Richard Stallman's personal site.

https://stallman.org

For current political commentary, see the daily political notes.

RMS's Bio | The GNU Project



Analog Equivalent Rights (20/21): Your analog boss couldn’t read your mail, ever

Europe: Slack has updated its Terms of Service to let your manager read your private conversations in private channels. Our analog parents would have been shocked and horrified at the very idea that their bosses would open packages and read personal messages that were addressed to them. For our digital children, it's another shrugworthy part of everyday life.

The analog plain old telephone system, sometimes abbreviated POTS, is a good template for how things should be even in the digital world. This is something that lawmakers got mostly right in the old analog world.

When somebody is on a phonecall — an old-fashioned, analog phonecall — we know that the conversation is private by default. It doesn't matter who _owns_ the phone. It is the person _using_ the phone, right this very minute, that has all the rights to its communication capabilities, right this very minute.

**The user has all the usage rights. The owner has no right to intercept or interfere with the communications usage, just based on the property right alone.**

Put another way: just because you _own_ a piece of communications equipment, that doesn't give you any kind of automatic right to listen to _private conversations_ that happen to come across this equipment.

Regrettably, this only applies to the telephone network. Moreover, only the analog part of the telephone network. If anything is even remotely digital, the owner can basically intercept anything they like, for any reason they like.

This particularly extends to the workplace. It can be argued that you have no expectation of privacy for what you do on your employer's equipment; this is precisely forgetting that _such privacy was paramount_ for the POTS, less than two decades ago, regardless of who owned the equipment.

Some employers even install wildcard digital certificates on their workplace computers with the specific purpose of negating any end-to-end security between the employee's computer and the outside world, effectively performing a so-called "man-in-the-middle attack". In a whitewashed term, this practice is called _HTTPS Interception_ instead of "man-in-the-middle attack" when it's performed by your employer instead of another adversary.

Since we're looking at difference between analog and digital, and how privacy rights have vanished in the transition to digital, it's worth looking at the code of law for the oldest of analog correspondences: the analog letter, and whether your boss could open and read it just because it was addressed to you at your workplace.

Analog law differs somewhat between different countries on this issue, but in general, even if your manager or workplace were allowed to _open_ your mail (which is the case in the United States but not in Britain), they are typically never allowed to _read_ it (even in the United States).

In contrast, with electronic mail, your managers don't just read your entire e-mail, but typically has hired an entire department to read it for them. In Europe, this went as far as the European Court of Human Rights, which ruled that it's totally fine for an employer to read the most private of correspondence, as long as the employer informs of this fact (thereby negating the default expectation of privacy).

Of course, this principle about somewhat-old-fashioned e-mail applies to any and all electronic communications now, such as Slack.

So for our digital children, the concept of "mail is private and yours, no matter if you receive it at the workplace" appears to have been irrevocably lost. This was a concept our analog parents took so for granted, they didn't see any need to fight for it.

Today, privacy remains your own responsibility.


This article is under a Creative Commons Zero license ("public domain").