| Tue Apr 20 18:33:06 1999 ProfessorMiller: | Hi. This is Arthur Miller, this week let's actually talk about the hypothetical that you got at the beginning of this lesson. Since many of you may have forgotten, here it is again: |
| ProfessorMiller: | Meet-Your-Match is the largest and most successful singles club in your home |
| state. A year ago, Meet-Your-Match decided to expand its operations internationally by opening a matchmaking web site. | |
| The company realized that on traditional chat lines, web users can masquerade as anyone. By offering a paid site that filters out jokesters, cranks, and 12-year olds, Meet-Your-Match hoped to attract only singles who are seriously looking for a romantic relationship | |
| For the most part, their efforts have paid off. The matchmaking web site has been a great revenue builder, and it has become well-known among the online community as a safe and expedient way to meet new people | |
| Recently, however, there has been some controversy surrounding | |
| Meet-Your-Match. | |
| Vera Victim, a client of the service, has alleged that she was raped by a man whom she met via the web site. Ms. Victim apparently also contracted the deadly Melissa Virus, a sexually transmitted disease which | |
| wseltzer: | attacks the immune system, during the course of the attack. The victim and her attacker had exchanged numerous messages over the Meet-Your-Match server prior to the date on which the incident occurred. Apparently, the man to whom Vera was speaking had assumed the identity of one Calvin Clean, another client of Meet-Your-Match, for these exchanges. Mr. Clean was |
| unaware of this unauthorized use of his account. However, Vera Victim insists that the impostor must have been a Meet-Your-Match client based on his knowledge of certain facts which were only divulged during the course of secured real time chats. | |
| In an effort to help alleviate client fears and to repair its damaged reputation, Meet-Your-Match began tapping into the mail exchanged over its server to track down the wrongdoer. Using the keywords "Melissa Virus" in its search, Meet-Your-Match discovered twenty-four male clients who have admitted to | |
| having the virus. Meet-Your-Match intercepted these messages containing references to the virus, as well as numerous other messages from those twenty-four men. They then turned all of this evidence over to the authorities, who were able to successfully track down and arrest one Frank Fraud for the alleged rape on the basis of these intercepted messages. All clients of Meet-Your-Match were required to assent to a "terms of use" policy before signing up for the service. This policy indicated that personal communications and information transferred over the company's server should not be assumed to be private and that Meet-Your-Match did not guarantee the privacy of any of its members. | |
| ProfessorMiller: | How do you react to the way Meet-Your-Match tracked down Frank Fraud? |
| Did it do anything improper or illegal? | |
| aldon asks: | Did it do anything illegal, I'll leave that to the lawyer types. Did it do anything improper, I don't think so. |
| ProfessorMiller: | So you agree, Aldon, that the tapping of messages by meet-your-match is consistent with basic privacy principles? |
| I guess you believe that the other 23 men would also agree with you that snooping on them is okay. | |
| ? | |
| aldon asks: | If I send messages through any service provider, I have no expectation that based on legitimate need, the service provider won't tap the message. |
| ProfessorMiller: | Where do you expect privacy--at home, in your car, at work, in the bathroom? |
| aldon asks: | it seems as if there was a legitimate need for that information to be handled the way it was. |
| ProfessorMiller: | is that because a crime had been committed? |
| Dennis asks: | Would anyone voluntarily agree to have their medical status exposed to the general public? |
| ProfessorMiller: | Dennis, are you saying you do believe that one has an expectation of privacy that should be respected in the environment of a service like meet-your-match? |
| jbernike asks: | maybe it should have been deferred to the police to handle, with a warrant requirement perhaps. |
| ProfessorMiller: | does that mean it's okay for the police to monitor the email messages of every user of the meet-your-match service, just because somebody out there may have committed this rape? |
| mschneck asks: | Aren't our expectations of privacy shaped by the law? So, if Congress passed a law prohibiting e-mail tapping, wouldn't I then have an expectation of privacy in my e-mail? |
| ProfessorMiller: | that is a deeply philosophical question. |
| Is morality shaped by the law, or is law shaped by morality? | |
| to what extent can we come up with a policy about whether a meet-your-match type service inherently is private or not private? | |
| After all, the intention is that information about you is to be made available to other subscribers. | |
| aldon asks: | I do not know if a crime was in fact committed. However, it does seem that there is reason to believe that a crime may have been committed or might be committed, the obtaining of information that could reasonably be linked to such a crime ought to be legitimate. |
| ProfessorMiller: | Aldon, are you trying to define something the law calls "probable cause", which is the standard generally used to determine whether the police get a search warrant? |
| Dennis asks: | But the ECPA outlaws random snooping of this type, doesn't it? |
| ProfessorMiller: | But given the crime, why do you call this type of surveillance random? |
| after all, it was narrow in the sense that they only looked at a certain population related to the Melissa virus. | |
| jbernike asks: | it would seem like we would need a probable cause requirement which necessarily requires a more specific identification of the suspect, not just monitoring everyone. |
| ProfessorMiller: | again, isn't the limited nature of the "snooping" justified by probable cause? |
| aldon asks: | there is a common sense in dealing with computer data, perhaps other data also of 'need to know'. Anything that I post to a service such as MYM should be kept private except for those with a 'need to know', such as potential dates, or law enforcement agents with probable cause, or system administrator with a responsiblity to maintain the reliability of the system. |
| ProfessorMiller: | okay, aldon, let's use your common sense. |
| suppose your mother "needs to know" whether you have the melissa virus? your insurance company? your creditors? your girlfriend? | |
| your employer? | |
| work your magical common sense on that! | |
| by the way, we're serving doughnuts here if anybody wants to drop in! | |
| aldon asks: | and why would my mother 'need to know'? |
| ProfessorMiller: | I don't know , she's your mother! |
| Dennis asks: | I agree! The men did not give MYM permission to use that information, and MYM was acting to preserve its reputation -- not to perfect its duty. |
| ProfessorMiller: | that's a very good point because we always should worry about the "true" motivation of the snooper. |
| we all agree that catching a rapist is in society's best interests. But how can we separate that from meet-your-match's simply trying to cover it's ass? | |
| jbernike asks: | despite your criticism, we still need to draw a line somewhere,even though it may be more critical than common sense. |
| ProfessorMiller: | absolutely right. |
| can you draw the line? | |
| if not you, who? | |
| are you comfortable with the line being drawn by meet-your-match, which in effect did through its "policy"? | |
| are you comfortable with the police drawing the line? | |
| think about meet-your-match saying that it does "not guarantee the privacy of any of its members". does that mean that everyone choosing to use its service has waived their right of privacy? | |
| aldon asks: | personally, I would have drawn the line much differently. If I had the Melissa Virus (which I won't admit to), I sure wouldn't be talking about it in email, whether on a service like MYM, or any Email. |
| ProfessorMiller: | okay, aldon. you are privacy intelligent. Does that mean that anyone less aware of these things, or simply more trusting than you, is at the mercy of meet-your-match, its whims, and its friends at the police station? |
| or its desire to make money by selling the fact of your illness to insurers, creditors, employers, and other people of ill replute? | |
| jbernike asks: | the primary importance is making sure we have a clear line that people are informed of so that they will be able to consider their future actions. Exactly where the line is is secondarily important to setting a clear one. |
| ProfessorMiller: | that's a very good practical point. |
| effective notice cures many ills. | |
| is MYM's policy "effective notice?" | |
| or should you require something in the nature of a countersignature or statement of comprehension before you are willing to conclude that the notice function has been properly completed? | |
| Let's shift gears and move from a dating service to the work space. | |
| should there be any privacy for employees in connection with their communications on their bosses' email system? | |
| is that different than MYM? | |
| Dennis asks: | Only if the company says it will permit it. |
| ProfessorMiller: | dennis, in line with the conversation we were having a couple of minutes ago, must the employer give employees "effective notice" as to what their privacy rights are on the company's system? |
| or can the company simply do whatever it wants regarding the privacy of its "wage slaves"? | |
| aldon asks: | We have a policy at our company that all use of the corporate computers is assumed to be property of the company, must be work related, and may be read by management at their discretion. We stress that there is NO PRIVACY on comany email. |
| ProfessorMiller: | so no one ever sends personal email because you assume that big brother boss is sitting at the terminal reading every email sent by each of the zillion workers at your place of employment? |
| Dennis asks: | Yes -- Because then I the employee have the option to dare to reveal something personal. |
| ProfessorMiller: | so the employee assumes the risk. |
| and the brave guts it out, and the weak of heart silently cower in the corner. | |
| conan_lib asks: | The company owns the equipment. |
| ProfessorMiller: | is it good policy to say that because they own the equipment, you have no privacy? |
| for example, suppose you take one of the company's pencils and one of their yellow pads and write a deeply erotic message to the love of your life. | |
| can big brother boss come by and say "we own the pencil and paper, let me read the message."? | |
| jbernike asks: | doesn't that suggest that the company would be better of having a less strict policy but happier employees who use their email for both purposes. |
| ProfessorMiller: | I like that because I would hope that employers were sensitive to the well-being of their employees and would give them enough privacy breathing space to use the system with some discretion and faith that they were not being snooped on. |
| but, doesn't the company have the right, or the incentive, to make sure that their employees were not spending their days sending erotic messages? | |
| or revealing trade secrets, or trading stocks on the Internet? | |
| aldon asks: | it seems as if 'effective notice' must be given. People do send personal email. Sometimes they even get rebuked for it.... |
| aldon asks: | The company owns the phones. Should we assume no privacy of phone calls either? |
| ProfessorMiller: | why should ownership of the email system produce a different set of rules than ownership of the telephones? |
| aldon asks: | If you are writing deeply erotic messages to the love of your life, you better be careful not to get into trouble with Sexual Harrassment! |
| ProfessorMiller: | I didn't say that the love of my life worked for me! |
| mschneck asks: | If I write a paper during company time, doesn't the company often get the copyright in it? How is that different from the company owning the message to the love of my life? |
| ProfessorMiller: | that's an interesting point. the so-called "shop rights" doctrine is based on the notion that the employer has a proprietary interest in the intellectual productivity of its workers on company time. |
| do you want to translate that over to personal matters such as privacy? | |
| esexton asks: | The employee attitude toward a workplace privacy policy, ot lack there of, would seem to depend the the size of the workplace and the probability of ever actually being caught. At the firm where I worked last summer, all email sent by several hundred people was collected in a single office. The probability that the powers that be would ever actually "catch" someone or *care* was so minimal that I don't think it deterred anyone from sending personal mail. It may not have been deeply erotic, but it was still personal communication. This doesn't answer whether it is right for a company to snnop, but as a practical matter, it didn't really affect anyone. |
| ProfessorMiller: | so everyone became a scoff law, eh? |
| in effect, therefore, the policy was no policy--is that good policy? | |
| Dennis asks: | If my boss went into my desk I would feel intruded upon at a personal level, but not violated in a legal sense. |
| ProfessorMiller: | yet, the law might react if he followed you with a camera into the bathroom, your locker. |
| Okay, let's go back to the hypothetical. | |
| I am making you the big man at MYM. | |
| how would you prevent this situation from ever happening again? | |
| while we are waiting ffor answers to my question, here is an interesting comment: | |
| aldon asks: | I have (perhaps) a more philosophical question, that applies to the very nature of this discussion. We are discussion privacy in cyberspace. We have gotten to discussing the workplace. Cyberspace is part of the workplace. What makes the 'cyberspace' component of the workplace different from discussions around the water cooler? |
| jdabeau asks: | but were employees aware that the employer has the capability to search for keywords in the stored mail that could lead them to employees who were writing personal messages on work time? |
| Dennis asks: | I would not engage in random searches. I would adhere to the letter of the ECPA (or is that the spirit?) |
| ProfessorMiller: | what do you think the letter of the ECPA is that relates to safeguarding MYM in the future? |
| Dennis asks: | Section 2707 I believe says that inadvertent evidence of crimes can be turned over to the police. |
| jdabeau asks: | But the letter of the ECPA is not necessarily clear here - there is an exception for service administrators trying to deter fraud - wasn't Frank Fraud engaging in fraud? |
| aldon asks: | (to Dennis) Would it be legitimate, to safeguard clients, to search regularly for keywords such as 'melissa virus' to make sure that no one gets infected by meeting a partner on MYM |
| ProfessorMiller: | does that require MYM to tell all of its clients that is what they do? |
| or does the ECPA prohibit that as scrutiny of content without legitimate technical management purpose? | |
| would the use of encryption by MYM avoid this fiasco in the future? | |
| could that be done legally? | |
| anyone see any problems with using encryption? | |
| conan_lib asks: | Not if MYM holds the private keys. |
| ProfessorMiller: | what if only the users hold their own private keys? |
| and MYM can't produce information to the police because it doesn't have it, or it can't access the information? | |
| jdabeau asks: | Encryption is certainly a hot topic. Encryption could prevent the orginal fraud by verifying that messages came from the purported authors. |
| ProfessorMiller: | but does MYM run a risk using encryption that is too weak to be truly effective, and the users of the system become unduly reliant on the fact of encryption. |
| conan_lib asks: | Then the FBI and NSA would have a problem with that. |
| ProfessorMiller: | how could they if MYM's service operates completely domestically? |
| aldon asks: | encryption is not enough., Strong authentication is needed also. If Frank Fraud has stolen Calvin Clean's keys, then the protection wouldn't be there |
| conan_lib asks: | Let the encryptor beware! |
| jdabeau asks: | So let us say they use the strongest encryption available, but they are an international service, so how do they bypaass export controls? |
| ProfessorMiller: | Well my time is up, and I've got to run off to my zone of privacy and write erotic notes in peace and quiet. |
| See you next week! | |
| By the way, the TF's are still here. The discussion seems to have momentum, so ... | |
| if you want to keep chatting you can. | |
| mschneck asks: | the TFs are sticking around to chat.... |
| aldon asks: | Could we move the discussion to privacy1 so we can all participate on a more informal basis? |