Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!cbosgd!mark From: mark@cbosgd.UUCP (Mark Horton) Newsgroups: net.mail Subject: S.2575 Elec Comm Priv Act Message-ID: <2492@cbosgd.UUCP> Date: Thu, 28-Aug-86 15:53:38 EDT Article-I.D.: cbosgd.2492 Posted: Thu Aug 28 15:53:38 1986 Date-Received: Fri, 29-Aug-86 08:28:57 EDT Organization: AT&T Bell Laboratories, Columbus, Oh Lines: 71 Keywords: Electronic Communications Privacy Act of 1986 I spent about half an hour on the phone with Ann Harkins (of Sen. Leahy's office) the other day. In general, she was extremely helpful and cooperative in helping explain the intent and workings of the bill. We were concentrating on the sections 2701 and 2702 which have been discussed in this newsgroup. It seemed pretty clear that there was no intent in the bill to interfere with the sort of thing that Usenet and UUCP do. In fact, the actual structure of the bill doesn't appear to cause any problems, although there may be some tweaking that will be needed to make it explicit enough that we won't be supporting lawyers kids orthodontists while the courts get interpretations of what the authors had in mind. There is a document she referred to as the "House report" which goes along with the bill. This report explains the intent of the bill. (I hope to have paper copies of both shortly, but don't have them yet.) One of the things the report states is that it is not the intent of the bill to interfere with BBS's and similar systems. She called such systems "public access systems", although that term does not appear anywhere in either document (it should be defined). It seems clear that Usenet is a public access system, and that anybody who wants to be considered such a system (for example, UUCP or Stargate or Rutgers) can declare themselves to be one in their public literature (so the users know about it.) This has the effect of extending the authorization of all users to be allowed to see everything, rendering them exempt from the nondisclosure provisions. (It also makes it legal for anyone to read anyone elses mail, but that is the current situation, legally, anyway.) For a less drastic situation, even if, say, UUCP doesn't make such a declaration, it's still no problem. If a dead letter is droped in the mailbox of an SA somewhere along the path, this is considered to be the normal course of events; that SA is authorized to read such mail. (By having mail to "uucp" or "MAILER-DAEMON" be forwarded to him, the owner of the system is authorizing this SA to see it.) If sendmail burps and, due to a bug, a letter is dropped in the mailbox of a random user, then it's also OK. You can't throw a program in jail, and you can't show intent of a program. 2702 (a) says "a person or entity providing an electronic communication service to the public shall not knowingly divulge..." The key words are "entity" and "knowingly". The former is not defined anywhere (it should be) but is generally taken to mean a person or an entity made up of persons (e.g. a company or user group) but not a program or computer system. "knowingly" is legally defined somewhere, and it means a person had to deliberately do something to steal the mail, intending to steal it. An accident of software, or even lazyness of an SA not fixing a bug, are not "knowingly" doing anything. If you look in the front of 2701, the offense is to "intentionally access without authorization". If you can't show that a person "intentionally accessed without authorization", then no offense has been committed, and there's nothing to charge with. "Intentionally" is even stricter than "knowingly" but is the same basic idea. As to Rutgers concerns over internal policing and what to do with mail after the user has saved it, I think this is getting just a little paranoid. It's a federal crime to smoke marijuana, too. Does this mean that if a resident advisor smells pot smoke coming under the door of a dorm room, they have to call the feds? Of course not - internal policing is the rule. The laws are just there if someone wants to enforce them. It requires a complaint to the feds to start it off. Once mail has been read by the user (e.g. it's out of /usr/spool/mail or /usr/mail) it's the users to do with what they wish. There are federal laws against tampering with paper mail, too, but if I paper mail you a letter, once you've opened the envelope and taken out the letter (or perhaps once you've taken the envelope out of the mailbox) those laws no longer apply, you can post it outside your door or show it on the 6 O'Clock news if you want. (This ignores copyright considerations, which are not to be enforced by software.) Mark