* Reply to msg originally in CYPHERPUNKS
From: mdiehl@triton.unm.edu (J. Michael Diehl)
I had heard a rumor that fidonet forbade encrypted e-mail, but I had to find out for myself. Well, they do.
No, they do not. This is a myth, and you have drawn a mistaken conclusion from your experiment. This thread has already run off into left field by the time I got to it, but to try to drag a little reality back in, I submit the following: FIDOnet has within it SECURENET, which is a netmail-handling network specifically for encrypted netmail. Mail points not wishing to handle PGPed or other encrypted netmail are provided with software to automatically remove PGP netmail and re-route it into the FIDO SECURENET network. FIDOnet has at least two conferences specifically for PGP and other public-key encryption system discussions and key exchange, PUBLIC_KEYS and KEY_DROP (if I remember correctly). Now, the point most internet people forget is that FIDOnet hosts are hobbyists with 100% privately-owned machines and generally pay for the entire participation of their userbase out of their own pockets, excepting a few who get some dollars here and there from their generous callers. As a completely justified consequence, they can decide if they allow encrypted traffic _on their individual BBSs_. In that there is considerable fear of the consequences of illegal activity being conducted on their BBSs via encrypted mail, many sysops (such as the one you mention, leaving aside, for now, that he apparently confused a PGP key with an encrypted message) do not wish to take the risk and forbid encrypted traffic. They also monitor e-mail, if only incidentally during the course of routine system maintenance, and notices to this effect are generally contained in log-on screens and new-user info files. In that these sysops are extremely, _personally_ vulnerable, they are generally more cautious than those internet folks who can hide behind institutions and businesses. In spite of this, there are a very large number of FIDOnet sysops who participate in SECURENET and encourage the spread of encryption technology to the general public.
anonymous@extropia.wimsey.com writes:
Now, the point most internet people forget is that FIDOnet hosts are hobbyists with 100% privately-owned machines and generally pay for the entire participation of their userbase out of their own pockets, excepting a few who get some dollars here and there from their generous callers.
While I agree that this is laudable (in fact, I hereby laud such sysops), I don't think this is much different than small, medium, and large businesses and some private individuals which route Internet and USENET mail without question and without charge on a constant basis.
As a completely justified consequence, they can decide if they allow encrypted traffic _on their individual BBSs_.
Encrypted "traffic"? Encrypted traffic to/from the BBS itself, maybe. However, it seems to me that it's an open question in this discussion as to whether it's legal for the BBS operator to enforce such a restriction on traffic flowing through the machine as part of a multi-hop route.
In that there is considerable fear of the consequences of illegal activity being conducted on their BBSs via encrypted mail, many sysops (such as the one you mention, leaving aside, for now, that he apparently confused a PGP key with an encrypted message) do not wish to take the risk and forbid encrypted traffic.
This is the issue: are such sysops, in the quest to prevent illegal activity, engaging in an illegal activity?
They also monitor e-mail, if only incidentally during the course of routine system maintenance, and notices to this effect are generally contained in log-on screens and new-user info files.
Well, it seems to me that to actually prevent encrypted traffic from flowing through the site, pretty much *all* mail would have to be screened.
In that these sysops are extremely, _personally_ vulnerable, they are generally more cautious than those internet folks who can hide behind institutions and businesses.
But the sad truth may be that they're damned if they do and damned if they don't. Being the owner of the machine and providing a free service don't seem to be relevant facts when examining the practice of e-mail filtering by examination in light of the ECPA. -- Mike McNally
anonymous@extropia.wimsey.com writes:
Now, the point most internet people forget is that FIDOnet hosts are hobbyists with 100% privately-owned machines and generally pay for the entire participation of their userbase out of their own pockets, excepting a few who get some dollars here and there from their generous callers.
I have never forgotten this. But their commitment and efforts do not amount to an amendment to federal law.
As a completely justified consequence, they can decide if they allow encrypted traffic _on their individual BBSs_.
Under what legal theory do they get an ECPA exemption as a "completely justified consequence"?
In that there is considerable fear of the consequences of illegal activity being conducted on their BBSs via encrypted mail, many sysops (such as the one you mention, leaving aside, for now, that he apparently confused a PGP key with an encrypted message) do not wish to take the risk and forbid encrypted traffic.
What they don't realize is that, rather than reducing the risk of legal liability, they are increasing it.
They also monitor e-mail, if only incidentally during the course of routine system maintenance, and notices to this effect are generally contained in log-on screens and new-user info files.
Any monitoring that results *directly* as a function of system maintenance is okay--it's sanctioned by ECPA.
In that these sysops are extremely, _personally_ vulnerable, they are generally more cautious than those internet folks who can hide behind institutions and businesses.
If they were really cautious, they'd talk to a lawyer before setting policy based on some guess as to what their legal liabilities may be. --Mike
participants (3)
-
anonymous@extropia.wimsey.com -
m5@vail.tivoli.com -
Mike Godwin