An E-mail Privacy Issue

The ISP-Tech list discusses whether (or when) ISPs can read their clients' email.

[February 24, 2000]

On the ISP-Tech list in February, JB posted a question about email privacy:

"Are there any federal or state statutes concerning an ISP reading or copying the email of its clientele?"

A number of respondents replied that, regardless of legal statutes, monitoring email fell within the scope of maintenance:

[PF wrote] "I don't have statutes, but it goes like this: If you are maintaining the system, you have every right to look/read/delete e-mail."

[VB explained] "While ISP customers have a reasonable expectation that their mail will be private within the limits of normal operations, I've always operated under the supposition that email may be seen by the ISP in the normal course of maintaining systems and networks. The only legal problem would be censoring someone's email, taking actions based on what was in the email, or revealing the contents of anyone's email to a third party."

Many respondents shared the opinion that the issue was more ethical than legal:

[BS opined] "I won't even view my clients' web sites unless they specifically request that I do or a complaint forces me to. However, as the person responsible for running and maintaining our servers, I sometimes have no choice other than to look at a client-owned file. But this does not translate into having the right to read someone's mail simply because it passes through our servers."

[JL said] "From a practical point of view, most of us couldn't care less what's in other people's mail. But being able to access the customers' email in order to solve technical problems is written into the User Agreement."

[JER wrote] "Typically, what we do is what Ameritech does on the phone when you call them for account info, or to order services. . . 'The FCC requires me by law to ask your permission before accessing your account info...' If a customer has an email specific problem, we ask them for permission to access their account information."

When Wlodek wrote that we do not expect the mailman to read our letters while they are in the mailbag,

[BS concluded] "As the holder of the root password on our servers I full access to everything on those servers. I'm also an outspoken privacy advocate who respects my clients' privacy to the point where I won't even view their web sites unless they specifically request that I do or a complaint forces me to point a web browser towards a site, as the person responsible for running and maintaining our servers I sometimes find myself in a position where I have no choice other than to look at a client-owned file.

… we certainly have access and may very well be in a position from time to time where we have to peek, but this does not translate into reading someone's mail simply because it happens to pass through our servers.

Though many have gone out of their way to prove me wrong (and I've heard many a tale of board system admins rooting around though clients' email) I personally like to think that most of us are decent people who simply do our best to try and ensure that our clients' private information remains as private as it can possibly be."

Related Article

Protect Your ISP With A Strong AUP (Acceptable Use Policy)

—End