State University is considering a policy of
> "disclosing" private email to outside agencies.  I'm aware that such a
> policy is yet another argument for using crypto; and the last cypherpunks
> meeting gave some encouraging instances of "transparent" encryption
> schemes that are not a hassle or a fear-barrier for newbies. 
>   But if you could post or private email me your thoughts about the 
> legal/ethical aspects of "disclosure," I'd be much obliged.
>   I've put a few of my own concerns at the end of the enclosed quote.
> 
It is probably a CYA move on the part of the University....if someone 
at SFSU is plotting the overthrow of our (or any other) government, 
engaging in espionage, child porn, etc. and using their Internet 
account, SFSU admin probably wants a way that they don't get held 
liable.

However, my view of this is that is sucks.
> 
> ---------- Forwarded message ----------
> 
> >From: "Deirdre C. Donovan" <deirdre@mercury.sfsu.edu>
> >
> >I am rewriting the information handouts which we here in San Francisco
> >give out to our students when they apply for Internet access accounts.
> >The issue with which I am struggling is one of privacy.  I have heard of
> >universities (anecdotally only) where the administration reserves the
> >right to read E-mail.  Here, we are leaning more toward something like the
> >paragraph below, which is taken verbatim from an Indiana University draft
> >document.
> >
> >        IU computing centers will maintain the confidentiality of all
> >        information stored on their computing resources.  Requests for
> >        disclosure of confidential information will be reviewed by the
> >        administrator of the computer system involved.  Such requests
> >        will be honored only when approved by University officials
> >        authorized by the [President] of the campus involved, or when
> >        required by state or federal law.  Except when inappropriate,
> >        computer users will receive prior notice of such disclosures.
> >
> 
>    I'm uneasy about the chain of "prior notice":
>   
>    1) Does this policy give university administrators the power to read
> private email before the decision is made to "disclose" it to outside
> persons or agencies? 
>  
It would have to...otherwise how would they know if they needed to 
disclose it.
>    2) Does this "prior notice" mean "We're going to do it" or "We plan to do 
> it, and if you disagree, let's discuss it before we release it"?
>   
From their perspective, prior notice would probably mean they tell 
you before they do it.  While I don't have experience specifically 
with SFSU, it seems as though large organizations tend to do whatever 
they please. 
>    3) What constitutes "inappropriate"?
> 
> 
Probably anything that is involved in an active criminal 
investigation.
> 
Note that any thing in this message is just my opinion, and most 
assurdly could prove to be different when exposed to the real world!!

Brett Turcotte
turcotte@io.com