Q.E.D.: So, does Earthlink have a right to read your e-mail and monitor what web pages you visit? And no, the university is NOT responsible if someone decides to use the Internet to coordinate a terrorist attack. As an ISP, it is not responsible for content flowing over its network, unless it is made aware of that content.
Well, to date, no corporation has been ordered by a US court to cease monitoring its employees’ internet access. Can you explain this?
That’s asuming the university is it’s own ISP and is not under the terms of another. I’d like to hear from one of our resident lawyers, though.
The purpose of the university computer network is to facilitate learning in the legitimate context of the university charter. While you should have a reasonable expectation of privacy while using the university network, does the university have a posted computer/network policy? If so, you’re supposed to agree to it in order to use the network.
When I worked for a university we had such a policy. The policy also stated university email accounts are for the sole purpose of communicating for university business. In the case of students, this meant using one’s student email account strictly for bona fide university learning. While we never enforced the policy to that degree, it gave us the legal footing to access any university email account, but only after meeting the larger legal requirements.
I am unable to find the link, but a recent IT news story talks about a university developing software which must be installed in all computers within the university, as well as those computers owned by students connecting to the university network. The purpose of the software is to restrict non-university network use. That is, to prevent peer-to-peer file sharing, IM and other communications.
The university does not own the phones lines or the network. This is not the same as connecting your own computer to the university computer network, which is connected to the Internet.
OTOH, overhearing a phone conversation in a public place is a separate issue.
As a matter of fact, they do, according to the user agreement. You have to read between the lines a bit, but yes, it sure seems they do have this right. Can any lawyer Dopers show otherwise?
I don’t understand why internet communications don’t have the same privacy conventions as the traditional communitcation methods, but somehow I suspect it is because it is a new thing, and the laws haven’t caught up yet. The people who are doing this monitoring are just doing what they can get away with until that happens.
And just because something is quasi-legal doesn’t make it right. Alot of people need to be sent back to kindergarten, having missed up on a lot of the rules of conduct and behavior that were supposed to be taught then. That’s a rant for somewhere else though.
While I respect and believe our esteemed Q.E.D.'s responses very much, this pisses me off to no end.
I’ll bet dollars to doughnuts that within ten years, internet communications will (in the U.S.) be protected by the same laws that govern telephone lines. Communications are communications whether they come over phone or cable lines.
No politics please.
I work in systems for a school district and I have friends who do similar jobs for a nearby College. We both require our users to agree to a set of rules that govern behavior on our networks and with our equipment. This document also tells them that we can, will, and do monito all communications on our network and that they have absolutely no expectation of privacy from administration or IT.
There’s a significant difference between the IT services provided by a school district and those provided to residents of a college. Residents pay directly for their Internet access, remember.
But communications over a college network aren’t treated the same as sealed postal mail; it is a Federal offense to tamper with someone’s mail, but it is not illegal to monitor electronic conversations over one’s own network.
It’s also not a free speech issue if the university is private. If you were in my house and said something I didn’t care for, I’d be well within my rights to call you on it.
Getting back to the specifics of Liberty University network policy
But this should not be surprising in a university which has a dress code for men and women (recently changed to allow men to attend classes while not wearing ties and women to wear pants year round) and forbids on campus demonstrations, petitions, and picketing, as well as sitting on the arms of chairs in the library. Liberty University is very clear about their mission; it’s hardly surprising that they are restrictive about how their computer network is used.
In fact it is quite different. If you encrypt your email and IM traffic it is analogous to a sealed envelope sent by snail mail. Someone may still be able to read it, but you’ve taken steps to prevent it. Even if those steps aren’t impenetrable, you’ve essentially said “this is private and I expect it to remain so”. Sending unencrypted email/IM on a public network is analogous to sending your snail mail on postcards and not even bothering to take them to the post office but hand them to a friend who knows a guy who may go by the post office later. If you know anything whatsoever about how the Internet works, you shouldn’t expect your email to be any more private than a postcard passed through several strangers on the way to the drop box. If you don’t know anything about how the Internet works, you have very little basis for complaint and, IMO, should have made assumptions that assumed more personal responsibility instead of thinking that technology or law would save you from yourself.
I’m all for privacy, but if you’re not willing to take even the most basic steps to secure your own privacy, don’t expect society to do it for you. Ultimately the protocols may change so email and messaging traffic is encrypted by default but that is not the case now for several reasons. Security is almost always diametrically opposed to usability and people complain when they have to select a public key to send email, enter a secret-key passphrase to read an email, go find a recipient’s key to communicate with them, pay to be issued a secure certificate (see complaint about Verisign certs earlier in the thread), etc… In truth, these hurdles are no different than taking the time to lock the door on your house or car, but many people reject them because they’re used to the unsecure methods. They want someone else to be responsible for locking their doors for them.
Why should I pay verisign for a certificate when PGP can generate Public and Private keys for me? If PGP can do it, then AOL can do it, and if AOL can do it, yet expects me to pay VERISIGN to do it, I have a problem with it.
I understand verisign’s importance in “signing” things like software products, or HTTPS servers, as it’s important to be able to validate the “source.” But for chatting on AIM?
Fortunately, as someone pointed out, AIMEncrypt.com will give you a free cert…which I am willing to bet is similar to the “test” certificates you could generated in IIS to test your HTTPS server.
Not really valid, but it still works, and still provides decent protection. (umm, unless all those certs that AIMEncrypt generates are insufficiently random)
Steve
IM is used quite frequently between strangers whether it’s for business or pleasure. The OP is probably quite certain who he was chatting with (or at least who owned the account) because he has frequent real-life contact, but if you IM a company’s tech support address, a potential vendor or customer, a new friend you’ve met by email, or someone else you’ve never met personally, how do you know who you’re chatting with? A certificate issued by a central authority provides some basis for identifying the owner. A key pair generated by PGP allows for security but absolutely no authentication except what’s self-reported by the creator, which is no authentication at all. Do you really think signing is important for servers and products but not for communication?
The simple fact is, in a lot of cases the users of IM are more interested in authentication than encryption. If I IM a tech support address, I may not care a bit about security but I want to make damn sure I’m not trading messages with some cracker who hijacked the IM account and is trying to talk me into installing a trojan or deleting critical files.
Note that I’m not terribly pro-Verisign. I think most of the certificate vendors are gouging the market. My only hope is that they’ll lower their costs when the use of this type of security product becomes more widespread because at the moment they’re trying to amortize their PKI across a very small user base.
Well this is my area of law, and I did have a nice eloquent answer, but then I got “bad gateway” errors all over the place from SD’s servers, and then my cpu froze.
Anyway, long answer short, the Digitial Milennium Copright Act (DMCA) only provides OSPs (in this case, the university) with protection from copyright infringement (and protection from laws pertaining to copyright) with respect to the acts, vis-a-vis, of its users. For the purposes of the DMCA, almost all universities (it would be pretty rare, if one didn’t) qualify as an OSP.
Doing a survey of cyberspace law, it is becoming increasing clear (again was explained better previously, but I must move on…) that there is a lack of privacy on the internet. The nature of the internet is just too different for real world analogies. Note that IM messages, e-mail, other forms of Internet communication (not sure of VoIP) reside somewhere, whether it be in memory, on a server, as opposed to being transient or in transit.
As someone else noted earlier in the thread, but since I’m on this page, I will continue with my post anyway, phone calls and cpu communications are two totally different forms of communication in the area of law. The situations are not analgous. The phone conversations are too “fleeting” (there’s a better term, but it eludes me for now) compared to an e-mail or an IM. You have to note that those who are reading these messages are not reading them while in transit.
** Alereon**, generally, there is no difference, according to the case law (Zernon, I know I misspelled it) in the way the service is paid for, provided, at least in terms of determining liability of the provider. Following that logic, there is no difference in determining what rights the user can expect from using the service.
dantheman Whether the commuications come from a public or private university also doesn’t matter. This isn’t a free speech issue, just as I predicted (not on these boards) that telemarketers can’t claim free speech to allow them to continue calling me during my dinner. Of course, I don’t know all the facts, but from what I gather, there is a balancing test to consider, e.g. potential sexual harassment, obscenity, etc.
Some of you need to be reminded that we have other forums for ranting about the unfairness or debating the morality of the practice. Let’s all stick to discussing the legality of the practice.
bibliophage
moderator GQ