ECPA (Was: University logging mail to anon.penet.fi)

[Deranged Mutant <rrothenb@ic.sunysb.edu>]

Bob Snyder wrote:

> hayden@krypton.mankato.msus.edu said:
> > I'd say that there are some serious ethical and legal concerns that 
> > should be addressed by the administration for keeping such logs... 
> 
> Ethical I would definately agree with.
> 
> Legally, I'm not so sure of. The applicable law would appear to be the 
> Electronic Communications Privacy Act of 1986. The law does allow 
> administrators to see messages in the normal course of their job, as long as 
> they don't reveal that information to a 3rd party (except law enforcement in 
> the event of a criminal act)

I'm no lawyer, but I believe that technically the ECPA allows them to view
mail when it is part of maintenance, which could be in the "normal course of
their job[s]" but I think it means that if they see mail while maintaining
(ie, bounced msgs) it's Ok to read it but maintenance doesn't mean outright
monitoring of mail.

Then again, what does the ECPA say about monitoring message traffic? That's
essentially what they are doing, and likely they will rationalize it as
being to save their own skins.  It also might be the work of a SysAdmin
and the school administration would be entirely clueless about it.  Another
possibility is that a hacker (the same who got ahold of the file?) put in
something to monitor it... (my knowledge of Unix is little, though...)

> This protection is probably strongest with a company you purchase Internet 
> Service from, probably lesser so with a University, since there is less 
> obviously a customer/seller relationship, and almost non-existant with a 
> business, since there isn't a customer relationship, and the systems are owner 
> by the business.

I've heard some nasty stories about boards and a couple of I-Net providers
who charge for access but reserve the right to throw someone off the system
without refund (it's often in the terms of many account applications) for
various no-nos.

Rob