Privacy of a Message, Privacy of a Medium

Last week a story caught the eye of privacy campaigners, and caused a bit of a brouhaha in the mainstream media. This is how The Guardian described the story in their headline:

Companies can monitor workers’ private online chats, European court rules

Well, sort of. The European Court of Human Rights (ECHR) ruled on a case where a Romanian engineer was fired after using an instant messaging service to chat with family members. The employer had provided the service for the purpose of doing work, and had explicitly prohibited its use for personal reasons. The ECHR agreed that the employer could check messages being sent on a channel used for work, and could fire an employee who was found to have broken the company’s rules.

Normally I would be on the side of privacy campaigners, but the headlines linked to this story indicate some are making a fuss over nothing. Although European human rights legislation makes it clear that employees have a right to private communications, that is not the same as insisting that every channel for communication must be private. Furthermore, the employee’s right to private communication has always co-existed with the employer’s right to place limits on how corporate resources are used, including the prohibition of personal use.

Contrasting the rights of the employee and employer will naturally lead to grey areas, because employees must be free to communicate privately, but cannot claim an unlimited right to use any business tool for private communications. The boundaries are best resolved through the application of common sense; courts can only resolve them through the lengthy process of setting legal precedents.

The real story is that we all need to distinguish between the privacy of a message, and the privacy of the medium used to convey that message – a distinction that many journalists ignored whilst reporting this story. Maybe I want to share a private message with you, but I write it on the back of a postcard, or I send it to you via a tweet. If somebody else reads that ‘private’ message, then the fault would be with me, for picking such unsuitable modes of communication. We cannot blame the rest of the world for snooping, if we are simply careless about protecting our privacy. By the same token, if a business provides a communication channel that is only meant to be used for work, the employee should not complain if ‘private’ messages are read by their bosses.

We all need privacy, but it will not be realized by arguing the toss, or trying to present abuses of corporate communication tools as the vital exercise of liberty. The technology for truly private communication is available. Many businesses are willing to provide consumers with the necessary tools. Many fine activists have also adopted a practical approach to delivering privacy, instead of mucking around in courts of law. People have invented and shared methods of encryption that are both inexpensive and secure. The onus is on ordinary people to adopt those methods, if they care enough about their privacy. Fighting legal battles is the worst way to protect ordinary people. It assumes the law is on the side of the individual whose privacy was compromised, but the biggest snoops are the ones employed by our legislators!

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.