On Tue, 21 May 1996, Daniel R. Oelke wrote:
Ben Holiday <ncognito@gate.net> wrote:
At this point there are 2 options, which I havnt examined closely: The first is that you require them to send a request for their "consent-code" which can be used to decrypt the mail. Under this arrangment you could
This could be done with no "storage" as well, by a slightly different method and still require end reciepient acknowledgement. The end reciepient could be required to reply and include the encrypted message. The remailer would then decrypt the message and send back the plaintext. Only storage would be the key vs. a message id database.
Well, if we've gone that far, why not attach an encrypted copy of the key to the peice of mail, and eliminate all storage from the r-ops machine?
The second is to simply include the consent-code along with the encrypted peice of mail and a legal notice stating that decryption of the mail constitutes your consent to receive the mail, as well as your agreement to hold the remailer-operator harmless
By reduction - you could just do a rot13 on the message and append the "legal notice". If all the information for decoding a message is present in that message, is a different encoding mechanism really any different from straight ASCII text? (i.e. Netscape 9.13 might have auto decoding built it....) Then, the user doesn't do anything "extra" - does this invalidate the notice?
Donno. IANAL. :)
I might be wrong, but I don't think that this second method would gain you anything in the 2 situations where operators will get hassled. 1) Posting of copyrighted material - the lawyers will at least harass you no matter what kind of legal notice is up front. 2) Mailing of "harassing" information - the person still gets unwanted email, and has no way to stop it.
[RANT MODE ON- skip to the next paragraph if you dont like politiks] Here we are back at step one again. In the end, it would seem that there isn't much that can be done about the worst forms of abuse, without filtering mail for content. However, someone pointed out that other package delivery services have acheived freedom from responsibilty for the content of the packages they deliver - and I beleive that a part of the explanation for this lies in the fact that they /do/ make attempts to limit abuse in-so-far as they are able. Part of limiting the remailers liability is tied up with legitimizing them as a useful service, and establishing to the public that we are concerned with abuse. Too many people beleive that the whole point of a remailer is to facilitate illegal and abusive communication, and unless that changes we can expect to be dealt with as criminals at worst, or at best as purposfully negligent. I'm not certain what the solution is, but I am certain that doing nothing isnt it... [RANT MODE OFF--] One idea that came up a while back was a sort of limited tracking of mail -- an example would be keeping a hash of the email address where mail was received from for 48 hours, with the hash value being attached to the peice of mail as a header. This would accomplish two things: We could source block an address without knowing the source; and if push came to shove an address could be backtracked to its original source, provided a complaint was made in time, and that the Bad Guy sent another mail from the same address. I think that legally there would be a good argument that the remailer ops had made a reasonable attempt and holding lawbreakers accountable, while still preserving the anonymity of non-abusers. Just a thought.. Ben.