1993-10-01 - re: FIDOnet encrypted mail issues

Header Data

From: m5@vail.tivoli.com (Mike McNally)
To: anonymous@extropia.wimsey.com
Message Hash: d73f78d48c4e97d04ea0754458d7f64c3313ba46da07d489929c81c6c5fe2c7f
Message ID: <9310012049.AA22935@vail.tivoli.com>
Reply To: <199310012013.AA24686@xtropia>
UTC Datetime: 1993-10-01 20:58:12 UTC
Raw Date: Fri, 1 Oct 93 13:58:12 PDT

Raw message

From: m5@vail.tivoli.com (Mike McNally)
Date: Fri, 1 Oct 93 13:58:12 PDT
To: anonymous@extropia.wimsey.com
Subject: re: FIDOnet encrypted mail issues
In-Reply-To: <199310012013.AA24686@xtropia>
Message-ID: <9310012049.AA22935@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain



anonymous@extropia.wimsey.com writes:
 > Now, the point most internet people forget is that FIDOnet hosts are
 > hobbyists with 100% privately-owned machines and generally pay for the
 > entire participation of their userbase out of their own pockets,
 > excepting a few who get some dollars here and there from their generous
 > callers.

While I agree that this is laudable (in fact, I hereby laud such
sysops), I don't think this is much different than small, medium, and
large businesses and some private individuals which route Internet and
USENET mail without question and without charge on a constant basis.

 > As a completely justified consequence, they can decide if they
 > allow encrypted traffic _on their individual BBSs_.  

Encrypted "traffic"?  Encrypted traffic to/from the BBS itself, maybe.
However, it seems to me that it's an open question in this discussion
as to whether it's legal for the BBS operator to enforce such a
restriction on traffic flowing through the machine as part of a
multi-hop route.

 > In that there is
 > considerable fear of the consequences of illegal activity being
 > conducted on their BBSs via encrypted mail, many sysops (such as the one
 > you mention, leaving aside, for now, that he apparently confused a PGP
 > key with an encrypted message) do not wish to take the risk and forbid
 > encrypted traffic.

This is the issue: are such sysops, in the quest to prevent illegal
activity, engaging in an illegal activity?

 > They also monitor e-mail, if only incidentally
 > during the course of routine system maintenance, and notices to this
 > effect are generally contained in log-on screens and new-user info
 > files.

Well, it seems to me that to actually prevent encrypted traffic from
flowing through the site, pretty much *all* mail would have to be
screened.

 > In that these sysops are extremely, _personally_ vulnerable, they are
 > generally more cautious than those internet folks who can hide behind
 > institutions and businesses.

But the sad truth may be that they're damned if they do and damned if
they don't.  Being the owner of the machine and providing a free
service don't seem to be relevant facts when examining the practice of
e-mail filtering by examination in light of the ECPA.

--
Mike McNally





Thread