"Neil," one of my coworkers asked me one morning, "do you read my emails?"
Actually, I shouldn't say he asked me, because he didn't say it in person, or even over the phone. He sent an email. This was either a cunning trap, or the question begged further explanation. I took another pull off my coffee mug.
"When I send an email from the office," my colleague wondered, "is it really private? Or could it be ... you know ... monitored?"
Turns out he'd recently read an article (on the Web, no less) that warned of the dangers of using your company's email system for private or personal mail. By the author's reckoning, any piece of mail sent or received from your desktop computer at the office was very likely being archived and reviewed by management — without your knowledge or consent — and a copy kept in Your File.
Dire predictions and conspiracy theories are very much the fashion of the moment, of course, especially among X-Files-infatuated computer users. But my co-worker was right to come to me with his concerns. After all, if anyone at this company was likely to be reading his personal email, I was the guy.
As a Systems Administrator, part of my day-to-day responsibilities is the care and maintenance of our company's email server. Like most every email system, no mail enters or leaves the system without passing through the server, at least briefly.
While there, like any other data, it's likely to be subject to back-ups, archives, statistical accounting, and a variety of other processing. That most of this would be automated is beside the point. Anyone who has access to the email server to perform these procedures would also have access to read the mail — some basic technical issues aside.
So does it happen? Do employers really regularly monitor their internal email systems?
Of course. Happens all the time. It's not uncommon that employees be required to sign an email policy explicitly forbidding them from sending any personal mail across the company system. In extreme cases, I've heard of companies staffing departments whose sole duty is to monitor outgoing email for "inappropriate content," all day long.
The bottom line is that if your boss feels he has legitimate business justification to do so, he can probably — legally — monitor any and all email sent or received by your office computer. If this alarms you, brace yourself for a real shocker. He can probably rifle through the papers on your desk, too.
To the hip subculture of Internet privacy zealots known as "cypherpunks," this last statement probably sounds unduly flip or cynical. On the contrary, I see it as a realistic cautionary note on the issues of personal privacy in the "wired 90s."
Stop a moment to consider the other question that seems to vex so many Internet users, that of the security of online sales transactions. Is it paranoid to think that some wily hacker somewhere might be able to intercept your credit card information as it's broadcast across the network and use it for a shopping spree of his own? Perhaps not, when the record shows such things have indeed happened in the past. (Be wary of any unexplained charges from the Jolt cola company.) But is the scenario particularly likely?
Ask yourself this: Might not someone use your credit card information fraudulently if you told it to them over the phone? Or handed it to them on a piece of paper?
To eavesdrop an online transaction, a criminal would probably need to have studied UNIX administration, C programming, and advanced TCP/IP networking. And yet, we tend to worry more about the security of online commerce than the security of reading off our credit card numbers to low-wage 1-800 operators, or giving a carbon copy of the card to the pizza delivery guy, complete with signature.
A decade or two ago the aforementioned, more mundane methods of credit card fraud were on people's minds, and not Internet fraud. It's not that the old dangers have disappeared. It's just that we've become more comfortable with the technology.
Information technology has advanced so rapidly that just keeping up with it can be a full-time job, let alone becoming comfortable with it. Because of this, it's easy to point to technology as being responsible for a broad variety of new potential dangers. But to do so is to forget that it's not computers that commit crimes or that store unlawful information, it's the people who use them.
And who's to say the person publishing your credit card numbers on the Internet tomorrow isn't that same crooked pizza delivery guy from last week? A few years ago he might have phoned some friends to pass it along. Today he uses an electronic mailing list. Word of mouth or Web page — is either method any worse?
Either way, your personal privacy has been violated. Your accounts will be put on hold; your cards will need to be cancelled. Is credit card fraud without the use of the Internet any less infuriating because it didn't involve a computer?
The Internet was never intended to be a compartmentalized Eden of personal privacy. Rather, it's an extension of the society we already have. The ability to assume a faceless online persona tends to foster an illusory feeling of isolation — of insulation from unwanted contact. It is because of this tendency, and not in spite of it, that the basic values of communication, understanding, ethics, and respect for others are more important than ever.
So, back to the issue at hand. Could my co-worker feel confident his email was secure from monitoring? Tricky. This was a complex issue, and my coffee was already getting cold. Besides, I mused, he'd probably be insulted to hear that, though I probably could find a way to access his personal mail, I really just didn't care to know him that well.
And then, arriving at a solution at last, I grinned. Onscreen, my mouse cursor circled around the words of his question for a moment — "Neil, do you read my emails?" — and then finally came to rest on the Trash button. Click.
With me, at least, this data was secure.
