[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another round of viruses - encrypted this time



> In either case, using "my" resources implies agreement with "my" rules, 
> whether "my" is the company I work for or literally me.  If I was an 
> ISP, the situation would be similar, as there exist any number of 
> reasons that I may need to examine the contents of messages that are 
> using ISP resources.  I'll agree that you've got a little more to stand 
> on there due to a "reasonable assumption of privacy" or some junk.

OK, you certainly can take that stance. But then, if I send child pr0n through
your server, well, it is *your* file, *you* own it, *you* posess it, and *you* 
are *responsible* for what gets stored on your server, intentional or not.
And pointing the finger at whoever put it there is not an excuse. Just like you
are responsible for long distance calls and 900 charges on your phone, whether 
you knew your children or visitors or cordless phones on the same frequency 
were making them or not.

> If I think dialup-234 might be doing something wrong, though, and I start 
> logging data just because I can, I'm pretty sure that evidence holds up 
> in court.

Only if your EULA/agreement with your users *allows* you to do so. Most of 
them do, but if you claim you own everything, then you get stuck with the
liability. Just like Microsoft got nailed for copyright infringement when they
claimed all content and intellectual property rights that users uploaded to 
their German MSN systems was owned by Microsoft. They quickly changed that.
When you give ownership of the content back to the users, you then are
committing trespass on *their* data and violating *their* copyrights if you make
copies (which *won't* hold up in court - fruit of the tainted tree), or use any
intellectual property contained therein, and *you* are liable for civil and
criminal penalties (wiretap charges). And *that* is why the AUP/EULA/TOS
contract language has specific clauses to grant the ISP this right and 
indemnify them if they do so. Any other actions your ISP performs, must either 
be told by you to perform as your agent, or be requested by an LEA. Whether your
ISP will hand an LEA on a fishing expedition anything they want or require a
subpoena/warrant first probably depends on a *lot* of factors. LEAs can make an
ISP's life very difficult if they don't "cooperate" with an "investigation", so
many usually cave during the first phone call. And even without a judge-issued
gag order in place, they quite likely won't call you and tell you that Detective
so-and-so pulled your account's DNS logs to see what sites you've been contacting.

> There *is* legal precedent on that count - I'm not necessarily liable 
> for things that merely pass through my mail server just because they 
> passed through.

But *ONLY* if you let them "pass through". It's the "safe harbor" clause of the
FCC regulations governing telecom (and thus, the Internet). You are able to
claim you are not liable *only* if you *don't*, inspect, copy, log, trace,
alter, or otherwise handle in any way other than a "common carrier" would in the
normal course of delivery of whatever content your systems "carry". It derives
from a combination of telephony laws and broadcast network laws. i.e. the phone
company is not responsible for criminals conspiring to commit a crime using the
phone system to communicate. Or when a program (usually radio) announces that
the views expressed on the program are not necessarily those of the producer or
broadcaster.

If you claim you can "do what you want", because you "own" everything going
through your servers, then you are expressly denied the ability to exclude
liability by claiming you didn't "own" everything going through your servers.

You can't have it both ways. And you typically can't change from one to the
other as you see fit, either. Common carrier status is a bit like pregancy,
there is no "just a little" exemption from liability.

What has changed in recent years is that if you claim the "I don't know
anything, I'm just a common carrier" exclusion, you now have to provide
information on exactly who *is* responsible. i.e. you have to tell Congress who
your communist friends are if you want to be cleared of being a communist yourself.

> --Danny, who doesn't generally read people's email, BTW, but could if he 
> wanted to

I hope you have a contract with those people that explicitly grant you 
this ability in writing.

Mike/

---------------------------------------------
http://www.valuenet.net



-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.