Xref: utzoo news.admin:7718 misc.legal:12371 Path: utzoo!attcan!uunet!cs.utexas.edu!rice!uw-beaver!milton!max!wcn From: wcn@max.u.washington.edu (W C Newell Jr) Newsgroups: news.admin,misc.legal Subject: Re: Usenet and legal liability Message-ID: <10814@max.u.washington.edu> Date: 21 Nov 89 23:40:56 GMT References: <25683CAB.25106@ateng.com> <10771@max.u.washington.edu> Followup-To: news.admin,misc.legal Organization: University of Washington, Seattle WA Lines: 122 Multiple overlapping responses: ------ From: karl@cheops.cis.ohio-state.edu (Karl Kleinpaste) > No, you can't prove distribution. > > You miss entirely the point that a forgery, a really good forgery, > wouldn't even appear to have come from its genuine source. > [technical info deleted] OK, I'll speak more slowly. I know something about network theory, and I will stipulate that UUCP and NNTP are insecure and that people can hack their own datagrams, etc. You cannot prove >origin<, but you can prove >distribution<. The fact that a copy of your article sits on my disk proves that distribution occured. Since we get our feeds from exactly one source, the NSFnet backbone, it can be proven that NSF (or more properly Merit, the entity that administers NSFnet), acted as a distributor of any problematic articles we may have received. While proof of origin would supercede, this may be enough to assess liability. If you doubt this, I advise making sure you have a good lawyer to back you up. ------ From: davidsen@crdos1.crd.ge.COM (Wm E Davidsen Jr) > The enforcability of this is *very* dubious. There is a principle that > there is no responsibility without control. Usenet has the same control > over the traffic as the phone conpanies do over their traffic (none). NO! Class action lawsuits forced the USPS to grant consumers the right to refuse junk mail, in particular sexually explicit mail. The USPS is liable if they deliver something in the face of a written customer refusal. It is my understanding that litigation is pending against the phone companies on this same issue, in the context of computer-generated "junk phone calls". Moreover, the phone companies have all sorts of control if I report the receipt of harassing calls. Read the front of the phone book about the procedures to follow. That stuff isn't there as a public service; it's all been agreed to by federal agencies and lawyers and such, to protect the carriers from liability. Usenet has no formal procedures in place to investigate alleged abuses, and most sites seem to be thumbing their collective noses at the security issues, so the question of liability is wide open. If you doubt this, I advise making sure you have a good lawyer to back you up. > Unless you postulate some responsibility for each site to approve each > article before feeding or posting it? It is not necessary to go to that extreme. It is a good idea to make sure your site's access policy is well publicized and available to any user for reference. It is also a good idea, and may eventually become a legal requirement, to explain to users how to report problems, and to make sure you can document their investigation and resolution. > [...] The kicker is that there is no solid way to prove > authorship, approval, or posting site. There *is* a body of technical > opinion which states that a good forgery is impossible to detect, since > bits all look the same when they come in the modem. A "good" forgery is like a "perfect" crime; the perpetrator gets away with it. But what about a not-so-good forgery? I predict that we'll eventually start seeing a bunch of these. The comparison between the computer networks and the phone companies suggests that the strategy of hiding behind transport level security holes won't stand up to a serious court challenge. ------ From: tgl@zog.cs.cmu.edu (Tom Lane) > Say what? Do *you* read every one of the articles that comes down the > line? Last I looked there were about 3500 on an average day. The > notion that anybody filters this stuff is laughable. Filter by group, not by individual article. > In any case most large sites don't even bother to exercise control over > newsgroups. We periodically weed out stuff that isn't on Spaf's lists, but > the contents of our junk spool prove that most of our neighbors don't even > do that. Speak for yourself. We won't hesitate to pull a group if there are multiple complaints. My personal feeling is that the showdown is likely to occur over alt.sex.bondage or perhaps one of the talk.* groups. People seem to have forgotten the controversy that erupted at Michigan when some users threatened to sue the University over allegedly racist material on their local bulletin board. They opted to shut down the board altogether, and that story (the board's closure, not the debate over its contents) made page 1 of the NY Times. We have investigated complaints about material posted on our local system, and much of the legal opinion I cite is derived from my personal involvement with that process. ------ From: henry@utzoo.uucp (Henry Spencer) > Usenix got a real, formal, proper-charlie legal opinion on this issue a few > years ago. The answer to "are Usenet sites innocent common carriers or > guilty co-publishers?" is "NOBODY KNOWS". There are arguments both ways and > no adequate precedent. A court might well choose some intermediate position. I agree completely with the "nobody knows" part. The point I'm trying to make is that I've heard valid legal arguments on both sides. I am getting very frustrated with the recurrant postings by some admins which proclaim their sites to be immune from liability, when there is another side to it and the central issues have not been tested in court. It should also be noted that a legal opinion which considers only privately held UUCP connections may be entirely different from one which looks at the implications of federal regulation of the Internet. The newsgroup feeds have only been carried on the NSFnet backbone for a year or so. There exists a draft of an official "access policy" for NSFnet as a whole, which may soon have significant influence on this discussion. I have this nagging feeling that there is a hidden motive to these articles, namely that the spectre of legal hassles, and the suggestion that these can be avoided as long as Usenet has no formal organization or structure, are being used as a scare tactic to forestall any attempts by the large academic sites to propose administrative changes. As I have said before, the result could be the division of Usenet as we now know it into separate hierarchies. I think we are already starting to see evidence of this trend. Bill Newell Systems Analyst, Applications Consulting Group University of Washington WCN@MAX.U.WASHINGTON.EDU