Users beware: Electronic mail system on campus lacks privacy

By Ana A. Lima
Arizona Daily Wildcat
October 24, 1996

Communicating through electronic mail is not as private as some might wish. Information circulating through e-mail in the university system is public record, and can be subpoenaed by a court of law.

"Students need to understand that many of the messages they send would not be protected from being used in a lawsuit," said Kathleen Schneyer, University of Arizona attorney.

"Communication through e-mail is a very misunderstood idea. It can amount to a lot of embarrassment and sometimes might form the basis for a libel lawsuit," she said.

Access to anything a student writes on e-mail can be requested and used in a legal dispute if the court finds it necessary.

In the past, the University of Arizona Police Department or federal agencies such as the FBI have requested that the Center for Computing and Information Technology check an individual's e-mail records.

"I basically tell people e-mail isn't totally private," said Linda Drew, CCIT computing manager.

Mike Proctor, UA attorney, said any time a student has a dispute with an outside party, the party would be able to subpoena the student's records.

"What the court will look at is whether the request might lead to relevant information," Proctor said.

Child custody disputes and conflicts with landlords and employers are all situations under which a student's e-mail records could be requested by law.

If requested, the e-mail material must be produced, and protection from producing it is very limited. Communication between a person and an attorney, however, may be protected by the attorney-client privilege, Schneyer said.

Contrary to what some may think, Schneyer said deleting an e-mail message does not necessarily mean the message is gone.

"Frequently, what is in e-mail is backed up automatically," she said.

Different systems have different ways of storing information, Schneyer added.

On the UA computer system, however, "Once you delete, it's gone forever because we don't save it," said Viji Muralidharan, a CCIT computing manager.

"We're not police people. Our job is to keep the system up and running," she said.

CCIT uses incremental backup tapes to store information that has been saved under a 2.5-megabyte home directory only, Muralidharan said.

"If a student loses a home page or homework we don't want them to suffer," she said.

When CCIT is notified of a Code of Conduct violation, such as a harassing message, it is able to check the existing messages on the harassed user's account, with that person's consent, Muralidharan said.

"CCIT systems administrators have the authority to examine files if they believe the security of the system is compromised, but not otherwise," Muralidharan said. Anyone else needs a subpoena to access CCIT e-mail records.

According to Muralidharan, CCIT - at the user's request - will accesses someone's e-mail account when the person feels his account is being compromised. For example, when a user suspects that someone else is using his account.

Veda Hunn, associate dean of students, said there have been cases regarding misuse of e-mail on campus.

Last year, five different cases of e-mail abuse were reported to the Dean of Students Office. Most of them were associated with harassing messages received, or viruses sent over e-mail. This year, only one case has been recorded, Hunn said.

"Typically, it would be CCIT who makes the allegation," she said. Then, the student accused would be notified, and expected to address the issue.

At times, the person who has received a harassing message will take a stand. "The harassed user notifies us and we help them work it out through the dean of students," Muralidharan said.

All computer users and administrators are expected to follow the university's policy on Use of Computers and Networks, which states: "Network users are responsible for respecting the rights of other users ... ; these rights include but are not limited to privacy, freedom from harassment, and freedom of expression ... ."

When students sign up for an e-mail account, they are required to read and agree to a list of policies. Inappropriate use of e-mail would be "sending harassing messages or in any way harassing other computer users, gaining, or attempting to gain, access to accounts or files without the owner's permission - on any computer or network system," according to the UA Online Computer Access Policy.

Although there already are a number of existing policies that govern the use of computer resources on campus, Proctor is working on a new policy that will address the issue in more detail. The policy is in the early development phase, he said.

In the past, students have been expelled from the UA because of serious violations of the dean of student's Code of Conduct, Hunn said. Forgery and access to unauthorized records are the most frequent reasons violators are charged, she said. This includes unauthorized access to e-mail records.

The low number of cases reported to the dean, however, is not representative of the number of e-mail violations. "It doesn't give us the real figure regarding abuse," Hunn said. Hunn said, violations of the Code of Conduct occur regularly, but often go unreported.

Some students, however, said they were not too concerned about their e-mail not being confidential.

"It's fine. I'm just using it to converse with students and teachers," said Matt Johnson, agriculture and biosystems engineering senior.

Johnson said that in the future, as a professional, he will be concerned with who has access to his records.

He said it is OK for a stranger to have his phone number. "But you don't want anybody having your address and knocking on your door," he said.

Jaime Yazzie, political science freshman, said she only uses e-mail to communicate with her friends.

"I wouldn't write things about me that are personal, things that others shouldn't know," she said.