Privacy and Cyber-Risk

by Bob Bramucci, Andy Howard and Kristina Kauffman

Caveat: None of the authors of this page are attorneys and the information contained on this page is NOT intended as legal advice. We hope it broadens your understanding of some of the risks of cyber space and concerns you should have about protecting your privacy. It should be noted that under the Freedom of Information Act it may be possible for the newsmedia to request the entire contents of the hard drive of the computer you use to complete college business.

Privacy

The Internet's strength lies in its openness, providing easy access to information across the globe. However, that's also one of the Internet's weakness, since it means others may have access to information about you. The privacy of what you do on the Internet depends on the types of activities in which you engage. The bottom line is that there are virtually no online activities or services that guarantee an absolute right of privacy.

  • "Public" activities: Many online activities are open to public inspection. Engaging in these types of activities does not normally create an expectation of privacy. In fact, according to the Electronic Communications Privacy Act (ECPA) it is not illegal for anyone to view or disclose an electronic communication if the communication is "readily accessible" to the public.

    For example, a message you post to a public newsgroup or forum is available for anyone to view, copy, and store. In addition, your name, electronic mail (e-mail) address, and information about your service provider are usually available for inspection as part of the message itself. Most public postings made on the Internet are archived in searchable databases. Thus, on the Internet, your public messages can be accessed by anyone at anytime -- even years after the message was originally written.

  • Other public activities may allow your message to be sent to multiple recipients. Online newsletters, for example, are usually sent to a mailing list of subscribers. If you wish to privately reply to a message posted in an online newsletter, be sure you address it specifically to that person's address, not to the newsletter address. Otherwise, you might find that your message has been sent to everyone on the newsletter mailing list.

  • "Semi-private" activities: Often the presence of security or access safeguards on certain forums or services can lead users to believe that communications made within these services are private. For example, some online forums or discussion boards are restricted to users who have a password. While communications made in these forums may initially be read only by the members with access, there is nothing preventing those members from recording the communications and later transmitting them elsewhere.

    One example of this kind of activity is the real-time "chat", where participants type live messages directly to the computer screens of other participants. However, chat users may capture, store, and transmit these communications to others outside the chat service. Additionally, these activities are subject to the same monitoring exceptions which apply to "private" e-mail (see next section). 

  • Private activities: Virtually all online services offer some sort of "private" activity which allows subscribers to send personal e-mail messages to others. The ECPA makes it unlawful for anyone to read or disclose the contents of an electronic communication. This law applies to e-mail messages. However, there are three important exceptions to the ECPA.
    • The online service may view private e-mail if it suspects the sender is attempting to damage the system or harm another user. However, random monitoring of e-mail is prohibited.
    • The service may legally view and disclose private e-mail if either the sender or the recipient of the message consents to the inspection or disclosure. Many commercial services require a consent agreement from new members when signing up for the service.
    • If the e-mail system is owned by an employer, the employer may inspect the contents of employee e-mail on the system. Therefore, any e-mail sent from a business location is probably not private. Several court cases have determined that employers have a right to monitor e-mail messages of their employees.

While recognizing the technical and legal aspects of e-mail mentioned above, the Academic Senate of California Community Colleges has taken a strong position that academic freedom and shared governance require the a priori assumption of confidentiality of all email messages.

To increase e-mail privacy, many instructors keep a private e-mail account for personal matters separate from their college account. Free accounts can be obtained from numerous online providers including hotmail, yahoo and others. Be sure to read their privacy policies.

Privacy Concerns:

  • Computers and e-mail accounts provided by an employer MAY be subject to review or disclosure in accordance with laws, subpoenas, administrative reviews or audits of computer use for security purposes, or even computer system maintenance.
    • In other words assume anyone on campus may read what you write on your college computer, or send via college e-mail.
    • Never assume you're completely anonymous.
  • Deleting the file may not completely erase it from the computer. In fact, until the spaces on that computer hard drive are refilled the file will be retreivable using specialized techniques.

Privacy and "cookies": When you are surfing the web, many web sites deposit data about your visit, called "cookies," on your hard drive. When you return to that site, the cookies data will reveal that you've been there before. The web site might offer you products or ads tailored to your interests, based on the contents of the cookies data. Cookies are text files and cannot do anything harmful to your computer.

Security Concerns when using a college's equipment

Access to your schoolís computer system is a privilege, not a right. But itís a privilege that can be lost by engaging in behaviors that are illegal or violate the schoolís rules. Keep in mind that if you violate computer policies and/or laws, you could not only lose your computer access but also undergo disciplinary action or even be arrested.

Protect yourself by:

  • Maintaining the confidentiality of your password and account. Choose a non-obvious password, and update it regularly.
  • Don't ever give your password to anyone who writes or calls you, even if they claim to be a systems administrator.
  • Don't provide too much personal information about yourself. Some "identity thieves" operate over the Internet.
  • Don't assume everyone online is who they say they are. Unfortunately, that "supermodel" you've been conversing with is more likely a man whose last modeling gig was at the DMV.
  • When using a public computer, close your internet browser at the end of each session online. If you donít, someone else could use your account, and youíll be liable for any loss or damage that arises.
  • If you become aware of any unauthorized use of your account or any other breach of security, you should notify your system's administrator immediately.

Don't break the law!

In general, the same kinds of behaviors that are illegal off the Internet (e.g., discrimination, slander, copyright violations) are illegal on the Internet, including:

  • discrimination on the basis of race, ethnicity, gender, age, appearance or religious persuasion
  • copyright infringement or illegal use of copyrighted software
  • obscenity
  • libel and/or slander
  • harassment, stalking, or threatening
  • attempts to "hack" into the computer system
  • purposefully uploading computer viruses to the system.