[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another round of viruses - encrypted this time

To: luci-discuss@luci.org
Subject: Re: Another round of viruses - encrypted this time
From: Danny Sauer <sauer@cloudmaster.com>
Date: Fri, 05 Mar 2004 14:58:22 -0600
In-Reply-To: <200403052001.i25K1Vd12699@web5.valuenet.net>
Organization: Linux Users of Central Illinois
References: <200403052001.i25K1Vd12699@web5.valuenet.net>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4

mike808@users.sourceforge.net wrote:
>>mike808@users.sourceforge.net wrote:
>>[...]
>>However, since none of the computing facilities that I maintain are 
>>available to the public 
> 
> 
> Really? I bet your internet connection is considered "available to the public".
> Unless this mail network is just among you and your friends and it is not
> possible to send or receive email with any outside "public" entity. The example
> was likely emails between the Anderson folks and other Anderson folks, and UOP
> was not acting as a "general ISP" for the Anderson folks under contract.

That part is kind of confusing.  The dictionary definition of public and 
the "in the context of those laws" definition of public differ.  While 
the server is accessible for anyone to connect to (matching the 
dictionary definition of public), the rules for obtaining an account on 
those machines prohibit members of the general public from obtaining an 
account.  An ISP is considered "public" even though it's not free 
because any arbitrary person (within reason) can obtain an account after 
paying the fee, just like a movie theater is considered a public place 
because anyone can gain access by merely purchasing a ticket.  However, 
only people who are *selected* to receive an account can get an account 
at my place of work, and only people who have a personal relationship 
with me can get an account on my home machine.  You would be eligible 
for an account because I know you from the list.  Someone I don't know, 
like your neighbors or Greg Louganis, for example, would not be eligible 
for an account.  Since accounts on the machine are not available to the 
general public, my machines do not fall under the jurisdiction of public 
remote computing services, and therefore, they are not "public" in the 
sense of this law.

If an email message which hasn't yet reached its recipient is passing 
through a machine, the machine is a public electronic communications 
carrier with regards to that message, because the message is still 
electronic communications and is part of the public electronic 
communications network (which I'm allowed to read when I deem it 
relevant to my computing/networking equipment) - even if it's been 
"delivered" to the users inbox.  Once the recipient has read the 
message, if they leave it on the machine, the machine *could* be 
classified as a remote computing service with regards to that message . 
  The definition of public applies at that point - the point when the 
machine ceases to be a carrier and begins to be a storage (computing) 
service.  If it's not public, it's not a remote computing service as far 
as the law cares.

My friends are probably using the service in the same way that they'd 
use an ISP, but they'd legally have a greater minimum privacy level if 
they were using a public (in the sense of the law) ISP.  In practice, 
they have more privacy through me, because some "catastrophic data loss" 
is more likely to happen with my equipment just before the feds came 
looking for information. :)  People at work also send email just like 
they would through an ISP, but my employer is *not* a public ISP 
(legally speaking).  It's kind of scary, but any of the users' personal 
email stored on their work machine (even temporarily) is utilizing 
non-public computing services, which means that the company can decide 
to read and voluntarily disclose those messages to anyone.  We could 
fire someone based on content of their personal email if the message is 
stored on their workstation.  I'd personally quit before I let something 
like that happen, but I know several others who value their job more 
than their conscience...

Regarding the internet connection in general, there is legal precedent 
determining that a web server is not part of an electronic communication 
service, even though it is involved in the transmission of data from one 
point to another.  It's pretty convoluted, but email and instant 
messaging-type things are really the only [common] services that fall 
under the umbrella of electronic communication services - and that's 
only when the messages remain unread.  Web servers are explicitly 
mentioned on that search 'n seizure page, and most other services are 
file/data transfer based rather than "communication"-based.

>>Telephone conversations are not electronic conversations because 
>>they contain human voice and are transmitted by sound waves.  They have 
>>different laws.
> 
> I wonder what that means for VOIP?

My reading is that the data being transmitted consists primarily of 
human speech (it's weird that they threw "human" into the definition), 
and that it's therefore considered the same thing as a telephone 
conversation (which basically means that it's harder to legally tap). 
What I'm wondering is if an email of my mp3 encoded recordings of me 
reading the decss code aloud would be governed by the telephone wiretap 
laws or the electronic communications laws. :)

> Patriotism is the last refuge of the scoundrel. -- Samuel Johnson

In general, I'm not at all keen on the garbage laws that are being 
passed by people who don't have any idea how the they're trying to 
regulate actually works - especially the "Patriot" Act.  Between the 
people who are over-paranoid about privacy issues (some paranoia's 
good), the sysadmin-types who don't have adequate senses of ethics to 
know when to keep their noses out of their users' email / personal 
files, and the lawyers making piles of money on it all, it's a wonder 
anything can get done online.

In this particular case, though, the laws work in my favor so I'm 
alright with them. :)  The discussions at the DOJ's cybercrime site 
really show a surprising amount of valid insight, and do a pretty good 
job of protecting public ISPs' users within the restrictions of "gotta 
spell everything out to the letter" legalese.

>>However, I'm pretty sure that I'm right
> 
> I'm pretty sure you enjoy that, almost as much as you enjoy pointing it out,
> too. :=)

Ohh yeah - you've no idea the warm fuzzies I'm feeling right now. ;) 
It's been years since I ranted on luci this much (hopefully it'll be 
years before it happens again)...

--Danny, cranking out some Java this afternoon, which is fitting given 
the obfuscated legal code he was digging through this morning...

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Re: Another round of viruses - encrypted this time
  - From: mike808@users.sourceforge.net

Prev by Date: Re: Another round of viruses - encrypted this time
Next by Date: Re: Another round of viruses - encrypted this time
Prev by thread: Re: Another round of viruses - encrypted this time
Next by thread: Re: Another round of viruses - encrypted this time
Index(es):
- Date
- Thread