From: an12070@anon.penet.fi (S. Boxx)
Date: Sat, 2 Oct 93 18:44:26 PDT
To: cypherpunks@toad.com
Subject: troglodyte MIND RAPIST flames, take III
Message-ID: <9310030143.AA00548@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



really, it's not my fault. blame Mike Godwin <g>


===


Subject: STOP THE TROGLODYTE FIDONET MIND-RAPISTS *NOW*!


does routine FIDOnet email INVASION by operators VIOLATE the U.S. 
Electronic Communications Privacy Act? EFF's lawyer M. Godwin speaks
with FIDOnet operator Al Billings <mimir@u.washington.edu> on the 
cypherpunks mailing list. Resident list crank Perry Metzger offers
his own whitehot flame.

this forward brought to you by

cypherpunks
Cyberspatial Reality Advancement Movement (CRAM)
Information Liberation Front (ILF)
Blacknet


===

From: Mike Godwin <mnemonic@eff.org>
Subject: Re: FIDOnet encryption (or lack thereof)
To: cypherpunks@toad.com
Date: Fri, 1 Oct 1993 16:40:09 -0400 (EDT)
 
Al Billings writes:

> On Thu, 30 Sep 1993, Mike Godwin wrote:
> > 
> > My question is this: how does he know that the mail is encrypted if he's
> > not examining the mail that passes through his system? If he *is*
> > examining the mail that passes through his system, it seems likely that he
> > is violating the Electronic Communications Privacy Act.
> 
>  Only if he has stated that he allows private mail. Most sysops have
> specifically worded policy statements for their systems that say that the
> sysop can read any and all messages on the system and may do so at any
> time.

That's all very nice, but it doesn't enable a FIDO sysop to intercept
messages from people who are not users of his or her particular system.
Those people did not waive their rights to privacy under the ECPA.

> Bulletin boards do not normally offer truely private mail because of
> some of the legal implications.

This is a common myth. First of all, there are many BBSs that do
offer truly private mail, or whose sysops, as a matter of policy, do not
read others' private mail. Secondly, there's no legal liability associated
with allowing e-mail privacy. Third, federal law (the ECPA) bars
sysops from examining mail except under some very precisely defined
circumstances.

I suggest that you inform sysops who tell you otherwise that they can
contact me at the Legal Services Department of EFF. You've got my e-mail
address already--my phone number is 202-347-5400.


-Mike


From: Mike Godwin <mnemonic@eff.org>
Subject: Re: FIDOnet encrypted mail issues
Date: Fri, 1 Oct 1993 17:16:48 -0400 (EDT)
To: cypherpunks@toad.com


anonymous@extropia.wimsey.com writes:
 > Now, the point most internet people forget is that FIDOnet hosts are
 > hobbyists with 100% privately-owned machines and generally pay for the
 > entire participation of their userbase out of their own pockets,
 > excepting a few who get some dollars here and there from their generous
 > callers.

I have never forgotten this. But their commitment and efforts do not
amount to an amendment to federal law.

 > As a completely justified consequence, they can decide if they
 > allow encrypted traffic _on their individual BBSs_.  

Under what legal theory do they get an ECPA exemption as a "completely
justified consequence"?

 > In that there is
 > considerable fear of the consequences of illegal activity being
 > conducted on their BBSs via encrypted mail, many sysops (such as the one
 > you mention, leaving aside, for now, that he apparently confused a PGP
 > key with an encrypted message) do not wish to take the risk and forbid
 > encrypted traffic.

What they don't realize is that, rather than reducing the risk of legal
liability, they are increasing it.

 > They also monitor e-mail, if only incidentally
 > during the course of routine system maintenance, and notices to this
 > effect are generally contained in log-on screens and new-user info
 > files.

Any monitoring that results *directly* as a function of system maintenance
is okay--it's sanctioned by ECPA.

 > In that these sysops are extremely, _personally_ vulnerable, they are
 > generally more cautious than those internet folks who can hide behind
 > institutions and businesses.

If they were really cautious, they'd talk to a lawyer before setting
policy based on some guess as to what their legal liabilities may be.


-Mike




To: cypherpunks@toad.com
Subject: Re: PGP in FIDO 
Date: Sat, 02 Oct 1993 16:11:04 -0400
From: "Perry E. Metzger" <pmetzger@lehman.com>


anonymous@extropia.wimsey.com says:
> Anyway, the ECPA is basically irrelevant in the BBS world, as 1] almost
> every BBS states at log-on that there is no such thing as truly
> "private" e-mail on the system as the sysop can, will and does see
> messages in all areas, and 2] he is personally _liable_ for any illegal
> activity on his BBS, so he can reasonably be expected to keep an eye on
> e-mail for anything that will put his ass in a sling.

You haven't been listening at all to Mr. Godwin, have you?

1) The ECPA *DOES* apply to the BBSes whether they want it to or not.
   All the hoping in the world doesn't make a statute go away. Merely
   declaring that the ECPA doesn't apply to you doesn't work -- try
   declaring the tax laws don't apply to you some time and see if that
   works.
2) The BBS operators are NOT liable UNLESS they censor the mail. If
   they censor the mail, they are liable for anything they fail to
   censor. If they do not censor, they are common carriers, and have
   no liability.

In other words, jackasses pretending they understand the law have both
broken the law and made themselves more, not less, liable for anthing
left on their machines.

> There has been a very heated war in FIDOland over PGP and other
> encryption.  Considering the risk that sysops take on by permitting
> secure (?) communication on their BBSs,

They take NO risk. They are common carriers if they stop censoring
their mail. People don't seem to understand that the law on this is
very clear.

By the idiotic logic the FIDO operators are using, the phone company
could be siezed if two people have a conversation about a crime over
the phone. The notion is, of course, absurd, and so is the stupid
half-assed amateur lawyering the people who wrote the FIDO policies
used.

> Personally, _I_ would never stick my neck out like that, though I
> convinced many FIDOnet BBSs to do so for my own political and purely
> selfish reasons.

Actually, as I've just noted, you have not protected yourself. You
have opened yourself up for massive legal liability where you had none
before.

The depths of human folly never cease to amaze me. This case is as if
a group of bankers, deciding that they were scared that they might be
held liable if one of their clients were a drug dealer (which they
aren't) decides to embezzle all the client accounts instead to "keep
themselves safe".

Perry

-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.