Outlook/Exchange and "Read Receipt" : privacy ?
Andre Earl Paquet
Andre.Earl.Paquet at UMontreal.CA
Fri Sep 20 20:15:25 GMT 2002
I would like to have the opinion of the readers of this list
about what seems to me as a privacy problem with the "Read
Receipt" feature of Outlook under Exchange.
a) my University has decided to make Exchange (and Outlook)
our official email platform. For now, it is just for
the employees (including teachers), but sooner or later,
the students will go this way. The service is being
deployed with Exchange 2000.
Note : please, no flame about the choice in itself. It's
not my choice either, but I have to live with it.
b) I was recently informed about the "Read Receipt" feature
(along with the "Delivery Receipt" feature) of Outlook,
I have privacy concerns about the "Read Receipt" feature.
Here is how it goes : an Outlook user (the sender) may
request to receive (from Exchange) a "Read Receipt"
when the destination user reads the message. The
destination user has no way to decide (and to enforce)
that he/she does not wish anybody to know when he reads
(or does not read) this or that message. I am told, this
is only configurable globally for the Exchange site,
and not individually.
Also, I am told that this confirmation is also sent to
whoever has requested it, even if the sender is outside
the Exchange domain.
c) Please correct me, if I don't get it technically.
d) If all this is true, it seems intolerable to me, from
a privacy standpoint. I have already received complaints
from people considering that what message they read or
don't read is their own business. I agree with those
Some people tell me that it is not worse that registered
mail. I disagree because :
-registered mail is not free so it generally isn't
-anybody in a household can sign to accept
registered mail : so it is not a proof that
is was read.
So, I would like to have your opinion : do you think a
"Read Receipt" is an acceptable feature in a University ?
What do you do yourself (if you are in the same situation) ?
Andre Earl Paquet (CISSP)
Officier de securite informatique / Security Officer
Universite de Montreal, D.G.T.I.C.
Case Postale 6128, Succursale Centre-Ville
Canada H3C 3J7
tel. : (514) 343-6111 ext 5205
fax : (514) 343-2155
email : Andre.Earl.Paquet at UMontreal.CA
securite at UMontreal.CA
More information about the unisog