Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version VT1.00C 11/1/84; site vortex.UUCP Path: utzoo!watmath!clyde!burl!ulysses!bellcore!vortex!lauren From: lauren@vortex.UUCP (Lauren Weinstein) Newsgroups: net.mail Subject: Re: Reading other peoples' mail Message-ID: <923@vortex.UUCP> Date: Fri, 2-May-86 15:08:15 EDT Article-I.D.: vortex.923 Posted: Fri May 2 15:08:15 1986 Date-Received: Sun, 4-May-86 05:32:03 EDT References: <2123@peora.UUCP> Organization: Vortex Technology, Los Angeles Lines: 68 Given some of the laws that are pending, it may well be the case that ultimately, the letter of the law would require that every piece of mail passing through an intermediate site be screened before being passed on. There is all sorts of legislation pending involving child pornography and other illicit activities that doesn't seem to draw any distinction between active and "passive" participation in the passing on of material. Similar examples can be drawn from the world of BBS's. There have been several BBS cases where operators were prosecuted when "patterns of abuse" indicated that they encouraged the use of their facilities for illicit purposes. The board operators claimed they didn't know what sorts of messages were being sent. In one case at least, this argument was rejected by the court. Now, obviously not all cases involving BBS operators have gone in that direction, but the point I'm making is that there is considerable fluidity in the laws in this area, and it looks, at this time, as if pending legislation may put increasing responsibility on intermediaries in message transmission. I don't propose at this point to discuss the pros and cons of such responsibility. Nor would I want to hazard a guess about what these various pieces of legislation will look like if and when they become law. One can only hope that such laws will be "reasonable" and take into account the technical realities of the situation. But in the meantime, while everything is in such a state of flux, it seems only prudent to avoid putting other people into a possibly risky situation. Since at least some courts view message encryption with a "if they have to hide what they're saying they must be trying to do something wrong" attitude, avoiding the use of encryption except with the permission of the third parties would seem the best course, for the time being, anyway. I certainly hope the law doesn't put people into the position of being legally required to read all mail that they handle. But I can imagine a requirement that certain sorts of mail be blocked once you are made aware of the fact that your site is passing illicit traffic. If you're faced with large volumes of encrypted mail, you may not be able to implement such controls, which could well anger the courts. But this is all academic, since nobody knows which way the courts will ultimately rule on any of this. That's the whole point--nobody knows! If someone wants to send a message that contains material so personal or so sensitive that reading by an intermediate party would be a disaster, then setting up a direct connection would seem the most appropriate course of action by far. As for the general topic of reading other people's mail (legal issues aside for now)... My own feeling is that mail shouldn't normally be read unless some abnormality makes it appropriate. Such abnormalities may include failed/misaddressed mail and "bizarre" usage patterns. By "bizarre" I mean extremely high volume. I once saw about 500 messages in a queue, all of almost identical length (about 1000 bytes) to sites scattered all over the place. Given that kind of volume, I wanted to know what the hell was going on. I discovered it was somebody just playing loop-d-loop with the network, trying to pass the same message which essentially said "test" back and forth through every site he could find--a total waste of the money of many sites. I sent the person a message telling him he shouldn't do this, and he said, "Gee, thanks! I didn't know it was costing anybody money! I was just playing." Wonderful. Luckily for all of us, these sorts of situations don't come up very often, so normally we can leave things pretty much alone. I don't think it's polite or appropriate for a system admin to randomly read mail just for "fun" when there's no administrative reason to do so and I would never suggest or condone such actions. --Lauren--