Attached is an edited summary of

Found at: 0x1bi.net:70/textfiles/file?internet/email

Attached is an edited summary of the responses I received on my recent
The majority of respondents didn't have a formal mail policy, although
there was some unspoken agreement on it. 
At least one formal mail policy is attached. Some organisations seem
to have come to grips with the problem extremely well - as the following
(rough) quote from the Sun Microsystems internal handbook 'Email Survival'
'Accessing another persons personal electronic mail or files without 
their specific permission is considered gross misconduct. The ease with 
awaiting pickup from a printer is equally confidential  material. Any 
misconduct of this type may result in the termination of your employment
Thanks to all who helped out. Also, some people requested anonymity
from the summary. If you would like to discuss something with any
Todd Hooper (Postmaster)                                   Computing Centre
                                            Curtin University of Technology
ACSnet  : hooper_ta@cc.cut.oz.au
--- Comments from commercial site administrators and users ---
We take e-mail very seriously -- both on our own systems and on those that
and privacy. Our staff are encouraged to use the facility and we make no
We are sufficiently small that abuses of this privilege can be dealt with
at a personal level. In the three years that we've had network access,
only one user has been troublesome. In this case, the user was sending
nappropriate quantities of data via the e-mail system and that person has
been encouraged to seek alternative methods (magnetic media) of data
So far, I have not found it necessary to formulate written policy on this
[1]  We're a commercial site, an employee-owned firm.
[2]  All email is private to the extent we can make it so under fairly
a dedicated person could probably find a hole somewhere.  Privacy is
only knowingly compromised when a user needs file repair, and even
then the user is warned that someone will probably see the mailfile
or spooled message as surgery if performed.
[3]  We don't consider net-correspondence or personal routing to be a
[4]  Nobody at our site has precipitated a net flame-war, so the issue
of abuse has not come up.  Were it to occur I suppose we would give
the party in question a reprimand on the first offense, and we would
be flexible; so far we haven't [KNOCK WOOD] had a major test.
This is certainly [not] an official educational mail policy, it is merely a
note reguarding my experience.
Although I realise that you, as a systems administrator, have a duty to
maintain security on your site, particularly now with AARNet connectivity,
Despite the fact that you probably have every right to read the mail (they
animosity between staff and students.  As a sysadm myself now, I will
never read someones mail even if i suspect them of breaching security.
On mail abuse.  Of all organisational e-mail setups I've come
across (not that many, but I think sufficient to make correlation),
at least 30% of all intra-orgainisational email traffic is 
of a social nature.
that I've dealt with confessed, under social/relaxed settings that they
a population of ~7000 users worldwide.
My thought: I don't think there is any feasible active policy 
you just have to rely on your employees to be professional about it.
--- Responses from academic site administrators and users ---
As far as we are concerned e-mail and e-news is there to be used, the more
voluntarily.. not just to do their projects.
(some of them are even buyng e-mail accounts on commerical systems)
There aren't any charges or accounting..
only be called personal.  The news also is personal I guess,
as alt.sex or such could hardly be called work!  (something
for tea breaks).
There is of course lots of official things passing through,
and who determines what is personal and what is strictly
university work?
No official policies at ******.  In general, anyone (staff or student) is 
nformation should be sent by other means.
Abuse - the universal threat: misuse of computer systems may result in
nability to complete assigned work.  We always warn people, and one warning
computing generally "People doing University work have priority for use of 
terminals, etc".  This is sort of enforceable, in the sense that anyone 
then to the system manager if necessary.  We rarely have complaints.  As far 
as checking for private mail, there are hundreds of messages a day go from 
any problems with people sending private messages, after all, universities are 
f it was costing us anything, such as people printing out dozens of
nvitations on our laser printer!)
.......................................There is no point in adopting
agains the use of email for personal messages unless you want to adopt the
New computer users are given a statement describing their
computer access as a privilege, not a right, and with some guidelines as to
they can lose them.  If a user starts sending abusive email, you would probably
multi-megabyte email messages you (or your postmaster) will probably see the
error messages when they bounce, and again can take appropriate action.  In
our case appropriate action is usually a warning, followed up by account
 As for privacy of email, I follow the practice that in principle email should
be private, but that in practice they should not assume this.  I post occasional
fault of the sender.  I also inform users that system administrators technically
files to resolve system problems.
 My personal policy is to never divulge the contents of email I happen to see,
even when that email contents suggests gross abuse.  However I have no
list such information as sender and recipient addresses, message length, etc.
Since these log files are publicly readable (even though most users do not even
know they exist), I consider them public information.
There has been a discussion on TECHREP@BITNIC.BITNET on electronic mail
Send your subscription request to LISTSERC@BITNIC.BITNET in a mail message
earlier this week.....
=-=-=-=-=-=-=-=-=-=-=-= From SYSTEM NOTEBOOK C0 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>----------------------------Original message----------------------------
>On Tue, 30 Oct 90 15:03:22 GMT  said:
>>Could anyone tell me if there is a published statement concerning
>>the privacy or non-privacy rights of electronic mail on Bitnet?
>>We are going to be granting access to all our students, and our
>>attorneys have suggested that we should have a published statement
>>concerning this matter.
>We are currently preparing a system/network usage policy document
>to inform our students (and other users) regarding what will be
>considered 'abuse', etc.  We plan on including these statements:
>                     *** IMPORTANT INFORMATION ***
>  1989, TITLE 18, UNITED STATES CODE, Sections 2510  and  following,
>  notice is hereby given that there  are  no  facilities provided by
>  this  system for sending or receiving confidential messages.   The
>  System Administrator and assigns  may  read all messages and files
>  of any user.
>    Computer accounts are paid for by the State of Texas and are for
>  educational  purposes   ONLY.  In   general  educational   use  is
>  interpreted loosely.  But, use  for economic  gain or  computer or
>  network  abuse will  not be  tolerated.  If there  is a  complaint
>  regarding your  usage of networks  or UTA computers,  UTA Academic
>  Computing   Services  has   the  right   and  will   review  trace
>  information, backups, and your  account contents to determine your
>  complicity. Possession  of command files  that are solely  for the
>  purpose  of pestering  other persons  or having  blatently obscene
>  material in your accounts, are generally considered just cause for
>  administrative action against you. You do NOT have a right to keep
>  these types of materials on UTA computers.
>We would appreciate any feedback on possible problems with these
>Bob Carr
>Manager of Systems Support
>UT Arlington
that we have to use our computer accounts for "educational pursuits"
(or equally legal sounding stuff).  A fairly high level of privacy
exists, although the university reserves the right to read our email.
There are paragraphs alluding to many aspects of the e-mail issue
n various Internet RFC documents (I can't cite them by chapter and
verse off-hand, but one that comes to mind is the Security Policy
Handbook that is in fairly advanced draft right now ... it is
you can get it by anonymous FTP from cert.sei.cmu.edu (look for
an "obvious" subdirectory).
Let me advance the following by way as a rough guess at to what you
(1) Many sites will have no official policies.
(2) Some sites will have official policies prepared to satisfy the
    legal staff and bean-counters: these policies will sound very
    nice and complete but in fact be largely impractical to
(3) Some sites will have policies based on experience and knowledge
    of the technical staff: these policies will point out that e-mail
    ain't secure unless encrypted and that security is inversely
    proportional to ease and convenience of use of a system.
think in terms of official policies, are also the ones who least
understand the technology and what really can and can't be done.
We have 70+ users.
We have no policy in place.
Users are free to use email for whatever purpose they like.
and they do use it.
We use standard Unix mail which means each user's mailbox is private
and researched in the human factor in global email since 1982.
that Geoff Huston and his group is doing will advance the use of
email in Australia. It mighe not be a good idea at this early stage
to insist that email should be used for "official" business, as it
s personal and private use. To do so will dampen the learning and usage
enthusiasm of the lay people. I have been a member of a number of overseas
conferencing systems, and quite frankly, a lot of the messages have only
to group dynamcis and group affinity.
OK, here's the Dartmouth policy plus a disclaimer from the manual
for the Dartmouth-developed e-mail application:
The Computing Code of Ethics was formulated and is endorsed by
Dartmouth's Council on Computing, a faculty committee that
advises Dartmouth on questions of policy concerning the
allocation and use of all computing resources.  The council takes
an active role in determining the standard computing environment
on campus and participates in planning and reviewing projects
that will significantly affect computing at Dartmouth.  The
Council on Computing wholly endorses the Dartmouth Computing Code
of Ethics as follows:
Computer use.  The Computing Code of Ethics states that every
user of Dartmouth College Computing has two fundamental rights: 
other user to violate these rights.  Violation of the Computing
Code of Ethics is considered a violation of the Academic Honor
Kiewit Network privacy.  Each user number and associated password
belongs to an individual, department, or school.  No one else
owner.  All use should be in accordance with Dartmouth policy on
computer use set forth in this document.  Owners accept the
burden for the responsible use and dissemination of their user
catalog containing the programs and files.  They are presumed to
be private and confidential unless the owner has explicitly made
them available to the public.  When necessary for the maintenance
of a system or network, Kiewit Computation Center personnel may
access others' files.
Some programs gather information about the users who run them. 
user's use of the program, the user should be warned and given a
chance to leave the program before data collection begins.
Use of a the network and/or electronic mail facilities for
transmitting rude, abusive, harassing, or malicious messages is
any software that is licensed or protected by copyright is theft
and thus unethical.
computer enjoy the same rights of privacy afforded to programs
and files resident on the Kiewit Network computers.  They are
Resources.  No one should deliberately attempt to degrade Kiewit
other users of the resources of or the authorized access to any
Dartmouth- or individually-owned computer.
Loopholes in the Kiewit computer system or network or knowledge
of a special password should not be used to damage computer
No Dartmouth-owned computing resource should be used for
unauthorized commercial purposes.
When necessary for the maintenance of a system or network, Kiewit
Computation Center personnel may restrict availability of shared
           (Not Part of the Computing Code of Ethics)
between that of a letter and a postcard.  Electronic mail is not
entirely confidential.  There may be instances where the
and thus for a bunch of student systems as well as the staff network.
We don't really have an official policy that I know of for electronic
mail, but I think some of the unofficial ideas we've been working with
may be of interest to you. I'm interested in any other replies you
me a copy please ?
During the period ******* through to *******, network access for students was 
completely open. They were allowed to send mail anywhere they liked, and 
FTP from the States, telnet into machines over there and try to break into
At some point this "feature" was mentioned to the bigwigs here, who
mmediately determined that undergraduate students should not have
AARnet access. The very idea of undergrads being able to send mail
overseas was quite unthinkable. Naturally, the implementation of such a
to utilities like telnet and so on to communicate between machines on
campus. Eventually we decided to try not running routed on the
machines, thereby making attempts to reach systems outside the
This has been fairly successful, although because our campus network is
nto Multigate boxes to talk to Macintosh labs and so on. The one big
nstance. Apart from trying to follow the commandments of the
FTPing vast numbers of raster images from US sites. (Since disk quotas
VAST numbers).
an official memo telling us what we should and should not let the
nteresting, since it is my vague understanding that not many other
AARnet member sites are restricting student access (?). 
Your message also mentions other issues such as mail abuse, privacy of
mail etc. Again we don't seem to have a clearcut official policy
although we do have a "Principles of Responsible Use" document which
"users should not...attempt to intercept any network communications,
ntentionally to interfere with or alter the integrity of the system
are out of bounds. Such actions include ...impersonation of other
ndividuals in communications...". I think that this document is a
locally written thing, and isn't circulated to the other larger student
As far as privacy of mail goes, I was quite surprised to hear most of
our lecturers agreeing that as far as they were concerned, students'
mail was an "open book". Some of the first year lecturers in particular
are very concerned with plagiarism, and seem to often browse through
to treat it as an open book, but have no intention of telling the
s that such an attitude is rather unethical.