Crossposted from FidoNet PUBLIC_KEYS from: GK Pace to: Mike Riddle I just finished reading your article concerning the "laymans view" of the ECPA. I found it very informative, and interesting reading. Thank you for taking the time to study this issue, and share with the rest of us the conclusions you arrived at, upon doing so. I would like to comment upon some of what you've written, in hopes of expanding upon what you have conveyed, and have quoted your article so that those who haven't read your article will find it easier to understand the nature of my comments. ========== Begin Quote ========== Anytime someone passes what they hope to be a private communication to another, they expect that their fellow citizens will respect its privacy. Not only do the customs of society enforce this expectation, statute laws have been enacted to insure it. Thus, everyone knows, or should know, not to tamper with the mail. Everyone knows, or should know, not to electronically eavesdrop ("bug") someone else's telephone calls. And everyone knows, or should know, not to do likewise with computer communications. Alas, not everyone knows that. If everyone did, we wouldn't need laws to protect what ought to be our reasonable expectations of privacy. Not too long ago, the Congress of the United States passed PL 99-508, the Electronic Communications Privacy Act of 1986. In doing so, Congress was recognizing the way technology has changed society and trying to react to that change. ========== End Quote ========== This statement kinda sums up what the discussion is all about... and ties this subject into the provisions of the ECPA. seems like a fitting beginning for the remainder of what I'd like to discuss. ========== Begin Quote ========== What about electronic mail, or "e-mail?" E-Mail has been the single biggest area of misinformation about the new law. First, section 2701 does make it a federal offense to read someone else's electronic mail. That would be exceeding your authorization, since "private" e-mail systems do not intend for anyone other than the sender or receiver to see that mail. But, and a big but, sysops are excluded. ========== End Quote ========== This statement in and of itself lends credibility to the position that we have the right to read any messages passing thru our system... however as you continue to mention, this exclusion is not without conditions, and it isn't necessarily a "right" but is perhaps more accurately defined as an acknowledgement of the technical aspects of our respective systems, and the part we play in accomodating the transfer of E-mail... ========== Begin Quote ========== Whoever staffed the bill for Congress realized that system operators were going to have access to information stored on their systems. ========== End Quote ========== You also of course mention reasons for which this ability might be desired: ========== Begin Quote ========== There are practical technical reasons for this, but there are also practical legal reasons. While the Act does not directly address the liability of sysops for the use of their systems in illegal acts, it recognizes they might have some liability, and so allows them to protect themselves from illegal use. ========== End Quote ========== This statement reeks of common sense... but is there anything in the ECPA which would indicate a "responsibility" on the part of the Sysop to actively monitor such communications, requiring the Sysop to assume the position of censor, police, and/or judge, over the content of those messages passing thru ones system - or does it again acknowledge the techical aspects, and responsibilities the Sysop might be required to exercise in the event the Sysop were to become aware of a message containing potentially illegal information? ========== Begin Quote ========== Sysops are given a special responsibility to go along with this special privilege. Just like a letter carrier can't give your mail to someone else, just like a telegraph operator can't pass your telegram to someone else, just like a telephone operator overhearing your call can't tell someone else what it was about, so sysops are prohibited from disclosing your e-mail traffic to anyone, unless you (or the other party to the traffic) give them permission. ========== End Quote ========== This analysis is again just plain common sense, and again the question arises, are the provisions this refers to those which are acknowledged as technical limitations, accomodating them as such, or are they to be construed as indications that we have obligations above and beyond that which is necessary for the performance of the service we are providing? ========== Begin Quote ========== What all this has said is that the federal criminal code now protects electronic communications the way it previously protected written ones. It understands that mailmen, physical or electronic, have access to the mail they carry, so it tells them not to tell. ========== End Quote ========== This statement seems clear enough... but when viewed from the aspect of the issue of wheather "private" E-mail should be allowed in Fidonet, it gives rise to some questions which can possibly be best conveyed by following the analog you have chosen... i/e that of a mailman, and that of "paper mail". The issue of the Sysop having the ability to read e-mail, as compared to the provisions of the ECPA appear to be more closely comparable to "postcards" being carried by a mailman. In this case, no one could deny that the mailman has a "technical" ability to read the postcards being carried, and that the requirements on the part of the mailman not to divulge such information he/she might happen to notice is clear... as are the responsibilities that would be evident were he/she to become aware of information which could resonably be contrued as illegal in nature. But as in the example of the mailman handling paper mail, there exists the ability to send "private" paper mail, which is enclosed in an envelope. In such cases is is not within the rights of the mailman to open such mail to enable his ability to determine the contents thereof, nor is there any legal responsibility for the mailman to have knowledge of the contents thereof. Indeed it would be a criminal act were the mailman to do so. With the above in mind, wouldn't the introduction of private e-mail capabilities in Fidonet be governed by the same logic? And isn't public key encryption simply the means of wrapping an envelope around e-mail to make it private? -gk --- GenMsg vers:1.14/a * Origin: Privacy... everyone needs it, Lets Route it thru FidoNet (1:374/26) SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 40 111 125 SEEN-BY: 125/180 1212 203/1 23 205/10 209/209 280/1 390/1 396/1 ;;PATH: 374/26 12 1 151/1003 13/13 396/1 203/23 125/125 33 -- tom jennings - via FidoNet node 1:125/555 UUCP - ...!uunet!hoptoad!kumr!fidogate!111!tom.jennings INTERNET - tom.jennings@f111.n125.z1.FIDONET.ORG