This is the first of a 2 part article on email and document security. In the first part I will draw out both the back ground and some of the ramifications of the problem and in the second part I will show how the problem can be totally avoided for only a few dollars.

As I break down the problem let me remind you that though this problem definitely has many legal ramifications I am not a lawyer and that the governing laws vary from state to state so for solutions or even determining whether there are legal aspects in your state you will need to contact a lawyer familiar with the laws of your state pertaining to communications with religious professionals.

Since some aspects of this problem are more likely to occur in the church context than in the denominational context I shall write from the view of protection of private communications on computers owned by churches though the same issues could possibly apply to collegiate ministry centers and denominational offices, etc.

Let's look first how the problem emerged. In years past when a minister received a letter or other document at the church that he felt should remain private he merely put it in his brief case and took it home where it would be safe from all prying eyes unless his home was burglarized. Thus security was easily and somewhat naturally provided. Even in the early days of computers when storage was on cassettes or floppy disks they too just went into the brief case and all was safe. Then came technological advance and cheap hard disks and computers owned by the church. A totally new situation emerged without anyone giving much thought to it. Now the information was not at the ministers home it was at the church unless the minister used a laptop which he took with him like he had formerly taken his briefcase. But the information was safe wasn't it? After all wasn't the information password protected? Therein lies the problem. Passwords are generally like cheap locks only good "to help keep honest people honest".

The storage of information on a computer also raises the question of who has a right to read that information. With a letter there was no problem. Clearly it was only the writer and the one to whom it was written. Even the most uneducated understood that a letter even after it had been opened was not to be read by others. It did not matter where the letter happened to located. The question became muddier when it came to computers. The courts established that employees did not have the right to use company owned computers for private communication and that company officials could read email on those computers since the employees did not have the right to expect privacy. To my knowledge the courts have yet to deal with whether the sender sending to a private email account (not a company email address) had the right to expect privacy. You see the problem since when you send an email you have no way of knowing who may own the computer on to which the owner of the account may download it. It gets further complicated in some states such as Georgia (your should know the law in your state) where ministerial privilege indeed responsibility is spelled out. The Georgia code is included here as a sample of how these codes are often written.

There are basically 4 scenarios where the privacy of the information can be compromised.

A thief can break in and steal the computer and others read the information and use it for blackmail or other nefarious objectives.

A computer hacker breaks into the computer if it is one that is online and downloads the information using it in a manner similar to in number 1.

Church members who are overly "curious" read the information while the minister is away for whatever reason and spreads private information among the church members

(4.) The minister gets in disfavor with his board of trustees or deacons who operating from the view point of a business reason that the computer belongs to the church so they are free to take it and see what they can prove about their suspicions about the minister. This one is a two fold danger since it involves not only the invasion of the privacy of the email for constituents who thought their communications were private but also of the minister's private written and often incomplete thoughts. As an example I often write down a statement that is completely the opposite of my belief as I plan to develop the arguments later that should disprove the statement. Those with either background training in science or philosophy often use the "null hypothesis approach" to testing ideas. Indeed this article started a while back with the statement. "Email privacy is adequately protected on the hard drive of a campus minister's office computer." Obviously not something I believed but until I fleshed out this part of the article there it was for anyone to misuse who entered my computer. Writers and speakers often put down partial ideas in order to not lose them but those partial thoughts can easily be used against them in the wrong hands. You are warned. In the second part of this article I will show you how to totally protect yourself.

 

Scenarios 1 and 2 are clearly criminal but honestly the result while possible is improbable.

While we would all like to believe that scenario number 3 would never happen that is unfortunately not true. I also need to warn here that collegiate ministry centers are particularly vulnerable here through those who keep the centers open after hours. Remember passwords to computer students are frequently just challenges to be met.

Scenario 4 gets much of its impetus from lay members who maybe CEO's used to the rights of business CEO's or from lay members who have watched too much TV and think of themselves as detectives and reason since they are deacons or trustees they own the equipment so they don't need a court order to snoop around. This is very dangerous ground because a minister may not be considered an employee according to the government (self employed social security, etc) and in some states like Georgia has clearly defined privacy rights and responsibilities. Remember the law is what the court says it is and there are young lawyers out there that would love to make a name for themselves by helping forge new law in this area. While it is my feeling the scripture is unambiguous that Christians should avoid going to court to settle things, if it does have to be settled in court it is probably better to approach it from a criminal invasion of privacy of both the minister and those who had the right to expect privacy in their communications than to seek civil redress since that punishes the whole church with monetary penalties.

The whole thing is really a situation that has its roots in technology and then is exacerbated by potential human behavior. Since technology has caused the problem I hope to show in the next part how for just a few dollars the whole thing can be solved in a way that eliminates the possibility of all 4 scenarios above. If I am correct then we have no one to blame but ourselves if we ever face any of those situations.

Ask yourself these questions - "What do I have on any computer that I do not own that might be misused against someone who sent me an email?" "What do I have on any computer that I do not own that might be misused against me?"

Think about it-next time act as the Lord lead you.

Dick Houston

Senior campus minister for the Cyber Student Center