Tuesday, August 20, 2013

Expectation of Privacy

With the recent NSA leaks as well as a number of legal settlements regarding consumer privacy, one of which was Google, the question of privacy was brought up in a unofficial roundtable discussion at my local pub. Every semester we discuss expectation of privacy in both my cybercrime class and the course in corrections, as both deal with correspondence albeit in very different paradigms. I thought I might take a moment and make this post about privacy expectations.

There are some basic misnomers when discussing communications between two parties in the United States. Your privacy is only protected when there is a "reasonable expectation of privacy". So then the question becomes, what is reasonable? A public place? Your home? Work?

What I tell students is this, who owns the system or area? If you are openly discussing something in a bar or public place, there is very little reasonable expectation when compared to your home or a closed door meeting. The same thing holds true for email and other forms of electronic communication. When I am at work, I am operating on a University owned computer. I have no reasonable expectation of privacy save for the terms of use and privacy policy granted by the University. Simply put, the resources I am using are not my own. What if I took a personal computer to campus? This happens daily for students right? There is a reasonable expectation of privacy on a personal device, but the instant information is sent across resources that you do not own, or have no privacy agreement with (example, the University wireless network), the reasonable expectation of privacy drops significantly. This holds true for faculty, staff, and students. Very little is different in corporate environments. The email address at your work is not "yours", in fact is it the property of the sponsoring organization. The same holds true for any resource you do not own, even personal accounts at third parties like Gmail, Yahoo, Hotmail, and other web-based email providers.

The reasonable expectation of privacy is the standard litmus test used in court and privacy cases in the United States, so keep this in mind when sending sensitive or critical information of a personal or employment related nature.