Karl Barrus writes:
I mention this because I have asked and been told repeatedly by an attorney friend of mine that running a remailer on a system where you don't have authorization to do so is a violation of the ECPA. (i.e. access beyond what the system administration intends for you to have).
I would be interested in what legal research your attorney friend engaged in in order to come to this conclusion. Possibly it would be a violation if running a remailer was specifically prohibited by the operator (though this sounds more like a contract problem than an ECPA one), but I don't see anything in ECPA that would require affirmative authorization in order to do so. There is plenty of language about unauthorized access to others' communications, but it seems to me that in the case of a remailer you (the remailer operator) are authorized access to the communication BY THE SENDER for the limited purpose of re-sending. Holding this to be a violation is also particularly silly since it would make unlawful the doing of something by instrumentality of software an act which can easily be done (and was done, before the current era of software remailers) by hand. One would solicit for messages to be remailed, receive them normally in your mailbox, manually remove the headers and signature lines, then send them out again to a destination specified by the sender (possibly via out-of-band communication). This has gone on for year on mailing lists and Usenet groups. The example that comes to mind is soc.motss, where several posters offered to repost anonymous or pseudonymous messages for people who were not out of the closet, or would be embarrassed by gay-themed postings from their work or school account. -- Michael C. Berch mcb@postmodern.com / mcb@net.bio.net / mcb@remarque.berkeley.edu