From: Mike Godwin <mnemonic@eff.org>
Date: Fri, 1 Oct 93 14:23:45 PDT
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: FIDOnet encrypted mail issues
In-Reply-To: <9310012049.AA22935@vail.tivoli.com>
Message-ID: <199310012116.AA23333@eff.org>
MIME-Version: 1.0
Content-Type: text/plain




anonymous@extropia.wimsey.com writes:
 > Now, the point most internet people forget is that FIDOnet hosts are
 > hobbyists with 100% privately-owned machines and generally pay for the
 > entire participation of their userbase out of their own pockets,
 > excepting a few who get some dollars here and there from their generous
 > callers.

I have never forgotten this. But their commitment and efforts do not
amount to an amendment to federal law.

 > As a completely justified consequence, they can decide if they
 > allow encrypted traffic _on their individual BBSs_.  

Under what legal theory do they get an ECPA exemption as a "completely
justified consequence"?

 > In that there is
 > considerable fear of the consequences of illegal activity being
 > conducted on their BBSs via encrypted mail, many sysops (such as the one
 > you mention, leaving aside, for now, that he apparently confused a PGP
 > key with an encrypted message) do not wish to take the risk and forbid
 > encrypted traffic.

What they don't realize is that, rather than reducing the risk of legal
liability, they are increasing it.

 > They also monitor e-mail, if only incidentally
 > during the course of routine system maintenance, and notices to this
 > effect are generally contained in log-on screens and new-user info
 > files.

Any monitoring that results *directly* as a function of system maintenance
is okay--it's sanctioned by ECPA.

 > In that these sysops are extremely, _personally_ vulnerable, they are
 > generally more cautious than those internet folks who can hide behind
 > institutions and businesses.

If they were really cautious, they'd talk to a lawyer before setting
policy based on some guess as to what their legal liabilities may be.


--Mike