Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!lll-crg!lll-lcc!well!tenney From: tenney@well.UUCP (Glenn S. Tenney) Newsgroups: net.mail Subject: Re: Congress is now debating the future of Usenet Message-ID: <1683@well.UUCP> Date: Wed, 27-Aug-86 03:39:24 EDT Article-I.D.: well.1683 Posted: Wed Aug 27 03:39:24 1986 Date-Received: Wed, 27-Aug-86 20:56:10 EDT References: <1632@well.UUCP> <1013@hoptoad.uucp> <15341@ucbvax.BERKELEY.EDU> Reply-To: tenney@well.UUCP (Glenn S. Tenney) Organization: Whole Earth Lectronic Link, Sausalito CA Lines: 81 In article <5615@topaz.RUTGERS.EDU> root@topaz.RUTGERS.EDU (Charles Hedrick) writes: >One of the interesting issues is how the proposed changes would affect >mail within our campus. Currently we have what I regard as a >reasonable privacy policy. Users' files will not be divulged to >anyone else unless there is a good reason for doing so. However good >reasons can include University proceedings, and investigations by the >system administrators involving resource usage or system security. I >am hoping that nothing in the law will require me to get a court order >to look at mail files on my own system, should I have a good reason >for doing so. (Note that this is not something that I do under normal >circumstances. But if I have probable cause to think that a user is >doing something damaging, and that looking at their mail file will >show it, I do not want to have to go to the police in order to proceed >with an investigation. It should be possible to authorize this by an >internal administrative proceeding of some sort. In general we try to >avoid bringing down even the campus police on our students, except in >really extreme cases.) My reading of the bill says that you, as an employee of the service provider, can look at all communications either: as necessary and incident to rendering the service, or to the protection of the rights or property of the provider; and for forwarding the mail. I find it *INTERESTING* to think that the bill says the rights or property of the provider, so the university security force can look at all E-Mail just in case some student talks about infringing ANY rights of the university --- !!! BIG BROTHER !!! This stinks!!! > >It is not clear to me exactly what is protected. Most people seem to >think that mail in transit through my site is protected. But once >mail gets into the user's files, is it still protected? I am hoping >that it is not. Otherwise we will have to have special flags in each >byte to indicate whether the byte arrived via computer mail or not. Sorry, but it seems to be protected in transit AND within your site. >It is also not clear to me that everything that is called electronic >mail really is, according to the law. The law clearly has in view >third parties providing a service to the public. Presumably it should >still be possible for a company to route its memos among its staff >electronically, without suddenly finding that it can't look at its own >memos if the right person doesn't happen to be around to authorize it. >I suspect that our lawyers will take the position that we are not >providing general electronic mail service to our students. Rather, we >are providing simplified ways for them to receive and turn in >assignments, etc. I.e. they are using our computer only for what is >broadly considered University business. They are not end users in >the same sense as a user of a public timesharing system. Hmm. First, the bill talks about electronic communications services and remote computing services and the storage within those systems which you are providing. The bill talks about providing these services to the public. Well, if you are a net site forwarding e-mail for other sites, there is no question that those communications are protected. As for your students, are you a public university? Do you receive public funds? etc. My gut feeling is that even a private university really is providing services to that segment of the public that is able to pay for the services (ie. tuition). >If the term "public" turns out to have a crucial role, as I suspect it >will, we are likely to find ourselves in the same situation as with >our campus roads. Once a year we close all of our roads, just to >prove to people that these are strictly internal University resources, >and not a public road. I think we may want to take the view that we >have an agreement with a few neighboring sites to exchange data via >UUCP, but we are not provding an electronic mail service to the >public. Once a year we may decide to bounce all communications for a >day, just to make it clear that we are not in the mail business. Does >this make any sense to anybody? - - - slight subject change here - - - Another related, but perhaps missed point in the bill of special interest to universities is that it is a crime for someone that "intentionally exceeds an authorization to access that facility" in addition to the usual break in! This crime can have a fine of up to $250,000 and a year in prison. What a tool for power hungry security people to use on students that like to play around to see what their limits are. Just one short sentence, but what an affect. -- Glenn Tenney