Re: Monitoring, Flow Stats (Re: spam whore, norcal-systems)
At 01:08 PM 2/3/1999 -0800, Dan Hollis wrote:
On Wed, 3 Feb 1999, Dean Anderson wrote:
One doesn't lose privacy protections merely because they are or might be doing something you don't approve of.
In regards to electronic communication and undesirable activity (or in violation of a signed AUP), the privacy protection defense is an extremely weak one, and has been rejected by judges. Basically if what youre doing is in violation of an AUP that you signed, judges have ruled that the privacy protection claim is no defense. You voluntarily waived those rights by signing them away.
This is true for online service dialup users who send or get mail from a service. The service can boot them. Your direct users signed agreements which give you permission to block or filter. They gave you permission. Now, the ECPA still applies, but you are now *authorized* to do what would otherwise be illegal. ECPA makes *unauthorized* accesses illegal. That doesn't make it true for transit providers. Your boss at a transit provider for someone else 3 providers away isn't a party, and can't authorize you to read the communication. Ask yourself the following question: Am I a party (sender or recipient) to the communication? Am I authorized by someone who is? **thanks to Dean Robb, the Attorneys manual says it must be "specifically authorized" If you can answer either of these affirmatively, you're OK. But remember, if the sender comes back and says "You aren't a party to the communication, I didn't give you permission", you could be in big trouble. You can't be fired for refusing to violate a law. (well, you could be, but you'd have a wrongful termination case) But you are still responsible for a criminal violation even if your boss tells you to do it. Owen DeLong in private communication points up that he thinks that this permission is transitive. That has the problem that it trivially obviates all privacy. Every provider is automatically authorized, no one is not authorized. Privacy is in the eyes of the provider. The ECPA was intended to prevent communications providers from looking at things they shouldn't and don't need to. So I'm not convinced. **thanks to Dean Robb, the Attorneys manual says it must be "specifically authorized" I note that none of the big providers do any of this. They don't block. They don't monitor for more than their service quality. Other than canceling service if they get complaints, they don't do anything except perhaps refer complaints to others.
Also, the privacy protection defense is almost always rejected if it involves outright criminal activity eg smurfs, theft, etc.
True. Thats where the abuse clause presumably applies. But it has to be criminal. UCE isn't criminal. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On Wed, 3 Feb 1999, Dean Anderson wrote:
Also, the privacy protection defense is almost always rejected if it involves outright criminal activity eg smurfs, theft, etc. True. Thats where the abuse clause presumably applies. But it has to be criminal. UCE isn't criminal.
It is when its unauthorized relaying eg theft of service. Which almost 99.9% of spams are nowadays. Which is why most spammers are now abusing foreign sites eg .jp, .cn, .my, etc to try to avoid prosecution. They know its criminal but they do it anyway. -Dan
On Wed, 3 Feb 1999, Dean Anderson wrote:
I note that none of the big providers do any of this. They don't block. They don't monitor for more than their service quality. Other than canceling service if they get complaints, they don't do anything except perhaps refer complaints to others.
Is blocking smurfs a violation of ECPA? Some providers do indeed block smurfs that they transit, as you say, "3 providers removed". -Dan
participants (2)
-
Dan Hollis -
Dean Anderson