Given the removal of the ability for Admins to view member u2u's via the xmb scripts, thought this would be of interest to Australian's in regard to their Privacy Act:

Source: http://privacy.gov.au

"Personal information

Personal information is information or an opinion that identifies an individual or allows their identity to be readily worked out from the information. It includes information such as a person's name, address, financial information, marital status or billing details. Some personal information is sensitive information. This includes information about ethnicity, religion and health."


The Australian Privacy Act is there to protect individual's personal information. Viewing a member's u2u's for the sake of it is morally incorrect however it does little in the way of identifying an individual and unless you are publishing their u2u's and their real names, I see nothing in the Privacy web pages that indicates a breach.

Anyone care to look at the web site and correct/clarify this?


As for common law and Ansett, Ansett have long gone so not sure how they could be held to anthing. I'd be interested in seeing some successful examples of where an organisation has been found guilty of any breach of law where they have previously published their guidelines for useage.


In saying this, I'm not condemning the removal of the feature, however the reality is that Admins will read u2u's, hopefully only in cases where misuse has been reported (and at the end of the day there is still only one active dev here so who's going to argue the point).

from http://www.privacy.gov.au/internet/email/index.html

"The Office of the Privacy Commissioner receives many enquiries regarding the privacy of workplace e-mail and web-browsing activities. It is apparent from these calls that there is a general expectation, by staff, that law exists which protects their privacy in the workplace. There is no general constitutional or common law right to privacy in Australia."

The Privacy Act is primarily about organizations collecting your information and how they must deal with your information. In part, they have generate a Privacy Policy, which you must agree to and it must be explicit about the sorts of ways you use the data.

We don't have a privacy policy T&C on this software.

However, the bottom link is incorrect. Here's is the NSW law I was telling you about.

[link=http://www.parliament.nsw.gov.au/prod/parlment/NSWBills.nsf/0/941266a03eb10718ca256ff600242edb/$FILE/b04-027-20-p02.pdf]NSW Workplace Surveillance Act[/link]

It criminalizes employers snooping on employees e-mails. Other states are in the process of adopting the same legislation.

Outside of that, why is me opening your mail any different or less moral than me opening your U2U's? Sure on my forum, I can do it with SQL queries, but that shows that I have zero ethics. Would it change your opinion if I told you that it happens here, and regularly?

Andrew

I'm not disputing the moral ethics of it at all, ever as I agree (but.... I also believe I have to protect my members and need proof when specific claims are made) and part of my forum sign up rules state the instances of when a u2u could be read.

No, my opinion would not be changed if I knew my u2u's were read here or on any other forum as I know the capability is there whenever a database exists and ppl being ppl, they either have a valid reason or they are just snooping.

I'll read that pdf in the morning thanks Andrew.

p.s. can someone pls tell ultimabb to not show members email addresses when you view their profiles???!!!!

rightyo, what do you mean? With UltimaBB the email address is "hidden" on the actual profile page...

I guess there is an option to hide/unhide the email address?


As for the u2uadmin.hp - I've never been a fan of it. I for one wouldn't want others to read my private messages, even if they are complete nonsense sometimes.
Yet I do see your point. If someone comes along and says they are being threatened for example per U2U and give you permission to check this/her inbox ... Then again, would you need permission of the one who send it as well?

Quite an interesting thing


Here it's even so ... (heard in a college) that if your company grants you a Homefolder, like quite some companies do, they have no right to check that Homefolder. You could keep a porn collection on it, they can't check it.
Unless you signed some sort of paper/agreement if I mean to recall?
The guy said, and this is almost quoted; the employee could keep hardcore childpornografie on his Homefolder, the company couldn't do anything, but they would get sued for having it on their servers.

*don't know how accurate this is, but seeing he owns his own successfull company and is busy with these kind of things daily...*

Generally, the rules are commonsense.

If someone has a warrant, LEA can search. Without a warrant, they can't unless the owner grants them permission.

If an employer tells their peeps that they have no privacy, and that they can read e-mails and u2u's as a matter of normal business, well that is legal in the US, and illegal in NSW. Not ethical however.

Unfortunately, the entire expectation of privacy thing has gone out the window with electronic communication. I see U2U's as a form of e-mail (in fact, they can trigger e-mail). It's no different to reading your sibling's diaries - nothing really to stop an unethical admin, but their sense of morals.

If you need to read someone's u2u with their permission, reset their password and take over the account or ask them to forward it. Don't do it surreptitiously.

Andrew

Then put an On/Off button in the Admin Settings to disable U2Us please, that is all I ask. By that I mean no links showing anyplace on the forums..if they dont see it they wont try to use it.

In UltimaBB (which will most likely be the next version, modulo a lot of discussions), has the following u2u controls:

U2U's on/off
# of posts before U2U's are allowed (prevents spam)
Individual U2U post permissions (i.e. can read, but not post)

I think as we're closing out 1.9.7 right now, I do not want to make any more schema changes at this very late stage, so it's too late for this release.

Andrew

My interpretation of the NSW law link you provided is that it is for workplaces, where an employer/employee arrangement exists:

"5 Meaning of “at work”
(1) For the purposes of this Act, an employee is at work for an employer when the employee is:
(a) at a workplace of the employer (or a related corporation of the employer) whether or not the employee is actually performing work at the time, or
(b) at any other place while performing work for the employer (or a related corporation of the employer)."


However, even if it could/does apply to web site operators, there is a provision for 'surveillance' which indicates employers can, providing they give prior notice:


"10 Notice of surveillance required
(1) Surveillance of an employee must not commence without prior notice in writing to the employee.
Note. Subsection (6) provides for an exception to the notice requirement.
(2) The notice must be given at least 14 days before the surveillance commences. An employee may agree to a lesser period of notice.
(3) If surveillance of employees at work for an employer has already commenced when an employee is first employed, or is due to commence less than 14 days after an employee is first employed, the notice to that employee must be given before the employee starts work.
(4) The notice must indicate:
(a) the kind of surveillance to be carried out (camera, computer or tracking), and
(b) how the surveillance will be carried out, and
(c) when the surveillance will start, and
(d) whether the surveillance will be continuous or intermittent, and
(e) whether the surveillance will be for a specified limited period or ongoing.
(5) Notice by email constitutes notice in writing for the purposes of this section.
(6) Notice to an employee is not required under this section in the case of camera surveillance at a workplace of the employer that is not a usual workplace of the employee."

and section 12 also allows a provision if there is a clear policy:

"12 Additional requirements for computer surveillance
Computer surveillance of an employee must not be carried out unless:
(a) the surveillance is carried out in accordance with a policy of the employer on computer surveillance of employees at work, and
(b) the employee has been notified in advance of that policy in such a way that it is reasonable to assume that the employee is aware of and understands the policy."


The way I read it is that providing you make it clear you can and will in specific circumstances, it is allowable.

I am saying that we want to be ethical, not just because it is allowed under weak or inconsistent law.

In the 1840's it was legal to own slaves in many parts of the USA.
In the early 20th century, only New Zealand allowed women to vote
In the 1940's it was legal to discriminate against folks who weren't white in many parts of the world.
In the 1960's it was legal to discriminate against gays and lesbians
In the early 21st century, it is still legal to snoop on your fellow humans only in electronic form in some countries

It is not *right* to snoop on your fellow humans. Not if it's on paper (where almost everyone has legal rights to privacy). Not if it's electronic format (whether its called U2U or e-mail). To me they are the same. I don't use paper, but I expect my rights to be the same in both media. The fact that they aren't means the law simply hasn't caught up to common sense as yet.

This is not a feature I would want in a forum and I would hope that everyone has the ethics and moral courage to make that stand.

Andrew

Quote:

The way I read it is that providing you make it clear you can and will in specific circumstances, it is allowable.

I think that's exactly the main issue for taking the feature out of the software, rightyo; it is legal only in a very conditional context. To avoid complexities by default and to not encourage illegal snooping, I think it's better such a tool is left out of the standard forum-software.

A hack to make the tool available again will resurface soon enough, I'm sure. In which case the fact weather you are snooping or not is no longer XMB's responsibility/concern

I guess we have to agree to disagree!

The NSW law is there to protect employers AND employees. I see no difference where a clear policy is published for a web owner to ensure the protection of their site and members. Yes there will be people who have nothing better to do and snoop, but if that's their bent, they will find the way anyway.

True. Even with the tool removed, people'll find ways to snoop the U2U's anyway. However, by having the tool XMB'd be encouraging the use of it...

If we cannot agree on the ethical aspect, perhaps a more practical reasoning is: the majority of users/administrators do not use the tool.
If democracy is the way to go, the majority of votes would therefore go to removal of the tool.

My point is that the NSW law allows snooping, it does not disallow it. Their ethical viewpoint is that the Employer has the right to snoop providing prior warning is given. As an Employer paying for the facilities (email, web browser etc.) they have an ethical right to ensure those facilities are not abused which could harm their company. Forum owners (similiar role to an Employer who provides the facilities) have an ethical right to ensure members do nothing to harm their web site (physically or by reputation).

Employment is great but it's not a right. Membership of forums is nice but it's not a right. Misbehave and you get booted from either.


I have no issue with the removal of the tool, I use sql to investigate reported issues anyway.

It's like arguing with water. Whatever.

Andrew

Quote:

Originally posted by vanderaj It's like arguing with water. Whatever. Andrew

Sorry you feel that way. Just trying to clarify for Aussie users, after all people may have interpreted your comment that it is against the law (it isn't):

Quote:

I am thoroughly against the inclusion of this file as it directly breaches EU Privacy laws, Australian common law (there is a court case against Ansett which says that employees have a reasonable level of privacy unless otherwise notified), directly 100% against NSW law preventing unauthorized snooping (whilst allowing wide ranging powers for law enforcement snooping).

Unless there is a disclosure agreement regarding viewing U2Us said parties could pursue legal means against owners, mods, admins in access to said data in accordance to the laws in Australia. I removed it completely from UltimaBB the day I started development on it. I know of no other forum systems that make it a default feature either. It's a feature that must be modified to the forum application.

Quote:

Originally posted by JohnPB2005 Unless there is a disclosure agreement regarding viewing U2Us said parties could pursue legal means against owners, mods, admins in access to said data in accordance to the laws in Australia. I removed it completely from UltimaBB the day I started development on it. I know of no other forum systems that make it a default feature either. It's a feature that must be modified to the forum application.

again, incorrect - the laws in Australia mentioned above not do cover snooping data, they cover identification of individuals and disclosing data that can id individuals. while snooping data could be used to id individuals and thereby disclose said data would be a breach of the Privacy Act, simply snooping data does not appear to be covered by any law or any case bought to law.

however, morally you should disclose if you intend to snoop data such as u2u's whether through the old u2uadmin system or via direct u2u table access.