Newsgroups: alt.comp.acad-freedom.news Subject: Computers and Academic Freedom News 02.16 (Digest) Approved: kadie@eff.org Computers and Academic Freedom News Vol. 02, No. 16 ---------------------------------------------------------------------- From: sheehan@bronze.ucs.indiana.edu (Mark Sheehan) Subject: Article 0 -- Abstract of CAF-News 02.16 [Week ending April 5, 1992 [This week's guest editor is Mark Sheehan, sheehan@bronze.ucs.indiana.edu. Issues #12, #13, & #14 are still in production. At Mark's suggestion, I've added a bibliography on database security to the CAF archive. It was compiled by G. Pernul and G. Luef. To get this document by email, send email to archive-server@eff.org. Include the line: send caf-books pernul,_g - Carl] ========================== KEY ================================ The words after the numbers are a short PARAPHRASES of the articles, NOT AN OBJECTIVE SUMMARY and not necessarily my opinion. =============================================================== Note 1 is a policy docoument from North Dakota State University: 1. [NDSU POLICY ON MISUSE OF COMPUTER FACILITIES] Responsible computer use means files, passwords, and output are private; no offensive material shall be entered or sent; no unauthorized copies shall be made; no unauthorized commercial use shall be made; violators shall be disciplined. <199204012129.AA24760@ux1.cso.uiuc.edu> 2-5 continue the story about removal of alt.* news groups by the Computer Resource Center at the University of Nebraska 2. Justifying the U of Nebraska's removal of alt.* groups on the basis of economics may be a masquerade for censorship. Students would probably be willing to pay for alt.* access. Another poster's accusation that tuition-paying students are freeloading is ironic. 3. Universities can make their own decisions about what network expenditures are reasonable for their circumstances. They step out of line, however, if they or their policies infringe on individuals' or groups' rights to participate in legal network activities _at their own expense_. Individuals have many options, though campuswide news service is probably beyond the means of most. <1992Apr3.013330.23763@sifon.cc.mcgill.ca> 4. It's reasonable to cut all alt groups, or any other whole branch of the news group hierarchy for reasons of economics. "It's what the hierarchies are *there* for...." If individual groups are cut because of objectionable content, that's censorship. If all of a branch is cut because of a few offensive groups, there's also a problem. <1992Mar31.221948.9349@clarinet.com> 5. The group, Nebraska University Students for Electronic Freedom, promotes academic freedom, works to protect privacy, acts as "watch dog" group for university administration, educates the user community, and strives to broaden access to electronic communication systems. <1992Apr1.192701.28737@eff.org> Notes 6-8 discuss e-mail privacy concerns about postmasters interfering and about users reposting others' mail. 6. The law says providers of electronic communications service can look at mail if necessary, but must keep it confidential in most cases. It allows providers to divulge evidence of illegal activity to proper authorities. Codes of ethics should have the same basis, but may further limit postmasters' rights to view others' mail. "Users should...have the right to understand the privacy limitations of their system, even if some of them don't agree with those limitations." <1992Mar31.000038.4435@rice.edu> 7. The postmaster should have the right to view the body of any message, but should not necessarily have a right to an understanding of its meaning. Thus encryption is OK. One reason postmasters need to see message bodies is because that's where some mail systems store the headers the postmaster needs to return misaddressed messages. 8. Contrary to what one poster asserts, it's not illegal in your own e-mail to quote from a message sent you by another user. On the other hand, in extreme cases, it may be a civil wrong -- a tort. While the original sender may have a common law copyright to the exact word of her/his message, it is, at least in the case in question, "fair use" of that material to resend it. <303@gls47212.law.cwru.edu> Note 9 helps resolve some concerns about harassment of a presumably innocent bystander following the recent virus ruckus at Cornell. 9. Stuart Lynn of Cornell Communications and Information Technologies (CIT) wrote this poster to explain the facts behind a scary news item in a Cornell-area paper. CIT was not flexing its muscle, Lynn says, and warning users that it could make their e-mail public if it wished. However, "Cornell's counsel does not feel that the ECPA of 1986 applies to it because it is not providing e-mail services 'to the public.' Only to the members of the Cornell Community." <1992Apr1.025240.17959@cs.cornell.edu> Notes 10-11 continue the criticism of Iowa State University's ethics statement and netnews policy. 10. "The due process protection of the policy is good. The privacy protection is unclear. Free expression protection is poor. (The policy imposes speech restrictions on email and other computer media. Specifically, it prohibits rude expression and any expression of a political nature. In my opinion, these speech restrictions violate academic freedom and the law.)" <1992Apr2.174625.23219@eff.org> 11. The Iowa State policy is more enlightened than the University of Nebraska - Lincoln policy. Users should have little concern about lists being kept of individuals who have requested access to restricted news groups. Similar lists kept by libraries, video stores, etc. exist and their misuse has not chilled their commerce. The ISU policy recognizes the impossibility of policing postings to news groups. <1992Apr4.050354.13778@tssi.com> Note 12 is about the Newsletter on Intellectual Freedom. 12. "One place good place to report censorship incidents is the Newsletter on Intellectual Freedom. Reports here may help increase awareness of, for example, computer-media censorship. The Newsletter only prints reports that are documented with newspaper articles." <1992Mar31.152657.1753@eff.org> - Mark] In this issue: Brian Abraham 36 >Computer Policy Statement Lee Story 39 >news story on U. of Nebraska alt.* removal Peter Deutsch 93 > Brad Templeton 23 > Carl M. Kadie 50 >An Open Letter to UNL CRC: Removal of alt.* Joseph Watters 184 >EMAIL PRIVACY Leonard Schmidt 70 >EMAIL PRIVACY (a side note) Peter D. Junger 86 Legality of quoting letters Peter Wayner 78 >News from Cornell... Carl M. Kadie 191 >[info.labmgr] Ethics statement Michael Nolan 77 >USENET Censorship at Iowa State University Carl M. Kadie 28 Publicizing computer-media censorship Computers and Academic Freedom News Managing Editor: Carl M. Kadie (kadie@eff.org) Administration: William W. Arnold (caf-talk-request@eff.org, warnold@eff.org) Associate Editor: Elizabeth M. Reid (emr@ariel.ucs.unimelb.edu.au) Associate Editor: Paul Joslin (joslin@tso.uc.edu) Associate Editor: Adam C. Gross (ag3j+@andrew.cmu.edu) To contribute to the list, send email to "caf-talk@eff.org". Your note will appear immediately on the caf-talk mailing list and in the alt.comp.acad-freedom.talk newsgroup. Back issues are available via anonymous ftp to ftp.eff.org. The directory is pub/academic/news. Abstracts of CAF-news are in file pub/academic/abstracts. The CAF archive is also available via email. For information, send email to archive-server@eff.org. Include the line: send acad-freedom README Disclaimer: This CAF-News abstract was compiled by a guest editor or a regular editor (Paul Joslin, Elizabeth M. Reid, Adam C. Gross, or Carl M. Kadie). It is not an EFF publication. The views an editor expresses and editorial decisions he or she makes are his or her own. The addresses for the list are: comp-academic-freedom-talk@eff.org - for contributions to the list or caf-talk@eff.org listserv@eff.org - for automated additions/deletions (send email with the line "help" for details.) caf-talk-request@eff.org - for administrivia Also, if you read newsgroups, look for alt.comp.acad-freedom.talk and alt.comp.acad-freedom.news. ------------ ------------------------------ From caf-talk Caf Apr 1 00:00:00 1992 Newsgroups: info.labmgr From: NU025216@ndsuvm1.BITNET (Brian Abraham) Subject: Article 1--Re: Computer Policy Statement Message-ID: <199204012129.AA24760@ux1.cso.uiuc.edu> Date: Wed, 1 Apr 1992 20:56:53 GMT ----------------------------Original message---------------------------- NDSU POLICY ON MISUSE OF COMPUTER FACILITIES Individuals who use North Dakota State University computer facilities must assume the responsibility for using these resources in an appropriate manner. Misuse of computer facilities is considered a violation of University policy and may also be a violation of law if data of other computer users are disturbed or the privacy rights of individuals are violated. All users of the NDSU computer facilities are therefore required to comply with the following: 1. Files, signons, usernames, passwords and computer output belonging to an individual or to the institution are considered to be personal property. Users shall not examine, change, or use another person's or institutional files, output, or usernames for which they do not have explicit authorization. 2. Users shall not deliberately attempt to degrade system performance or capability. Loopholes in the computer system, knowledge, or special passwords shall not be used to damage a system or file, or to change or remove information in a system or file without authorization. 3. No obscene or offensive material shall be entered into the computer or sent through any electronic system. 4. Unauthorized copies of copyrighted material shall not be created, distributed, or knowingly utilized. 5. The University computer systems shall not be used for commercial purposes without written authorization of the Director of the Computer Center. 6. Students who violate this Policy shall be subject to the disciplinary procedures and sanctions provided for in the NDSU Student Conduct Handbook. Violations by faculty or staff may result in appropriate employment sanctions. ------------------------------ From caf-talk Caf Apr 1 00:00:00 1992 Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk From: lee@wang.com (Lee Story) Subject: Article 2--Re: news story on U. of Nebraska alt.* removal Date: 1 Apr 92 18:01:15 Message-ID: In article <1992Mar29.021938.13211@wpi.WPI.EDU> entropy@wintermute.WPI.EDU (Lawrence C. Foard) writes: In article <1992Mar28.060842.20567@anomaly.sbs.com> mpd@anomaly.sbs.com (Michael P. Deignan) writes: >But, suck-at-the-public-teat .edu students seem to think that computer >centers grow on trees. No its cheaper than growing trees, compare the cost of news to the cost of magazine subscriptions containing that much information. Or ask the students if tacking $1 each onto there tuition is ok if it means they can get the alt groups. Its not just a matter of cost its a matter of cost and benefit, news has the most benefit per dollar of just about anything you do. I too detect a great likelihood that censorship is masquerading as cost-saving here. I'd bet that many students would contribute much more than $1 to receive the alt.* hierarchy, even stripped of useless, redundant and bloated groups like alt.sex.pictures. (That, and possible objections to using the net as a copying machine for legally-protected works, are my only complaints with such groups--- not any offensive content.) Technical groups often receive a tryout period there, and some of the others can be pretty good (I have high hopes for the new alt.politics.elections or whatever). Only in our wonderful polity would the customers who pay up to $100,000 for four years of mediocre and disdainful "educational" services be referred to as "suck-at-the-public-teat .edu students". I'm tempted to use some strong language at the officious Mr.Deignan. -- ------------------------------------------------------------------------ Lee Story (lee@wang.com) Wang Laboratories, Inc. (Boston and New Hampshire AMC, and Merrimack Valley Paddlers) ------------------------------------------------------------------------ ------------------------------ From caf-talk Caf Apr 2 00:00:00 1992 From: peterd@cc.mcgill.ca (Peter Deutsch) Newsgroups: comp.org.eff.talk Subject: Article 3--Re: news story on U. of Nebraska alt.* removal Message-ID: <1992Apr3.013330.23763@sifon.cc.mcgill.ca> Date: 3 Apr 92 01:33:30 GMT Lee Story writes . . > I too detect a great likelihood that censorship is masquerading as > cost-saving here. I'd bet that many students would contribute much > more than $1 to receive the alt.* hierarchy, even stripped of > useless, redundant and bloated groups like alt.sex.pictures. If an institution decides that providing a full news feed is not in their interest I don't see that we can "demand" that they provide one. One the other hand, I would think that if the students wanted to donate the money to their Student Society and have them provide such a machine then there is a free speech issue if the institution refuses to allow the machine on the net or tries to control which groups are allowed on the machine. Well-informed consumers can always "vote with their feet" and refuse to attend institutions that don't provide you with a news feed, if it's that important to you. The way I have always explained it to people is that you are entitled to free speech, but I'm not obliged to buy you the soapbox. For example, anyone who wants access to the Internet can pay CERFnet $20 per month and $10/hour to access a user code through a 1-800 >from anywhere in the U.S. If your university would not let you make the call you'd have a complaint. That doesn't mean they have to pay your subscription to CERFnet just to get you news. My own experience with this issue comes from running a "non-sponsored" Internet link into our Comp. Sci. department for several years which our Comp. Centre (and institution as a whole) refused to fund. I was charged with providing user codes (and thus Usenet, etc) only to ugrads enrolled in our courses and all Comp. Sci. grad students and profs. I was abused at the end of each semester by those I had to kick off and by those I refused codes. The feeling was that it was such a useful service that I was obliged to provide it to all. As I funded the entire Internet link with "creative bookkeeping" and fancy footwork I never took these entreaties as seriously as the supplicants would have liked. This is not to say that I believe that denying access to the Internet is a "good thing". After several years of pushing the Comp. Centre now provides access to the Internet for departments and two weeks ago (!!) we finally inaugurated a campus-wide news feed. Still, there are no campus-wide terminal facilities open to all comers. Each department is expected to fund their own computer labs. If yours doesn't want to provide one you can change majors, enroll in strategic courses in other departments or change institutions. A bad policy? Perhaps. And there are mechanisms to have such policies changed. I once suggested to a student who _really_ wanted news access that he spearhead a funding drive through the Student Society to buy a machine for general access to Internet services. He complained that it would take so long that he'd have graduated by the time the machine was up and running. Told me where his priorities were. In closing, I am _not_ trying to duck potential cases of censorship, but I think we do have to keep things in perspective. Despite what some people seem to be insisting running a Usenet feed is not just a matter of finding a spare $1,000 and a machine from which to hang the disk. This may be true if you were the only person to read news, but on a campus of 25,000 people you need to worry about Usenet admin, backups, the load that the feed (and newsreading by thousands of people a day) will place on both the network and the host machine. At a large institution I'd recommend a dedicated machine, and that's going to cost well over $10,000 to set up. There reaches a point where such services are not a "marginal" increase on existing hardware. > Only in our wonderful polity would the customers who pay up to > $100,000 for four years of mediocre and disdainful "educational" > services be referred to as "suck-at-the-public-teat .edu students". > I'm tempted to use some strong language at the officious Mr.Deignan. To be fair, when I went to a publicly funded community college in California I was only paying a fraction of the cost of my education. The rest was paid from the collective pockets of Californian taxpayers. I wouldn't use his harsh words, but I read Mr. Deigan's crack to mean that people who were not paying the full cost of a service do not necessarily have the right to still demand full service. There really is no such thing as a free lunch and those paying the bills have some say as to what goes on the menu. If you don't like that, open your own restaurant.... - peterd ------------------------------ From caf-talk Caf Mar 31 00:00:00 1992 From: brad@clarinet.com (Brad Templeton) Newsgroups: comp.org.eff.talk,unl.general,alt.comp.acad-freedom.talk Subject: Article 4--Re: news story on U. of Nebraska alt.* removal Message-ID: <1992Mar31.221948.9349@clarinet.com> Date: 31 Mar 92 22:19:48 GMT Yes people, by crying wolf on the non-issues, you distract attention from the real newsgroup bannings that are out there. If somebody cuts alt because it's big and noisy, and that's the real reason, you have to accept it. It's what the hierarchies are *there* for, so that people can cut some and keep others. This is why they were created. You can't insist everybody take all the net -- that's crazy and will only get people to brand your arguments as fringe. If people cut a group like alt.sex because it's *dirty* or rec.humor because it's *racist*, then you have a real target to go after. It's pretty easy to see that when a site cuts a group like rec.humor.funny, which proably has the lowest cost/reader on the net, that they're doing it because they want to control what you read. It is not so obvious when they cut "alt." If they cut all of alt just because there is alt.sex in there, that's another story, but be prepared to prove that's why they did it. (As was the case at the U of Waterloo.) -- Brad Templeton, ClariNet Communications Corp. -- Sunnyvale, CA 408/296-0366 ------------------------------ From caf-talk Caf Apr 1 00:00:00 1992 Newsgroups: comp.org.eff.talk,alt.comp.acad-freedom.talk,unl.general,alt.censorship From: kadie@eff.org (Carl M. Kadie) Subject: Article 5--Re: An Open Letter to UNL CRC: Removal of alt.* Message-ID: <1992Apr1.192701.28737@eff.org> Date: Wed, 1 Apr 1992 19:27:01 GMT [Here is the Statement of Purpose from the Nebraska Students for Electronic Freedom, adopted at the organizational meeting of NUSEF held March 31, 1992 at UNL. - Carl] Nebraska University Students for Electronic Freedom Statement of Purpose 1) Promote academic freedom on University computer and network systems. Champion the free exchange of ideas and the extension of first-amendment rights to computer and network systems. 2) Work for protection of privacy on University computer and network systems, including protection from invasions of personal privacy by other users, as well as the administration. 3) Provide the Computing Resource Center and University administration with feedback and suggestions to help them better serve the computing needs of the University community. Act as a "watch dog" group for CRC and the University administration. Lobby for protection of electronic freedom and privacy. 4) Educate and inform the University community, especially those without much direct experience with computing and networking resources, about the importance of protecting academic freedoms and privacy on electronic systems. Inform the University community about CRC and administrative policies that may affect their use of, or the availability of, University computer and network systems. 5) Strive to broaden access to electronic communications systems to a larger portion of the University community. ======================= Dave Burchell Mailing list manager burchell@cse.unl.edu 477-9282 Lesli Thorn Presiding officer 436-8641 Jim VandeVegt Recording secretary vandevec@cse.unl.edu 436-9775 ====================== -- Carl Kadie -- I do not represent EFF; this is just me. =kadie@eff.org, kadie@cs.uiuc.edu, or (anonymous) ap.3619@layout.berkeley.edu= ------------------------------ From caf-talk Caf Mar 30 00:00:00 1992 Newsgroups: comp.admin.policy From: jaw@hawk.owlnet.rice.edu (Joseph A. Watters) Subject: Article 6--Re: EMAIL PRIVACY Message-ID: <1992Mar31.000038.4435@rice.edu> Date: Tue, 31 Mar 1992 00:00:38 GMT In article simong@ee.mu.OZ.AU (simon alexander gregory) writes: > I am currently engaged in an assignment based on the pros and cons > of the monitoring of email systems, and the opinions of various different > groups of people regarding this sensitive issue. [deleted...] > As a general guide, i include the following questions: > 1) Should the postmaster, or others have the right or ability > to look at the text of an article? In the U.S., there is a statute (USC 18, Ch. 121, Sec. 2701-2710) regarding the legality of accessing stored electronic communications. The law pretty clearly makes exceptions for the providers of the electronic communication service. In other words, the postmaster does have the right to view the mail without penalty in the course of providing communication service. Service providers are obligated by the law to keep what they see confidential (not divulge it to others) except under certain circumstances (they can divulge the contents to the intended recipient, etc.). This legal issue is separate from the "ethical" issue, but to the extent that laws delineate ethics, it is ethical in the U.S. for a postmaster to view the text of e-mail in the course of providing the communication service. Any institution may choose to further limit the right of its postmasters to see e-mail text, but in the U.S. at least, they are not legally obligated to do so. > 2) What should the post master do if potentially damaging > or illegal information is revealed. eg. If the spreading of a virus > is revealed through a boast on email, or two students are discussing > copying a computing assignment. Should one's personal privacy be sacrificed > in such a case? The law states: Sec 2702. (b) Exceptions. -- A person or entity my divulge the contents of a communication -- (5) as may be necessary incident to the rendition of the service or to the protection of the rights or property of the provider of that service; or (6) to a law enforcement agency, if such contents -- (A) were inadvertently obtained by the service provider; and (B) appear to pertain to the commission of a crime. While most "crimes" at a University don't fall under the criminal code, I think a reasonable extension could be made that University officials charged with maintaining academic discipline are part of the University's "law enforcement." I am speaking from the perspective of a private university. The extensibility of this to a public university in the U.S. is not something that I can answer. Clearly the statute allows for illegal activity to be divulged to others. Undoubtedly the purpose of divulging communications in these cases is so that the proper authority can take action to protect whatever may be endangered. > 3) Should postmasters have a written code of ethics, which is > widely known and accepted? Sure, although a code that can apply to all postmasters everywhere may have to be so broad as to be essentially non-restrictive. Each local site should be encouraged to develop a code. But remember, a code of ethics is far different than a policy or regulation. A code of ethics comes down to "we want to be good people and do the right thing, so this is what we will try to do most of the time." Depending on how the code is worded, there may be no way for anyone to do anything to a postmaster who violates the code, other than say, "Bad postmaster!" > 4) Would it be more acceptable if people were made aware > of when and on what systems reading of mail by an outside party could > occur? I don't know if it would be more acceptable, but it would certainly be more prudent. Users should at least have the right to understand the privacy limitations of their system, even if some of them don't agree with those limitations. For example, the following is Owlnet's (the Rice University School of Engineering educational network) policy regarding privacy of all data, not just e-mail: Although Owlnet will not regulate the content of electronic mail or other files, Owlnet system management, in order to preserve the integrity or operational state of the network, may find it necessary to look at, without your prior consent, any data or files of yours that exist on the system. You should be aware that no computer security system, no matter how elaborate, can absolutely prevent a determined person from accessing stored information that they are not authorized to access. Thus, while Owlnet tries to provide a reasonable level of confidentiality for information stored on the network, we cannot *guarantee* the privacy or confidentiality of any information stored on it. Therefore, if there is any information that you absolutely do not want another person to see or access, then you should not store it on Owlnet. This policy exists to make you aware of the inherent limitations on your ability to maintain your desired level of privacy or confidentiality of information stored on the network. We plan to revise the above policy to make sure that people understand that e-mail is included in what may be seen by sysadmins. We also plan to incorporate the following language into our policies and user information (please pardon the LaTeX syntax). This information has already been distributed to the faculty, and will be distributed in similar language to the students soon. Note that this is specific to UNIX, but something similar could be used as appropriate for other environments: \section{Owlnet and the Academic Environment} \subsection{Implications of the UNIX System for Academic Work} There are several, perhaps subtle, implications in using a UNIX computer network such as Owlnet in an academic setting that you as an instructor should be aware of. These implications concern who can see what on the system. While Rice and its students pride themselves on their academic integrity and honesty, we all realize that maintaining confidentiality of some academic work is prudent and necessary. You should be aware that as a default condition, any student may view, though not modify in place, the files of any other student. On a UNIX system, if one can view a file (``read'' it), one can also copy the file to someplace else. Once it is copied, it can then be modified or used by the person who copied it. Students have some simple-to-use tools at their disposal to change the accessibility of their files by other students, but it requires that they take some action to modify the default access permissions. Generally speaking, a student can set access permissions to either allow all students access, or no students access. This can be done on a file-by-file and/or directory-by-directory basis. To facilitate finer control of the permissions to better accommodate the variety of arrangements under which students do their work, Owlnet has provided some tools for you and your students to use. These are described in section \ref{facilities}. A second, related implication is that unless you take similar measures, all of your files that reside on Owlnet are readable, but not modifiable in place, by any student or faculty member. Thirdly, you should be aware that the system administrators have the privilege to view and modify any file on the system, regardless of the access permissions applied by the file owner. This privilege is only used when operationally necessary, and they seek to obtain the consent of the file owner before doing so. However, there may be instances where, in order to maintain the integrity or operational state of the network, the system administrators may have to access data without obtaining the data owner's prior consent. Owlnet's system administrators are Information Systems employees and carefully screened and trained student employees. The other important instance in which the system administrators may access and/or make available to others data or files without the data owner's prior consent is at the direction of authorized University officials conducting an official investigation into academic or other misconduct. This includes the Honor Council. In these instances, Owlnet management and system administrators are acting in the role of information providers and/or advisors on the technical aspects of the network, and will provide relevant information or advice without prejudice to all parties involved in the investigation who request such information. Lastly, you should be aware that electronic mail messages are stored on the system as text files. While these files by default have a much higher level of access protection (only the owner may view or modify the file), they are nevertheless files and can be accessed by the system administrators under the conditions described above. -- Joseph A. Watters, Jr. jaw@owlnet.rice.edu Deputy Director, Owlnet Rice University Houston, Texas ------------------------------ From caf-talk Caf Mar 31 00:00:00 1992 From: n13@krypton.Mankato.MSUS.EDU (Leonard J. Schmidt) Newsgroups: comp.admin.policy Subject: Article 7--RE: EMAIL PRIVACY (a side note) Message-ID: Date: 31 Mar 92 17:53:56 GMT I received a letter from a user at a .com site asking me the following question in response to my earlier post on this group. First, my statement made earlier in addition to the question that I was making comments on: >> 1) Should the postmaster, or others have the right or ability >> to look at the text of an article? > > > Those who are responsible for the system (such as the Postmaster or >the sysadmin, should always have the ABILITY to look at mail. That is, if you >have the proper system privs, it is possible to look at mail. I would think >it unwise from a sysadmin point of view, to restrict yourself in any way from >anything on your machine. If you _have_ to get to something, you should >be able to. To which someone on the net asked the question: (paraphrased) : What is to stop any use from using an encryption tool and encoding the : body of the message so that none may read it without decoding the message. When I made my reply to the origional message, I should had been more specific and said, "The Postmaster should have the ability to look at the body of the message (regardless of what's in that message)." What I would like to preserve for the Postmaster is the ability to see the message body, not necessarily the meaning of the message. If you encrypt a note and send it to somebody, fine. I, as a Postmaster, would still want to have the ability to see that you are sending an encrypted message by examining the message body. Here is yet another concern of mine, and a situation to clarify. In our environment, we have mixed hardware and software types. The two most important types of HW/SW combinations that come to mind are 1) a DEC Vax running VMS and 2) a Decsystem running Ultrix. Currently the software package that is on the Decsystem supports all of the snifty headers that Usenet wants. The VMS Decnet package does not. If you receive mail on our VMS machine who's origin is from Usenet, 90% of your mail headers are in the BODY of the message. Now, if I were the Postmaster of the VMS system and I were attempting to debug a piticular users mailing problems, I would want to be able to read the body of the message that was sent because that's where most of the important headers are. To restrict a mail program from showing anyone else than the owner of the message what the body of the message is just doesn't make sense to me. Notes: Yes, in VMS there are ways around the above problem if you have the correct privs. Yes, in the case described above you could always get the users permission to look at his mail. Yes, there are better software mailing packages for VMS that would solve this "mail-headers-in-the-body-of-the-mail- message" problem. Yes, I know my problem is using VMS and not Un*x. :-) However there will always be a case in which you can't fix, upgrade, or contact the person simply to cure the situation due to {money, manpower, poly-ticks, etc}. Because of these reasons, this problem must be looked at. Last Note: The person who mailed me was not identified because I was not able to reach him to get his permission to post his e-mail on the net. Leonard Schmidt n13@krypton.Mankato.MSUS.EDU ------------------------------ From caf-talk Caf Mar 31 00:00:00 1992 Newsgroups: alt.comp.acad-freedom.talk From: junger@gls47212.law.cwru.edu (Peter D. Junger) Subject: Article 8--Legality of quoting letters Message-ID: <303@gls47212.law.cwru.edu> Date: Wed, 1 Apr 1992 13:42:27 GMT Ayudin Edguer, Also Known As edguer@alpha.CES.CWRU.Edu, recently posted the following gross mistatement of the law relating to the publication of letters to this list: Presumable Carl Kadie does not understand that posting e-mail between two individuals is just as unethical [and in fact is illegal without the consent of the sending party] as a system manager looking though files on a system. He demonstrates his willingness to repost a message which did include electronic mail, without first verifying that the sender was willing to release the document. I shall not here address Mr. Edguer's remarkable ethics, except to say that, since there is nothing unethical in the posting of e-mail between two individuals, Mr. Edguer must consider it ethical for a systems manager to look through files on a system. On the other hand, his statement that it "is illegal without the consent of the sending party" to post e-mail between two individuals is--to the extent that it is not simply incoherent--FALSE, and so mischevious that I feel it necessary to explain what the law actually is with respect to the publication by the recipient (or someone acting under the authority of the recipient) of a private communication from another person. The fundamental point is that it is not a crime of any sort for the recipient to publish the communication, nor is it, except perhaps in the most egregious circumstances, any sort of civil wrong--any sort of `tort'. What may have misled Mr. Edguer--other than his desire to be able to send outrageous communications to those with whom he disagrees (and I have been the recipient of a number of such messages from him) and then avoid the embarassment of being publicly called to task for having sent them. . . . As I was saying, what may have misled Mr. Edguer, is the fact that the author--the "sending party"--has a peculiar sort of property right in the expression--the exact word, not the information or thought, if any--contained in a letter (and possibly has an analogous right in the expression contained in an electronic communication). This right, which is sometimes called a "common law copyright" is not violated by fair use of the letter or communication, and it is certainly fair use to publish a letter from a systems administrator that clearly indicates that he examines users' directories on his system without the users' permission. In general, the only remedy that the holder of a common law copyright in letters has is to seek a court injunction against the publication of the letters; until the injunction is issued by the court--and it would not be in the case of Mr. Willis's communication--the defendant has done nothing for which damages can be assessed. (The only exception that I can think of would be the case where the recipient published for profit an entire collection of letters >from the author; in that case I would not be surprised if the author could collect the publisher's profits, but such a recovery is not properly called damages, and is not what Mr. Edguer is nattering about.) I must admit, however, that Mr. Edguer is such a bully that it is probably easier, if one has received a communication from him, to describe it as the sort of repressive drivel that it is, rather than expose oneself--as I have done--to a threat of suit for quoting his exact words. If he wants to object to your description, he can always publish his own words. But when dealing with normal people--even with other systems administrators--I don't think you have anything to worry about if you should happen to copy one of their communications to this list. Certainly the quotation of Mr. Willis's communication which contained the line: "Since there is a compy of our games policy in your directory I assume that you are aware of it", by the recipient to protest Mr. Willis's examination of his directory was a fair--and in fact a protected--use of that communication. The fact that Mr. Willis claimed to know the contents of the directory is not overcome by Mr. Willis's later disingenuous assertion that "I have not looked at files in your directory, nor, to my knowledge, has any of my staff." He clearly _had_ examined the user's directory without permission. Of course, if he could have prevented the recipient from posting the communication, he might have been able to get away with his disclaimer. Peter D. Junger Professor of Law Case Western Reserve University Cleveland, Ohio ------------------------------ From caf-talk Caf Apr 1 00:00:00 1992 From: wayner@cs.cornell.edu (Peter Wayner) Newsgroups: comp.org.eff.talk Subject: Article 9--Re: News from Cornell... Message-ID: <1992Apr1.025240.17959@cs.cornell.edu> Date: 1 Apr 92 02:52:40 GMT wayner@cs.cornell.edu (Peter Wayner) writes: I got a letter from Stuart Lynn, the director of CIT, today in response to a query I sent him. I figured I would outline what he said and clarify the earlier piece I wrote which was based only upon one source, the Daily Sun. Here are the salient points: 1) The quote about the public nature of e-mail was taken out of context. A userguide at the CIT says that people may often not be aware of the ease at which people can and will forward e-mail messages around the net. Ergo the cavaet not to send anything that you wouldn't want to appear on the cover of the NYT. He said that they will only read mail if they have a strong feeling that the Campus Code of Conduct (i.e. don't cheat ... don't kill and everything in between) is being violated. He stressed, as I noted, that they were only watching public information about a student logging onto the machine. 2) Cornell's counsel does not feel that the ECPA of 1986 applies to it because it is not providing e-mail services "to the public." Only to the members of the Cornell Community. Of course Cornell freely considers all members of the public for membership in the community and it doesn't discriminate. So the Transitivity of the law doesn't seem to hold. Go figure. Viruses and Cornell just always seem to dig up such excitement. Here's the original message: >This morning I woke up to find the following article in the Cornell >Daily Sun (the student newspaper.) The headline reads, "Student Says >CIT Broke State Laws. Cornell Monitors Account of Virus Syspects' >Friend". (CIT="Communications and Information Technologies." They are >the people who maintain the networks and the computer workstations >around the campus. They are not the CS department.) >The student, Randall Swanson, said in the article that CIT's computers >record everytime he logs into the machine vax5. (A general machine on >which students automatically receive accounts.) When he logs on, the >article reports that a program named, "sys$manager:spy" is executed >and it sends electronic mail to three people at CIT telling them that >he just logged on. Randall Swanson says that the program sends the >e-mail note with his name attached without informing him that it is >doing it. This, he claims, is forgery. >Apparently Randall Swanson is being watched in connection with the >MBDF virus that was traced back to Cornell several weeks ago. Randall >Swanson told the Sun that he was not involved in the case and CIT >would not tell him why they were watching him. Moreover, the >surveillance began two days after Swanson wrote a letter to the Daily >Sun criticizing the way that CIT was investigating the case. In that >letter, Swanson wrote, "I think it can be clear that certain people at >CIT can be discounted as unreliable sources who are only interested in >the sensationalism of the moment." >CIT's head, Stuart Lynn, denies that CIT did nothing wrong and was >quoted in the Daily Sun as saying, "CIT reserves the right to >investigate suspected violations using all appropriate means." >Lynn told the Sun that e-mail is not private and was quoted as saying, >"Don't send anything electronically that you wouldn't want to see on >page one of the New York Times." Lynn told the Sun that they were not >reading Swanson's email, they were just noting when he logged in and >out of the machine and this information is available publically. >--------------------- >Who's hyping who? You decide. >-- >Peter Wayner Department of Computer Science Cornell Univ. Ithaca, NY 14850 >EMail:wayner@cs.cornell.edu Office: 607-255-9202 or 255-1008 >Home: 116 Oak Ave, Ithaca, NY 14850 Phone: 607-277-6678 ------------------------------ From caf-talk Caf Apr 2 00:00:00 1992 Newsgroups: alt.comp.acad-freedom.talk,comp.admin.policy,alt.politics.correct From: kadie@eff.org (Carl M. Kadie) Subject: Article 10--Re: [info.labmgr] Ethics statement Message-ID: <1992Apr2.174625.23219@eff.org> Date: Thu, 2 Apr 1992 17:46:25 GMT This is a critique of Computer Ethics Statement for Iowa State University. The due process protection of the policy is good. The privacy protection is unclear. Free expression protection is poor. (The policy imposes speech restrictions on email and other computer media. Specifically, it prohibits rude expression and any expression of a political nature. In my opinion, these speech restrictions violate academic freedom and the law.) >From: GA.LJH@isumvs.BITNET (Linda Hutchison) >Subject: Ethics statement >Message-ID: <199204012113.AA20676@ux1.cso.uiuc.edu> >Date: Wed, 1 Apr 1992 20:55:25 GMT >----------------------------Original message---------------------------- >ISU has had a computer ethics statement in place for over a year. Originally >the statement was a statement of ethics from the Computation Center, but we >worked through the Dean of Students Office, the university lawyer(s) and the >Administrative Data Processing Center (the Computation Ctr is the academic >center on campus) to make this a campus-wide policy. I think the policy could be improved with wider participation. Specifically, computer users should formally participate. Also, because the policy involves important issues of academic freedom, the faculty senate and academic freedom committee should be involved. The Joint Statement on Rights and Freedoms of Students, the main statement of academic freedom for students in the U.S., says: "The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs." [...] >*************************%cut here%******************************************* [...] > Viewing or using another person's computer files, programs or data > without authorized permission is unethical behavior and an invasion of > that person's privacy. Does this apply to sys admins? What is the procedure for sys admins to acquire authorization to search user files? Is it compatible with the University's general privacy policy (which usually prohibit unreasonable searches in assigned office space and dorm rooms)? [...] > The following guidelines govern ethical computer use at Iowa State > University: > # Unauthorized access to restricted data bases is unethical. I dislike this use of the word "unethical". Thousands of things in life are unethical and yet allowable. I think the policy could be clearer by replacing "unethical" with "prohibited". [...] > Copyrighted software must only be used in accordance > with its license or purchase agreement. Some copyrighted software has no license or purchase agreement. I suggest the following wording: Copyrighted software must be used in accordance with terms of the copyright. Licensed software must be used in accordance with its license. [...] > # Sending rude, obscene or harassing material via any electronic mail > or bulletin board facility is strictly forbidden. In my opinion, it is unethical and illegal to strictly forbid rude expression. It is the general policy of most universities (especially state universities) to encourage free expression. For example, at my school, the U. of Illinois, the student code says: "A student at the University of Illinois at the Urbana-Champaign campus is a member of the University community of which all members have at least the rights and responsibilities common to all citizens, free from institutional censorship;" ... "III. Campus Expression A. Discussion and expression of all views is permitted within the University subject only to requirements for the maintenance of order." Vague speech restrictions have no place on campus and have been consistently overturned by the courts. For example, _UWM Post v. U. of Wisconsin_ decision, the explicitly mentions email. Restrictions based on the tone material are especially inappropriate. (I'm paraphrasing from an ACLU handbook on teacher's legal rights here.) Generally, speech, if otherwise shielded from punishment by the First Amendment [or Academic Freedom -cmk], does not lose that protection because its tone is sharp. Discussions will not always be models of decorum. A court observed that "often those with the power to appoint will be on one side of a controversial issue and find it convenient to use their opponent's momentary stridency as a pretext to squelch them." > Also disallowed > are random mailings and any message of [...] political > nature. This prohibition is much too broad. Many messages have a political nature. For example, I would think that most messages by a political science professor would have a political nature. If this clause was added in response to a specific law (perhaps prohibiting *some* types of *partisan* political activity), the computer policy should be revised to include the exact wording of the law. If there is no law, this clause should be removed. [...] > ######################### > Copyright (c) 1989 by Iowa State University > Permission to reproduce all or part of this document for noncommercial > purposes is granted, provided the author and Iowa State University are > given credit. To copy otherwise requires specific permission. ANNOTATED REFERENCES (All these documents are available on-line. Access information follows.) ================= student.freedoms ================= Joint Statement on Rights and Freedoms of Students -- This is the main statement on student academic freedom. ================= uiuc.code.excerpts ================= Excerpts from the University of Illinois at Urbana-Champaign's Code on Campus Affairs and Regulations Applying to All Students (Aug. 1985) ================= law/uwm-post-v-u-of-wisconsin ================= The full text of UWM POST v. U. of Wisconsin. This recent district court ruling goes into detail about the difference between protected offensive expression and illegal harassment. It even mentions email. It concludes: "The founding fathers of this nation produced a remarkable document in the Constitution but it was ratified only with the promise of the Bill of Rights. The First Amendment is central to our concept of freedom. The God-given "unalienable rights" that the infant nation rallied to in the Declaration of Independence can be preserved only if their application is rigorously analyzed. The problems of bigotry and discrimination sought to be addressed here are real and truly corrosive of the educational environment. But freedom of speech is almost absolute in our land and the only restriction the fighting words doctrine can abide is that based on the fear of violent reaction. Content-based prohibitions such as that in the UW Rule, however well intended, simply cannot survive the screening which our Constitution demands." ================= law/doe-v-u-of-michigan ================= This is Doe v. University of Michigan. In this widely referenced decision, the district judge down struck the University's rules against discriminatory harassment because the rules were found to be too broad and too vague. ================= ================= To get these documents by email, send email to archive-server@eff.org. Include the line(s): send acad-freedom student.freedoms send acad-freedom uiuc.code.excerpts send caf-law uwm-post-v-u-of-wisconsin send caf-law doe-v-u-of-michigan The files are also available via anonymous ftp from ftp.eff.org (192.88.144.4) as file(s): pub/academic/student.freedoms pub/academic/uiuc.code.excerpts pub/academic/law/uwm-post-v-u-of-wisconsin pub/academic/law/doe-v-u-of-michigan -- Carl Kadie -- I do not represent EFF; this is just me. =kadie@eff.org, kadie@cs.uiuc.edu, or (anonymous) ap.3619@layout.berkeley.edu= ------------------------------ From caf-talk Caf Apr 2 00:00:00 1992 From: nolan@tssi.com (Michael Nolan) Newsgroups: comp.society Subject: Article 11--Re: USENET Censorship at Iowa State University Message-ID: <1992Apr4.050354.13778@tssi.com> Date: 4 Apr 92 05:03:54 GMT tjlee@iastate.edu (Tom Lee) writes: > Hello; I'm a student at Iowa State University. Right before >finals week last semester, the computation center instituted a new >Usenet policy. Newsgroups dealing with sex and drugs were made >unavailable on all systems on campus. Those few people who ran their >own machines could fill out a form and get access for their machine, but >most students don't own workstations, let alone VAX's. If a student has >an account on the oldest, hardest to use machine on campus, then that >student can also fill out a form and get access, although without >benefit of any sort of easy-to-use newsreader. Furthermore, there is >obviously a list somewhere of people who have requested access to these >restricted newsgroups. [Additional remarks and Policy Statement deleted] As one who has been watching the University of Nebraska-Lincoln struggle with newsgroup access questions, I find the Iowa State University policy substantially more enlightened than the one which surfaced virtually without warning at UNL a month ago. As I understand the ISU policy statement, access to all of the 'big 7' groups is pretty easy, and access to the restricted subset of the alt groups is possible, but perhaps inconvenient. (I guess this depends on how difficult it is to get access to the systems which permit access to the restricted groups, which is not indicated in either the student's post or the policy statement.) I find the argument that there is a list of those who have requested access to the restricted groups specious. There are likely lists of what books I have checked out from the library, and what videotapes I have rented >from my local video store, but I don't see that decreasing library usage and video stores aren't closing by the thousands. There is also probably a list (at least temporarily) of who you have sent e-mail to, sendmail and smail both maintain a log of these things. Playboy not only maintains a mailing list but will sell it to virtually anybody who has the money. (Although it is possible to be excluded from such list sales, I've always wondered what percentage of their subscribers do so.) The ISU policy statement seems to recognize the anarchical nature of USENET, where offensive or even possibly illegal posts can be made to inappropriate and otherwise innocuous groups and then disseminated worldwide in hours if not minutes, and of the virtual impossibility of policing the groups. It recognizes that there are people who only want access to the 'serious' groups and don't want to be bothered with even rec. It acknowledges the evolving state of newsreaders, and the ever-growing number of people, within and outside of academia, who have net access. I tend to disagree with ISU's assessment of the current state of news software; it should be possible to automatically keep new users from inadvertently accessing restricted groups, by tagging them as 'unsubscribed' initially. Similarly, readers wanting only the 'serious' subset can have the entire rec hierarchy unsubscribed, and could even have their profile or rc files set to not automatically add new groups. (A local newsgroup could inform users of new groups and give them the option to subscribe to them.) I think most UNL students would happily trade the ISU policy for the one that they now have. I am more on the side of the ISU administration on this one, although I hope that students and administrators can pursue this further in an atmosphere of enlightened and dispassionate reasoning, not of polemics and inflammatory rhetoric. As institutions, academic and otherwise, struggle with emerging information technologies, which Usenet typifies, these disagreements will continue. I note that ISU, unlike UNL, is facing the question of access to newsgroups as a function of their content and not just a question of economics of news storage or CPU usage, although these are also issues which have their place in any organization that does not have unlimited funds, which in the long run is all of them. I find the ISU policy more one of informed consent than censorship. --- Michael Nolan nolan@tssi.com ------------------------------ From caf-talk Caf Mar 31 00:00:00 1992 Newsgroups: alt.comp.acad-freedom.talk,alt.censorship From: kadie@eff.org (Carl M. Kadie) Subject: Article 12--Publicizing computer-media censorship Message-ID: <1992Mar31.152657.1753@eff.org> Date: Tue, 31 Mar 1992 15:26:57 GMT One place good place to report censorship incidents is the Newsletter on Intellectual Freedom. Reports here may help increase awareness of, for example, computer-media censorship. The Newsletter only prints reports that are documented with newspaper articles. This rest of this article is a repost from October. ======================== The American Library Assocation has a bimonthly newsletter that reports on censorship (of all kinds). To report censorship to them send a copy of a newspaper articles that documents the censorship to: Newsletter on Intellectual Freedom Office for Intellectual Freedom American Library Association 50 East Huron Street Chicago, IL 60611 If the censorship involves academic computers, I'd also love to get a copy of relevant newspapers articles. Send me email for mailing information. - Carl -- Carl Kadie -- I do not represent EFF; this is just me. =kadie@eff.org, kadie@cs.uiuc.edu, or (anonymous) ap.3619@layout.berkeley.edu= ------------------------------ End of Computers and Academic Freedom News (Digest) ************************************