Rajesh was doing quite well in his new job in America. He missed home, but had made some friends; his company was not paying too much, but he was getting some work by freelancing. One day, the bubble burst.
Rajesh had been maintaining contact with his clients through a popular Web mail company and he felt quite secure, because it was a something that would not show on his computer. "You know, there are two kinds of e-mail accounts —POP accounts from which you can download your mail right to the computer and Web mail accounts, like Yahoo, Hotmail etc, which you can access from any computer. In such accounts, the mail is not downloaded on the Web."
"I had a Web account, and I thought that I would keep in touch with my clients during my spare time in office. We had a fantastic dedicated connection and my mail used to download really fast, even attachments that I could have never been able to download on the slow connection that I had in India."
Soon he was tempted into uploading from the office connection and for a while it seemed that all was well, till one day when his senior colleagues came to him and told him to pack his bags. His e-mail had been monitored and they knew that he was moonlighting, which was not allowed in the contract. Poor Rakesh was on the next plane back to India. "I always though that no one would be able see the mail that I was sending because I was using a Web mail service, but they had printouts of all my mails, I really had no leg to stand on," he rues.
His employer had been monitoring his activities, including his e-mail. But are employers allowed to do so? What is the level of privacy that employees can expect? This is an old conflict since employers want to be sure their employees are doing a good job. At the same time, employees don’t want that all their trips to the loo or even chota tea breaks be logged by the employers.
Even in the USA, where privacy rights are much more sacrosanct than in most other nations, including India, employers are given a wide latitude in monitoring e-mail, because after all it is office time and office machinery that the employee is using. Employers have, however, to be careful in not doing too much monitoring lest they discourage employees by providing a less-than-congenial work atmosphere.
But what about others who access a computer from home or even from cyber cafés? Well, their mail is also something that can be monitored, intercepted or even retrieved, in case they run foul with the law.
As Rajesh found out,
servers are simply computers, and whether near or far, they store
information that can be retrieved. In a way, in case of using an
ordinary letter, you could be fairly sure that once you had destroyed
it, no one would be able to read it, whereas with an e-mail letter,
even if you delete it from the server, it may be saved somewhere, it
could have been backed up and so on.
"Many Internet providers and network administrators archive" (store) your incoming and outgoing mail on a computer disk for six months or more after you think that you’ve deleted your mail. If someone sues you, he or she may be able to subpoena and read your previous correspondence. Of course, unauthorised snoops might choose to read your archive for their own reasons," says André Bacard, author of Computer Privacy Handbook.
For some reason or another most people think of e-mail as something anonymous and of course less formal than regular mail, points out Satvinder, a computer professional in Delhi. "Writing a letter is an art, the paper, ink, composing your thoughts, you think twice before committing anything to paper. In e-mail, it becomes informal, you would tend to use bad grammar, silly abbreviations and even a degree of swear words that you would never use in a letter."
Add to this informality a feeling that you can get away with anything on e-mail—after all you have not really written anything, just typed out a few sentences—and you have the makings of an embarrassment. Most persons are not aware that Internet service providers and e-mail providers are required to keep logs and records of all their e-mails. Thus, for any determined investigator, your e-mail can be traced and for can be held accountable.
Satwinder points out another e-mail issue –that of harassment. "You would never think of sending a risqué joke to another person if you had to photocopy it and mail it, the effort would be too much. But what happens when you get a naughty e-mail, the first thing you do is sent it to a few of your friends and they will pass it on to others, it will be forwarded to persons of the opposite gender and so on… at any time a person could find the matter being sent out offensive and take objection to it, in which case, you are in a bit of a soup—you could be accused of harassment." It is not quite clear how deep the trail would lead. There have been cases when disciplinary action has been taken against employees and they have even been dismissed for such actions.
There was a case in Chandigarh when the employee of a private company got a letter from his fiancé asking him what he was doing. He described what he and been doing, and told her about the meeting he had just attended, in which some company marketing strategies were discussed. The letter then went on to the kind of stuff that recently-engaged people write.
They both did not give any thought to this; they had a lot of other things to think about, like their future. However, all too soon, the man was asked to report to the general manager’s office and was accused of leaking out company secrets. His e-mail had been intercepted by the network administrator. Ultimately, the employee who had a promising future in the company had to resign.
"I knew that my mail could be intercepted on the network, but what the hell, it was just a casual comment in a casual communication," he says, adding that he has a much better job now.
Actually, his comment about the casualness of the communication illustrates a part of the problem that lies in the analogy used to describe e-mail. Most representations of e-mail, including those in popular software packages like Outlook Express and Netscape, show envelopes for e-mail, and thus it becomes analogous for an e-mail being like an e-letter.
An e-mail message is more like an e-postcard that can be read by anyone on the way even as it is delivered to you, rather a letter. Actually an encrypted e-mail would be analogous to having the envelope of encryption for the e-mail letter inside it. This has been discussed earlier in Log in Tribune dated October 1, 2001 .
However, security is always inconvenient, though one of the better and more convenient free encryption standards, Pretty Good Privacy (PGP) has been around since June 1991. Philip Zimmermann, who developed it, faced prosecution from the US government, which ultimately backed away.
Encrypting e-mail typically involves a dual-key mechanism known as public key infrastructure. Under it, one key locks a message and a different key unlocks it. Though efforts have been made to simplify the process, it has not yet caught on with only 10 million people using PGP, out of a worldwide Internet population approaching 400 million!
In fact, what we need to be clear about is that merely something being possible should not be the reason for doing it. That e-mail can be read is no justification for reading it, just as the availability of a gun is no justification for killing someone. All too often, the ethics of the issue are ignored.
An attempt has made in the USA and other places to come up with ethical guidelines for computing.
The first National (read American) Computer Ethics Conference in 1992 was titled "In Pursuit of a ‘Ten Commandments’ for Computer Ethics," and the Ten Commandments, arrived at the conference are given in the box item accompanying the article. Though the organisers called it a "rough draft" it was in itself the product of over a decade of work in the field.
Even a cursory glance will show that we are enjoined to respect confidentiality, as per commandments 1, 2, and 8 and this if we were to take the example of forwarding the mail, we should check that whether the sender would not have any objections to our forwarding the mail. More often than not, people forward the mail and along with it multiple addresses from the original sender’s list. This is also wrong, as it violates the privacy of the persons whose addresses are unwittingly being circulated on the Net.
At the very least personal and other information that could identify the person who sent you the mail and other addressees should be taken out of the mail.
At another level, network administrators and others have to keep ethical considerations in mind—always. There are situations in which mail is intercepted, in fact, fairly regularly in certain organisations like the Army, but the censors are enjoined to behave like gentlemen, and not use the information that they might come across unless it is inimical to the security of the nation. Similarly, in many women’s colleges, letters to hostel residents are censored by the wardens, but they also maintain a proper code of conduct.
As for those who are writing letters, it is a question of taking simple and proper precautions. Do not treat your e-mail letters too casually. In fact, it is a good advice to be careful in one’s expression, whether in speech, writing, or while typing an e-mail.
If you were to ask what you were to
do, all that you have to remember is that the cyber world is a
reflection of the real world, warts and all. Just as you would be
careful in committing anything to paper, just work on the assumption
that your e-mail is insecure and be careful about what you write in
it. Simple precautions and a cautious attitude help in keeping snoop
monsters. As for those who think that they don’t really have
anything to hide, either they are incredibly boring, or not too