Re: [EXIM] Mail Tapping

Top Page
Delete this message
Reply to this message
Author: Paul Mansfield
Date:  
To: Julian
CC: exim-users
Subject: Re: [EXIM] Mail Tapping

Off-topic to begin with, cut to bottom for Exim operational stuff if you get
bored with arguments about privacy...


I believe the majority of contracts people sign give away most of their privacy
at work.

On Thu, 11 Jun 1998, Julian wrote:
> Note: When companies keep copies of correspondance it is copies that
> are explicitely printied off to be archived/filed
>
> Note: When companies keep copies of correspondance it is not of personal
> or private letters that people have written.


If it were addressed to your place of work explicitly to you and you job title,
then even marking it "private/confidential" wouldn't necessarily help.

> specifically stop it from being archived, fine. But to set up a system
> where ANY email is copied to an archive without the senders control is
> not acceptable, IMHO.


then, perhaps MTA's should honour a header which says "X-NoArchive", which in
theory things like Deja' News do... however unscrupulous operators could ignore
or compile this out.


> This is what logs are for.

Email presents a harder case, as I suspect legal eagles see it like facsimile,
which is considered barely better (in my interpretation) than hearsay or
circumstantial evidence... proof of posting != proof of receipt != proof of the
right person receiving it. I'd guess this is why subpoenas are handed over by a
person to a person.

To make Email guaranteed delivery/reception/reading isn't generally available
now. Thus a log of delivery only shows a probable success.

> Fine, they have a duty. That doesn't mean that they want to have all
> their correspondance monitored. Nothing significant here, IMHO.


If you want private phone calls, get a private mobile phone (very useful when
job hunting!!!). If you want private email, get a private mailbox, and use
encryption if you access it from work.

> You can't? So you think that it is quite reasonable that a company can
> monitor your talking to another potential employer? What about your talking


yup, they can and do... nearly every comms system I've worked on allows some
level of "discrete listening" as its known... phone systems, radio systems etc.

> to the police about misconduct within the company? You might not do
> that of course, but some people might. Indeed I have had discussions
> with future employers whilst at my then employers.


mobiles phones... wonderful things... especially with portable numbers like the
free ones from www.digitalmail.com (IIRC)

> > As I see it, there are reasonable grounds for businesses to retain copies
> Of emails, sure, of _all_ emails, no.


ideal world, perhaps.


anyway, I think this is getting off-topic.

back on track,

So far I think we've got
IF Exim is to allow "wire tapping"
1) Option for a specific "no archive" header to stop archiving, on by default
2) Ensure default archiving is off
3) Headers when archiving is on are added, can be turned off but very explicity
that the source author (Hi Phil!) and subsequence builder of Exim executable
are NOT responsible for any use/abuse
4) Archives are clearly marked as only being proof of sending, not of
reception/reading/validity
5) The amount of archiving is selectable, e.g. basic headers plus X lines of
the body, binaries/attachments exclusion etc etc
6) compression of archives done in a batch
7) some sort of signing on the archives?

Paul
----
P Mansfield, Senior SysAdmin PSINet, +44-1223-577577x2611/577611 fax:577600
:r~/humour/signature
:wq


--
*** Exim information can be found at http://www.exim.org/ ***