copyright notice
link to published version: Communications of the ACM, April, 1997


accesses since January 14, 1997

Hal Berghel's Digital Village....

Email: the good, the bad and the ugly

Electronic mail has become the unexciting and mundane electronic communication medium that we love to hate. It wasn't always that way. The hate is a fairly recent emotion.

Email has been with us in one form or another since the earliest days of computer networks and bulletin board services. From inauspicious beginnings, it became one of the three "killer apps," along with Telnet and FTP, that gave the Internet its momentum. Since the early 1980's, the popularity of the Internet and that of email have been wed.

Since the 1970's, email has evolved into the communication tool of choice for information technology academics and professionals. By the 1990's, the popularity and ubiquitousness of email throughout the rest of academia and high-tech industry, established it as a communications standard within those areas as well. It appears likely that the current wave of online service providers will soon extend this standard to the rest of the network-connectable world.

As email has evolved, we have come to surprisingly sparse consensus regarding the best and worst uses of this technology, and whether the technology itself can overcome its weaknesses over time. In the paragraphs below, I'll try to summarize what seem to me to be some interesting aspects of email, particularly as it relates to the phenomenon of information overload and some thorny privacy issues.

THE GOOD ......

Some of the technical advantages of email over communication alternatives were obvious early on. Among them:

Some additional advantages were discovered with use:

To be sure, there is a healthy body of literature which speaks to a variety of other social effects of email - in some cases, inconclusively. There is evidence that email communication may both produce and ameliorate anomic communication partnerships; email both contributes to and helps overcome the user's feeling of isolation; email is sometimes impersonal and sometimes not; and email may both increase and decrease sociability in communication. All of these are important areas of study, and equally beyond present purposes.

Because of these benefits, the popularity of email soared. By some estimates, there are over 50 million email users, and that number appears to be growing by 25% per year. But this growth is not without discomfort.

THE BAD.....

As with any new technology, email was found to have a darker side. More than an inexpensive communications medium, email may also be an individual and organizational resource drain. Here are some drawbacks that come to mind:

Denning set forth two fundamental requirements for email: (1) there must be special paths for urgent, certified and personal email to arrive, and (2) all other paths must be filtered. Denning also suggested that these two requirements might be satisfied by a combination of the following:

  1. content filters which scan incoming mail messages and message-headers and store, route or delete accordingly,
  2. message prioritization based upon a combination of "importance" number determined by sender and a bias number for each sender determined by the receiver,
  3. separate unlisted, private mailboxes whose address is controlled by the owner,
  4. special forms of delivery for certain categories of email so that mail from privileged authors (perhaps as identified by special keys) would be handled differently,
  5. hierarchical mailbox organization which correspond to the organization's normal communication paths so that email may not circumvent sanctioned information flow, and
  6. threshold reception which would assign a cost to potential senders for the delivery of the email - if the sender was unwilling to pay the cost, the email wouldn't be delivered.

We observe that modern email systems only support (1) through (3) - and even then it's a stretch. Message "scanning" by email programs is pretty rudimentary by natural language processing standards, and the prioritization algorithms are hardly as robust as Denning suggested. One might actually extend Denning's suggestion to include the requirement that the prioritization schemes be intelligent and self-training. Even (3) is difficult achieve from what I can see as organizations post their employee's email addresses in online directories.

Requirements (4)-(6) still seem a long way off. The modern trend toward Post Office Protocol(POP)-clients seems to work against goals like (4)-(6) since they seem most amenable to server-side solutions. It remains to be seen how much server-side rigor will be built into future mail protocols like Internet Message Access Protocol (IMAP).

THE UGLY....

The dangers of email do not end with information overload. In addition, the technology itself - at least as it is now being used - presents us with a new technological challenge and a social dilemma. Both of these will be of considerable importance to the computing communities of the near future.

The first challenge, and likely the easier to deal with, is the security issue. Modern email clients support "attachments" which are foreign (to the emailer) data files, multimedia files or executables. Such files are converted to ASCII, attached to email, transmitted and converted back again by the receiving client. Of course, the problem is with the binary, executable files which are transmitted. Therein is a fairly significant security hole and a potential source for a new wave of computer viruses.

Email virus scanners are already available for both client (MIMEsweeper, www.integralis.com; Webscan, www.mcafee.com) and server (VirusWall,www.antivirus.com; WebShield, www.mcafee.com). Of the two methods, the client-side approach has a decided advantage in that the detector could conceivably spawn existing, third-party antivirus utility thereby avoiding much reinvention. The server-side approach has the theoretical advantage of not allowing infected mail onto the client in the first place.

Ill-behaved executables are another matter entirely. An illustration of the difficulty of this problem may be found in the Java developers' struggle to implement the details of static type checking for applets. A likely first pass at email security might be to follow the lead of Web client developers and restrict execution to hobbled programs (e.g., applets), but even this has proven to be only partially successful as it admits of system penetration by type-confusion attack.

Though the second challenge is not technical, it may have the most serious social costs. This is the challenge to find a balance between an organization's need to control its work force and the individual's right to privacy.

The email privacy issue came to light around in the mid-1990's when employees began to discover that their email was being read by employers. In one case, when an employee of Pillsbury sent what he thought was a private email communication to a co-worker labeling Pillsbury as "back-stabbing bastards," it got him fired for "inappropriate and unprofessional comments."

In subsequent litigation it turned out that privacy of inter-personal email was not one of Pillsbury's corporate guarantees. The Philadelphia Federal District Court judge ruled that even if the company had made such a promise, reading employees email would not have "...tortiously invaded" their privacy. This leaves open the question of where the balance is between a company's right to insist that its computer and network resources are used for company business on the one hand, and the employees right to discharge free expression on the other?

Patrice Duggan Samuels, who covered the story for the New York Times, reports on the following corporate policies as of mid-1996:

It appears as though companies are reading employees email with increasing frequency. This, in turn, is producing a flurry of litigation. To mitigate against this, formal policies have been proposed, like this boilerplate policy for corporations provided by The Society for Human Resource Management: "I am aware that the company reserves and will exercise the right to review, audit, intercept, access and disclose all matters on the company's email systems at any time, with or without employee notice, and that such access may occur during or after working hours." From the user's perspective, perhaps the next step is email encryption. It might be that the email privacy litigation of the next century will involve corporation's rights to insist on a back door key to the employees encrypted email.

ISSUES IN BALANCE:

Not only does email, our seemingly innocuous communications tool, have social implications of which we don't fully understand, now it appears to have legal ramifications as well. The legal is even harder to understand than the social.

Imagine a continuum between absolute employee privacy rights on the one end and absolute employer's rights on the other. Since the extremes aren't viable (no company should have the right to put video cameras in the restrooms, and no employee should have the right to refuse to document large reimbursement claims), society needs to find a balance that it can live with.

But where would employer's placing employees under home surveillance fit? Is that closer to the "unacceptable invasion of privacy" end or the "necessary for the operation of the organization" end? How about requiring polygraphs as a condition of continued employment, and over what range of questions? How about eavesdropping on employee telephone conversations? Or looking at employees email? Taken in this context, the email question may be merely the latest incarnation of the ages-old conflict between worker's rights and those of the corporation.

So what makes email different? Here are some distinctions that have been suggested:

  1. Email uses company computer systems. From a technical point of view this seems to be a red herring - company telephone systems also transmit (audio) information from and between the same group of employees. On this account, WAV or AU email attachments are not private where the same audio information would be private if transmitted by phone.
  2. Email is more persistent in the corporation while telephony is more ephemeral. Is that right? Isn't most email intended to be as temporary as telephony. Indeed, as we explained above two of the advantages of email over voice communication is that (a) it is often quicker to type-and-send missives than to connect telephonically, and (b) the exchange is more likely to remain focussed and less prone to gossipy digressions than voice communication. Who wants to take the time to type a paragraph about the bosses' vasectomy anyway. Further, voice mail can be as persistent as email.
  3. An email box is like your desk drawer or company locker where there is no expectation of privacy. If this doesn't set up an adversarial relationship between employer and employee, nothing will.

I have another hypothesis. Could it be that the technological imperative has reared its ugly head once again? Maybe employers read employee's email because they know how to do it without being obviously intrusive and without being detected. The question which society will have to resolve is whether eavesdropping is somehow more ethical if it's digital.

CONCLUSION

In the end, we have yet to fully appreciate email for what it is - its status as a favored communication medium of the networked is secure. But it is becoming ever more evident that, like its communication technology ancestors, it comes with penalties. Just how many, and how important, have yet to be determined.

A few things seem clear. First, increasing the volume of information is not necessarily a social good. To paraphrase Peter Denning, increasing verbiage without increasing the number of good ideas doesn't get us very far. Since we have no objective comparisons of the efficiencies of email offset by the economic penalties of the unnecessary time hits and distractions, it is difficult to estimate the extent of productivity gains achieved by email. It would be useful to question the degree to which alleged email efficiencies are real or imagined. When we claim email efficiency, are we reporting statements of fact or the cognitive arrogance that derives from unreflective dependence on the technology. As the saying goes, "to a person who only owns a hammer, everything appears as a nail."

Another obvious fact is that email is a wonderful test bed for researchers. At once they have an opportunity to investigate the modern standard for on-demand communication partnerships and inter-personal though not-in-person digital communication. As we advance into new technologies like Internet telephony and networked conferencing, we may one day see that this test bed was email's greatest contribution.



For further reading....

A good place to begin to look at the negative aspects of email communication is M. L. Markus, "Finding a Happy Medium: Explaining the Negative Effects of Electronic Communication on Social Life at Work," ACM Trans. on Info. Syst, 12:2, pp. 119-149. Peter Denning's prescience with respect to electronic junk mail is evident in his ACM President's Letter, "Electronic Junk,", CACM, March, 1982, pp. 163-5. Denning's exchange with his critics in CACM Forum the following June is also worth a look. An overview of the email privacy issue may be found in article, "Corporate Electronic Stationery," in May 12, 1996 Sunday New York Times.

If you're interested in this topic and have reasonably well thought out ideas on email, visit my "Email: Good, Bad and Ugly" homepage at http://berghel.net/email_gbu/. Here's a chance to add something to the online literature. Include your name for credit.