Is e-mail private, or in the public domain?

Many years ago — the early 1980s to be exact — I was working for a high-tech firm that was just installing e-mail into all our offices. It was amazing to be able to send computer-based messages to everyone in the building and, eventually, to our other locations.

One day, I received a message about something-or-other from the system administrator. I was surprised to find that she had inadvertently (at least I hope it was inadvertent) attached a document containing the username and password of everyone in our building, from the director on down to the mailroom personnel.

Being the ethical person that I am, I contemplated the mischief that I could do, but dutifully informed her of the security breach so we could engage in a flurry of password-changing throughout the organization. However, I learned a valuable lesson at an early stage — be very careful what you put into e-mails, because you never know where they will go or how long they will endure.

The point was driven home again to me this week when a friend forwarded to me a piece he found humorous. Imagine my surprise when I recognized it as something I had written in 1995 and posted on a newsgroup. In its current iteration it has no attribution, but has apparently been making the rounds. I queried my friend, who told me he had received it from his cousin who had received it from someone else.

This certainly wasn’t anything that I found embarrassing or which I have since repudiated, but it drove home to me the endurance of those things we think impermanent. And it also illustrates how something can receive wide distribution due the influence of the Internet.

This rather long introduction takes me to the topic at hand: an e-mail written to a friend by a journalist attending the World Economic Forum in Davos, Switzerland, in January. In the e-mail, she gives a candid and disturbing picture of what the delegates were doing and saying behind the scenes.

The friend, for whatever reason, posted the letter on an Internet discussion board, and the game was on. The letter was cross-posted on other sites and found its way into a rather lengthy discussion of the LawMeme board at Yale University Law School. (For that discussion, see http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=938.)

The journalist, at first denying that she had written an e-mail for public consumption, later admitted the authorship, but was aghast that someone she considered a friend would betray her by making a private communication public.

This raises several important questions:

* Should we have an expectation of privacy in things we send, especially to friends, over the Internet? How about to strangers?

* If so, is that expectation reasonable?

* Is it necessary that we mark such things as “confidential” or “do not forward” if we wish them to be kept in confidence — or is confidentiality the default?

* If someone finds such an item — initially meant to be private — in a public forum, is it permissible for that person to discuss or pass on such an item?

Obviously, it would take much more time and space than I have available to do justice to all of these questions, so I’d like to touch briefly on some of them.

My first reaction when thinking about this case was “Of course, I expect those with whom I correspond to keep our discussions confidential.” But on thinking about it a little, I realized that isn’t necessarily true.

Many things (especially things of a political or humorous nature) that I send to friends, I not only expect them to pass along to others but I hope they do. Other things, mostly personal communications, I don’t expect them to pass on, primarily because they’re dull and uninteresting. Having learned my lesson about the dangers of e-mail security early on, I rarely, if ever, put sensitive or embarrassing things in it.

I don’t tell my friends to pass things on, neither do I instruct them which ones shouldn’t remain confidential. I think they know the difference. That may be naïve on my part, but because I don’t put sensitive materials in e-mails, it wouldn’t bother me if they couldn’t distinguish between the two types.

At least judging by the e-mail I receive, people usually trust me to make that same distinction myself. Interestingly, when I receive e-mail in response to this column, I never assume that the writer intends it for publication, at least not in an identifiable way. I may use a comment, but I never attach a name to it without specific permission.

In the case of this journalist, it could very well be that the friend to whom she sent the letter assumed that she wanted it passed around. After all, she is a journalist whose writings appear in all sorts of public venues. And as a journalist, she should have known, as she does now, that sending your thoughts out in electronic form increases the likelihood they will become public.

So I think that although she may have had some expectation that the person with whom she was corresponding would treat the e-mail as confidential, it may not have been a realistic expectation, at least without specific indication that this was her intention. Adding to the confusion was the public and political nature of the e-mail, rather than something more personal.

The practice of clicking on the “Forward” button has become so prevalent in the online world that I could probably make a good argument that the expectation of forwarding is a default, at least for anything other than strictly personal and sensitive information.

For years, I’ve told people not to put into an e-mail anything they wouldn’t like to see tacked up on a bulletin board. I think that as time has gone by this has become more valuable advice.

As far as whether it’s ethical to continue discussing something that was originally intended to be confidential but has since passed into a public forum, I think that’s a much more difficult question. I agonized over whether to even put a link to the discussion about the case of the journalist, but reasoned that it has become so much in the public domain at this point that there is nothing to be served by being coy.

I’d be interested in hearing your thoughts about e-mail and whether an expectation of confidentiality is reasonable, whether it takes a specific instruction to invoke confidentiality, or whether it’s a free-for-all.