Analog Equivalent Rights (20/21): Your analog boss couldn’t read your mail, ever

shoes-box-picture-id848132494

Slack has updated its Terms of Service to let your manager read your private conversations in private channels. Our analog parents would have been shocked and horrified at the very idea that their bosses would open packages and read personal messages that were addressed to them. For our digital children, it’s another shrugworthy part of everyday life.

The analog plain old telephone system, sometimes abbreviated POTS, is a good template for how things should be even in the digital world. This is something that lawmakers got mostly right in the old analog world.

When somebody is on a phonecall — an old-fashioned, analog phonecall — we know that the conversation is private by default. It doesn’t matter who owns the phone. It is the person using the phone, right this very minute, that has all the rights to its communication capabilities, right this very minute.

The user has all the usage rights. The owner has no right to intercept or interfere with the communications usage, just based on the property right alone.

Put another way: just because you own a piece of communications equipment, that doesn’t give you any kind of automatic right to listen to private conversations that happen to come across this equipment.

Regrettably, this only applies to the telephone network. Moreover, only the analog part of the telephone network. If anything is even remotely digital, the owner can basically intercept anything they like, for any reason they like.

This particularly extends to the workplace. It can be argued that you have no expectation of privacy for what you do on your employer’s equipment; this is precisely forgetting that such privacy was paramount for the POTS, less than two decades ago, regardless of who owned the equipment.

Some employers even install wildcard digital certificates on their workplace computers with the specific purpose of negating any end-to-end security between the employee’s computer and the outside world, effectively performing a so-called “man-in-the-middle attack”. In a whitewashed term, this practice is called HTTPS Interception instead of “man-in-the-middle attack” when it’s performed by your employer instead of another adversary.

Since we’re looking at difference between analog and digital, and how privacy rights have vanished in the transition to digital, it’s worth looking at the code of law for the oldest of analog correspondences: the analog letter, and whether your boss could open and read it just because it was addressed to you at your workplace.

Analog law differs somewhat between different countries on this issue, but in general, even if your manager or workplace were allowed to open your mail (which is the case in the United States but not in Britain), they are typically never allowed to read it (even in the United States).

In contrast, with electronic mail, your managers don’t just read your entire e-mail, but typically has hired an entire department to read it for them. In Europe, this went as far as the European Court of Human Rights, which ruled that it’s totally fine for an employer to read the most private of correspondence, as long as the employer informs of this fact (thereby negating the default expectation of privacy).

Of course, this principle about somewhat-old-fashioned e-mail applies to any and all electronic communications now, such as Slack.

So for our digital children, the concept of “mail is private and yours, no matter if you receive it at the workplace” appears to have been irrevocably lost. This was a concept our analog parents took so for granted, they didn’t see any need to fight for it.

Today, privacy remains your own responsibility.

Syndicated Article
This article was previously published at Private Internet Access..

Rick Falkvinge

Rick is the founder of the first Pirate Party and a low-altitude motorcycle pilot. He works as Head of Privacy at the no-log VPN provider Private Internet Access; with his other 40 hours, he's developing an enterprise grade bitcoin wallet and HR system for activism.

Leave a Reply to shamanman Cancel Reply

Your email address will not be published.

Since I'm not a robot spammer I'm also answering this easy question:

Discussion

  1. shamanman

    Great article.

  2. Sebastian Nielsen

    I don’t agree.
    About the slack, its just about Company accounts, and/or channels created by the Company. Of course, the manager must be able to read such Communication, since it can be relevant for the job. Imagine you as a worker goes into agreement with a Customer on Slack, and then a dispute appears. The manager must then be able to read the Communication to see what has been said.

    Same with email adresses that belong to the workplace. Of course the workplace must be able to read such email. If you want to stay private, use your OWN private slack account or your OWN private email.

    The difference between the analog World and the digital World is that its also the dangers.

    On a analog phone, or in the analog mail, it isn’t easy to send something dangerous. In the mail its entirely possible to send something dangerous, but its complicated to get the things required to create a mail bomb or something other dangerous, and it requires getting Ahold of restricted materials.

    On the internet its different. You can download a virus and host it anywhere, Spread it via malware drive-by downloaders. Send it via email. And also “protect” the mail/website from being detected by using HTTPS.
    Theres even tools on the internet, even web services, where you can create malware for example ransomware, digital bombs, etc.

    Thats why I don’t have anything against HTTPS Interception, as its a tool to protect the Equipment from damage, and scanning traffic and Communications content from virus.
    Its nothing different than you have to get your bags X-rayed Before boarding a airplane.
    Or that your mail is being X-rayed Before it gets on a flight.

    How do you think gateway antivirus scanner should be able to scan for virus if your don’t use HTTPS Interception? Or that the workplace should be able to withhold their policies (blocking of certain webpages and such).

  3. gmail login

    very good. Thank you for sharing!

  4. Once had a briefing on postal secrecy

    There are/were subtleties around physical post, addressed to you, at a corporate address, in Sweden.

    If the package was sent to “FictionalCo, Totally Personsson, address, postcode, postal location”, it was always perfectly OK for the post room to open the letter, then forward it to you (it’s been addressed to the company first and foremost). But it it was sent to “Totally Personsson, FictionalCo, …”, it was addressed to you as an individual, and thus not OK for the post room to interfere with the missive.

    depending on the contents, it MAY have fallen on you to then enter the missive into the postal diary, but…

arrow