-----BEGIN PGP SIGNED MESSAGE-----
Karl Barrus writes:
I mention this because I have asked and been told repeatedly by an attorney friend of mine that running a remailer on a system where you don't have authorization to do so is a violation of the ECPA. (i.e. access beyond what the system administration intends for you to have).
I would be interested in what legal research your attorney friend engaged in in order to come to this conclusion. Possibly it would be a
Sure. The attorney is Ed Cavazos (polekat@well.sf.ca.us) - I met him first as a user on his BBS (Bamboo Gardens, WWIVnet, now in Houston after years in Austin) where he runs Modem/BBSLaw net, and then in person a few times at EFH (Electronic Frontiers Houston) meetings or events. He was involved in the Steve Jackson vs. Secret Service case, not as lead attorney, but as an assistant. Since this is the only case involving the ECPA to hit the courts and he was in on it, I'm going to have to go with his judgement, unless somebody can argue super persuasively (and preferably convince him too!) As a side note at the last EFH event, we had about 50 people in a room talking about the Clipper Chip and its cons - people that stayed after his talk on legal issues in cyberspace. Anyway, I've asked him several times about the legality of remailers, and during his last talk he addressed them, again ;). Like a fool, I didn't take notes, but from what I remember, the ECPA: * forbids others reading private communications * makes it a crime to attempt unauthorized access on a system with private communication facilities (i.e. email) * forbids you from access above/beyond what the system intended for you I think there is one more thing that goes along with the ECPA, but I can't remember. I will email polekat and ask again, hopefully in a few days or so he'll be able to get back to me. Again, this is all from memory. Anyway, the last one is the key. It says the even if you are a legit user, the following are still illegal: * you find a way to defeat security * you read files that you aren't supposed to, even if the permissions let you * you run programs or use the system in any way that the system administration didn't intend for you (i.e. you run crack all the time or you run a remailer) Now, I was careful to make a distinction: running a remailer on a current account, and running one on an old account. (Because the four remailers I used to run were on old account of mine when I was a student at UH. Now I am at Rice, and Ed said it is DEFINITELY a violation to run a remailer on an account you aren't even supposed to have anymore) But, he said that even running one on a current account is a violation unless you have permission. I mean, I don't mean to scare anybody or spread FUD - for example I am not out of the remailer business ;) it's just the next one I set up will be with the approval/blessing/whatever of the system administration!
violation if running a remailer was specifically prohibited by the operator (though this sounds more like a contract problem than an ECPA
Well, the way it is prohibited here at Rice is by a policy which forbids sending mail to any unauthorized or nonstandard program. Stuff like filter, procmail, slocal (if MH were on owlnet ;) would be allowed, but definitely not a remailer.
Holding this to be a violation is also particularly silly since it would make unlawful the doing of something by instrumentality of software an act which can easily be done (and was done, before the current era of software remailers) by hand. One would solicit for
Yeah, but by this logic why is it illegal to export cryptographic software when you can print it and mail it anywhere you please? Silly, yet illegal. Karl Barrus <klbarrus@owlnet.rice.edu> -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLYH9GoOA7OpLWtYzAQE1cQP+MvYFldT0fkfMa66vz8bdj3eqwleuKohb VJzmBZolS2ki0D/Wz01BkCxyhUj4ENLCT1zr6C+mWw7cFhyx+MuTnKKOWPWyiTp7 9NgkyjYhqw66jCIXvP/s828sY831OhcBe7iZTjcuvGTPuPzbuV04J7Exj1DYPfp5 WeGl0kZ5+dE= =i4en -----END PGP SIGNATURE-----