;Date      15 Oct 92  11:08:58
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: Official Start of BBS Legal Group Conference
Options:   kill-sent private 
;Status:   (read 1 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID RM1:125/111=2ADD514B
>----------------------- Do not change this line -----------------------------<
to: ssteele@eff.org

re: (bbslaw mailing list)


If you're looking for broadscale, non-hypothetical things to worry
about re: BBSing, I have a pressing one for you. I thought I'd drop
you a note about it, and you can decide what to do with it, if
anything. 

20 lines of background material:

In the FidoNet we have a slightly heirachical mail-routing scheme for
netmail aka email, ie. non-newsgroup mail. Point to point mail, like
this message.

Various (generally) geographical areas (eg. SF Bay) are called a
"net". Nets are numbered, 1 - N. A net contains "nodes", hosts in
Unix parlance. Nodes are numbered 1 - N. Therefore, a FidoNet address
takes the form net/node, mine is 125/111. (Well, there are zones, but
I'll ignore those.) 

Each net has a host, who has the additional node number of 0. 125/0
is the host for net 125, SF Bay. Hosts are responsible for accepting
incoming mail for other nodes in the net, and routing them to their
destinations within the net.

Mail "in transit" is not readable by anyone on that syste, except
possibly the sysop. Once a message has been forwarded, it is deleted.
They are transient.

This is all in addition to more traditional BBS message areas, or
echomail, which is exactly analagous to newsgroups.


Follow me so far?

The problem:

Over simplified, the liability of sysops for in-transit mail. Not BBS
or conference mail, but the in-transit stuff.

I maintain (acknowledged with no legal standing) that THAT traffic is
"carrier" activity, as opposed to conference, publically readable
mail, which is probably more "publisher" like. Though I don't really
care about that stuff (there are other systems to deal with it.)

The in-transit mail is the real problem. We've got sysops FREAKING
OUT. We have sysops reading, routinely, every piece of mail flowing
through their systems, and deleting, returning, and even replying to
mail they "don't like". With PGP 2.0, we have people expirimenting
with enhanced privacy. Net hosts are returning mail, and threatening
privacy users with various & sundry. 

Of course, some like myself claim that encrypted or digitally-signed
message, unreadable by all except the addressee, actually limits the
in-transit sysops liability if someone was so stupid as to discuss
something illegal electronically. Anothre bunch claims that because
the mail is encrypted, it "probably" or "possibly" will get them in
trouble, hence their outright refusal to carry it. 

(The fact that they can and routinely do audit their mail traffic is
central to the problem.)

This is becoming a very serious problem. NOT ONE legal person will
put out any opinion or investigate or plead or whatever to work on
this problem. Even regardless of the encryption thing. Its quite
serious. I can barely afford rent, really, so paying for an army of
lawyers to write an advice column for FidoNet sysops is flatly
unthinkable. 


** Anyone at EFF want to write a "Dear Sysop" advice column for
FidoNews, out 16000-18000 circulation weekly newsletter? I could
field the incoming letters, pass them on to EFF. (I'm the editor and
publisher, BTW.)

** Know anyone who's working on these sort of street-level problems,
down a few notches from broad constitutional issues? This one affects
all networks with email-forwarding capabilities. The FidoNet is
simply the one with the least resources, the least ability to take
cover from umbrella supporting organizations (no universities, no
Hewlett-Packards, no DECs, etc), and is in desparate need of
clarification. 



Just in case you didn't have anything to do.  :-)


--
Tom Jennings / World Power Systems
  email:   tomj@fidosw.fidonet.org
FidoNet:   1:125/111, BBS +1-415-863-2739
  voice:   +1-415-552-8156 (10AM PST til...)
 postal:   666 Illinois, San Francisco CA 94107 USA
;Date      17 Oct 92 07:30:02
From:      Mike Riddle@1:125/180
To:        Paul Schencke@1:125/111
Subject:   Re: Lawsuits And Fidonet
Options:   
;Status:   (read 2 times)
;DID:8015 9 407
>----------------------- Do not change this line -----------------------------<
In a message dated 16-OCT-92, Paul Schencke writes:

> LT> Likewise, under the *same* laws, BBS sysops "can" see 
> LT> messages on their boards (they have the technology) but 
> LT> (1) it is illegal to monitor those messages and (2) it is 
> LT> time consuming/costly, thus (3) we should insist that the 
> LT> same standards are applied to us as to the phone company 
> LT> so that we have no liability for the content of messages. 

> This is the first time I have seen something that makes sense to me. I suppos
> this was what I felt in the back of my mind, but have failed to express. I ca
> completely agree with the logic behing this argument.

> LT> The law that everyone thinks is so *terrible* actually 
> LT> PROTECTS sysops because it says they are prohibited from 
> LT> monitoring private messages (if you are prohibited from 
> LT> monitoring, you can't be sued or put in jail for what is 
> LT> in the messages, duh).  
> LT> 
> LT> Likewise, it protects users, because even though a sysop
> LT> *can* see the messages (while doing system maintenance, 
> LT> for instance), the private message is still private -- in 
> LT> other words, the government still has to get a warrant to 
> LT> get the message if its private.  
> LT> 

> It's a two way road.

> Now if we olny get sysops that feel otherwise to lighten up a bit.
 
(A lot of quoting to try to keep context.)
 
Linda, myself, and some other attorneys got into a long discussion of
this in LAW quite a while ago.  Without meaning to restart all the legal
squabbling, let me just mention that (a) Linda's argument that it is
illegal for sysops to "monitor" private messages has merit, so does the
argument that this is software-dependent.  Nowhere does the ECPA require
a BBS system that keeps "private" messages from the sysops.  Depending on
the software involved, the sysop will routinely see all messages, public
or private, as part of the normal BBS maintenance.
 
Linda's second and third main points are more completely agreed upon, and
this is the real benefit for the sysop.  Even if we see your letter to
great Aunt Sally, we're forbidden to mention it to anyone except you or
Sally.  Most of us probably skip past them anyway.
 
From a legal sense, it's "private."  (Although as Linda has mentioned
earlier, sysops have the legal right to report illegal conduct.)
 
But from the user's sense, it might *not* be private, since someone else
might actually see it.
 
As someone else has mentioned, encryption might actually help a sysop,
since there is no way they could know what is being said.  The problem is
that BBSes are not common carriers, and I don't think we want to be, with
the requirement to carry traffic for *anyone* who presents it for
carriage, among other duties.  Because of this, I'm a little leery of
trying to claim a common carrier exemption for what we carry.
 
I think that the decision in Cubby v. Compuserve heads off in the right
direction, saying that we're more like a bookstore, at least in echomail,
in that we don't have any way of knowing what's in every message. 
However, if we *do* know what's in a message, and it's proven, then we
might still be liable.  In practice, I don't know how someone could prove
whether the sysop had or had not read a particular message.  (Of course
with the Rehnquist court, having it within 200 miles might be enough of a
presumption).
 
My last, and maybe main, point is that the law on this is still quite
murky.  Lawyers like to call it "unsettled."  So until someone steps up
to be a test case, or several test cases, we all need to take whatever
precautions we feel necessary to protect ourselves.
 
Mike Riddle,
# 19590, Nebraska

--- Ybbat (DRBBS) 8.9 v. 3.13 r.3
 * Origin: inns.omahug.org            +1 402 593 1192           (1:285/27.0)
SEEN-BY: 100/520 102/890 105/36 106/7550 125/111 125 180 185 135/71 340 170/109
SEEN-BY: 216/21 234/1 253/513 261/1136 285/27 312/2 374/14 26 48 98 377/14
SEEN-BY: 396/1
;PATH: 285/27 374/14 125/180

;Date      18 Oct 92 10:34:35
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: Practical Issues
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: paulb143@aol.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sun, 18 Oct 92 12:32:38 EDT

Shari:

A central issue I a VERY much concerned about is that after we discuss these
topics and focus on the issues (most of which are known to most of us), how
do we protect the average Sysop?  That is, the Sysop without big bucks to
retain large law firms?

Do any of you out there remember the Tom Tcimpidis case?  In 1984, Tom
Tcimpidis was accused of a criminal violation because he had usersof his BBS
exchanging telephone credit card numbers on his system.   Tom came into the
Legal SIG of CIS and told us about his case.  An LA attorney, Chuck Lindner,
volunteered to help Tom, without any legal fee, IF AND ONLY IF some of the
rest of us helped out.  This, to my knowledge, was the first time that a
group of lawyers banded together for any purpose, and it was a BBS-related
matter.  To make a long story short, we parceled out work such as research
and brief writing and discussed the situation in an OPEN FORUM.  We finally
forged a brief and motion to dismiss on the theory that the prosecutors could
not prove intent (although all crimes do NOT require intent).  This was the
combined effort of Chuck, myself and a couple of other attorneys.  In the
face of this motion, the case was voluntarily dismissed by the prosecutors. 
Good result, but the many issues that might have surfaced on appeal just went
away.

In the case of Tom Tcimpidis, lawyers around the coutry banded together to
help Tom and we won, big.  The recent defenses of some Sysops, I believe,
resulted in huge legal fees.  How will all this help the average Sysop?  And,
if we can't help the average Sysop, but only the rich ones (or those with
rich parents) are we not missing the bulk of our mission and assignment?

Paul Bernstein

;Date      21 Oct 92 18:30:58
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: ssteele@eff.org
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 1992 09:51:57 -0400

Hi folks.
As announced yesterday, this morning I am going to attempt to focus the
conference discussion for the next 24 hours.  The topic for discussion was
weaned from expressed concerns from several of you.  (You may even
recognize your language!)  The topic is SysOp liability for messages on his
or her board (an old favorite!):


When, if ever, is a SysOp liable for illegal activity on his or her board? 
Are the standards for SysOp liability different if the illegal activity is
libel vs. drug sales vs. credit card number or password exchange vs.
re-publication of copywritten materials vs. pornography?  Is this liability
at all dependent on where the posting took place, i.e., in a public
conference, private conference, board that only contains system-only
messages, messages that come from off-site, messages that are going
off-site or messages that are generated during a real-time conversation? 
Can a SysOp legally kill or modify messages that are simply flowing through
his or her system, not having originated there or destined for there?  Can
a SysOp be held liable for illegal messages simply passing through?  Does
allowing private conferences, private e-mail or encryption protect a SysOp
from knowlege of illegal activity, or does it imply that the SysOp
permitted the activity?  If the SysOp is not legally liable for messages on
his or her board, who is?  If it is the person originally making the
posting, should SysOps require their users to reveal their identities
before they make postings?  How can liability be assigned to an anonymous
poster?  What are the privacy implications for requiring identification of
all users?


I've tried to make this topic broad enough to be interesting for the next
24 hours.  When you're answering this question, please cite to any
authority on which you base your opinion.  If you've experienced any real
world problems that relate to this topic (like Tom's explanation of SysOp
deletion of FidoNet messages), please feel free to add those as well. 
Again, please try to limit your comments to your thoughts on this topic
only until tomorrow morning.  I'll open things up to free discussion again
later.
Shari


;Date      21 Oct 92 18:30:59
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE: BBS liability paranoia
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: 0005088597@mcimail.com (John Podesta)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 92 14:05 GMT

If the conduct you describe is just email forwarding, the sysop may be getting
in bigger trouble by reviewing the contents of the message to decide whether
to forward or return. The Electronic Communications Privacy Act prohibits
a person or entity providing an email service from divulging the contents
of a message unless certain exceptions apply. One exception covers disclosure
to a person whose facilities are used to forward the message.  This is a 
rather practical exception since the person forwarding the message has to 
have it "divulged" to him or her in order to forward it. The exception was
not intended and probably would not be interpreted to cover review of the
content of a message to decide whether its politically correct or whether
it deserves an answer by the sysop. A point of carification -- the privacy
provisions of ECPA apply to email systems provided "to the public."
That undefined term probably would apply to the circumstnces you describe.

;Date      21 Oct 92 18:31:01
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE: BBS sysop liability
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: fig@eff.org
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 1992 11:21:49 -0500

First of all, any system should define its public and private areas out
front.  If private conferences and email are not to be violated by the
sysop, that should be made clear.

Assuming that, I would expect that the sysop should be free of liability
for the contents of those private areas.  I believe that private
conferences should be defined like email under the ECPA.  Only under court
order should the sysop violate these privacies.

If an illegal or questionably illegal posting is made in a public area, I
have always taken the position (on the WELL) that it would be appropriate
for the sysop to delete the posting after requesting first that the poster
delete the posting since the WELL proclaims that the user is responsible
for the words (s)he posts on the WELL.  Illegally-obtained material such as
personal credit information and libelous statements are examples of
postings which could be problematical for the system, especially if posted
in a public area.

If a stolen credit card ring was using a system to exchange information via
email, or store information in protected file areas, I believe it is the
responsibility of law enforcement to initiate court-approved investigation.
 I do not believe that sysops should be required to act as private
investigators, fishing for illegal material by violating the privacy of
their users.

               <<*>><<*>><<*>><<*>><<*>><<*>><<*>><<*>>
Cliff Figallo                                    fig@eff.org
Director, Electronic Frontier Foundation         (617)864-0665 (voice)
Cambridge Office                                 (617)864-0866 (fax)





;Date      21 Oct 92 18:31:04
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   question of the day
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD
=LANGATE/ADMD=TELEMAIL/C=US/@sprint.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 21 Oct 92 11:36:00 UT

          From David Johnson:
          I think I can wrap comments on previous postings into
          today's topics.
          1. It might be "reasonable" to miss a particular needle in a
          haystack forever. I don't think there is any fix time after
          which a sysop automatically becomes liable for the content
          of some message not discovered on the system she
          administers. The question is whether failure to discover
          resulted from the failure of reasonable review methods or
          from failure to engage in reasonable review.
          2. I'm afraid I think unpaid hosts can be "liable" for their
          actions, just as unpaid distributers of print could be --
          although the lack of compensation would undoubtedly factor
          into the analysis of many variations on the question.
          3. Why can't the fidonet transmission example be handled by
          making it a condition of contract for hooking to the nearest
          node that messages in transit will be forwarded without
          review?
          Overall, absent some knowledge that a particular facility is
          being used for unlawful actions, provision of the facility
          should not be deemed aiding and abetting. We know antitrust
          laws are violated in restaurants, after all, but don't shut
          them down or require them to eavesdrop on that account. The
          hard problems occur when you KNOW about a continuing illegal
          action.


;Date      21 Oct 92 18:31:05
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: question of the day
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: ssteele@eff.org
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 1992 12:23:10 -0400

Message from Shari Steele:


David Johnson writes:

>          The
>          hard problems occur when you KNOW about a continuing illegal
>          action.

Why are these "the hard problems?"  Are there times when a SysOp can KNOW
about a continuing illegal activity and be justified in letting that
activity continue on his/her board?  If so, could you give an example?


;Date      21 Oct 92 18:31:06
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: question of the day
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 92 12:39:14 EDT


I'm replying to David Johnson:
 
>           1. It might be "reasonable" to miss a particular needle in a
>           haystack forever. I don't think there is any fix time after
>           which a sysop automatically becomes liable for the content
>           of some message not discovered on the system she
>           administers. The question is whether failure to discover
>           resulted from the failure of reasonable review methods or
>           from failure to engage in reasonable review.

David, I think there is no way consistent with the First Amendment that we
can impose a "reasonable review" requirement on sysops of systems that do
not prescreen their messages. Such systems are forums or information
distributors rather than publications. "Reasonable review" is sufficiently
uncertain a standard that the uncertainty itself already leads to a
chilling effect on many sysops and system administrators.

>           2. I'm afraid I think unpaid hosts can be "liable" for their
>           actions, just as unpaid distributers of print could be --
>           although the lack of compensation would undoubtedly factor
>           into the analysis of many variations on the question.

Unpaid *distributors* of print are liable only if there is
'scienter'--knowledge of the illegal or offending material. That's the
meaning of Smith v. California, on which the Cubby v. CompuServe decision
relies.

The tendency to want to impose negligence principles on the operation of
computer forums lies, I think, in the fact that we often think of
computers as machinery rather than as meeting places. But BBSs have the
character of the latter. A pub owner is not held liable for defamatory
speech in her place of business, even if she reserves the right to eject
people for such speech. A bookstore owner or magazine distributor has no
duty to review all the contents of the materials she distributes (or
redistributes).

In sum, I don't think the First Amendment allows us to treat sysops more
restrictively than we treat bookstore owners and magazine distributors.

(It should be noted that "adult" bookstore owners and proprietors of 
topless bars are held liable not because they've reviewed everything
beforehand, but because the nature of what they offer is such that courts
are willing to impute _scienter_ with regard to obscenity. This exception
to the rule of Smith v. California is pretty narrow.)

>           Overall, absent some knowledge that a particular facility is
>           being used for unlawful actions, provision of the facility
>           should not be deemed aiding and abetting.

I agree entirely.

>           We know antitrust
>           laws are violated in restaurants, after all, but don't shut
>           them down or require them to eavesdrop on that account. The
>           hard problems occur when you KNOW about a continuing illegal
>           action.

Defamation occurs in restaurants too. In many respects, a BBS is more like
a restaurant than like a newspaper.


--Mike




;Date      21 Oct 92 18:31:15
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   imposition of responsibility
Options:   kill-sent private 
;Status:   (read 5 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD
=LANGATE/ADMD=TELEMAIL/C=US/@sprint.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 21 Oct 92 03:00:00 UT

          From David Johnson:
          The cases where a sysop "knows" of illegal activity are
          hard, of course, in part because it may well be hard to tell
          whether some activity really is illegal -- and even if it
          clearly is it may be hard to tell what level of reaction is
          appropriate (or creates greater risks). In general, I agree
          with the sentiment that the sysop who discovers use of her
          facility for illegal activity should act promptly to stop
          that use.
          To answer Mike Godwin, "we" are not imposing the duty to
          review public postings -- it is the general standard that
          distributors have some level of responsibility for what they
          distribute.  Even in restaurants, there are cases holding
          the owner liable for the libel on the washroom wall. I
          doubt a decision by the owner never to look at the washroom
          wall would protect against a claim from a sympathetic
          victim. All that said, there may be good reason to try to
          relax or reduce any inference of a particularly burdensome
          duty of review: by crystallizing the industry view of good
          practice and, perhaps, by legislation providing some
          conditional immunity from liability as a means of
          facilitating the free flow of ideas. Absent legislation of
          that character, which has been discussed from time to time,
          the extent of the sysop's duty will be set over time by
          judges (or juries!) with after-the-fact judgements.


;Date      21 Oct 92 18:31:22
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 6 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 92 16:48:56 EDT


David Johnson writes:

>           To answer Mike Godwin, "we" are not imposing the duty to
>           review public postings -- it is the general standard that
>           distributors have some level of responsibility for what they
>           distribute.

Yes, but the standard is not one of "reasonable review" when what is being
distributed is First Amendment-protected material. It's _scienter_, as
specified in Smith v. California.

>   Even in restaurants, there are cases holding
>           the owner liable for the libel on the washroom wall.

There are "cases"? I believe there is only one case of this sort. Applying
Smith v. California, we can see how it might be Constitutional to impute
_scienter_ to a restaurant owner who leaves libelous graffiti on his
washroom wall for days or weeks. This gives us no guidance at all in
BBSland, however--messages are more ephemeral, there is a much greater volume
of them, and one can maintain a BBS without ever seeing the message
traffic (one can't maintain a washroom without seeing the graffiti).

So far as I know, there is absolutely no reason to suppose that the
washroom case gives us any guidance as to the obligations of BBS
operators. 

>           I
>           doubt a decision by the owner never to look at the washroom
>           wall would protect against a claim from a sympathetic
>           victim.

But owners *have* to enter washrooms in order to maintain them. BBS
sysops do *not* have to read all their message traffic in order to keep
their systems maintained.

Moreover, I have yet to find anyone who disputes that a BBS is a First
Amendment-protected forum. I think it would be trivial to find restaurant
owners who disputed that their walls are forums.

> All that said, there may be good reason to try to
>           relax or reduce any inference of a particularly burdensome
>           duty of review: by crystallizing the industry view of good
>           practice ....

First Amendment protection of newspapers is not guided by what the
newspaper industry considers good practice. The First Amendment protects,
to a very great extent, even bad journalists. See The New York Times Co.
v. Sullivan and progeny.

>           conditional immunity from liability as a means of
>           facilitating the free flow of ideas. Absent legislation of
>           that character, which has been discussed from time to time,
>           the extent of the sysop's duty will be set over time by
>           judges (or juries!) with after-the-fact judgements.
 
I disagree. Libel determinations in other media are heavily Constitutionalized,
which means that the duty of care is only *one* consideration in
determining liability. A more important consideration is whether imposing
liability creates a chilling effect on the exercise of First Amendment-
protected activity. See the analysis in Cubby Inc. v. CompuServe.

No one has yet answered my question as to why sysops should be held to a
requirement of reasonable review when booksellers and magazine
distributors are not. Want to tackle that one, David?




--Mike Godwin





;Date      21 Oct 92 18:31:30
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: tien@well.sf.ca.us (Lee Tien)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 1992 14:37:00 -0700

Does Smith v. California really hold all the weight you're putting
on it, Mike?  That was a statute imposing criminal liability, was
it not?  I realize that Cubby extended it to a civil defamation
action.  However, the constitutionalization of defamation law is
not immediately applicable to other areas of potential sysop/BBS
civil liability, by itself, is it?

A possible example is copyright infringement.  A sysop running
a board where there's downloadable software, and someone uploads
something in violation of copyright law.  Doesn't have to be a
criminal action.  

In any case, David's point about having knowledge should not be
avoided.  A basic problem is, one may know that X has occurred,
or is occurring, and yet not know whether X is in some way
unlawful or tortious.  There is a risk of "chill," in the form
of private censorship of a posting.  I assume people will be risk-
averse, and tend to censor anything that looks dubious first,
and maybe ask questions later.  

--Lee

;Date      21 Oct 92 18:31:32
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: thardy@mail.wm.edu (Trotter Hardy)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 21 Oct 92 17:35:59 



David Johnson writes:
> >   Even in restaurants, there are cases holding
> >           the owner liable for the libel on the washroom wall.

Mike Godwin replies:
>
> There are "cases"? I believe there is only one case of this sort. Applying

   My torts book lists this case: Heller v. Bianco, 111 Cal.
   App. 2d 424, 244 P.2d 757 (1952).  Message on bathroom wall
   of a bar, inviting readers to call such and such a number
   for "Isabelle" who was prepared to "indulge in illicit
   amatory adventures," says the court.

   Isabelle's husband telephoned the bar when he learned of
   this message and told the bartender to take it off the wall
   within 30 minutes.  The bartender said he was busy and would
   get around to it later. Husband got a police officer and
   visited the bar, finding the message still intact.  Sued the
   bartender for libel.

   Trial court held for the defendant bartender.  Appeals court
   reversed, finding in favor of the husband. In casebook
   editor Richard Epstein's words:   "knowingly permitting such
   matter to remain after a reasonable opportunity to remove it
   made the owner of the tavern guilty of a republication."
   (for libel).

   Lesson? The message was *brought to the attention* of the
   bartender, who then had a reasonable amount of time to do
   something about it.  Seems likely the same rule would apply
   to sysops.



Mike Godwin says:
> So far as I know, there is absolutely no reason to suppose that the
> washroom case gives us any guidance as to the obligations of BBS
> operators.

   Except possibly as above.



Mike Godwin says:
> No one has yet answered my question as to why sysops should be held to a
> requirement of reasonable review when booksellers and magazine
> distributors are not.

   For what's its worth, here's how Richard Epstein sums up the
   situation in his texbook on Torts (5th Edition, page 1073):

      "As a general rule the publication requirement in
      defamation cases makes good sense because a defendant
      normally has both the knowledge of what is published and
      discretion over whether to make or withold publication.
      In some contexts, however, neither of these assumptions
      holds true. It is highly unlikely that a public library
      knows the contents of its many holdings, and it could not
      refuse to check out a book that might contain some
      defamatory material.  In order to protect these
      institutions against a myriad of lawsuits, "publication"
      has been treated as a term of art in defamation cases,
      endowed with restrictive meaning. 'Those who merely
      deliver or transmit defamatory material previously
      published by another will be considered to have published
      the material only if they knew, or had reason to know,
      that the material was defamatory.  It is this rule that
      protects libraries and vendors of books, magazines and
      newspapers.' Church of Scientology v. Minnesota State
      Medical Ass'n Fndtn, 264 N.W.2d 152 (Minn. 1978)."


   Trotter Hardy


;Date      21 Oct 92 18:31:34
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 92 17:53:24 EDT


Lee Tien writes:
 
> Does Smith v. California really hold all the weight you're putting
> on it, Mike?  That was a statute imposing criminal liability, was
> it not?  I realize that Cubby extended it to a civil defamation
> action.

It helps to Shepardize Smith v. California. Although the fact situation of
Smith is involves criminal charges, the Supreme Court has applied its
reasoning for decades to libel cases. Cubby didn't extend it--it was
extended already.

> A possible example is copyright infringement.  A sysop running
> a board where there's downloadable software, and someone uploads
> something in violation of copyright law.  Doesn't have to be a
> criminal action.  
 
True. But the penalties for an innocent infringer are low enough 
to minimize the chilling effect.  (Even the penalties for criminal
infringement are comparatively low in terms of prison time--the
measure of monetary damages is high, though. But criminal infringers
have _scienter_.)


--Mike




;Date      21 Oct 92 18:31:37
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: fig@eff.org
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 1992 18:10:45 -0500

Cliff Figallo here....

Lee Tien writes:
>In any case, David's point about having knowledge should not be
>avoided.  A basic problem is, one may know that X has occurred,
>or is occurring, and yet not know whether X is in some way
>unlawful or tortious.  There is a risk of "chill," in the form
>of private censorship of a posting.  I assume people will be risk-
>averse, and tend to censor anything that looks dubious first,
>and maybe ask questions later.  

I think these are the essence of the problem.  Most conscientious sysops I
know would certainly check out reports of questionable material on their
systems.  But how to determine the unlawfulness of the material can be a
problem.  And it would be very easy for a sysop to take the safe route and
err on the censorship side of things.  

               <<*>><<*>><<*>><<*>><<*>><<*>><<*>><<*>>
Cliff Figallo                                    fig@eff.org
Director, Electronic Frontier Foundation         (617)864-0665 (voice)
Cambridge Office                                 (617)864-0866 (fax)





;Date      21 Oct 92 18:31:37
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 92 18:07:21 EDT

 
Trotter Hardy writes:

> Mike Godwin replies:
> >
> > There are "cases"? I believe there is only one case of this sort. Applying
> 
>    My torts book lists this case: Heller v. Bianco, 111 Cal.
>    App. 2d 424, 244 P.2d 757 (1952).  Message on bathroom wall
>    of a bar, inviting readers to call such and such a number
>    for "Isabelle" who was prepared to "indulge in illicit
>    amatory adventures," says the court.
 
While I think it's possible to get the same result under the post-Smith v.
California, post-Times v. Sullivan regime of libel law, it should be noted
that this is a 1952 case. As Trotter's posting demonstrates, however,
there clearly was _scienter_ in that case.

Note to non-lawyers: _scienter_ is just a handy way of saying "the
defendant actually knew about it."


--Mike



;Date      21 Oct 92 18:31:43
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: tien@well.sf.ca.us (Lee Tien)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 21 Oct 1992 16:13:36 -0700

This breaks with the current thread somewhat.  Earlier, Lance Rose
suggested that the BBS is not the press.  I am not sure why he said
that, because it seems perfectly reasonable to me for a sysop/BBS
to view herself as providing a vehicle of information and opinion,
which to me IS the press.  

This does not imply, I hasten to add, that the only First Amendment
rights involved are those of the sysop/BBS.  

We have both sysop/BBS rights and user rights here.  

Moreover, we also have user rights with regard to freedom of 
association.  I think it important to emphasize the associatinal
component, particularly in relation to questions of privacy and/or
anonymity.  Talley, NAACP v. Alabama ex rel Patterson, suggest
that compelled disclosure requires a good justification.  I
would prefer that in our policy discussions we seek to preserve
as much room as possible for online anonymity.

;Date      22 Oct 92  09:33:28
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: RE: BBS liability paranoia
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID RM1:125/111=2AE67568
>----------------------- Do not change this line -----------------------------<
To:   bbslaw@eff.org

 U> If the conduct you describe is just email forwarding, the 
 U> sysop may be getting in bigger trouble by reviewing the 
 U> contents of the message to decide whether to forward or 
 U> return. The Electronic Communications Privacy Act 
 U> prohibits a person or entity providing an email service 
 U> from divulging the contents of a message unless certain 
 U> exceptions apply.

In one case, the sysop handling third-party traffic returned the mail
undelivered, claiming that because (in one case) it was encrypted, it
was illegal because he could *not* review it.

The sysops in question have agreed ahead of time to handle
third-party mail.


My feelign on this was that deleting, modifying or refusing
third-party traffic selectively (barring obvious illegalities, etc)
was illegal itself under ECPA and probably other laws. Am I correct?

--- ReadMail
 * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111)
;Date      22 Oct 92  10:19:21
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: RE: BBS liability paranoia
Options:   kill-sent private 
;Status:   (read 1 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID RM1:125/111=2AE68029
>----------------------- Do not change this line -----------------------------<
To:   bbslaw@eff.org

(Shari: I think there is a signifigant delay in gating this mailinig
list to/from me. My apologies if outside your time window. -- tomj)


 U> If the conduct you describe is just email forwarding, the 
 U> sysop may be getting in bigger trouble by reviewing the 
 U> contents of the message to decide whether to forward or 
 U> return. The Electronic Communications Privacy Act 
 U> prohibits a person or entity providing an email service 
 U> from divulging the contents of a message unless certain 
 U> exceptions apply.

In one case, the sysop handling third-party traffic returned the mail
undelivered, claiming that because (in one case) it was encrypted, it
was illegal because he could *not* review it.

The sysops in question have agreed ahead of time to handle
third-party mail.


My feelign on this was that deleting, modifying or refusing
third-party traffic selectively (barring obvious illegalities, etc)
was illegal itself under ECPA and probably other laws. Am I correct?

--- ReadMail
 * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111)
;Date      22 Oct 92  09:38:56
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: question of the day
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID RM1:125/111=2AE676B0
>----------------------- Do not change this line -----------------------------<
to: bbslaw@eff.org

 (/PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD -- your message formatting
makes readable reply nearly impossible... can you skip the left
margin?) 

 U>           3. Why can't the fidonet transmission example be 
 U> handled by
 U>           making it a condition of contract for hooking to 
 U> the nearest
 U>           node that messages in transit will be forwarded 
 U> without
 U>           review?

We have this "document", POLICY4, that was written by complete
novices (not including me) that states "no encryption in FidoNet".
It's filled with legalese nonsense (no lawyer was consulted), it is
unsigned and some people simply consider it the "law".

I'm having a hard time trying to convince people that the existence
of this document doesn't override US, state and local law.

--- ReadMail
 * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111)
;Date      22 Oct 92 11:34:38
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   re: sysop liability
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu, 22 Oct 92 10:18:18 PDT


 U>  I'm just 
 U> wondering, all you nonlawyers out there, do you feel any 
 U> more confident about your rights and responsibilities now 
 U> that the barristers (and a few other brave souls) have 
 U> given their two cents worth?

Actually, yes, somewhat. My original concern, stated in here earlier,
was specifically about third-party traffic, which was answered very
quickly; I take it to mean that it's rather clear that stomping on
in-transit third-party mail is a no-no without obvious reason. 



I would like to use this thread in some way to present to FidoNet;
what extent of disclosure is acceptable? 

The problems are *so basic*, like the parameters of liability
regarding third-party traffic, what was stated re: copyright vs.
uploads, the low danger of forwarding in-transit mail, the ECPA
protection of in-transit mail, etc, I don't think it will read like
"here's everything that is OK to do cuz they said so". 

If I write something (pending a nod from here) for a FidoNews
article, would review and approval (in here for example) suffice?


--- ReadMail
 * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111)
--  
Tom Jennings - via FidoNet node 1:125/555
    UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings
INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG

;Date      22 Oct 92 17:52:25
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   re: sysop liability
Options:   kill-sent private 
;Status:   (read 1 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: ssteele@eff.org
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu, 22 Oct 1992 16:21:52 -0400

Message from Shari Steele.



Tom Jennings writes:

>If I write something (pending a nod from here) for a FidoNews
>article, would review and approval (in here for example) suffice?



Yes.  As long as people in this group do not object to what you have
written, that should be enough.  For everyone out there, please make sure
you clear anything you write about this conference with those members of
the group involved.  The conference itself, however, may not be copied to
other sources.


;Date      22 Oct 92 23:04:53
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   question of the day
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 23 Oct 92 00:48:16 EDT

David Johnson writes:
 
>3. Why can't the fidonet transmission example be handled by
>making it a condition of contract for hooking to the nearest
>node that messages in transit will be forwarded without
>review?
 
Lance Rose replies:
 
       Yes, that seems the obvious solution.  Now for the easy part -
getting fidonet node operators all to agree . . .
 
       (As Foghorn Leghorn would say: that's a joke, son . . .)
 
                                               - Lance
 
 


;Date      22 Oct 92 23:04:55
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 23 Oct 92 00:48:50 EDT

Lance Rose responds to Lee Tien:
 
Lee says:
 
<This breaks with the current thread somewhat.  Earlier, Lance Rose
suggested that the BBS is not the press.  I am not sure why he said that,
because it seems perfectly reasonable to me for a sysop/BBS to view herself
as providing a vehicle of information and opinion, which to me IS the
press.>
 
       A BBS need not be "press".  A book store is not press.  A magazine
distributor is not "press".  And these were the models used for CIS in the
Cubby case.
 
       It's not that I want to be a stickler for terminology, but "press"
carries, for me at least, the connotation of "publisher".  And to that
extent, it overstates a BBS' responsibility for the contents of the
materials that flow through it.
 
       Don't forget, the BBS is also a postal service, a hardware store, a
convention center, a shopping mall . . . <g>
 
                                               - Lance
 


;Date      22 Oct 92 23:04:56
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 23 Oct 92 00:48:33 EDT

Lance Rose responds to Mike Godwin:
 
Mike writes:
 
<No one has yet answered my question as to why sysops should be held to a
requirement of reasonable review when booksellers and magazine distributors
are not. Want to tackle that one, David?>
 
       Mike, I think there is some requirement of reasonableness under the
circumstances.
 
       Of course, the main circumstance is the First Amendment character of
the BBS, which at the very least sets an upper limit of onerousness, and may
also, by defining a shorter range from the least to greatest possible review
requirement as compared to non-First Amendment operations, generally relax
the required review even in cases where a total review of all BBS traffic
would not be impracticable.
 
       Off the top of my head, I can think of two factors leading to a
review situation.  One is that sysops are generally on notice that illicit
materials of all sorts might go through their BBS. While this does not mean
they're on notice as to any given message or file they have not actually
seen, it may mean they have to walk the beat every now and then.  It might
be different from magazines or bookstores in that there is a greater
variety of illegal stuff that can go through BBS' - not only newsletters and
text files, but pirated programs, viruses, etc.
 
       The other is that sysops are uniquely in a situation to prevent
damage from damaging materials.  If sysops are not held responsible, then
effectively there may be no one at all guarding against damage due to online
materials.  Judges may not be willing to see that situation get set up, or
continue.
 
       I don't see why there can't be a reasonable review duty.  It does not
necessarily conflict with 1st Amendment.  For instance, it can easily be
argued that the First Amendment isnot even implicated until the review
obligation becomes so heavy that a chilling effect arises.  It is
unrealistic to contend that even the slightest review obligation
automtically creates an impermissible chilling effect.
 
       I agree with the spirit of your position, but don't see it as
entirely sustainable in application.
 
                                               - Lance
 


;Date      23 Oct 92 06:39:01
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: paulb143@aol.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Fri, 23 Oct 92 06:53:56 EDT

>From Paul Bernstein:
Re:  The following comments by David Johnson:

*******************************************
"All that said, there may be good reason to try to
relax or reduce any inference of a particularly burdensome
duty of review: by crystallizing the industry view of good
practice and, perhaps, by legislation providing some
conditional immunity from liability as a means of
facilitating the free flow of ideas. Absent legislation of
that character, which has been discussed from time to time,
the extent of the sysop's duty will be set over time by
judges (or juries!) with after-the-fact judgements."
***************************************
HEAR, HEAR!  

Industry standards and legislative direction provide the "rules of the road"
and clear direction that Sysops demand and absolutely require.  Without it,
we're thrashing about blindfolded in a jungle full of ferocious animals,
quick sand and poisonious snakes -- in such a case, one's ultimate fate is
certain although the timing of that fate is not predictable with certainty.

Paul


;Date      23 Oct 92 18:28:43
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: sysop liability
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: tex@well.sf.ca.us (John Coate)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Fri, 23 Oct 1992 08:23:54 -0700

>At what point do you take on an obligation to serve everyone? Most BBS
owners
>can (though rarely do) throw off any user who offends them. But if the
local
>diner refused to serve someone because of personal dislike, there would
quite
>likely be a lawsuit filed shortly thereafter.

This is a situation where you need to hang onto copies of the various
incidents that led to the removal so the sysop can demonstrate that
discrimination of the type that is actionable did not occur.

Since you can't see race or age or gender online, this lind of
discrimination suit would be very hard to pursue.  On the WELL we were
threatened by such things once in awhile but the argument was so weak it was
never pursued.  The closest we ever came to feeling like we really *would*
get sued over tossing someone was when the person in question was a lawyer!

;Date      23 Oct 92 18:28:48
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: thardy@mail.wm.edu (Trotter Hardy)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 23 Oct 92 11:56:06 


Lance Rose said this:

>        Of course, the main circumstance is the First Amendment character of
> the BBS, which at the very least sets an upper limit of onerousness, and may
> also, by defining a shorter range from the least to greatest possible review
> requirement as compared to non-First Amendment operations, generally relax
> the required review even in cases where a total review of all BBS traffic
> would not be impracticable.
>
>        Off the top of my head, I can think of two factors leading to a
> review situation.  One is that sysops are generally on notice that illicit
> materials of all sorts might go through their BBS. While this does not mean
> they're on notice as to any given message or file they have not actually
> seen, it may mean they have to walk the beat every now and then.  It might
> be different from magazines or bookstores in that there is a greater
> variety of illegal stuff that can go through BBS' - not only newsletters and
> text files, but pirated programs, viruses, etc.
>


   I wonder if we are talking too much in the abstract about
   the First Amend.,  reasonable review, etc.  Court cases are
   brought on the basis of one or more particularized causes of
   action: defamation, invasion of privacy, copyright
   infringement, etc.  The First Amend. and reasonable review
   and a host of other aspects that people have mentioned may
   be relevant in different ways (or not at all) to these
   different legal theories.

   E.g.: I have not researched the question of whether one
   person, say an employer, can be "vicariously" liable for
   another's (say an employee's) defamatory remarks.  A
   plausible reading of the Gertz case would be that they
   cannot: Gertz requires some degree of "fault" in a
   defamation case and vicarious liability is essentially
   liability without fault. (I am not asserting that this is the
   law because I don't know if it is or not.)

   But Gertz is not applicable to copyright cases, and those
   cases rely on vicarious liability all the time: a nightclub
   owner is liable for copyright infringement by a band hired to
   play music if the music is copyrighted and nobody has paid a
   license fee for the privilege.

   What this suggests to me is that questions of liability
   cannot usefully be addressed from the standpoint of "whether
   and when a sysop is liable," even though that is a natural
   and desirable thing to do from the syops's perspective.
   Rather, we have to look at particular allegations of
   liability: is a sysop liable for invasion of privacy when
   s/he does such and such.  Is a sysop liable for copyright
   infringement when s/he does so and so.  Etc. etc.

   Perhaps that is what the sysop's legal book does that Lance
   referred to.

            Trotter Hardy


;Date      23 Oct 92 18:29:32
From:      Uucp@1:125/555
To:        Tom Jennings@1:125/111
Subject:   Keystone 
Options:   kill-sent private 
;Status:   recv'd (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!uunet.UU.NET!xanadu!xanadu.com!tribble
From: tribble@xanadu.com (E. Dean Tribble)
To:   uunet!soda.berkeley.edu!hughes@uunet.UU.NET
Date: Fri, 23 Oct 92 09:31:09 PDT
Cc:   cypherpunks@toad.com

The Compuserver decision some months ago supported this indirectly:
Compuserver was held not liable for mail and postings on their system,
because they don't claim to read them.  I don't beleive Compuserve is
a common carrier, so the precedence supports the result you want.

dean

;Date      24 Oct 92 21:40:39
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 24 Oct 92 23:30:19 EDT

Lance Rose responds to Maurice Weitman:
 
Maurice writes:
 
<Does that mean that a checklist doesn't (or cannot) exist which sysops can
use to determine whether a particular posting or action would require
intervention?   I'd sure love to have such an objective set of criteria to
apply to postings so that we may exert good faith efforts to protect
ourselves from legal actions.>
 
Lance reponds:
 
I don't think a checklist of the sort you allude to can be put together.
Like it or not, the subject of what needs sysop response, and what response
is appropriate, requires well-informed sysop judgment.  I believe the answer
is educating sysops.  The grey areas where decisions are difficult will
never go away.  But the clear cases can be made obvious with education and
practice.
 
 


;Date      24 Oct 92 21:40:40
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 24 Oct 92 23:30:42 EDT

Lance Rose responds to Trotter Hardy:
 
Trotter says:
 
   I wonder if we are talking too much in the abstract about
   the First Amend.,  reasonable review, etc.  Court cases are
   brought on the basis of one or more particularized causes of
   action: defamation, invasion of privacy, copyright
   infringement, etc.  The First Amend. and reasonable review
   and a host of other aspects that people have mentioned may
   be relevant in different ways (or not at all) to these
   different legal theories.
 
Lance responds:
 
       This is not a question of abstraction at all.  In each case of
liability, no matter the type, if sysops are held liable, then a review
obligation for the type of material involved in that case is automatically
placed on sysops.  And for 1st Amendment purposes, the question is always
the same: does the burden of this type and level of review create a
"chilling effect" for BBS operations?
 
Trotter says:
 
   But Gertz is not applicable to copyright cases, and those
   cases rely on vicarious liability all the time: a nightclub
   owner is liable for copyright infringement by a band hired to
   play music if the music is copyrighted and nobody has paid a
   license fee for the privilege.
 
Lance says:
 
       The remedy of injunction after the fact is always available in
copyright cases regardless of the defendant's knowledge. But the possibility
of such an injunction would not realistically chill sysops. In the real
world, they would cease posting copyright violations long before any judge's
decision on the material at issue came down, unless they were deliberately
testing some edge of the law.
 
       The real "chiller" in copyright cases is the possibility of big
damages.  And that possibility has the same effect, and is subject to the
same 1st Amendment limitations, as the possibility of any other legal
liability or remedy that would lead to burdensome responsibilities for
sysops.
 


;Date      24 Oct 92 21:40:41
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   review duties and access
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 24 Oct 92 23:30:55 EDT

Lance Rose responds to David Johnson:
 
David says:
 
          I would like to ask Lance one question about the book. As I
          read it, he suggests that a sysop should offer to consult
          with a user when the user has questions about whether what
          the user is doing is illegal. Do you really think a sysop
          should hold herself out as available to rule, in real time,
          on the legality of a user's actions? Maybe it is always
          better to invite discussion with users and talk things
          through but (as you can tell) a general offer of
          consultation like that would make me somewhat nervous.
 
Lance responds:
 
       I don't believe I recommended doing it in real time.  I also don't
think of it as a legal consultation.  I imagine in many "grey area" cases,
the sysop will simply tell the user he has no idea whether it is legal, but
he is/is not comfortable with what the user is doing in a given case.
 
       I don't know that a crystalline-perfect prescription for sysops
is possible.  All I was trying to do was suggest a perpetually open door for
discussion between sysops and users.
 
       I don't see the sysop's task, when looking to deal with liability
issues, as merely to pursue the most risk-averse route.  The purpose of
running a BBS is not to avoid risk. Risk avoidance has to be woven in with
the BBS' other activities, which latter are its actual reason for being in
the first place.
 
       Guess I'm not a classic lawyer . . . That's okay, I don't believe you
have to defend every creep who walks in your door, either <g>
 


;Date      25 Oct 92 02:03:17
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE: LEGAL SITUATION
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: JACK.RICKARD@boardwatch.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sat Oct 24 17:21:38 1992

I like the paradigm pioneered on the WELL that everyone online is responsible
for their own words and actions, and in a legal sense, I would like that to
emerge as the enforcement model.  On my own system, I don't monitor much of
anything - public or private - unless it is a conversation I happen to be
interested in (in the case of public conversations) or something another caller
complains about (which in general must be a public conversation).  I rather
don't care if people encrypt messages, as long as I don't have to participate
to correspond (there is a growing "miff" among those who want their
conversations private if you just tell them you don't want to be bothered with
it all).

And while there are BBS operators who read everything like a hawk, I'm very
uncomfortable with the concept that we are responsible under law to do so. 
Actually, I haven't heard of a lot of difficulty with BBS operators being
charged with anything as the result of third party conversations on their
systems, and while it could be a problem, I would expect not.  

The heart of the message and message monitoring problem with regards to law
enforcement is that the BBS itself tends to be a superb evidence gathering
machine.  BBS operators discovering discussions of illegal activities have in
some cases notified authorities - only to be rewarded with the loss of their
machines for weeks or months.  Whether the BBS operator is "liable" for the
actions or messages is a bit moot.  If law enforcement suspects it is going on
on a BBS, they can essentially confiscate the equipment and the BBS operator is
forced to deal with a legal system they can't afford to even come in contact
with in order to regain the equipment.  And I think this is somewhat unique to
bulletin boards.  It would never occur to law enforcement to confiscate a telco
central office switch because conversations and discussions of illegal activity
went through it.  But because of the recording facility of bulletin boards, the
equipment is subject to arrest <a little latitude here but effectively> whether
or not anyone even thinks the BBS operator is at fault or has any liability.

This is part of an overall breakdown I perceive in how laws are applied to
differing groups using the same technologies.  Large news gathering entities
have a good deal of protection regarding video tapes made, for example.  The
thinking seems to be that we "can't afford" to extend these same protections to
"relatively irresponsible" individuals with video camcorders.  Because it is
the same technology is not the issue, apparently, but rather that CBS is less
likely to do something we don't like and don't know about than a person with a
camcorder taping LA rioters.

Likewise, bulletin boards give the same communication utility we are used to
thinking of as being controlled by CompuServe, or Prodigy, or some other large
entity our government can easily deal with coercively, to individuals where
this same type of control simply doesn't work.  Camcorders for the masses. 
Online services run by teenagers.  

Naturally, I take an almost acidicly libertarian view of all of this and think
we DO need legislation - NOT to regulate bulletin boards, but to regulate law
enforcement to ensure that when they deal with a 14 year old running a C-64 BBS
for two hours each night, they do so with EXACTLY the same respect for law that
they do when dealing with BellSouth or AT&T.  

The challenge this brings is not limited to bulletin boards or camcorders. 
Increasingly, we will see technologies that today are comfortably limited to
large controllable entities migrate to individuals.  What happens when I can
have my own comm satellite for $5000?  

Jack Rickard
 Boardwatch Magazine



;Date      25 Oct 92 02:03:18
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE: RE: LEGAL SITUATION
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: JACK.RICKARD@boardwatch.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sat Oct 24 17:57:48 1992


 > Does anyone have an opinion on the (FidoNet) case where, third party
 > traffic is killed or modified by a non-addressee (on intermediate
 > systems through which the traffic is flowing)? Has this been 
 > addressed
 > in other electronic store-and-forward systems?
 > 
 > This is becoming of critical importance in FidoNet and we're all
 > completely in the dark.
 > 
 >                         tomj@fidosw.fidonet.org
 > 
 > 

I have an opinion Tom, but it may not be worth much.  I can't imagine there
being any legal liability for in transit mail at all.  As I mentioned in
another message, I'm nearly as concerned about the effective death of a BBS for
evidenciary purposes as legal liability.  But even there, visability as to
precisely which systems in-transit mail passes through would be pretty limited
to most governmental authorities unless the messages actually appear in a
public conference where someone could dial in and see them.

My own take is that you have BBS operators within FidoNet that just resent the
fact that they can't nose about through mail passing through their system.  I
pass out a very tiny bit of in-transit mail, and I couldn't even tell you how
much or when, without doing a bit of mucking about to make a determination.

The nature of FidoNet itself may cause this to be problematical.  And I know
any scent of rules will cause a furor.  But it sounds like more of an
organizational determination than a legal one. It is just this type of
fractious incident that has driven the net toward irrelevancy for netmail.  I'm
communicating from Boardwatch BBS to other BBSs primarily through the Internet
now for precisely this reason.  In the Internet, there are mail delivery
failures, but they are not caused generally by some intermediary sysadmin
disapproving of contents or format.  

If it were me, and its not, I would require expeditious handling of ALL routed
and in-transit mail as a requisite for membership.  If you don't, any of 16000
BBS operators in FidoNet who doesn't approve of encryption in general or
encrypted mail can stop traffic.  At LEAST the guy who stopped it in this case
sent a message to both parties.

I would imagine you and George are the only ones that could make it stick.
I don't think you're going to find a legal precedent requiring BBS operators
to pass encrypted mail, and realistically, I can't picture any realistic
liability an operator could have for encrypted mail passing in one port, out
another (or the same) with no public display on the BBS.

Jack Rickard
 Boardwatch Magazine.



;Date      25 Oct 92 02:03:19
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE: QUESTION OF THE DAY
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: JACK.RICKARD@boardwatch.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sun Oct 25 00:52:44 1992


 > (It should be noted that "adult" bookstore owners and proprietors of 
 > 
 > topless bars are held liable not because they've reviewed everything
 > beforehand, but because the nature of what they offer is such that 
 > courts
 > are willing to impute _scienter_ with regard to obscenity. This 
 > exception
 > to the rule of Smith v. California is pretty narrow.)
 > 

I agree Mike.  If a BBS ran a message area labeled CREDIT CARD FRAUD EXCHANGE
or something implying that here is the place to discuss software piracy
matchups, the BBS itself is hosting illegal activity with that intent.  This is
a VERY different situation from two or three callers discussing such activities
through unreviewed private e-mail out of the 600 callers frequenting the board.

The problem this keeps coming back to as a practical matter, however, is that
if the CALLER is liable for their own illegal activity, how does the BBS
operator, assuming no one in the universe believes the operator is part of the
crime, keep the computer and system the BBS runs on from being seized as part
of the evidenciary process?

Jack Rickard

Boardwatch Magazine





;Date      25 Oct 92 10:50:15
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: RE: LEGAL SITUATION
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: paulb143@aol.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sun, 25 Oct 92 09:12:51 EST

From:                Paul Bernstein
Responding to:  Jack Rickard

Jack Rickard: you have hit the nail on the head!  Putting my BBS Sysop hat on
. . . I do NOT want to have to read messages (or fear that I must do so) . .
. for absent my being told that criminal activity is afoot, I want my
constituents to learn about and use the technology!  PROTECTION of Sysops is
THE KEY here, as Jack notes!  

I am TOTALLY AGAINST any concept that says the courts can and will solve our
problems:  First of all, going to court is VERY expensive!  Second, the
decisions by trial courts mean NOTHING and are likely to be inconsistent for
many reasons. 

My mention of the MPAA is not for "ratings" but for the creation of
"standards" and "Rules of Conduct" that, if they became industry standards,
would give Sysops some strong assurance that they are in compliance with the
law.

If Sysops will have to rely on future court decisions, then all you will have
left, after we lawyers tell our BBS-clients to go out of business because
they can't afford us . . . is the BIG outfits like CIS, Prodigy, etc., and
there goes the innovation and exploration that this technology demands.  It't
time for Sysops to take their future into their own hands and not rely on the
courts or overly expensive law firms that 99.99% of BBS-Sysops cannot afford.


;Date      25 Oct 92 10:50:16
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: RE: QUESTION OF THE DAY
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: paulb143@aol.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sun, 25 Oct 92 09:22:24 EST

From:     Paul Bernstein

Jack Rickard raises a proper question about how Sysops protect themselves
from seizure of the BBS.  

In Illinois there have been cases where, if Preliminary Injunctions (obtained
on an emergency basis) were dissolved as having been found at a later date to
be unfounded, then the injured party (the one against whom the original
injunction was issued) is entitled to substantial damages!

Sorry to harp on this folks, but if there were a Sysops equivalent to the
MPAA and if one of the rules a Sysops subscribed to as a member was to "Keep
weekly backups of ALL MATERIALS on the BBS," and if that became public
knowledge, AND, IF THE LAWYERS WOULD WORK TOGETHER TO FORGE A MOTION AND
BRIEF ON THE SUBJECT, clearly demonstrating the significant financial legal
liability a governmental agency was exposing itself to from an "illegal"
seizure . . .THEN, you're on your way to clearing the way for Sysop's
continued exploration of the technology without fear.  For then, governmental
agencies with subpoenas could grab the back-up disks and information and not
the main BBS,....at least, not without A FULL AND COMPLETE court hearing and
adjudication!!!

The keys and answers are here, I should think.  What's wrong with a "CODE OF
ETHICS?"  What's wrong with "Rules of Conduct?"  What's wrong with
subscribing to such codes of ethics and conduct?  Why can't we have "Custom
and Usage" and our own equivalent of the MPAA?    Clearly, this still leaves
open the potential for court action, but if we have brief and memorandum of
law databanks and lawyers around the country who are Sysop-oriented and have
enough interest in the technology to do some Pro Bono work . . . we can head
off Washington intervention (which is sure to come as the technology becomes
politically potent) and prevent the courts from destroying us.

What's wrong with such suggestions?  And, why shouldn't we move in that
direction with this conference?

PaulB

;Date      25 Oct 92 11:57:54
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sun, 25 Oct 92 14:52:23 EST

 
> Lance Rose  writes:

> Mike writes:
>  
> <No one has yet answered my question as to why sysops should be held to a
> requirement of reasonable review when booksellers and magazine distributors
> are not. Want to tackle that one, David?>
>  
>        Mike, I think there is some requirement of reasonableness under the
> circumstances.
  
There doesn't seem to be one grounded in Constitutional law, however. A
bookstore owner may know full well that Kitty Kelley's book on Nancy Reagan
may be libelous or that Madonna's book SEX may be obscene; even so, the
Supreme Court has never held that bookstore owners can Constitutionally be
held to a standard of "reasonable review."

>        Off the top of my head, I can think of two factors leading to a
> review situation.  One is that sysops are generally on notice that illicit
> materials of all sorts might go through their BBS.

I simply don't think this is the case.  I don't think BBSs are any more
marginal an information medium than bookstores are, legally speaking. A
sysop has no greater "notice" that, say, libelous material is passing
through her BBS than a bookstore owner has as to libelous books he may be
carrying. The same is true of obscenity or criminal copyright
infringement.

> While this does not mean
> they're on notice as to any given message or file they have not actually
> seen, it may mean they have to walk the beat every now and then.

Any imposition of a "walking the beat" requirement for sysops that is not
imposed on bookstore owners has to be grounded in a Constitutional
distinction. Here, the distinction seems to be the (questionable) one of
supposing that BBSs are more likely to be the venue of illegal
communications than bookstores are. God help us if this distinction ever
does get enshrined in Constitutional law.

It should be noted that lots of crimes are plotted in restaurants and
bars, too, but the law does not require bar owners to review
conversations.

>        The other is that sysops are uniquely in a situation to prevent
> damage from damaging materials.  If sysops are not held responsible, then
> effectively there may be no one at all guarding against damage due to online
> materials.

The position here is not unique. Bookstore owners could also act to
prevent libel or obscenity in a community.

>  Judges may not be willing to see that situation get set up, or
> continue.
  
It is possible in "real life" for vandals to get away with harming people
and property. The law does not require that someone *always* be held
responsible.

>        I don't see why there can't be a reasonable review duty.  It does not
> necessarily conflict with 1st Amendment.  F

To me, it does, unless there is an interpretation of the First Amendment
that sets BBSs up in a unique legal category.

>        I agree with the spirit of your position, but don't see it as
> entirely sustainable in application.

It shoudl be noted that the "scanning for viruses" requirement on a sysop
has nothing to do with communication or First Amendment protected
interests. I think that's just a negligence issue that can be handled by
traditional tort principles.


--Mike Godwin




;Date      25 Oct 92 22:01:14
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Mon, 26 Oct 92 0:26:57 EST


Lee Tien writes:
 
> I agree wholeheartedly with (I think it was Trotter Hardy) the    
> person who recommended that we NOT analyze sysop/BBS liability 
> in general First Amendment terms.  

Why not? BBSs are used for core First Amendment interests of 
speech and press and associatin. What is your Constitutional
theory for privileging printed material over BBSs?
 
> If we look back at the question Shari started us off with,
> each of the subject-matter areas involves different doctrines. 
> Like it or not, First Amendment law is sensitive to "categories"
> of speech, at least as applied by present-day courts.
 
Right. But this statement is vague enough not to be of much use in telling
us how to treat BBSs.

Is there anyone who has used a BBS who does not believe that what he is
doing is speaking, or hearing other people speak? Why should BBS-based
speech and publication and association have any *different* First
Amendment protections from those of newspapers, public assemblies,
bookstores, and pubs? On what Constitutional theory can we justify the
distinction?


--Mike




;Date      26 Oct 92 07:01:33
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: tien@well.sf.ca.us (Lee Tien)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Mon, 26 Oct 1992 06:55:08 -0800

In response to Mike Godwin:  

Mike has, I believe, missed the point I meant to endorse:  
I don't for a moment doubt the applicability of the First
Amendment's protections to sysops/BBSs.  

I said:
> If we look back at the question Shari started us off with,
> each of the subject-matter areas involves different doctrines. 
> Like it or not, First Amendment law is sensitive to "categories"
> of speech, at least as applied by present-day courts.

and Mike commented:
Right. But this statement is vague enough not to be of much use in telling
us how to treat BBSs.

I apologize for being vague.  I meant to suggest once more that
instead of addressing "sysop liability" we address "sysop liability
in relation to specific kinds of speech"-- and work on the most
important ones first.  

Each "problem category"-- obscenity, indecent speech, child 
pornography, advocacy of illegality, copyright infringement, 
defamation, classified/national defense information, commercial
speech, and so on, has its own doctrines.  They are all of course
related through the First Amendment, but the doctrines reflect
not only logic but history and the context of case law development.

It seems to me that when a sysop discovers that information 
arguably falling within such categories is being disseminated
via her BBS, she needs to know rather specific things beyond
general First Amendment principles:  what statutes are on the
books, federal and state; what kind of penalties are involved;
what does the common law say, etc.  
--Lee Tien

;Date      26 Oct 92 07:31:59
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 26 Oct 92 09:56:41 EST

Lance Rose reponds to Mike Godwin:
 
       At somepoint competing considerations can and do get balanced,
either expressly or implicitly.  Your position seems absolutist (and I don;t
mean 1st Amendment absolutism of the sort advocated by Black), which is
itself suspect.
 
<There doesn't seem to be one grounded in Constitutional law, however.>
 
A reasonable review requirement would not arise from the Constitution.
Saying there are Constitutional limits on liability does not mean
Constitutional "permission" is required for each attribution of liability,
especially safely short of whatver "limits" may be established.
 
<I simply don't think this is the case.  I don't think BBSs are any more
marginal an information medium than bookstores are, legally speaking. A
sysop has no greater "notice" that, say, libelous material is passing
through her BBS than a bookstore owner has as to libelous books he may be
carrying. The same is true of obscenity or criminal copyright
infringement.>
 
You missed my point that additional kinds of things can pass through BBS' -
credit card numbers, etc.
 
Also, you can have a BBS with a certain character that makes it more likely
to carry illegal materials,such as a pirate board - and some requirement
for the sysop to be aware of this.
 
<Here, the distinction seems to be the (questionable) one of supposing that
BBSs are more likely to be the venue of illegal communications than
bookstores are. God help us if this distinction ever does get enshrined in
Constitutional law.>
 
This is a factual point, and needs to be settled on that basis.  It need not
be enshrined anywhere, but recognition of the possibility can lead to an ad
hoc approach, rather than enshrining the opposite - ie., that BBS' by
definition are no more likely to carry illegal materials than bbok stores.
 
LR>  Judges may not be willing to see that situation get set up, or
  > continue.
 
MG <It is possible in "real life" for vandals to get away with harming
people and property. The law does not require that someone *always* be held
responsible.>
 
Look at the reality.  Books are almost all published by big companies, and
there is realistic recourse aginst the publishers.  In a BBS situation,
there is far less realistic accountability by the posters.
 
LR> I don't see why there can't be a reasonable review duty.  It does not
  > necessarily conflict with 1st Amendment.
 
MG <To me, it does, unless there is an interpretation of the First Amendment
that sets BBSs up in a unique legal category.>
 
You're placing the limit on liability before the basis of liability.  First,
one determines if there is a duty.  Second, you look to see if it creates
the kind of "chilling effect" that implicates the 1st Amendment, and whether
that means the duty mustbe cut off due to Constitutional considerations.
Categorical distinctions of the sort you allude to are neither logically
necessary nor mandated in this situation.
 
                                               - Lance
 
 
 
 
 
 


;Date      26 Oct 92 20:05:59
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE: IMPOSITION OF RESPONSIB
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: JACK.RICKARD@boardwatch.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sun Oct 25 20:36:55 1992


Jack Rickard (Boardwatch Magazine) responding to Trotter Hardy:

 >    For these reasons, I think people are putting way too much
 >    faith in the desirability of Congressional (or State
 >    legislative) resolution of the issues of liability.
 > 

                                                               
I too am a little torn by this.  There is a wide variety of system that falls
under the rubrick of "BBS" or for that matter "online service" and new ones are
emerging.  Defining rights and responsibilities legislatively tends to harden
the environmental form, and might alter the development of new services in the
future to "work around" existing laws.  At the same time, our current situation
seems to be in straining to read tea leaves by applying pieces of existing laws
and case precedent to "similar" situations online.

I guess what I "thought" I was hearing was not a call for legislation, but a
call for voluntary guidelines set forth by some voluntary industry association.
 This more casual "environment" would then be something that would naturally be
taken into account during litigation involving bulletin boards and where no
clearly applicable legal precedent prevailed, might have an influence on a
court decision by establishing a legitimate forum for what a BBS operator
"thought" his rights and responsibilities were in some legitimate way.

The problem I have even with that is that it has to cover a lot of ground.  Tom
Jennings just brought up Policy 4.  Actually, I think this document began right
here in Denver in Net 104 from a single sysop disgruntled with the previous
policy document.  An entirely self nominated working committee rose to develop
this document in a private echo conference and after many months of wrangling
presented it to the Net.  Few could actually bear to read through all of it as
it was quite lengthy and endlessly detailed and I don't recall that it ever
gained a mandate, but many do think it is the "law" within FidoNet.    And
within the BBS and online community, I think a case could be made that despite
the diversity within the net, FidoNet systems tend to be a particular "type" of
system that does not necessarily share common ground with chat services, the
relatively new class of small Internet access services, public conferencing
systems, product support BBSs, etc.

At the same time, there does appear to be an emerging need for some form of
guideline.  Julian A. Smith, a professor of history of science and technology
at Ryerson Polytechnical Institute wrote an interesting article in the October
92 issue of "Toronto Computes" titled "Sysop Code of Ethics Urged." It
delineated an entire series of horrors BBS operators have visited on their
callers - many involving abuses of trust regarding private electronic mail,
sexual matchmaking activities, and various forms of denying access based on
religion, political views, etc.  In many ways, it seems that freedom of speech
is often a freedom afforded BBS operators and NOT their callers. 

So I think we will see increasing pressure toward SOME form of regulation of
online activities.  And while I don't personally see much in the way of good
coming from ANY such regulation, we may be forced to choose between regulation
we as online participants can participate in the formation of, or regulation
generated by most anyone willing to catch the publicity that the next mass
media wave doing the "BBS story" causes.

Jack Rickard



;Date      26 Oct 92 20:06:04
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: tex@well.sf.ca.us (John Coate)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Mon, 26 Oct 1992 09:01:11 -0800

Mike Godwin writes:
Is there anyone who has used a BBS who does not believe that what he is
doing is speaking, or hearing other people speak? Why should BBS-based
speech and publication and association have any *different* First
Amendment protections from those of newspapers, public assemblies,
bookstores, and pubs? On what Constitutional theory can we justify the
distinction?


I agree completely.

-JC

;Date      26 Oct 92 20:06:43
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Mon, 26 Oct 92 14:37:52 EST

 
Lee Tien writes:

> Mike has, I believe, missed the point I meant to endorse:  

Always possible. Since I'm on the road this week, I tend to be distracted
a little more easily.

> I apologize for being vague.  I meant to suggest once more that
> instead of addressing "sysop liability" we address "sysop liability
> in relation to specific kinds of speech"-- and work on the most
> important ones first.  
> 
> Each "problem category"-- obscenity, indecent speech, child 
> pornography, advocacy of illegality, copyright infringement, 
> defamation, classified/national defense information, commercial
> speech, and so on, has its own doctrines.  They are all of course
> related through the First Amendment, but the doctrines reflect
> not only logic but history and the context of case law development.
 
Some of these categories are not separate, Lee. Child pornography, like
obscenity, requires _scienter_ rather than "failure to conduct reasonable
review" for liability. The same is true for defamation. (Note that I'm
talking about redistributors here, not the original speakers.) Criminal
liability for copyright infringement or distribution of defense
information *also* requires _scienter_. (I read the statutes in Titles 17
and 18.) Maurice Weitzman of the WELL is not going to be held liable on
any of these grounds without proof that he intended for the material to be
there, or at least knew it was there. Mere negligence (failure to review)
won't be enough.

Mo may still be an innocent infringer of copyrighted materials without
_scienter_, but as Lance has pointed out (and I agree), these provisions
of copyright protection have already struck a balance that seems not to be
unduly chilling.

"Indecent speech," regardless of the misleading dictum in Sable
Communications v. FCC, is a category not applied outside of broadcasting.

Even the most subtle and nuanced understanding of First Amendment
jurisprudence has to grant that the *default* protections of BBS
publications and forums are just the same as those for other media; to
argue a different set of protections for BBSs requires a distinction that
passes Constitutional analysis. And, certainly, a *lessening* of
protections, such as "reasonable review" requirement derived from
"industry practice" would have to survive the highest standard of First
Amendment analysis.

> It seems to me that when a sysop discovers that information 
> arguably falling within such categories is being disseminated
> via her BBS, she needs to know rather specific things beyond
> general First Amendment principles:  what statutes are on the
> books, federal and state; what kind of penalties are involved;
> what does the common law say, etc.  

I agree that a sysop's duty *to remedy* may vary, *once the _scienter_
reequirement is met*, as in your example here. But a duty to remedy is not
the same as a duty to review.



--Mike





;Date      26 Oct 92 20:06:46
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: imposition of responsibility
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: mnemonic@eff.org (Mike Godwin)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Mon, 26 Oct 92 14:57:15 EST

 
Lance Rose writes:

>        At somepoint competing considerations can and do get balanced,
> either expressly or implicitly.  Your position seems absolutist (and I don;t
> mean 1st Amendment absolutism of the sort advocated by Black), which is
> itself suspect.

I don't see how it is "absolutist" to say that the same (nonabsolutist)
First Amendment protections that apply to other media apply to BBSs as
well.

Look at how BBSs are used--as publishers, forums, and redistributors of
information. The balancing of competing considerations for those uses
has already taken place. But it should be noted (as, I believe, scholars
from Melville Nimmer to Larry Tribe have noted) that a "balancing test"
alone provides inadequate protection of First Amendment interests. (I'll
give you a cite on this when I get back to the office.)
  
> You missed my point that additional kinds of things can pass through BBS' -
> credit card numbers, etc.

I caught that point, actually, and responded to it generically, by noting
that criminal liability hinges on _scienter_. That's a Due Process
requirement *as well as* a First Amendment requirement--check the Supreme
Court's holding in Liparota and progeny.
  
> Also, you can have a BBS with a certain character that makes it more likely
> to carry illegal materials,such as a pirate board - and some requirement
> for the sysop to be aware of this.

I think a pirate BBS meets the "dirty book store exception" to Smith v.
California, don't you? In that case, it's easy to impute _scienter_ to the
sysop, even if he didn't know the spcific illegal material in question.
 
> It need not
> be enshrined anywhere, but recognition of the possibility can lead to an ad
> hoc approach, rather than enshrining the opposite - ie., that BBS' by
> definition are no more likely to carry illegal materials than bbok stores.

But, Lance, there *are* presumptions as to the legitimacy of speech and
expression under the First Amendment. Even if I'm having a conversation at
a bar that is a known criminal hangout, my speech is presumptively legal.
Do we want to have different presumptions when the speech is on a BBS?
I don't see how the Constitution allows this.

> Look at the reality.  Books are almost all published by big companies, and
> there is realistic recourse aginst the publishers.  In a BBS situation,
> there is far less realistic accountability by the posters.
  
So we're told. But in how many cases has the perpetrator of unprotected
speech been impossible to trace? My guess is that the number is fewer than
five. (I'm being charitable.)

> You're placing the limit on liability before the basis of liability.  First,
> one determines if there is a duty.  Second, you look to see if it creates
> the kind of "chilling effect" that implicates the 1st Amendment, and whether
> that means the duty mustbe cut off due to Constitutional considerations.

This is the wrong order, Lance. In First Amendment analysis, Step One is
to presume First Amendment protection. Step Two is see whether the speech
in question falls into any of the well-defined exceptions.

Starting out by determining whether there is a duty is generic *tort*
analysis, not First Amendment analysis.

> Categorical distinctions of the sort you allude to are neither logically
> necessary nor mandated in this situation.

First Amendment analysis does in fact rely on categorical distinctions
of the sort I allude to. See Nimmer's treatise, for example.



--Mike





;Date      28 Oct 92 07:52:27
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: Imposition of Resp.
Options:   kill-sent private 
;Status:   (read 5 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 28 Oct 92 10:43:35 EST

Lance Rose responds to Lee Tien:
 
Lee says:
 
>It seems to me that when a sysop discovers that information
>arguably falling within such categories is being disseminated
>via her BBS, she needs to know rather specific things beyond
>general First Amendment principles:  what statutes are on the
>books, federal and state; what kind of penalties are involved;
>what does the common law say, etc.
 
Lance responds:
 
       But most of the 1st Amendment discussion here has to do with the duty
to monitor or review before specific discoveries are made.
 
       No one said that the 1st Amendment protects against knowing
dissemination of illegal material.  I think you're arguing against a straw
man here.



;Date      28 Oct 92 07:58:23
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: Imposition of Resp.
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 28 Oct 92 10:43:46 EST

Lance Rose reponds to Trotter Hardy:
 
Trotter says:
 
>  *ANY* laws restricting sysops from doing whatever they like
   exert a chilling effect.  I don't think you are going to
   convince courts or Congress, however, that therefore the only
   rules that make any sense are rules that totally immunize
   sysops from liability for anything.  That's why I think
   talking about a chilling effect is too general to be much of
   a guide to liability.
 
Lance responds:
 
       I don't advocate or believe that rules totally immunizing sysops will
be enacted or created under common law.  If you recall, in my discussion
here with Mike Godwin, I see strong reasons to believe there will be some
measure of liability.
 
       I *do* believe we can talk about chilling effects generally, though.
Or at least a certain kind of chilling effect - that which flows from any
legal rule which would lead to an obligation to review all materials on the
BBS.  This kind of rule could come from any substantive legal area where a
ruling of responsibility for damages without specific knowledge of the
damaging material arises.  Because it's the same practical burden in each
case - having to monitor or review stuff in order to avoid legal liability.
 
       The chilling effect in each case would be quantified according to how
much of a monitoring obligation would be placed on the sysop.  That quantum
of monitoring may itself depend on the substantive legal area under
consideration, and of course at that level the requirements of that
substantive field of law would need to be examined, but the practical effect
of monitoring obligations, once set, can be dealt with similarly across all
fields of law from which the monitoring obligations were derived.



;Date      28 Oct 92 08:58:30
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: Imposition of Resp.
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: tex@well.sf.ca.us (John Coate)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 28 Oct 1992 08:00:26 -0800

can we identify forces or agencies or individuals who really think or have
advocated that sysops should monitor everything on their board?  I know that
Prodigy does it, but that is because they want to maintain their family
standards.  They aren't compelled to do so.  What is going on now, what
momentum is there really that is pushing things in this direction?

Certainly I fear the possibility of it, and I deplore in general notions
that one should do something like that just because it's technologically
easy to do it.  But who is really pushing towards that?  I hear about the
NSA and the FBI and "law enforcement", but who is really pushing for this?

-- John Coate

;Date      29 Oct 92 08:34:38
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE: IMPOSITION OF RESPONSIB
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: JACK.RICKARD@boardwatch.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed Oct 28 23:47:39 1992



 > > coming from ANY such regulation, we may be forced to choose 
 > between regulation
 > > we as online participants can participate in the formation of, or 
 > regulation
 > > generated by most anyone willing to catch the publicity that the 
 > next mass
 > > media wave doing the "BBS story" causes.
 > >
 > 
 >    I don't know that a guideline will forestall or mitigate the
 >    inevitable articles on BBS's, but there's a chance.  I am
 >    sure that the articles will come, sooner or later.
 > 
Actually, the articles are being done rather regularly now, albeit in waves. 
My point was that with each rash of articles decrying pedophilia online,
obscene pictures, etc. (media attracting elements of the online experience) the
call for "action" increases.  These calls are usually from someone with no
experience online at all and those they turn to "for action" similarly ill
equipped.  Up to this point, our legislators have been so out of ken to what's
going on online, they have very nearly in some cases passed legislation
affecting bulletin boards and online services without any awareness that it
would have any effect on them, and in some cases only vaguely aware they
existed.  The offending legislation would be INTENDED to address some other
matter entirely.

I'm not really advocating that we rush out and legislate ourselves before
someone else does, but rather noting an increasing pressure toward some form of
regulation.               

Jack Rickard




;Date      29 Oct 92 09:05:06
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   third-party mail
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu, 29 Oct 92 01:46:13 PDT


Maybe this question is too elementary, but it's dear to me. Maybe it's
considered a change of subject here, for which I'll apologize ahead of
time. Regarding third-party traffic liability.

Assuming that I do some terribly illegal thing, over the Internet, you
can legally persue me. However I don't believe you can sue the
operator of each system that carried that illegal traffic. Is this not
true? Is it "clear" that internet sites carrying IP traffic are
carriers? If a message containing illegal material sits in storage,
however temporary, on a particular system, is the operator of that
system liable for its contents?

This is the sort of thing that is of incredibly burning and immediate
importance in FidoNet, certainly, and it's not hard to imagine
elsewhere. 

--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
--  
Tom Jennings - via FidoNet node 1:125/555
    UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings
INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG

;Date      27 Oct 92 11:05:48
From:      Jesse David Hollington@1:125/33
To:        Christopher Baker@1:125/111
Subject:   BBS privacy/Sysop responsibility
Options:   
;Status:   (read 2 times)
;MSGID: 1:225/1.0 2aed68dc
>----------------------- Do not change this line -----------------------------<
 CB> if, as the article states, it is legal in the United States for 'anyone' 
 CB> to 'legally encrypt an electronic message', how does FidoNet forbid such 
 CB> a thing if they are so worried about legal operation? [grin]

 In my experience with what I can only describe as the "inherent stupidities 
of FidoNet Politics" I imagine it was developed to allow people to feel they 
have some level of "control" over what goes through their systems.  That, plus 
the paranoid folks who are worried that the police might show up on their 
doorstep someday to seize their computer because of a message that passed 
through it.  This is not only an unrealistic, but a downright ludicrous 
assumption. 

 In my legal wanderings into Canadian law on the policies of encryption, 
privacy, and carrier status, I discovered that the fact that FidoNet Policy 
prohibits encrypted mail could actually *create* liability for the average 
Sysop, by implying that the Sysop has an obligation to monitor mail passing 
through their system.   

 It's actually an extremely dangerous precedent to set, and one that I do not 
like at all.  When I was RC12, I wanted to setup a local Regional "policy" 
that countermanded the Policy 4 clause, and I received permission from George 
Peace to do so due to the supposed legal differences between U.S. and Canadian 
law.  Unfortunately, the said policy never quite got off the ground because 
more pressing matters intervened. 

Cheers,
 Jesse.


--- Maximus 2.01wb
 * Origin: On a Clear Disk You Can Seek Forever (1:225/1)
SEEN-BY: 11/2 13/13 109/25 123/19 124/1 125/20 28 33 111 125 180 1212 203/1
SEEN-BY: 203/23 205/10 209/209 308/60 390/1 396/1
;PATH: 225/1 12/12 13/13 396/1 203/23 1 125/125 33


;Date      29 Oct 92 13:54:53
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   monitoring
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD
=LANGATE/ADMD=TELEMAIL/C=US/@sprint.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 29 Oct 92 01:11:00 UT

---------------------------------- Forwarded ----------------------------------
From: David Johnson at WCP1PO
Date: 10/29/92 8:31AM
To: RFC-822:bbslaw.eff.org at INTERNET
Subject: monitoring
-------------------------------------------------------------------------------


-------------------------------------------------------------------

          From David Johnson:
          With the possible exception of some overly zealous FidoNet
          sysops, I don't know of anyone who wants to increase the
          amount of monitoring.
          The question is likely to arise in a context in which
          someone claims to have been harmed by a message, the sysop
          did not in fact know of the message, but the claimant
          asserts that the sysop "should have known" of the message.
          It may be easier to defend against such a claim if the sysop
          engaged in some reasonable, perhaps "industry standard"
          (voluntary) review of PUBLIC messages than it would be if
          the sysop simply closed her eyes while grasping a copy of
          the constitution.
          Consider viruses, for a moment, because the first amendment
          argument is least helpful there. The Computer Fraud and
          Abuse act amendments in the crime bill that didn't pass
          would have added criminal liability for "reckless"
          distribution of dangerous code. I think a sysop that does
          not use readily available software to screen for viruses is
          courting disaster. If one gets through, the effort to do
          some screening is the sysop's best defense.
          I agree that the potential chilling arguments are more
          powerful in other areas, like defamation. But this really
          impacts on the level of review, and on what industry
          practice will and should be, rather than allowing sysops to
          flip over to the proposition that there is no obligation to
          review. In contrast, private email, even to a large group,
          might well be conducted without review (absent some specific
          reason to be suspicious) because the message is sent with
          some expectation of privacy.
          One puzzle: as email list reflectors replace or supplement
          stored public postings, a message can be sent "privately" to
          a long list of people the sender has not met.
          That may mean the public/private posting distinction will
          not private a stable line for distinguishing between various
          levels of sysop obligations, over time.


;Date      29 Oct 92 13:55:14
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re:  third-party mail
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: tien@well.sf.ca.us (Lee Tien)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu, 29 Oct 1992 13:44:32 -0800

This is Lee Tien responding to Tom Jennings's post which posed the
following questions:

Assuming that I do some terribly illegal thing, over the Internet, you
can legally persue me. However I don't believe you can sue the
operator of each system that carried that illegal traffic. Is this not
true? Is it "clear" that internet sites carrying IP traffic are
carriers? If a message containing illegal material sits in storage,
however temporary, on a particular system, is the operator of that
system liable for its contents?

Lee asks:  Tom, can you clarify what you mean by "illegal traffic,"
perhaps by concrete illustration?  

;Date      29 Oct 92 13:55:14
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re:  third-party mail
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw
From: tien@well.sf.ca.us (Lee Tien)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu, 29 Oct 1992 13:44:32 -0800

This is Lee Tien responding to Tom Jennings's post which posed the
following questions:

Assuming that I do some terribly illegal thing, over the Internet, you
can legally persue me. However I don't believe you can sue the
operator of each system that carried that illegal traffic. Is this not
true? Is it "clear" that internet sites carrying IP traffic are
carriers? If a message containing illegal material sits in storage,
however temporary, on a particular system, is the operator of that
system liable for its contents?

Lee asks:  Tom, can you clarify what you mean by "illegal traffic,"
perhaps by concrete illustration?  

;Date      29 Oct 92  15:55:48
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: Re:  third-party mail
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID 1:125/111 2AF00985
>----------------------- Do not change this line -----------------------------<
To:   bbslaw@eff.org


 U> From: tien@well.sf.ca.us (Lee Tien)
 U> This is Lee Tien responding to Tom Jennings's post which 
 U> posed the following questions: 
 U> 
 U> Assuming that I do some terribly illegal thing, over the 
 U> Internet, you can legally persue me. However I don't ... [etc]

 U> Lee asks:  Tom, can you clarify what you mean by "illegal 
 U> traffic,"
 U> perhaps by concrete illustration?  


?! Does it really matter? Pick some thing. Credit card number, I
slander you, whatever.  My point was, are the intermediate systems
liable for forwarding on a message that contains text that contains
something illegal.

My *real* question is, I assume the 2,000,000 systems that comprise the
Internet are not liable if you and I conduct some sort of illegal
business, in email, that passes through one or more intermediate
systems. Is this not true? I know there can be extenuating
circumstances, examples on either or any extreme, etc. Just pick
something in the middle, in your mind.



--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
;Date      29 Oct 92 19:31:52
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   re: Re:  third-party mail
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu, 29 Oct 92 15:55:48 PDT



 U> From: tien@well.sf.ca.us (Lee Tien)
 U> This is Lee Tien responding to Tom Jennings's post which 
 U> posed the following questions: 
 U> 
 U> Assuming that I do some terribly illegal thing, over the 
 U> Internet, you can legally persue me. However I don't ... [etc]

 U> Lee asks:  Tom, can you clarify what you mean by "illegal 
 U> traffic,"
 U> perhaps by concrete illustration?  


?! Does it really matter? Pick some thing. Credit card number, I
slander you, whatever.  My point was, are the intermediate systems
liable for forwarding on a message that contains text that contains
something illegal.

My *real* question is, I assume the 2,000,000 systems that comprise the
Internet are not liable if you and I conduct some sort of illegal
business, in email, that passes through one or more intermediate
systems. Is this not true? I know there can be extenuating
circumstances, examples on either or any extreme, etc. Just pick
something in the middle, in your mind.



--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
--  
Tom Jennings - via FidoNet node 1:125/555
    UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings
INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG

;Date      29 Oct 92 21:01:10
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE:  THIRD-PARTY MAIL
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: JACK.RICKARD@boardwatch.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu Oct 29 21:27:13 1992


 > Lee asks:  Tom, can you clarify what you mean by "illegal traffic,"
 > perhaps by concrete illustration?  

Does this imply that the degree of sysop liability for third party traffic
passing mechanically over his system is a function of how "illegal" the traffic
is or its nature?  

Traffic through both Internet and Fidonet is of a nature that operators in
either network COULD conceivably view an individual message.  But it is NOT
quite as simple as editing a file, particularly in the case of Fidonet.  Mail
comes in compressed in batches with LOTS of other mail, it is unpacked, sorted,
repacked and compressed, and resent, all quite automatically.  It IS
technically possible to snag mail, open up, and look at individual messages,
but it is generally NOT as convenient as most participants of this conference
may believe.  And for the lackadaisical, such as myself, I couldn't give you a
good figure on the rough number of packets moving through, much less what's in
them, without an investigation.  If some of those messages dealt with murder
vice simple narcotics possession, or the overthrow of the United States as
opposed to credit card numbers, am I MORE liable for this message traffic?  

I think the question is are we liable AT ALL for third party message traffic we
AND our immediate callers don't participate in or have knowledge of. I would
strongly advocate we are not, but stranger things have happened at the bar, and
I would have to defer to keener and more experienced legal minds than mine. 
But I'm a bit unclear as to what impact the "degree of illegality" of the
message content would have on this.  In a perfect world, I would think
liability would be tied more directly to the degree of sysop participation in
than crime than in his complicity in allowing it to pass mechanically over his
equipment.                

Why don't for the purposes of concrete illustration, we assume it was a message
plotting to feed the President cocain, force him to look at photos of naked
three year olds, and ultimately kill him in an effort to overthrow the
government of the United States while making a snuff film.  And figure three
stolen credit card numbers in the tagline somewhere.  That can be the
"slightly" illegal message.  We can assume a conversation over what time to set
off a planted thermonuclear device in Chicago as the "heavily illegal" message.
  

Taking the thermonuclear message, am I part of the plot if the message passes
through my system?  Was I negligent if Chicago lands on Detroit and I didn't
monitor my mail carefully?  I technically have it within my power, if not
convenience, to have read the message and notified authorities. In doing their
investigation into "What the Hell Happened to Chicago?" will the constabulary
want to know what I was doing at 3:12 AM on November 3rd when the "E-Mail that
Ate Chicago" passed through my BBS?  

I can't picture it.  In this scenario, I can't imagine anyone caring which BBS
it went through anymore than they would trace which particular CO switches a
voice conversation went through that involved a crime.  I think we may wind up
faced with law enforcement trying to "tap in" via bulletin boards to monitor
such traffic as they do with telcos, and undoubtedly, they're going to have to
learn to unpack and read messages (not much to that) to do so.  The current
urge in the FBI to deal with new technologies by passing a law requiring
vendors and telcos to make life easy for the FBI at everyone elses expense
poses some problems.  But I cannot picture the BBS operator liable for illegal
activity involving third party e-mail traffic essentially "routed" through
their equipment.

Jack Rickard

Boardwatch Magazine


 





;Date      29 Oct 92 21:08:27
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RECEIVED FILE RE SYSOP ORGANIZA
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: JACK.RICKARD@boardwatch.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Thu Oct 29 21:44:15 1992

I received this file today from a concerned reader - representative of a fairly
regular stream over the past few months.

Jack Rickard
                                                  
============================================================================== 
 
                                                    10-28-92
 
 
                     An Open Letter to all Sysops
 
 
 
    Most of you have by now heard at least something about the legal
prosecution of one BBS or another for reasons usually pertaining
to the distribution of adult material such as GIFS, etc.
    The gist of the argument seems to be that the wrong people
( kids, those finding the material to be morally offensive, etc.)
are able to gain access to material that is otherwise handled very
responsibly by the Sysops of our country.
    My purpose in writing to you has nothing to do with sermonizing,
lectures, or anything along that line. I am a user of BBS's, and am
not a Sysop. I am, however, a nationally published writer, computer
consultant, and electronics technician, and I hope that gains your
attention long enough for me to point out a few things that should be
of key interest to anyone currently operating a BBS.
    Fortunately, I have an experienced Sysop to guide me in
understanding the day to day operation operation of a BBS. He has
allowed me a window into your world, the issues that concern you, and
what is important to most of you. I find you to be very creative,
outspoken, and dedicated people.
    Because of this, I know that many of you are wondering what could
happen to your world should Uncle Sam decide to come in and start
throwing regulations around.
    Is there some type of threat to the free, independant operation
of a BBS?. And if so, what form might it take, what defense could be
used against it?.
    Let me summarize the current climate, and " lay it on the line "
for you.
    The future of BBS operations in the United States will come under
regulation. This cannot be stopped. What has ocurred so far is the
first faint rumbling of a coming storm. Be it profiteering
communications outfits, morally outraged citizens, whatever, the 
" Golden Age " of BBS operation is passing.
    What form the future takes can be controlled, however. You, as
Sysops, are going to have to find some common ground, some established
standards, and unite behind them. If there is no unified voice among
Sysops on at least those points which can be used to attack you, then
you will be powerless against any individual or special interest group
that chooses to make an example of your method of operation, or the
content of the material that you choose to present. It is being proven
right now that that the law has virtually no way of determining intent
or willfull wrongdoing in your desire to present a free means of
information exchange and distribution.
    This means that charges against a BBS can be filed on a " learn as
you go " basis by the authorities of any community in which your
signal is recieved, should their local statutes be violated. Anyone
who tells you different is lying. Period.
    Licensing the operation of a BBS will follow as soon as a
sufficient threat is established by any individual or group willing to
shout loud enough. Legal precedents have been established that can
make this happen a lot sooner than you might imagine. This will be
followed by mandates required to meet the licensing
standards. In short, control will come. And with the revenue potential
of thousands of BBS's all across the country, some clown in Washington
is going to make this cost you money.  You would, in effect,wind up
having to pay for your own prosecution
    You have the most powerful tools available to combat your
enemies. They consist of your communication abilities, and the voice
of those now using your BBS's. There is no reason ( other than
negligence on your collective parts ) that you cannot determine the
future course of BBS operation in the U.S.
    The creation of a BBS is something intensely personal. Because of
this you have never been able to unite on a set of standards for BBS
operation. I don't blame you. 
    But now you must consider the possibility of giving up part of
the control ( the entire extent of which cannot be known ) of your
creation to an entity that cannot possibly respond to the diverse
range of your operating philosophies.
    It is time to begin pooling ideas on how you will defend
yourselves. It must be done. It's irritating, perhaps distasteful to
some or most of you, but it must be done.
    My contact point is Digital Escape, in Monroeville, AL. The Sysop,
Michael Harrison, can talk to you in a language that you are more
familiar with. He is dedicated to keeping BBS control in your hands,
where it belongs. Any ideas, comments, etc, would be most welcome.
with. I will help in any way I can.
 
 
                                        My thanks,
 
                                        Billy W. Godfrey
 
  This Letter is Being sent to you Unedited by Digital Escape BBS.
205-575-1924. I have seen and heard of quite a few systems being
closed down for this reason or that. I would like to see an organiztion
formed to just give us a voice. I know what many of you are thinking,
"Oh no, Another someone trying to tell me what to do with MY system."
This is not the case. I don't want anyone telling me what to do either.
But if an organization was formed and a Member list was kept, it would
represent numbers! When the sikco petafile gets busted for his BBS then
the other BBSes can say "Hey, he was a lone wolf and in no way represents
the BBSes in our organization." This is the only way I can see to protect our
independence, not restrict it. Law makers only see numbers and law enforcement
is, for the most part, unaware of what real BBSes do. I believe this is
why systems are siezed before charges are filed. You can't have your
car taken till someone figures out if you were speeding or not, so how
is it that systems can be taken till it is figured out what laws (if any)
were broken.
  If any one is interested in just such an organization. You can
contact me at Digital Escape BBS (205) 575-1924. 


;Date      30 Oct 92 06:38:54
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE:  THIRD-PARTY MAIL
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: thardy@mail.wm.edu (Trotter Hardy)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 30 Oct 92 09:52:50 


This message from Trotter Hardy
--------------------------------

Jack Rickard writes:

> Traffic through both Internet and Fidonet is of a nature that operators in
> either network COULD conceivably view an individual message.  But it is NOT
> quite as simple as editing a file, particularly in the case of Fidonet.  Mail
> comes in compressed in batches with LOTS of other mail, it is unpacked, 
sorted,
> repacked and compressed, and resent, all quite automatically.  It IS
> technically possible to snag mail, open up, and look at individual messages,
> but it is generally NOT as convenient as most participants of this conference
> may believe.

   Criminal liability is a bit outside of my area, but here are
   my thoughts about BBS's as intermediaries. First, BBS's that
   simply pass compressed mail on to another node are serving
   in a sense as "common carriers."  Most common carriers are
   heavily regulated: the (local) telephone service, U.S. mail,
   electric power, trains, etc.  There are private carriers with
   less regulation: UPS, trucking companies.  But few if any
   carriers   that have no regulation at all. (If any of you are
   regulatory lawyers and have other examples of non-regulated
   carriers, please correct me.) That may well mean pressure to
   regulate BBS's at some point.



   Second, I do not think that UPS would be criminally liable
   for delivering a package of cocain, as long as it had   no
   reason to know of the package contents. It could, of course,
   X-ray all packages.  It could advise customers that it will
   open all packages. But it doesn't do either as far as I know.
    That leads me--not a criminal lawyer and so not fully
   knowledgeable about it--to conclude that Fido sysops serving
   as hubs for mail distribution do not have to read every
   message on pain of facing criminal liability.


   I think the harder questions will relate to boards where the
   sysop has more involvement than simply passing the mail to
   the next node.

    Trotter Hardy  (Fido 1:271/118)





;Date      30 Oct 92 06:38:54
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE:  THIRD-PARTY MAIL
Options:   kill-sent private 
;Status:   (read 4 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!eff.org!bbslaw-request
From: thardy@mail.wm.edu (Trotter Hardy)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 30 Oct 92 09:52:50 


This message from Trotter Hardy
--------------------------------

Jack Rickard writes:

> Traffic through both Internet and Fidonet is of a nature that operators in
> either network COULD conceivably view an individual message.  But it is NOT
> quite as simple as editing a file, particularly in the case of Fidonet.  Mail
> comes in compressed in batches with LOTS of other mail, it is unpacked, 
sorted,
> repacked and compressed, and resent, all quite automatically.  It IS
> technically possible to snag mail, open up, and look at individual messages,
> but it is generally NOT as convenient as most participants of this conference
> may believe.

   Criminal liability is a bit outside of my area, but here are
   my thoughts about BBS's as intermediaries. First, BBS's that
   simply pass compressed mail on to another node are serving
   in a sense as "common carriers."  Most common carriers are
   heavily regulated: the (local) telephone service, U.S. mail,
   electric power, trains, etc.  There are private carriers with
   less regulation: UPS, trucking companies.  But few if any
   carriers   that have no regulation at all. (If any of you are
   regulatory lawyers and have other examples of non-regulated
   carriers, please correct me.) That may well mean pressure to
   regulate BBS's at some point.



   Second, I do not think that UPS would be criminally liable
   for delivering a package of cocain, as long as it had   no
   reason to know of the package contents. It could, of course,
   X-ray all packages.  It could advise customers that it will
   open all packages. But it doesn't do either as far as I know.
    That leads me--not a criminal lawyer and so not fully
   knowledgeable about it--to conclude that Fido sysops serving
   as hubs for mail distribution do not have to read every
   message on pain of facing criminal liability.


   I think the harder questions will relate to boards where the
   sysop has more involvement than simply passing the mail to
   the next node.

    Trotter Hardy  (Fido 1:271/118)





;Date      30 Oct 92  12:22:01
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: RE:  THIRD-PARTY MAIL
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID 1:125/111 2AF128EA
>----------------------- Do not change this line -----------------------------<
to: bbslaw@eff.org

 U> From: thardy@mail.wm.edu (Trotter Hardy)

 U>    I think the harder questions will relate to boards 
 U> where the    sysop has more involvement than simply 
 U> passing the mail to    the next node. 

I'm not sure what you mean about "harder". My interest in this mailing
list was because it might shed light on actual problems we're having
today, not just for plotting the future. Today is where the problems
are, that will define the path for tomorrow.

THe hardest thing as I see it, now and today, is to be able to provide
today's sysops with enough information to be able to understand what
the issues are, what the bounds of liability are. I do NOT mean, easy
answers "this is safe and that is dangerous". 

I had thought that the "systems handling third-party traffic are
relatively not liable for message content" relative to local BBS
message areas and conferences, could be a fairly straightforward
opinion/statement/interpretation, without anyone sticking their neck
out or making blanket statements that we all know are not possible. 

To tell the truth, I was hoping the discussions here would have
applicability to today's problems, not just what-if's and
where-are-we-going's, but I think that's just my usual impatience...

--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
;Date      30 Oct 92  12:31:52
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: RE:  THIRD-PARTY MAIL
Options:   kill-sent private 
;Status:   (read 1 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID 1:125/111 2AF12B39
>----------------------- Do not change this line -----------------------------<
to: bbslaw@eff.org

 U> From: thardy@mail.wm.edu (Trotter Hardy)

 U>    I think the harder questions will relate to boards 
 U> where the    sysop has more involvement than simply 
 U> passing the mail to    the next node. 

I'm not sure what you mean about "harder". My interest in this mailing
list was because it might shed light on actual problems we're having
today, not just for plotting the future. Today is where the problems
are, that will define the path for tomorrow.

THe hardest thing as I see it, now and today, is to be able to provide
today's sysops with enough information to be able to understand what
the issues are, what the bounds of liability are. I do NOT mean, easy
answers "this is safe and that is dangerous". 

I had thought that the "systems handling third-party traffic are
relatively not liable for message content" relative to local BBS
message areas and conferences, could be a fairly straightforward
opinion/statement/interpretation, without anyone sticking their neck
out or making blanket statements that we all know are not possible. 

To tell the truth, I was hoping the discussions here would have
more applicability to today's problems, not just what-if's and
where-are-we-going's, but I think that's just my usual impatience...

--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
;Date      31 Oct 92 09:06:55
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: Third party . . .
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555
;At least one blank line must follow this line.

From  kumr!eff.org!bbslaw-request
From: 72230.2044@compuserve.com (Lance Rose)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 31 Oct 92 11:30:46 EST

Lance Rose reponds to Tom Jennings:

Tom, I've stayed out of this because I had little to add that others were
not already saying.

I understand your concern for non-sound-byte answers to the boundaries of 
liability.  In fact, I wrote a book about that very subject - SysLaw.  It
addresses the "distributor" function of sysops and network nodes, and lays
out many of the issues.  I tried to point out where things were clear and 
where they were unclear, and describe factors at work in the latter case.

My own interest in this mailing list is to discuss some of those unclear 
areas with the few others genuinely involved in the field right now.  Like
you, I'm a little surprised at the relative lack of a day-to-day, practical
approach to a lot of the questions being raised.  But you can help fix that, 
to the extent you're interested <g>.

FWIW, the term "carriers" carries some baggage that probably makes it not
a good one for discussion.  It raises connotations of "common carriers", 
which tend to be highly regulated - a prospect I don't believe I have seen
anyone here advance at all, and I'm sure it's not saomething you advocate,
either.  There are a variety of terms one can use.  I tend to say somrthing
like "merely distribute".


;Date      31 Oct 92  12:21:08
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: Re: Third party . . .
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID 1:125/111 2AF27A35
;At least one blank line must follow this line.

to: bbslaw@eff.org

 U> Lance Rose reponds to Tom Jennings:

Thanks for your comments, I appreciate them greatly!


 U> FWIW, the term "carriers" carries some baggage that 
 U> probably makes it not a good one for discussion.  It 
 U> raises connotations of "common carriers",  which tend to 
 U> be highly regulated - a prospect I don't believe I have 
 U> seen anyone here advance at all, and I'm sure it's not 
 U> saomething you advocate, either. 

re: carriers. I thought there was a difference between carriers and
common carriers. Common carriers are highly regulated, but I don't
think FidoNet etc come even close to their status. I will use other
terms, probably our "in transit" which I think suffices.

Mainly though, I thought that I needed to translate local FidoNet
concepts like "in-transit" messages to "third party" messages since my
words fell >clunk< to the floor here. "Carrier" I used merely to
convey the role that FidoNet hosts and hubs play (which you're
probably aware of). 


FidoNet also seems to have some sort of credibility problem, because
it sprang up from "nowhere" and it's organization is puzzling to most,
and it's not populated with (or beholden to) the Usual Suspects (ie.
industry and universities).


--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
;Date      01 Nov 92 18:32:57
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   RE:  THIRD-PARTY MAIL
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
;At least one blank line must follow this line.

From  kumr!eff.org!bbslaw-request
From: Shari.Steele@eff.org (ssteele@eff.org)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Sun, 1 Nov 1992 21:09:40 -0500

Jack Rickard writes:

>I think we may wind up
>faced with law enforcement trying to "tap in" via bulletin boards to monitor
>such traffic as they do with telcos, and undoubtedly, they're going to have to
>learn to unpack and read messages (not much to that) to do so.  The current
>urge in the FBI to deal with new technologies by passing a law requiring
>vendors and telcos to make life easy for the FBI at everyone elses expense
>poses some problems.

Shari Steele responds:

Like most of us, I'm struggling to understand the full scope of the FBI's
proposal and how it could affect BBSs.  (It clearly will have _some_
effect.)  I assume that by now everyone knows that if passed, the FBI's
"digital telephony" proposal would require all carriers and developers of
information services to provide backdoors so that the bureau could do legal
wiretaps of digital transmissions.  Here's the question:  What will this
mean for SysOps, particularly ones who carry a network node?  For example,
suppose the FBI knows that Tom Jennings has a FidoNet node and that the
message relating to the nuking of Chicago will be passing through Tom's
node.  The FBI does not suspect Tom of being part of the plot.  Could they
still execute a legal search warrant to search messages passing through his
board, never logging on to either boards on the sending or receiving ends? 
I assume that Tom would not be liable for such a message, but could he be
liable for not providing the feds with access to his node and with the
knowledge to uncrunch the message under the new proposal (assuming they had
a valid warrant)?  I suspect that he could.


;Date      02 Nov 92 05:30:15
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   FBI proposal
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555
;At least one blank line must follow this line.

From  kumr!eff.org!bbslaw-request
From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD
=LANGATE/ADMD=TELEMAIL/C=US/@sprint.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 2 Nov 92 08:20:00 UT

          David Johnson, responding to Shari Steele:

          Any sysop is already required to comply with a valid search
          warrant. (Sysop's can, by contract, have some impact on
          their own duty to tell users about government requests for
          information -- unless the government gets an order
          prohibiting disclosure).
          The FBI proposal doesn't alter the obligation to comply with
          a warrant but, instead, requires that communication systems
          be designed so that authorized interception of particular
          conversations is technically possible. In other words, it
          would forbid (after a time lag, and subject to exceptions)
          the use of communications systems that are configured so
          that specific transmissions cannot be intercepted
          contemporaneously with their receipt.
          I don't think this proposal would change the way the law
          impacts on local BBS operators. It could create severe
          problems for providers of centralized systems. It is part of
          a general pattern of government activity to resist
          encryption and other means of assuring communications
          privacy.
          Mindful of Lance's suggestions that we focus on practical
          issues, I would suggest that sysops should make sure they
          have a user agreement that clearly states their policy on
          the privacy of electronic mail, their policies re
          encryption, and the procedures they intend to follow if the
          government requests access to messages or files on their
          system.


;Date      03 Nov 92  12:59:26
From:      Tom Jennings@1:125/111
To:        Rich Veraa@1:125/33
Subject:   re: Routed Mail
Options:   kill-sent 
;Status:   (read 1 times)
;INTL 1:125/33 1:125/111
;PID ReadMail
;MSGID 1:125/111 2AF677AF
 RV> The only regulations 
 RV> that pertain here are those on the phone companies whose 
 RV> facilities we use... 

I think this is incorrect. Like it or not, FidoNet is a communications
medium. "Hobbiest" is not a defense, it doesn't remove legal
obligation nor liability. In fact we carry communications, and
therefore incur legal obligations and liabilities. The extent of which
is undetermined (an understatement!), but they are there.

We can't do "whatever we please" simply because we're hobbiests. I
wish this were true, but it's not. That's what I meant earlier about
"being greater than the sum of our parts". 

The mere fact of setting up a BBS sets up all sorts of legal
entanglements, whether you're aware of them or not. Obviously 99.99%
of the time it makes no difference -- yes I know people get busted
spuriously, and there are even Bad Guy sysops out there -- but the
vast majority simply operate their systems as they "see fit" and never
have a practical worry. 

But I think this is changing for  number of reasons, including but not
limited to -- our vastly increasing numbers; increasing disregard for
civil liberties; electronic comm. used in society, biz and gov't; new
technologies such as encryption and the social questions this raises;
and plain old greed.

We can't pretend we're 14th century feudal fiefdoms any longer. Your
BBS isn't just "part of your living room" it's part of a
technological, legal and social structure larger than any one person
or group. The only way you can COMPLETELY control it is to withdraw
completely. 

--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
;Date      03 Nov 92 11:47:12
From:      Uucp@1:125/555
To:        Tom Jennings@1:125/111
Subject:   RE: BELAT
Options:   kill-sent private 
;Status:   recv'd (read 3 times)
;INTL 1:125/111 1:125/555
From  kumr!boardwatch.com!JACK.RICKARD
From: JACK.RICKARD@boardwatch.com
To:   TOM.JENNINGS@f111.n125.z1.fidonet.org
Date: Sun Nov 01 05:54:21 1992


 > Hey, no one method applies universally. For living situations and
 > communications systems with thousands of components, decentralized I
 > think works best.  I've put on shows, with 4 - 5 bands, assorted
 > performers, rented halls, got insurance, paid performers, handled
 > trouble guests, 1500+ audiences, etc, and I can tell you we (Shred 
 > of
 > Dignity, our little cooperative household) run them in a pretty damn
 > top-down manner. 
 > 

I agree.  My point was that we may societally face more "organization"
challenges in the future that don't really have proven models.  For many,  the
concept of having an effective organization cooperatively without some
authoritarian centralized structure is beyond their ken.  For some future
purposes, it may be impossible to do some things without such a decentralized
model.  And while there have been several - I think the FidoNet concept, warts
and all, demonstrates 17,000 people voluntarily doing something on a global
basis.


 > And a separate THANKS! for your participation in the bbslaw mailing
 > list. Sheesh, but those guys would rather stay off in a tangent
 > removed from the planet, than deal with icky BBS people. I detect
 > more than a little condescension.
 > 

Yes, a good deal more than a little.  There is a pattern, particularly in
academia, of resisting a technology for years.  After it is a fait accompli,
they have quite a struggle to make the transition to the point where they can
claim to have actually invented it (there idea in the first place).  I think
we're seeing quite a bit of it going on on several fronts.  The actual people
running bulletin boards do pose a problem in making that transition stick.  

I'm going to Washington this week to participate in a National Academy of
Sciences panel on "Rights and Responsibilities" online.  Part of the process of
making it theirs.  I'm the "token" BBS guy.  While I really do not like this
particular type of gathering, I think they do need to get a little shiv in the
ribs from the BBS end of things.

On the mailing list in particular, it is largely an EFF thing.  We're doing
quite a bit of a strange dance with the EFF after my response to John Coat's
letter in the November Boardwatch. It caused a bit of a stir in EFFland.  I
think at this point, they do want to be involved with BBS, but they want to do
it from some form of superior position.  They can have the upper ground
position as far as I'm concerned, but if they are to do BBSland any good,
they're going to have to learn the real issues.  Most of the "condescending" is
really that on any specifics, they haven't a clue, love to posture on high
minded constitutional issues, and don't quite even have a vocabulary to do so
as it applies to moving mail, moderating echoes/conferences, and dealing with
real callers.  Your nuts and bolts questions appear to go unanswered but I
think they actually cause some education here that is valuable.  They're quite
comfortable with legal theorizing about online issues in general, but few of
them have run a system ever.  The sum total of online experience of some of
them is the WELL and the EFF box.  

Since you and I just aren't likely to suddenly have a stroke and undergo
personality changes, it's unlikely we'll do anyone any good as Washington
lobbyists.  To whatever degree we can provide input/education to surrogates who
actually like that sort of life and can operate effectively in that
environment, we can probably work to benefit the BBS community.  If we have to
listen to a little faux paternalistic condescension in the process, what the
hell.  I don't mind.  We're not going to change them.  We don't want to be
them.  But we might give em a nudge in a productive direction.

Forgive the length.

Jack Rickard



;Date      03 Nov 92 11:48:57
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: FBI PROPOSAL
Options:   kill-sent private 
;Status:   (read 3 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!bbslaw-request
From: djw@eff.org (Daniel J. Weitzner)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Tue, 3 Nov 1992 13:51:55 -0500

Danny Weitzner responds to Jack Rickard.  Jack writes:
                                                       
>Actually, I think it would have an impact on BBS operators.  Tom Jenning's
>original query regarded third party mail routers handling of ENCRYPTED
>electronic mail.  The routing system would be technically unable to provide
>such access should this FBI proposal become law.

I'm not sure what Jack means by the reference to encryption.  The current
FBI proposal does not mention encryption, nor does it explicitly restrict
the use of encryption.  An earlier wiretapping proposal, known as the
"plain text requirement" was floated by law enforcement in 1991, but was
stopped.  That proposal would have required communications carriers to
provide the 'plain text' of any communication upon presentation of a valid
warrant from law enforcement. 

I certainly agree with David Johnson's point that the FBI proposal is part
of a larger government pattern to restrict communications privacy
(including encryption), but mention of the encryption problem is
conspicuously absent from the Digital Telephony proposal.

So I'm not sure what Jack means by "technically unable"?

Danny


;Date      03 Nov 92 11:47:35
From:      Uucp@1:125/555
To:        Tom Jennings@1:125/111
Subject:   re: re: Official Start of BBS Legal Group Conference
Options:   kill-sent private 
;Status:   recv'd (read 7 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!ssteele
From: ssteele@eff.org
To:   Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings)
Date: Mon, 2 Nov 1992 15:59:06 -0500

Hi Tom.
Sorry it's taken me so long to get back to you re: a Dear SysOp column for
FidoNews.  I was at InterOp last week and have been feeling really swamped.
 But I think I'm finally getting my head above water now.

Bi-weekly would be as much as I could handle for the column (monthly would
be even better for me if that's enough for you), and two or three questions
sounds about right.  It would be great if you could collect questions and
pass them on to me.

I'd also like to start receiving FidoNews.  Could you add me to the mailing
list?

I will come up with a paragraph to include with each column about EFF. 
Perhaps this can change with each issue to reflect something current we're
doing here.  Thanks for giving us the soapbox.  I know that FidoNews
reaches a lot of people we want to reach.
Shari


;Date      04 Nov 92  16:25:55
From:      Tom Jennings@1:125/111
To:        Uucp@1:125/555
Subject:   re: re: re: Official Start of BBS Legal Group Conference
Options:   kill-sent private 
;Status:   IN-TRANSIT (read 1 times)
;INTL 1:125/555 1:125/111
;PID ReadMail
;MSGID 1:125/111 2AF7F993

to: ssteele@eff.org

re: "Dear Sysop" column in FidoNews

 U> Bi-weekly would be as much as I could handle for the 
 U> column (monthly would be even better for me if that's 
 U> enough for you), and two or three questions sounds about 
 U> right.  It would be great if you could collect questions 
 U> and pass them on to me. 

Monthly is fine. Maybe it can ramp up if desired, but monthly is
cetainly fine. As far as volume goes, I'll simply filter out dreck,
and pass you the rest (I'll try to give you no more than a dozen, for
example). You can do as much or as little as you like. A page of text
(60 ASCII lines) output would be a great size.

 U> I'd also like to start receiving FidoNews.  Could you add 
 U> me to the mailing list? 

FidoNet doesn't have mailing lists. It can be FTP'ed from
ftp.ieee.org, in the ~ftp/fidonet/fidonews directory. I don't kno whow
often/when that directory is updated. I can arrange to get you a copy
directly if that route is not useful.


... which brings up another point. This is more or less criticism of
the EFF in general, nothing personal!

EFF professes to want to address BBSs, but I have never seen any
direct interest from EFF into how they actually work. Even after
repeated info-dumps to EFF people, they remain completely ignorant
about the most basic operational details. Also, EFF does not run a
BBS, which gives them very little credibility in the BBS world.  There
is also more than a little condescension from EFF and Internetters in
general; as an example, the attitude in 'bbslaw' is, to tell you the
truth, infuriating.


-------- 

Maybe I'll offer to run an EFF-official BBS at my physical site. I
could gate EFF to FidoNet, for instance, and field BBS/Internet
questions and connectivity issues. I could gate the FidoNet echo
conferences (exact newsgroup equiv) and they'd be available to EFF and
the internet, and vice versa. I'd want hardware (EFF owned is fine)
and a small compensation. I will "soon" have a direct internet connect
(I run through a UFGATE now) on my own hardware. I think EFF should
seriously consider this. I do good work and I'm inexpensive :-) I
don't like to criticize without offering potential solutions. I can
give a complete rundown on requirements, startup costs, operating
expenses, capabilities, etc. I will see EFF people this weekend, so if
this isn't a completely nuts idea, maybe you could pass it to Gerard
or Mitch or...  

--------


BBSs are signifigant, and signifigantly different from corporate
networking. Not inferior/superior, but different. *Completely*
different, technically and more importantly, socially. I'll try to
impress this upon EFFers I talk to at Hackers this weekend.

About 1% or less of BBSs have internet connectivity; it's simply too
pricey to get connected, and there is a signifigant technology and
social hump to get over. (Example #1: my386/DOS 5.0 box has functions
such that if I had to buy commercial unix box, say a smallish Sun,
with functional-equiv. features, would be > $20,000; hardware, OS,
word processing, other apps, multitasking, LAN, telecomm, etc.
Example #2: how does one learn unix, Internet, USENET, UUCP, etc? In
schools or part of job function. BBS people have GONE to school (60%
or something) but are not IN school; they are professionals (again
that 60% numbers comes back, BOARDWATCH survey or something) but not
necessarily comp. sci. types. Result: no access.

None of this is criticism of you, directly or even indirectly. I know
the EFF is overloaded, and taking on more tasks difficult if not
impossible. It may simply not be EFFs place to be knowledgeable about
BBSing.

The "Dear Sysop" column is almost separate, because of the specific
nature of the stuff that will pass through it (ie. reasonably
large-scale issues of liability and such) shouldn't require sysoping
experience, though that would certainly help. 

Sorry to rant at you. No tip-of-the-iceberg anger at you or EFF. Just
another info-dump, admittedly with residual frustration from reading
bbslaw... :-) 



Upon your final approval, I'll announce the start of a "Dear Sysop"
column for FidoNews. I might make it slightly more general, and field
some of the questions myself, which will lighten your load and allow a
broader range (such as obscure techie things). 

Please let me know your thoughts on the column header ("...write to
DEAR SYSOP with your questions on peeling rutabagas and suchlike
to...") incl. subjects you'd like to handle. If you want, you can make
up an initial column out of your files; this will give a real example
of what you want people to see, and respond to. 

--- ReadMail
 * Origin: tomj@fidosw.fidonet.org / World Power Systems  (1:125/111)
;Date      04 Nov 92 13:36:26
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   wrapping it up
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!bbslaw-request
From: fig@eff.org
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Tue, 3 Nov 1992 16:27:05 -0500

Having taken part in numerous iterations of this discussion over the years,
both online and in person, I can only note that there is still no clearly
correct and proven right answer to the basic question of sysop liability. 
It is good that we have more lawyers than we did before discussing the
legal minutiae and case law relating to these issues.  Only by focusing in
ever more detail on the variables that determine whether and where a sysop
should or should not be held accountable can we be sure that, when a
breakthrough does occur in the law, it is noticed and publicized.

The question of import at this time remains, "How should a sysop behave in
this uncertain situation?"  In my time at the WELL, I always tried to make
sure that my intentions were clear.  Although the WELL (and I, by
implication) was criticized for being vague in stating the basic ground
rule of You Own Your Own Words, we endeavored through megabytes of internal
public discussion to impart the real meaning of those words.  I always felt
that, had the WELL been busted for harboring criminal activities of any
sort, I had a history of good intentions to fall back on.  I know that good
intentions are no excuse for ignorance of the law, but when the law itself
is unclear, those good intentions might, at least, give you a fighting
chance.  The alternative is to stop participating.

               <<*>><<*>><<*>><<*>><<*>><<*>><<*>><<*>>
Cliff Figallo                                    fig@eff.org
Director, Electronic Frontier Foundation         (617)864-0665 (voice)
Cambridge Office                                 (617)864-0866 (fax)





;Date      04 Nov 92 13:37:08
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: wrapping it up
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!bbslaw-request
From: paulb143@aol.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Tue, 03 Nov 92 22:46:47 EST

Cliff's points are well taken and illustrate the problem BBS Syops (pioneers
in a brave new, powerful world) have.  The problems we have been discussing
are not new --- many of these were brought forth at a conference at the John
Marshall Law School in June, 1985 -- involving many people including myself,
Jerry Berman and professor George B. Trubow.

What's happened inbetween?  Some Sysops got hit by the government and paid a
fortune in legal fees to law firms that, really, knew little about the
technology.  While the rich afforded justice, the overwhelming majority of
Sysops flew by the seat of their pants and had a "Damn the torpoedoes, full
speed ahead" mentality!  Foolish, is it not?  We did it as pioneers in the
wild West ignored wild animals, Indians, adverse weather, etc.

The world of online technology is too important to leave to judges on a case
by case basis or even to legislatures that engage in trade offs and
compromises.  Sysops must be free to explore and innovate, unafraid of what
they must....can....or should do in various hypothetical situations.  If on
actual notice of actual criminal activity then, yes, some action is
appropriate.  But absent such intent and actual criminal action, Sysops
should-must have freedom -- freedom to act ..... freedom to speak .....
freedom to do.

This conference has been most worthwhile and informative.  My many thanks to
the Electronic Frontier Foundation for the idea of having the conference and
finding a way to financially support it.  It is clearly appropriate to
continue this dialog.  Thanks for letting me be a small part of this
wonderful group of thoughtful and able individuals.

Paul Bernstein

;Date      04 Nov 92 13:37:09
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: FBI proposal
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!bbslaw-request
From: paulb143@aol.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Tue, 03 Nov 92 22:33:02 EST

David:  If you and I are negotiating an agreement for our clients or engaging
in strategy regarding a pending court case, we might well wish to encrypt our
communications to assure privacy of communications, even from the eyes of a
potential super-user.  What right has the United States government to tell us
that we may not do so or to require our encryption program to be so easy to
break that they can do so at any time and with ease?

Paul

;Date      04 Nov 92 13:37:38
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   Re: That's It?
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!bbslaw-request
From: thardy@mail.wm.edu (Trotter Hardy)
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 4 Nov 92 13:00:52 

This msg is from Trotter Hardy
-------------------------------

Shari Steele said this:

> Based on the response to this conference,
> EFF will be sponsoring future get-togethers, each with its own specific
> focus.  Just think of today as the last day of this first conference.
>

   Thanks for hosting the conference, Shari!  I thought it went
   well, and I do hope that you will consider it a kind of
   "agenda setter" for future conferences.


   One useful way to focus in on particular questions is to
   collect a set of real or hypothetical situations that are
   worrying sysops--something more specific than "I am running
   a BBS: am I liable for anything?"  Maybe more like something
   someone mentioned earlier: "I serve as a mail hub;
   encrypted (or compressed) mail goes through me to others.
   Must I examine the mail for defamatory content?"  Or "what
   if I know of a message on my BBS that appears to be
   defamatory. Must I remove it? Warn the sender to remove it?"
   Etc.

   Another fear of sysops is that BBS's may become regulated. I
   don't know how likely that is, but a general sense that much
   private activity is now regulated is certainly not
   irrational. A conference might be held to discuss the why's
   and wherefore's of regulation, and which aspects of BBS
   operation are most likely to be the object of regulatory
   envy.  Perhaps if the rationales that are used to justify
   regulation can be flushed out and coherently expressed, it
   would make it easier to marshall arguments against
   it.

   Thanks again for hosting the conference.  I look forward to
   further efforts at clarifying the law in this critical area.


            Trotter Hardy




;Date      04 Nov 92 13:37:41
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   last thoughts
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!bbslaw-request
From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD
=LANGATE/ADMD=TELEMAIL/C=US/@sprint.com
To:   bbslaw@eff.org (bbslaw mailing list)
Date: 4 Nov 92 00:15:00 UT

          From David Johnson:
          I think the discussion has shown that as more and more
          people join in electronic communication, the networks and
          bulletin boards will be unable to escape the same kinds of
          pressures and rules as apply in the non-electronic world.
          It also shows, however, that those rules will change over
          time in light of the new facts and experiences provided by
          this new medium.

          Unfortunately, that means we cannot offer any greater level
          of certainty to sysops than we can to anyone else.
          But the good news is that (1) absolute and rigid decrees are
          not likely to withstand the pressure of circumstance and
          common sense practice and (2) good intentions and
          responsibility matter.

          This conference itself demonstrates that we may be able to
          use the new medium to help alleviate the inherent
          uncertainty -- by providing for a discussion of the tough
          issues and helping to develop a voluntary "industry
          practice."
          I congratulate Shari Steele and EFF on their leadership.


;Date      04 Nov 92 14:36:40
From:      Uucp@1:125/555
To:        Tomj@1:125/111
Subject:   coming to a close
Options:   kill-sent private 
;Status:   (read 2 times)
;INTL 1:125/111 1:125/555

From  kumr!eff.org!bbslaw-request
From: ssteele@eff.org
To:   bbslaw@eff.org (bbslaw mailing list)
Date: Wed, 4 Nov 1992 16:42:30 -0500

Message from Shari Steele:


I, like Lance, am feeling a little unsettled about where we are right now
in our discussion of legal issues online.  But I also know that we're
talking about territory that is currently unsettled.  That is why those of
us at EFF felt it was so important to encourage this exchange.

I'd like to thank everyone in this group for their contributions to the
discussion.  Our work in predicting how the laws might go and in actually
having some effect on those laws is far from over.  I hope that you all
will be available to help in discussions of more specific issues in the
future.

EFF's current plans are as follows:  I will write up a report on this
conference and distribute it to all of you for your approval.  From this
report, and my copies of all conference messages, I hope to distill several
important legal issues that merit further discussion.  Then, beginning in
January, EFF plans on sponsoring several one-week long e-mail conferences
to discuss these specific issues.  From there, we're hoping to put together
some materials for SysOps, offering them hands-on guidance on things they
should or should not do when setting up/running their boards.  All of you
who participate in these conferences will be credited on any materials EFF
produces as a result.

Again, thanks for all of the interesting and provocative comments.  I will
be in touch.
Shari

P.S. - For the time being, the bbslaw list will be disabled.  Please call
(202/544-9237) or write (ssteele@eff.org) me if you want to contact the
group.


;Date      03 Nov 92 07:11:06
From:      Mike Riddle@1:125/33
To:        Tom J, Steve C, Et Al@1:125/111
Subject:   An Attempt at Clarification
Options:   
;Status:   (read 2 times)
;DID:8015 9 1333

In the thread about BBS law and sysop liability, we are going around the
flagpole on at least three different (legally speaking) topics.  I'll
share some initial thoughts on this, and hopefully within the next week
or so come up with a longer analysis.
 
1.  Criminal liability for routed, encrypted mail.  Virtually none,
unless the sysop is receiving mail via his public key and is actually a
party to the conspiracy.  "Scienter", or actual knowledge and intent, is
almost always an essential element of a crime.  Even in conspiracy, you
must in some way know an illegal act is being done or considered.
 
2.  Civil forfeiture.  Much more probable, as the government has gone to
some extremes in this regard.  For example, a case the Supreme Court
recently agreed to hear involves a person who bought a house from someone
who allegedly used it in illegal activities.  The government alleges that
the house may be forfeited, with the buyer having recourse in contract
against the seller or the title insurer.  Scary, and applicable to BBSes
and the computers on which they run.
 
3.  Policy 4.  Can say whatever it wants.  Since the ill-considered
breakup of IFNA, Fidonet has existed as an unicorporated association of
individual sysops.  The agreement to route mail, and all other aspects of
the network, exist as a form of contract.  The contract may say whatever
it wants, and as long as it is not contrary to public policy, the courts
will enforce it.  Encrypted mail is forbidden by the written contract
(Policy 4) in routed form.  Unless a sysop has modified the contract
verbally or in writing, or by continued action by processing encrypted,
routed, mail, then such is prohibited by the contract.
 
4.  Internet.  I've got a feeler out for the RFC.  While in one sense
internet is much less organized than Fidonet, in another it's much more
"together."  And internet has some big players.
 
    Internet also has an RFC out for something called PEM--Privacy
Enhanced Mail.  From the written reports, which are all I have, PEM is in
most respects superior to PGP, but PGP beats it in some others.  Since I
don't yet know who/how PEM was developed, I can't hazard an opinion as to
its security.
 
     (One interesting part of PEM is its -MIC feature, which presents a
signed message in plain text, not ASCII-encoded, and has a detached
signature.  Which is what I would suggest to Zimmermann as a needed
feature, if mail to him didn't bounce.)

--- Ybbat (DRBBS) 8.9 v. 3.13 r.3
 * Origin: inns.omahug.org           +1 402 593-1192            (1:285/27.0)
SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 111 125 180
SEEN-BY: 125/1212 203/1 23 205/10 209/209 280/1 390/1 396/1
;PATH: 285/27 2 283/657 13/13 396/1 203/23 125/125 33


