On Mon, Aug 06, 2001 at 11:51:46AM -0400, Trei, Peter wrote:
jamesd@echeque.com[SMTP:jamesd@echeque.com] wrote:
I am unable to reconcile Black Unicorn's recent post, where he denounces almost the entire cypherpunk program as illegal by current legal standards and a manifestation of foolish ignorance of the law and obstinate refusal to take his wise advice, with the conjecture that Black Unicorn is aware of current recommended best practice in record keeping.
I've mostly been staying out of this stormy little teacup, but I'll concur that BU is overreaching himself. When he starts to claim that writing security software to best industry practices - erasing sensitive data as soon as it's need has passed, clearing disks and buffers, etc - all practices mandated for meeting certain government FIPS levels, and widely documented as standard - when he claims that writing programs correctly could get me in trouble - then it's time to downgrade my estimates of his knowledge and expertise.
Peter Trei
I read him as suggesting that some ambitious prosecutors might possibly try to extend spoliation to that point, not that they're doing so now. A bit of Googling finds a good definition of spoliation (in California): ---- Plaintiff possessed a potential defense to a claim for damages against a defendant. Defendant knew or reasonably should have known of this claim for damages by plaintiff. Defendant knew or reasonably should have known of the existence of the physical evidence and knew or reasonably should have known that it might constitute evidence in pending litigation involving plaintiff. Defendant knew or reasonably should have known that if he did not act with reasonable care to preserve the physical evidence, the potential evidence could be destroyed, damaged, lost or concealed. Defendant failed to act with reasonable care. Defendant's failure to act with reasonable care caused the destruction of, damage to, or loss or concealment of such evidence. As a result, plaintiff sustained damage, namely plaintiff s opportunity to prove its claim was interfered with substantially. ---- As BU points out, if "reasonably should have known" can be defined in court as "you were running a service that allowed drug dealers and pedophiles to send anonymous email", talking about FIPS 140 etc. won't help much in front of a jury of Oprah-watching "peers", even if it's factually and technically correct. Are things this bad already? I don't know, but it wouldn't suprise me. A murder case in silicon valley recently finished. The jurors were interviewed by the local paper. When asked why they convicted the defendant on circumstantial evidence, the answer was "he felt guilty". Eric