From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Thu, 22 Oct 92 23:22:28 PDT
To: cypherpunks@toad.com
Subject: Keystone
In-Reply-To: <3230.2AE6EFBC@fidogate.FIDONET.ORG>
Message-ID: <9210230622.AA26831@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Re: about a policy to require encrypted email.

Here is a statement I would like to see become policy and law:

"A provider of communications services cannot be held liable for the
consequences of encrypted communications that pass though its system."

Here is the argument to support it.  If I am a common carrier, I am
already off the liability hook by the nature of common carrier.
Suppose I am not a common carrier, for example because I provide a
value-added service such as electronic mail.  Also suppose that I
can't observe the contents of traffic that flows through my system
because it is encrypted.  Then I have no means to take any action
whatsoever with regard whatever consequences might occur from that
traffic.  I cannot be held responsible for actions I cannot take, much
less know of the existence of.

Such a policy would give BBS operators a complete defense against
claims of liability arising from email traffic.  It doesn't solve the
problem for public discussion areas, but it's a good start.  It would
also drive the deployment of encryption technology.

Eric