1992-11-17 - ECPA - PRIVACY

Header Data

From: tom.jennings@f111.n125.z1.FIDONET.ORG (tom jennings)
To: cypherpunks@toad.com
Message Hash: 53b759344b7c0adf7547f482558cb6daca573a5e3f21a5d3580b963f27449365
Message ID: <3759.2B0852B9@fidogate.FIDONET.ORG>
Reply To: N/A
UTC Datetime: 1992-11-17 04:52:02 UTC
Raw Date: Mon, 16 Nov 92 20:52:02 PST

Raw message

From: tom.jennings@f111.n125.z1.FIDONET.ORG (tom jennings)
Date: Mon, 16 Nov 92 20:52:02 PST
To: cypherpunks@toad.com
Subject: ECPA - PRIVACY
Message-ID: <3759.2B0852B9@fidogate.FIDONET.ORG>
MIME-Version: 1.0
Content-Type: text/plain



Crossposted from FidoNet PUBLIC_KEYS

from: GK Pace
to: Mike Riddle

  I just finished reading your article concerning the "laymans view"
of the ECPA.  I found it very informative, and interesting reading.
Thank you for taking the time to study this issue, and share with the
rest of us the conclusions you arrived at, upon doing so.

  I would like to comment upon some of what you've written, in hopes
of expanding upon what you have conveyed, and have quoted your article
so that those who haven't read your article will find it easier to
understand the nature of my comments.

 ========== Begin Quote ==========
 Anytime someone passes what they hope to be a private communication to
another, they expect that their fellow citizens will respect its privacy.
Not only do the customs of society enforce this expectation, statute laws
have been enacted to insure it.  Thus, everyone knows, or should know, not
to tamper with the mail.  Everyone knows, or should know, not to
electronically eavesdrop ("bug") someone else's telephone calls.  And
everyone knows, or should know, not to do likewise with computer
communications.

Alas, not everyone knows that.  If everyone did, we wouldn't need laws to
protect what ought to be our reasonable expectations of privacy.  Not too
long ago, the Congress of the United States passed PL 99-508, the Electronic
Communications Privacy Act of 1986.  In doing so, Congress was recognizing
the way technology has changed society and trying to react to that change.
 ========== End Quote ==========

  This statement kinda sums up what the discussion is all about... and
ties this subject into the provisions of the ECPA. seems like a
fitting beginning for the remainder of what I'd like to discuss.

 ========== Begin Quote ==========
What about electronic mail, or "e-mail?"  E-Mail has been the single biggest
area of misinformation about the new law.  First, section 2701 does make it
a federal offense to read someone else's electronic mail.  That would be
exceeding your authorization, since "private" e-mail systems do not intend
for anyone other than the sender or receiver to see that mail.  But, and a
big but, sysops are excluded.
 ========== End Quote ==========

  This statement in and of itself lends credibility to the position
that we have the right to read any messages passing thru our system...
however as you continue to mention, this exclusion is not without
conditions, and it isn't necessarily a "right" but is perhaps more
accurately defined as an acknowledgement of the technical aspects of
our respective systems, and the part we play in accomodating the
transfer of E-mail...

 ========== Begin Quote ==========
 Whoever staffed the bill for Congress realized that system operators were 
going to have access to information stored on their systems.
 ========== End Quote ==========

  You also of course mention reasons for which this ability might be
desired:

 ========== Begin Quote ==========
 There are practical technical reasons for this, but there are also practical 
legal reasons.  While the Act does not directly address the liability of
sysops 
for the use of their systems in illegal acts, it recognizes they might have 
some liability, and so allows them to protect themselves from illegal use.
 ========== End Quote ==========

  This statement reeks of common sense... but is there anything in the
ECPA which would indicate a "responsibility" on the part of the Sysop
to actively monitor such communications, requiring the Sysop to assume
the position of censor, police, and/or judge, over the content of
those messages passing thru ones system - or does it again acknowledge
the techical aspects, and responsibilities the Sysop might be required
to exercise in the event the Sysop were to become aware of a message
containing potentially illegal information? 

 ========== Begin Quote ==========
  Sysops are given a special responsibility to go along with this special 
privilege.  Just like a letter carrier can't give your mail to someone else, 
just like a telegraph operator can't pass your telegram to someone else, just 
like a telephone operator overhearing your call can't tell someone else what
it 
was about, so sysops are prohibited from disclosing your e-mail traffic to 
anyone, unless you (or the other party to the traffic) give them permission.
 ========== End Quote ==========

  This analysis is again just plain common sense, and again the
question arises, are the provisions this refers to those which are
acknowledged as technical limitations, accomodating them as such, or
are they to be construed as indications that we have obligations above
and beyond that which is necessary for the performance of the service
we are providing?

 ========== Begin Quote ==========
What all this has said is that the federal criminal code now protects
electronic communications the way it previously protected written ones.  It
understands that mailmen, physical or electronic, have access to the mail
they carry, so it tells them not to tell.
 ========== End Quote ==========

  This statement seems clear enough... but when viewed from the aspect
of the issue of wheather "private" E-mail should be allowed in
Fidonet, it gives rise to some questions which can possibly be best
conveyed by following the analog you have chosen... i/e that of a
mailman, and that of "paper mail".

  The issue of the Sysop having the ability to read e-mail, as
compared to the provisions of the ECPA appear to be more closely
comparable to "postcards" being carried by a mailman.  In this case,
no one could deny that the mailman has a "technical" ability to read
the postcards being carried, and that the requirements on the part of
the mailman not to divulge such information he/she might happen to
notice is clear... as are the responsibilities that would be evident
were he/she to become aware of information which could resonably be
contrued as illegal in nature.  But as in the example of the mailman
handling paper mail, there exists the ability to send "private" paper
mail, which is enclosed in an envelope.  In such cases is is not
within the rights of the mailman to open such mail to enable his
ability to determine the contents thereof, nor is there any legal
responsibility for the mailman to have knowledge of the contents
thereof.  Indeed it would be a criminal act were the mailman to do so.

  With the above in mind, wouldn't the introduction of private e-mail
capabilities in Fidonet be governed by the same logic?  And isn't
public key encryption simply the means of wrapping an envelope around
e-mail to make it private?


                               -gk

--- GenMsg vers:1.14/a
 * Origin: Privacy... everyone needs it, Lets Route it thru FidoNet (1:374/26)
SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 40 111 125
SEEN-BY: 125/180 1212 203/1 23 205/10 209/209 280/1 390/1 396/1
;;PATH: 374/26 12 1 151/1003 13/13 396/1 203/23 125/125 33


--  
tom jennings - via FidoNet node 1:125/555
    UUCP - ...!uunet!hoptoad!kumr!fidogate!111!tom.jennings
INTERNET - tom.jennings@f111.n125.z1.FIDONET.ORG





Thread