PGP in FIDO

[Mike Godwin]

anonymous writes:

> In that FIDOnet mail points (or individual BBSs) are not required to
> pass or accept encrypted FIDO traffic under FIDOnet rules, some run a
> specific program that scans for the "PGP MESSAGE" string and bumps it to
> a SECURENET mail hub (or, in some cases, _kills_ it).  It is not done by
> individual, personal inspection - at least not at mail hub level.
 
Absent waiver by users, this may still be an ECPA violation.

> Anyway, the ECPA is basically irrelevant in the BBS world, as 1] almost
> every BBS states at log-on that there is no such thing as truly
> "private" e-mail on the system as the sysop can, will and does see
> messages in all areas, and 2] he is personally _liable_ for any illegal
> activity on his BBS, so he can reasonably be expected to keep an eye on
> e-mail for anything that will put his ass in a sling.
 
Item (1) is the relevant item--if users agree to waive their ECPA rights,
there's no legal problem, although there may be ethical ones.

As for (2), well, there's no legal theory that says that a sysop is liable
for for any illegal activity on his BBS. The criminal law, in general,
does not make people liable for the conduct of others in the absence of
knowledge of that conduct.

Please, please don't make assertions about criminal liability based on
FIDO mythology.

> There has been a very heated war in FIDOland over PGP and other
> encryption.  Considering the risk that sysops take on by permitting
> secure (?) communication on their BBSs, I must say I admire their
> courage when they allow it and participate on SECURENET.

When you refer to the risk they're taking, could you be precise? What
statistics do you have that support the statement that FIDO sysops are at
risk if they allow encrypted communications? To my knowledge as a lawyer
who works in this area, no sysop has been held liable for allowing
encrypted communications on his or system.

 

--Mike