Al Billings writes:
As has already been shown from Fidonet policy, Fidonet does not guarantee private mail in any from and, in fact, advises that mail will be going through many sites and can be read along the way.
You could be extrapolating from Fidonet's refusal to *guarantee* e-mail privacy (after all, how could Fidonet *enforce* it?) that all users of every Fido BBS everywhere have waived their rights under ECPA. My understanding is that Fidonet policy was drafted not in order to comply with ECPA, but to acknowledge that, in this decentralized network, there was no authority a user a could appeal to if his e-mail was not kept private. But I'd be interested in seeing a direct quote of the policy provision you're alluding to here. And what about me? I don't post from a Fido BBS, so even if there's a Fidonet-wide waiver of ECPA rights, it's not a waiver *I* have agreed to. What if mail from me passes through a Fido node on its way to a non-Fido destination?
The third point does not apply if the sysops offer no private mail in the first place.
Certainly, if they offer no mail at all, they're not liable, since no mail passes through their systems. But the interesting case is this: let's assume that you're right that all Fido users everywhere have agreed to waive their ECPA rights. Then are the sysops who reserve their right to read e-mail reading *all* e-mail that passes through their systems? If not, this puts the lie to the claim that they're limiting their liability by reserving their right to read e-mail. After all, the criminally significant communications may be the ones they're skipping. In general, criminal liability depends on *knowledge*--you normally can't be held criminally liable for acts and communications you didn't know about. I know of no case in which a sysop has been held *civilly* liable for failing to read all e-mail on his system. So, in terms of classic risk analysis, what does that statistic tell you?
I suggest that you inform sysops who tell you otherwise that they can contact me at the Legal Services Department of EFF. You've got my e-mail address already--my phone number is 202-347-5400.
I don't need sysops to tell me otherwise.
I wasn't referring you to any sysops.
I've been running my own BBS for over three years. My system has a very clear policy statement that refers to the ECPA and states VERY clearly who can read the messages posted on my system in different areas. As I'm not a Fido hub (and barely participate in that network at all), I don't have to worry about passing other mail through my system.
If all your users have agreed to waive their e-mail privacy rights, and you're not dealing with any mail that does not either originate or terminate on your system, then you're not in violation of ECPA. --Mike