The FBI, citing the need to fight terrorism, has been using what are called “Carnivore” devices at many high traffic locations throughout the Internet. These “Carnivore” devices (now innocuously renamed DCS1000) scan the content of all mail and Web traffic. The University needs to take an active role in protecting its users from this technology.
When an e-mail is sent, it is bounced from mail server to mail server until it reaches its recipient. This situation is analogous to a letter sent without an envelope where everyone who handles it has the ability to read it, along with every person on the street that mail trucks drive down.
The University has the resources and the obligation to protect its users” privacy.
The University has been working on this. Recently, some of the University”s mail servers started allowing encrypted connections through a technology called SSL (Secure Sockets Layer) which is already used to make secure connections on the Web. Most shopping sites and banks use SSL to protect sensitive information being submitted across the Internet. This is akin to the USPS taking its mail from post office to post office in armored trucks. While significantly increasing privacy, more should be done.
With SSL, mail travels in armored trucks but is still freely readable by any postal employee. Also, if the mail travels on an older truck (through an older server that doesn”t support SSL) then the mail can still be read by anybody on the street that the open older mail truck travels down. The solution is to put an envelope on the letter that only the recipient can open.
There is software that can achieve such a level of privacy. PGP (Pretty Good Privacy) is software written several years ago by Philip Zimmerman. PGP encrypts e-mail so only the recipient can view it, significantly improving the privacy of electronic correspondence. PGP and its later descendant GPG (Gnu Privacy Guard) can be integrated into mail clients on campus including Outlook, Pine and Mulberry.
The University should work to make it easy for members of its community to use tools like PGP and GPG, make the use of SSL in mail clients and servers the default method of communication and work with various departments to ensure an appropriate level of education on privacy issues.
The University already prioritizes the protection of its computers from computer viruses. Privacy should be as much of a priority to the University and could have as much of a significant impact on students, faculty and staff.