[unisog] Outlook/Exchange and "Read Receipt" : privacy ?

Arnold, Jamie harnold at binghamton.edu
Sat Sep 21 02:24:12 GMT 2002


A little more info.....


Are You Spying on Me?
I like to know if people have requested read receipts on e-mail messages
they've sent me. Here's how you can customize your Outlook Inbox so you can
see at a glance which messages have read receipts attached: 

Open your Outlook Inbox, and on the View menu, point to Toolbars and click
Advanced to show the Advanced toolbar. 
On the Advanced toolbar, click Field Chooser. 
In the Field Chooser drop-down box, select All Mail Fields. 
Scroll down until you see Receipt Requested. 
Click Receipt Requested and drag it onto the column heading in your Inbox.
The double red arrows indicate where the column will be placed when you
release the mouse. 
Close the Field Chooser box. 


Now you'll see a new column in your Inbox with the label Receipt Requested
that will have a Yes in it when the message has a read receipt request
attached or a No if it does not. 


-----Original Message-----
From: Andre Earl Paquet [mailto:Andre.Earl.Paquet at UMontreal.CA] 
Sent: Friday, September 20, 2002 4:15 PM
To: unisog at sans.org
Subject: [unisog] Outlook/Exchange and "Read Receipt" : privacy ?


Hi,

     I would like to have the opinion of the readers of this list about what
seems to me as a privacy problem with the "Read Receipt" feature of Outlook
under Exchange.

     a) my University has decided to make Exchange (and Outlook)
        our official email platform. For now, it is just for
        the employees (including teachers), but sooner or later,
        the students will go this way. The service is being
        deployed with Exchange 2000.

        Note : please, no flame about the choice in itself. It's
               not my choice either, but I have to live with it.

     b) I was recently informed about the "Read Receipt" feature
        (along with the "Delivery Receipt" feature) of Outlook,
        under Exchange.

        I have privacy concerns about the "Read Receipt" feature.

        Here is how it goes : an Outlook user (the sender) may
        request to receive (from Exchange) a "Read Receipt"
        when the destination user reads the message. The
        destination user has no way to decide (and to enforce)
        that he/she does not wish anybody to know when he reads
        (or does not read) this or that message. I am told, this
        is only configurable globally for the Exchange site,
        and not individually.

        Also, I am told that this confirmation is also sent to
        whoever has requested it, even if the sender is outside
        the Exchange domain.

     c) Please correct me, if I don't get it technically.

     d) If all this is true, it seems intolerable to me, from
        a privacy standpoint. I have already received complaints
        from people considering that what message they read or
        don't read is their own business. I agree with those
        complaints.

        Some people tell me that it is not worse that registered
        mail. I disagree because :
              -registered mail is not free so it generally isn't
               used frivolously;
              -anybody in a household can sign to accept
               registered mail : so it is not a proof that
               is was read.

     So, I would like to have your opinion : do you think a "Read Receipt"
is an acceptable feature in a University ? What do you do yourself (if you
are in the same situation) ?

Thank you,

--

 Andre Earl Paquet (CISSP)
 Officier de securite informatique / Security Officer  Universite de
Montreal, D.G.T.I.C.  Immeuble Principal  Case Postale 6128, Succursale
Centre-Ville  Montreal, QC  Canada  H3C 3J7

 tel.  : (514) 343-6111 ext 5205
 fax   : (514) 343-2155
 email : Andre.Earl.Paquet at UMontreal.CA
         securite at UMontreal.CA



More information about the unisog mailing list