F I D O N E W S -- Vol.10 No.45 (07-Nov-1993) +----------------------------+-----------------------------------------+ | A newsletter of the | | | FidoNet BBS community | Published by: | | _ | | | / \ | "FidoNews" BBS | | /|oo \ | +1-519-570-4176 1:1/23 | | (_| /_) | | | _`@/_ \ _ | Editors: | | | | \ \\ | Sylvia Maxwell 1:221/194 | | | (*) | \ )) | Donald Tees 1:221/192 | | |__U__| / \// | Tim Pozar 1:125/555 | | _//|| _\ / | | | (_/(_|(____/ | | | (jm) | Newspapers should have no friends. | | | -- JOSEPH PULITZER | +----------------------------+-----------------------------------------+ | Submission address: editors 1:1/23 | +----------------------------------------------------------------------+ | Internet addresses: | | | | Sylvia -- max@exlibris.tdkcs.waterloo.on.ca | | Donald -- donald@exlibris.tdkcs.waterloo.on.ca | | Tim -- pozar@kumr.lns.com | | Both Don & Sylvia (submission address) | | editor@exlibris.tdkcs.waterloo.on.ca | +----------------------------------------------------------------------+ | For information, copyrights, article submissions, | | obtaining copies and other boring but important details, | | please refer to the end of this file. | +----------------------------------------------------------------------+ ======================================================================== Table of Contents ======================================================================== 1. Editorial..................................................... 2 2. Articles...................................................... 3 Sysop Liability for Enroute (and/or Encrypted) Mail......... 3 Online Home Educator's Support Network...................... 8 TVNet is public/ALLFIX_REQ echo............................. 9 Consultants and Consulting Organizations Directory.......... 12 Hi!......................................................... 12 Reply to "The Spirit of Fidonet is Crying, Part 1".......... 13 The I95 (Interstate 95) and WHIRLYBIRDS Echoes.............. 14 Free Listings in the Encyclopedia of Associations........... 15 Glad to be of service....................................... 16 Just Say Yes to ",UUCP,".................................... 17 The Growth of Modern Trends in Organisational Control....... 17 A [for once brief] Response................................. 19 Articles of Faith........................................... 22 Reorganisation of UK Fido................................... 23 3. Fidonews Information.......................................... 25 FidoNews 10-45 Page: 2 07 Nov 1993 ======================================================================== Editorial ======================================================================== We have a large issue this week, with many interesting articles. The first article, written by Mike Riddle, was accompanied by the file BBSLAW.ZIP. That file contains much of interest to the average sysop, and is FREQable from our BBS. Many thanks to Mike for lending us his expertise. You may notice our snail mail address has changed. We're still in the downtown core of Kitchener, but now have more room for Bink and Squish [tiny fuzzies]. I hate moving. . And sorry about the delay in correspondance, i'm a week behind, due to moving and a fire at the gallery. All our paintings are smoke-dammaged but no-body was hurt, thank goddess. Accidental smoke colouring desn't bother me. Maybe i like images more when they're weathered, affected by random circumstance and fire. Fire is interesting as long as nothing sensitive gets badly burned. Recently we were reading "Small Fires Letters from the Soviet People to Ogonyok Magazine 1987-1990" and thinking about the net. Ogonyok was the name of a Soviet weekly magazine which published extremely varied letters from readers, pushing the limits of Perestroika and opening a forum for all kinds of previously suppressed opinions. Kinda reminds me of Tom Jennings. Even if issues of beurocratic/formal cencorship or social taste/mores were humanely and non-repressively managed by big wheels and little cogs, we would all still have to cope with what the letters department of Ogonyok magazine refered to in this book we were reading 'internal' cencorship. I love the idea that anything goes and i can press a page down key or whatever and be my own censor and not have to bully anyone into saying only what i want to hear. But i still have to wrestle with my own blindness and stupidity and tendency to think in familiar patterns. I might miss a lot if i don't try on a little bit various styles of judgement to see whether or not i like them. FidoNews 10-45 Page: 3 07 Nov 1993 ======================================================================== Articles ======================================================================== Sysop Liability for Enroute (and/or Encrypted) Mail Mike Riddle 1:285/27 [The following article is under submission. Reproduction on computer bulletin boards is permitted for informational purposes only, provid- ing that it remains intact with copy right notice and disclaimer. Copyright (c) 1993 by Michael H. Riddle All other rights reserved.] SYSOP LIABILITY FOR ENROUTE (AND/OR ENCRYPTED) MAIL Recently email systems in general, and Fidonet in particular, have seen a great deal of debate about the potential liability of sysops for material entered on or passing through their systems. This article attempts to discuss the laws, legal issues, and court deci- sions known to bear on the subject. While the law is unsettled on the liability of sysops for netmail on their systems, enroute or otherwise, any liability attaches regardless of enroute or encrypted status. Since liability, if any, increases with actual sysop knowledge of the contents, encryption will not increase any sysop liability and may, in fact, diminish it. FACTS Many individuals operate computer bulletin boards as a hobby. Many of those bulletin boards (BBSes) are members of one or more networks, passing messages in a store-and-forward manner using the public switched telecommunications network. Many of those sysops have their BBSes configured to allow private electronic mail to be routed through their systems, either as a service to their users or as a requirement of their membership and status in the network. Traditionally, such "private" mail was stored on the system in a form that is readable by the persons or entities operating the system. Depending on the configuration and software involved, such private mail might be easily read, or might be read only if a deliberate attempt to do so was made, but in any event was available in ASCII format at some point, and/or was stored using one of many compression schemes that could be read by anyone with the proper software. As a result of relatively recent technological developments, individu- als now have the capability to encrypt data using their personal computers, without using extraordinary amounts of time. Public key cryptography systems, such as PEM or PGP, have been publicly released and are seeing increasing use. The obvious result has been the use of encryption for the contents of routed mail packets. For perhaps the first time, sysops who route mail have started inquiring about their liability for such mail, since the perception of safety that came from a technical ability to read the mail is not present with encrypted mail. FidoNews 10-45 Page: 4 07 Nov 1993 CRIMINAL LAW Sysops providing "private" mail service operate under the terms and limitations of the Electronic Communications Privacy Act of 1986 (ECPA) (18 U.S.C. ss 2510 et seq.). This section will, of necessity, be somewhat "legalese." I've tried to make it as readable as possible and still discuss the technical (in a legal sense) points that ought to matter to sysops investigating their legal status. Whether or not the ECPA appears to allow providers of "electronic" (as opposed to "wire") communications the legal ability to monitor the messages on their systems is a matter of some dispute. The best answer is that the law on the subject is unclear. From the act: "'wire communication' means any aural transfer ...." 18 USC 2510 (1). On the other hand, "'electronic communication' means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature...." 18 USC 2510 (12). "It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire *or electronic* [Note 1: see discussion below] communication service, whose facilities are used in the trans- mission of a wire [Note 2: see discussion below] communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks." 18 USC section 2510(2)(a)(i) (emphasis added). One of the drafters of the act has indicated that the exception limiting "wire," but not "electronic," communication stems from the drafters' knowledge of the state of the art at that time; however, the distinction is present in the law. From this two arguments can be (and have been) made. First, that by prohibiting only providers of "wire" communications from service observing or random monitoring, the drafters did not intend "elec- tronic" communications to be subject to the same restrictions and that service observing or random monitoring of electronic communications are not prohibited. But the counter-argument is that while the law exempts "providers of wire or electronic communication service, whose facilities are used in the transmission of a ... communication, the exemption does not specifically allow for "electronic" communications, only wire. There is an internal inconsistency caused by the failure either to omit the two words *or electronic* [Note 1] or to include them [Note 2] in section 2511(2)(a) at the points indicated by my insertion of [see discussion below]. One of the drafters of the ECPA recently commented that the legisla- tive history supports the position that electronic communications were exempted from the act's general prohibitions; that is, the drafters intended to place special protections on voice, normally telephone, communications while allowing real-time monitoring of electronic communications as defined by the act. It now seems clear to me that there is a glitch in ECPA with FidoNews 10-45 Page: 5 07 Nov 1993 regard to real time access for security purposes to elec- tronic messages. 2511(2)(a) was supposed to allow monitor- ing of electronic communications for security purposes by the sysop -- the legislative history makes that clear and distinguishes monitoring of voice which is more limited. But the amendments failed, for technical reasons, to add "and electronic communications" after the single reference to "wire" -- so that the literal text now appears to read to allow this type of security- based monitoring only with regard to wire communications. There are some other argu- ments [that would allow it]--but none is as bullet proof as the section would have been if it had been written as I think all intended. This ambiguity is what led to the Department of Justice recommendation that system administrators at government computer sites place explicit disclaimers at logon, warning that keystroke monitoring or service observation might be used, if they thought they would ever want to use this technique. The above discussion applies primarily to real-time monitoring. In the only known decision construing the ECPA, the distinction between "interception" (i.e., real-time monitoring) and "access to stored communications" was essential to the holding that no "interception" had taken place. Steve Jackson Games, Inc., v. U.S. Secret Service, 816 F. Supp. 432 (W.D. Tex. 1993). However, due to the nature of store-and-forward mail, the mail remains in storage for some period, and it is clear that the sysops legally have access to the material in storage. However, sysops are limited in what they can do with their knowledge, if any, of the mail in storage. With some limited excep- tions, they may only disclose it to the sender or to the intended recipient. They are required to disclose it pursuant to court orders and subpoenas, but the ECPA gives particular instructions on how such are to be obtained. And the sysops *may*, with respect to stored communications, disclose the contents to a law enforcement agency if the contents were *inadvertently* obtained *and* appear to involve the commission of a crime. 18 USC 2702 (b)(6). The sysop also may disclose the contents of a communication "as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service." 18 USC 2702(b)(5). Deleting any mail that does not comply with the sysop's ideas of propriety or appropriateness is *not* specifically autho- rized. CIVIL LAW The ECPA also provides for civil remedies by the person aggrieved by an illegal disclosure of the contents of a private message. 18 U.S.C. 2707 et seq. Over and above those limitations, the civil laws of forfeiture gener- ally allow the government (state or federal) to seize property for which probable cause exists to believe is the instrumentality of a crime, and the lawful owner may attempt to recover in a civil action. The burden of proof is upon the person claiming the interest in the FidoNews 10-45 Page: 6 07 Nov 1993 property to prove the property was *not* the instrumentality of a crime. ANALYSIS Many sysops post some kind of disclaimer, either as a bulletin or as part of a service contract, formal or implied, that no "private" mail exists on their system. A threshold question is "what is 'private mail' for the purpose of the ECPA or any other law or civil action?" Notwithstanding any bulletin or disclaimer, almost all mail software asks or treats some messages as "private." In the Fidonet protocols, there is a defined bit in the message which gives the privacy status, thus giving rise to an expectation of privacy. Also, netmail is generally readable only by the sender, intended recipient, an