;Date 15 Oct 92 11:08:58 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: Official Start of BBS Legal Group Conference Options: kill-sent private ;Status: (read 1 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID RM1:125/111=2ADD514B >----------------------- Do not change this line -----------------------------< to: ssteele@eff.org re: (bbslaw mailing list) If you're looking for broadscale, non-hypothetical things to worry about re: BBSing, I have a pressing one for you. I thought I'd drop you a note about it, and you can decide what to do with it, if anything. 20 lines of background material: In the FidoNet we have a slightly heirachical mail-routing scheme for netmail aka email, ie. non-newsgroup mail. Point to point mail, like this message. Various (generally) geographical areas (eg. SF Bay) are called a "net". Nets are numbered, 1 - N. A net contains "nodes", hosts in Unix parlance. Nodes are numbered 1 - N. Therefore, a FidoNet address takes the form net/node, mine is 125/111. (Well, there are zones, but I'll ignore those.) Each net has a host, who has the additional node number of 0. 125/0 is the host for net 125, SF Bay. Hosts are responsible for accepting incoming mail for other nodes in the net, and routing them to their destinations within the net. Mail "in transit" is not readable by anyone on that syste, except possibly the sysop. Once a message has been forwarded, it is deleted. They are transient. This is all in addition to more traditional BBS message areas, or echomail, which is exactly analagous to newsgroups. Follow me so far? The problem: Over simplified, the liability of sysops for in-transit mail. Not BBS or conference mail, but the in-transit stuff. I maintain (acknowledged with no legal standing) that THAT traffic is "carrier" activity, as opposed to conference, publically readable mail, which is probably more "publisher" like. Though I don't really care about that stuff (there are other systems to deal with it.) The in-transit mail is the real problem. We've got sysops FREAKING OUT. We have sysops reading, routinely, every piece of mail flowing through their systems, and deleting, returning, and even replying to mail they "don't like". With PGP 2.0, we have people expirimenting with enhanced privacy. Net hosts are returning mail, and threatening privacy users with various & sundry. Of course, some like myself claim that encrypted or digitally-signed message, unreadable by all except the addressee, actually limits the in-transit sysops liability if someone was so stupid as to discuss something illegal electronically. Anothre bunch claims that because the mail is encrypted, it "probably" or "possibly" will get them in trouble, hence their outright refusal to carry it. (The fact that they can and routinely do audit their mail traffic is central to the problem.) This is becoming a very serious problem. NOT ONE legal person will put out any opinion or investigate or plead or whatever to work on this problem. Even regardless of the encryption thing. Its quite serious. I can barely afford rent, really, so paying for an army of lawyers to write an advice column for FidoNet sysops is flatly unthinkable. ** Anyone at EFF want to write a "Dear Sysop" advice column for FidoNews, out 16000-18000 circulation weekly newsletter? I could field the incoming letters, pass them on to EFF. (I'm the editor and publisher, BTW.) ** Know anyone who's working on these sort of street-level problems, down a few notches from broad constitutional issues? This one affects all networks with email-forwarding capabilities. The FidoNet is simply the one with the least resources, the least ability to take cover from umbrella supporting organizations (no universities, no Hewlett-Packards, no DECs, etc), and is in desparate need of clarification. Just in case you didn't have anything to do. :-) -- Tom Jennings / World Power Systems email: tomj@fidosw.fidonet.org FidoNet: 1:125/111, BBS +1-415-863-2739 voice: +1-415-552-8156 (10AM PST til...) postal: 666 Illinois, San Francisco CA 94107 USA ;Date 17 Oct 92 07:30:02 From: Mike Riddle@1:125/180 To: Paul Schencke@1:125/111 Subject: Re: Lawsuits And Fidonet Options: ;Status: (read 2 times) ;DID:8015 9 407 >----------------------- Do not change this line -----------------------------< In a message dated 16-OCT-92, Paul Schencke writes: > LT> Likewise, under the *same* laws, BBS sysops "can" see > LT> messages on their boards (they have the technology) but > LT> (1) it is illegal to monitor those messages and (2) it is > LT> time consuming/costly, thus (3) we should insist that the > LT> same standards are applied to us as to the phone company > LT> so that we have no liability for the content of messages. > This is the first time I have seen something that makes sense to me. I suppos > this was what I felt in the back of my mind, but have failed to express. I ca > completely agree with the logic behing this argument. > LT> The law that everyone thinks is so *terrible* actually > LT> PROTECTS sysops because it says they are prohibited from > LT> monitoring private messages (if you are prohibited from > LT> monitoring, you can't be sued or put in jail for what is > LT> in the messages, duh). > LT> > LT> Likewise, it protects users, because even though a sysop > LT> *can* see the messages (while doing system maintenance, > LT> for instance), the private message is still private -- in > LT> other words, the government still has to get a warrant to > LT> get the message if its private. > LT> > It's a two way road. > Now if we olny get sysops that feel otherwise to lighten up a bit. (A lot of quoting to try to keep context.) Linda, myself, and some other attorneys got into a long discussion of this in LAW quite a while ago. Without meaning to restart all the legal squabbling, let me just mention that (a) Linda's argument that it is illegal for sysops to "monitor" private messages has merit, so does the argument that this is software-dependent. Nowhere does the ECPA require a BBS system that keeps "private" messages from the sysops. Depending on the software involved, the sysop will routinely see all messages, public or private, as part of the normal BBS maintenance. Linda's second and third main points are more completely agreed upon, and this is the real benefit for the sysop. Even if we see your letter to great Aunt Sally, we're forbidden to mention it to anyone except you or Sally. Most of us probably skip past them anyway. From a legal sense, it's "private." (Although as Linda has mentioned earlier, sysops have the legal right to report illegal conduct.) But from the user's sense, it might *not* be private, since someone else might actually see it. As someone else has mentioned, encryption might actually help a sysop, since there is no way they could know what is being said. The problem is that BBSes are not common carriers, and I don't think we want to be, with the requirement to carry traffic for *anyone* who presents it for carriage, among other duties. Because of this, I'm a little leery of trying to claim a common carrier exemption for what we carry. I think that the decision in Cubby v. Compuserve heads off in the right direction, saying that we're more like a bookstore, at least in echomail, in that we don't have any way of knowing what's in every message. However, if we *do* know what's in a message, and it's proven, then we might still be liable. In practice, I don't know how someone could prove whether the sysop had or had not read a particular message. (Of course with the Rehnquist court, having it within 200 miles might be enough of a presumption). My last, and maybe main, point is that the law on this is still quite murky. Lawyers like to call it "unsettled." So until someone steps up to be a test case, or several test cases, we all need to take whatever precautions we feel necessary to protect ourselves. Mike Riddle, # 19590, Nebraska --- Ybbat (DRBBS) 8.9 v. 3.13 r.3 * Origin: inns.omahug.org +1 402 593 1192 (1:285/27.0) SEEN-BY: 100/520 102/890 105/36 106/7550 125/111 125 180 185 135/71 340 170/109 SEEN-BY: 216/21 234/1 253/513 261/1136 285/27 312/2 374/14 26 48 98 377/14 SEEN-BY: 396/1 ;PATH: 285/27 374/14 125/180 ;Date 18 Oct 92 10:34:35 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: Practical Issues Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: paulb143@aol.com To: bbslaw@eff.org (bbslaw mailing list) Date: Sun, 18 Oct 92 12:32:38 EDT Shari: A central issue I a VERY much concerned about is that after we discuss these topics and focus on the issues (most of which are known to most of us), how do we protect the average Sysop? That is, the Sysop without big bucks to retain large law firms? Do any of you out there remember the Tom Tcimpidis case? In 1984, Tom Tcimpidis was accused of a criminal violation because he had usersof his BBS exchanging telephone credit card numbers on his system. Tom came into the Legal SIG of CIS and told us about his case. An LA attorney, Chuck Lindner, volunteered to help Tom, without any legal fee, IF AND ONLY IF some of the rest of us helped out. This, to my knowledge, was the first time that a group of lawyers banded together for any purpose, and it was a BBS-related matter. To make a long story short, we parceled out work such as research and brief writing and discussed the situation in an OPEN FORUM. We finally forged a brief and motion to dismiss on the theory that the prosecutors could not prove intent (although all crimes do NOT require intent). This was the combined effort of Chuck, myself and a couple of other attorneys. In the face of this motion, the case was voluntarily dismissed by the prosecutors. Good result, but the many issues that might have surfaced on appeal just went away. In the case of Tom Tcimpidis, lawyers around the coutry banded together to help Tom and we won, big. The recent defenses of some Sysops, I believe, resulted in huge legal fees. How will all this help the average Sysop? And, if we can't help the average Sysop, but only the rich ones (or those with rich parents) are we not missing the bulk of our mission and assignment? Paul Bernstein ;Date 21 Oct 92 18:30:58 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: ssteele@eff.org To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 1992 09:51:57 -0400 Hi folks. As announced yesterday, this morning I am going to attempt to focus the conference discussion for the next 24 hours. The topic for discussion was weaned from expressed concerns from several of you. (You may even recognize your language!) The topic is SysOp liability for messages on his or her board (an old favorite!): When, if ever, is a SysOp liable for illegal activity on his or her board? Are the standards for SysOp liability different if the illegal activity is libel vs. drug sales vs. credit card number or password exchange vs. re-publication of copywritten materials vs. pornography? Is this liability at all dependent on where the posting took place, i.e., in a public conference, private conference, board that only contains system-only messages, messages that come from off-site, messages that are going off-site or messages that are generated during a real-time conversation? Can a SysOp legally kill or modify messages that are simply flowing through his or her system, not having originated there or destined for there? Can a SysOp be held liable for illegal messages simply passing through? Does allowing private conferences, private e-mail or encryption protect a SysOp from knowlege of illegal activity, or does it imply that the SysOp permitted the activity? If the SysOp is not legally liable for messages on his or her board, who is? If it is the person originally making the posting, should SysOps require their users to reveal their identities before they make postings? How can liability be assigned to an anonymous poster? What are the privacy implications for requiring identification of all users? I've tried to make this topic broad enough to be interesting for the next 24 hours. When you're answering this question, please cite to any authority on which you base your opinion. If you've experienced any real world problems that relate to this topic (like Tom's explanation of SysOp deletion of FidoNet messages), please feel free to add those as well. Again, please try to limit your comments to your thoughts on this topic only until tomorrow morning. I'll open things up to free discussion again later. Shari ;Date 21 Oct 92 18:30:59 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: BBS liability paranoia Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: 0005088597@mcimail.com (John Podesta) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 92 14:05 GMT If the conduct you describe is just email forwarding, the sysop may be getting in bigger trouble by reviewing the contents of the message to decide whether to forward or return. The Electronic Communications Privacy Act prohibits a person or entity providing an email service from divulging the contents of a message unless certain exceptions apply. One exception covers disclosure to a person whose facilities are used to forward the message. This is a rather practical exception since the person forwarding the message has to have it "divulged" to him or her in order to forward it. The exception was not intended and probably would not be interpreted to cover review of the content of a message to decide whether its politically correct or whether it deserves an answer by the sysop. A point of carification -- the privacy provisions of ECPA apply to email systems provided "to the public." That undefined term probably would apply to the circumstnces you describe. ;Date 21 Oct 92 18:31:01 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: BBS sysop liability Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: fig@eff.org To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 1992 11:21:49 -0500 First of all, any system should define its public and private areas out front. If private conferences and email are not to be violated by the sysop, that should be made clear. Assuming that, I would expect that the sysop should be free of liability for the contents of those private areas. I believe that private conferences should be defined like email under the ECPA. Only under court order should the sysop violate these privacies. If an illegal or questionably illegal posting is made in a public area, I have always taken the position (on the WELL) that it would be appropriate for the sysop to delete the posting after requesting first that the poster delete the posting since the WELL proclaims that the user is responsible for the words (s)he posts on the WELL. Illegally-obtained material such as personal credit information and libelous statements are examples of postings which could be problematical for the system, especially if posted in a public area. If a stolen credit card ring was using a system to exchange information via email, or store information in protected file areas, I believe it is the responsibility of law enforcement to initiate court-approved investigation. I do not believe that sysops should be required to act as private investigators, fishing for illegal material by violating the privacy of their users. <<*>><<*>><<*>><<*>><<*>><<*>><<*>><<*>> Cliff Figallo fig@eff.org Director, Electronic Frontier Foundation (617)864-0665 (voice) Cambridge Office (617)864-0866 (fax) ;Date 21 Oct 92 18:31:04 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: question of the day Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD =LANGATE/ADMD=TELEMAIL/C=US/@sprint.com To: bbslaw@eff.org (bbslaw mailing list) Date: 21 Oct 92 11:36:00 UT From David Johnson: I think I can wrap comments on previous postings into today's topics. 1. It might be "reasonable" to miss a particular needle in a haystack forever. I don't think there is any fix time after which a sysop automatically becomes liable for the content of some message not discovered on the system she administers. The question is whether failure to discover resulted from the failure of reasonable review methods or from failure to engage in reasonable review. 2. I'm afraid I think unpaid hosts can be "liable" for their actions, just as unpaid distributers of print could be -- although the lack of compensation would undoubtedly factor into the analysis of many variations on the question. 3. Why can't the fidonet transmission example be handled by making it a condition of contract for hooking to the nearest node that messages in transit will be forwarded without review? Overall, absent some knowledge that a particular facility is being used for unlawful actions, provision of the facility should not be deemed aiding and abetting. We know antitrust laws are violated in restaurants, after all, but don't shut them down or require them to eavesdrop on that account. The hard problems occur when you KNOW about a continuing illegal action. ;Date 21 Oct 92 18:31:05 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: question of the day Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: ssteele@eff.org To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 1992 12:23:10 -0400 Message from Shari Steele: David Johnson writes: > The > hard problems occur when you KNOW about a continuing illegal > action. Why are these "the hard problems?" Are there times when a SysOp can KNOW about a continuing illegal activity and be justified in letting that activity continue on his/her board? If so, could you give an example? ;Date 21 Oct 92 18:31:06 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: question of the day Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 92 12:39:14 EDT I'm replying to David Johnson: > 1. It might be "reasonable" to miss a particular needle in a > haystack forever. I don't think there is any fix time after > which a sysop automatically becomes liable for the content > of some message not discovered on the system she > administers. The question is whether failure to discover > resulted from the failure of reasonable review methods or > from failure to engage in reasonable review. David, I think there is no way consistent with the First Amendment that we can impose a "reasonable review" requirement on sysops of systems that do not prescreen their messages. Such systems are forums or information distributors rather than publications. "Reasonable review" is sufficiently uncertain a standard that the uncertainty itself already leads to a chilling effect on many sysops and system administrators. > 2. I'm afraid I think unpaid hosts can be "liable" for their > actions, just as unpaid distributers of print could be -- > although the lack of compensation would undoubtedly factor > into the analysis of many variations on the question. Unpaid *distributors* of print are liable only if there is 'scienter'--knowledge of the illegal or offending material. That's the meaning of Smith v. California, on which the Cubby v. CompuServe decision relies. The tendency to want to impose negligence principles on the operation of computer forums lies, I think, in the fact that we often think of computers as machinery rather than as meeting places. But BBSs have the character of the latter. A pub owner is not held liable for defamatory speech in her place of business, even if she reserves the right to eject people for such speech. A bookstore owner or magazine distributor has no duty to review all the contents of the materials she distributes (or redistributes). In sum, I don't think the First Amendment allows us to treat sysops more restrictively than we treat bookstore owners and magazine distributors. (It should be noted that "adult" bookstore owners and proprietors of topless bars are held liable not because they've reviewed everything beforehand, but because the nature of what they offer is such that courts are willing to impute _scienter_ with regard to obscenity. This exception to the rule of Smith v. California is pretty narrow.) > Overall, absent some knowledge that a particular facility is > being used for unlawful actions, provision of the facility > should not be deemed aiding and abetting. I agree entirely. > We know antitrust > laws are violated in restaurants, after all, but don't shut > them down or require them to eavesdrop on that account. The > hard problems occur when you KNOW about a continuing illegal > action. Defamation occurs in restaurants too. In many respects, a BBS is more like a restaurant than like a newspaper. --Mike ;Date 21 Oct 92 18:31:15 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: imposition of responsibility Options: kill-sent private ;Status: (read 5 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD =LANGATE/ADMD=TELEMAIL/C=US/@sprint.com To: bbslaw@eff.org (bbslaw mailing list) Date: 21 Oct 92 03:00:00 UT From David Johnson: The cases where a sysop "knows" of illegal activity are hard, of course, in part because it may well be hard to tell whether some activity really is illegal -- and even if it clearly is it may be hard to tell what level of reaction is appropriate (or creates greater risks). In general, I agree with the sentiment that the sysop who discovers use of her facility for illegal activity should act promptly to stop that use. To answer Mike Godwin, "we" are not imposing the duty to review public postings -- it is the general standard that distributors have some level of responsibility for what they distribute. Even in restaurants, there are cases holding the owner liable for the libel on the washroom wall. I doubt a decision by the owner never to look at the washroom wall would protect against a claim from a sympathetic victim. All that said, there may be good reason to try to relax or reduce any inference of a particularly burdensome duty of review: by crystallizing the industry view of good practice and, perhaps, by legislation providing some conditional immunity from liability as a means of facilitating the free flow of ideas. Absent legislation of that character, which has been discussed from time to time, the extent of the sysop's duty will be set over time by judges (or juries!) with after-the-fact judgements. ;Date 21 Oct 92 18:31:22 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 6 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 92 16:48:56 EDT David Johnson writes: > To answer Mike Godwin, "we" are not imposing the duty to > review public postings -- it is the general standard that > distributors have some level of responsibility for what they > distribute. Yes, but the standard is not one of "reasonable review" when what is being distributed is First Amendment-protected material. It's _scienter_, as specified in Smith v. California. > Even in restaurants, there are cases holding > the owner liable for the libel on the washroom wall. There are "cases"? I believe there is only one case of this sort. Applying Smith v. California, we can see how it might be Constitutional to impute _scienter_ to a restaurant owner who leaves libelous graffiti on his washroom wall for days or weeks. This gives us no guidance at all in BBSland, however--messages are more ephemeral, there is a much greater volume of them, and one can maintain a BBS without ever seeing the message traffic (one can't maintain a washroom without seeing the graffiti). So far as I know, there is absolutely no reason to suppose that the washroom case gives us any guidance as to the obligations of BBS operators. > I > doubt a decision by the owner never to look at the washroom > wall would protect against a claim from a sympathetic > victim. But owners *have* to enter washrooms in order to maintain them. BBS sysops do *not* have to read all their message traffic in order to keep their systems maintained. Moreover, I have yet to find anyone who disputes that a BBS is a First Amendment-protected forum. I think it would be trivial to find restaurant owners who disputed that their walls are forums. > All that said, there may be good reason to try to > relax or reduce any inference of a particularly burdensome > duty of review: by crystallizing the industry view of good > practice .... First Amendment protection of newspapers is not guided by what the newspaper industry considers good practice. The First Amendment protects, to a very great extent, even bad journalists. See The New York Times Co. v. Sullivan and progeny. > conditional immunity from liability as a means of > facilitating the free flow of ideas. Absent legislation of > that character, which has been discussed from time to time, > the extent of the sysop's duty will be set over time by > judges (or juries!) with after-the-fact judgements. I disagree. Libel determinations in other media are heavily Constitutionalized, which means that the duty of care is only *one* consideration in determining liability. A more important consideration is whether imposing liability creates a chilling effect on the exercise of First Amendment- protected activity. See the analysis in Cubby Inc. v. CompuServe. No one has yet answered my question as to why sysops should be held to a requirement of reasonable review when booksellers and magazine distributors are not. Want to tackle that one, David? --Mike Godwin ;Date 21 Oct 92 18:31:30 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: tien@well.sf.ca.us (Lee Tien) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 1992 14:37:00 -0700 Does Smith v. California really hold all the weight you're putting on it, Mike? That was a statute imposing criminal liability, was it not? I realize that Cubby extended it to a civil defamation action. However, the constitutionalization of defamation law is not immediately applicable to other areas of potential sysop/BBS civil liability, by itself, is it? A possible example is copyright infringement. A sysop running a board where there's downloadable software, and someone uploads something in violation of copyright law. Doesn't have to be a criminal action. In any case, David's point about having knowledge should not be avoided. A basic problem is, one may know that X has occurred, or is occurring, and yet not know whether X is in some way unlawful or tortious. There is a risk of "chill," in the form of private censorship of a posting. I assume people will be risk- averse, and tend to censor anything that looks dubious first, and maybe ask questions later. --Lee ;Date 21 Oct 92 18:31:32 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: thardy@mail.wm.edu (Trotter Hardy) To: bbslaw@eff.org (bbslaw mailing list) Date: 21 Oct 92 17:35:59 David Johnson writes: > > Even in restaurants, there are cases holding > > the owner liable for the libel on the washroom wall. Mike Godwin replies: > > There are "cases"? I believe there is only one case of this sort. Applying My torts book lists this case: Heller v. Bianco, 111 Cal. App. 2d 424, 244 P.2d 757 (1952). Message on bathroom wall of a bar, inviting readers to call such and such a number for "Isabelle" who was prepared to "indulge in illicit amatory adventures," says the court. Isabelle's husband telephoned the bar when he learned of this message and told the bartender to take it off the wall within 30 minutes. The bartender said he was busy and would get around to it later. Husband got a police officer and visited the bar, finding the message still intact. Sued the bartender for libel. Trial court held for the defendant bartender. Appeals court reversed, finding in favor of the husband. In casebook editor Richard Epstein's words: "knowingly permitting such matter to remain after a reasonable opportunity to remove it made the owner of the tavern guilty of a republication." (for libel). Lesson? The message was *brought to the attention* of the bartender, who then had a reasonable amount of time to do something about it. Seems likely the same rule would apply to sysops. Mike Godwin says: > So far as I know, there is absolutely no reason to suppose that the > washroom case gives us any guidance as to the obligations of BBS > operators. Except possibly as above. Mike Godwin says: > No one has yet answered my question as to why sysops should be held to a > requirement of reasonable review when booksellers and magazine > distributors are not. For what's its worth, here's how Richard Epstein sums up the situation in his texbook on Torts (5th Edition, page 1073): "As a general rule the publication requirement in defamation cases makes good sense because a defendant normally has both the knowledge of what is published and discretion over whether to make or withold publication. In some contexts, however, neither of these assumptions holds true. It is highly unlikely that a public library knows the contents of its many holdings, and it could not refuse to check out a book that might contain some defamatory material. In order to protect these institutions against a myriad of lawsuits, "publication" has been treated as a term of art in defamation cases, endowed with restrictive meaning. 'Those who merely deliver or transmit defamatory material previously published by another will be considered to have published the material only if they knew, or had reason to know, that the material was defamatory. It is this rule that protects libraries and vendors of books, magazines and newspapers.' Church of Scientology v. Minnesota State Medical Ass'n Fndtn, 264 N.W.2d 152 (Minn. 1978)." Trotter Hardy ;Date 21 Oct 92 18:31:34 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 92 17:53:24 EDT Lee Tien writes: > Does Smith v. California really hold all the weight you're putting > on it, Mike? That was a statute imposing criminal liability, was > it not? I realize that Cubby extended it to a civil defamation > action. It helps to Shepardize Smith v. California. Although the fact situation of Smith is involves criminal charges, the Supreme Court has applied its reasoning for decades to libel cases. Cubby didn't extend it--it was extended already. > A possible example is copyright infringement. A sysop running > a board where there's downloadable software, and someone uploads > something in violation of copyright law. Doesn't have to be a > criminal action. True. But the penalties for an innocent infringer are low enough to minimize the chilling effect. (Even the penalties for criminal infringement are comparatively low in terms of prison time--the measure of monetary damages is high, though. But criminal infringers have _scienter_.) --Mike ;Date 21 Oct 92 18:31:37 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: fig@eff.org To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 1992 18:10:45 -0500 Cliff Figallo here.... Lee Tien writes: >In any case, David's point about having knowledge should not be >avoided. A basic problem is, one may know that X has occurred, >or is occurring, and yet not know whether X is in some way >unlawful or tortious. There is a risk of "chill," in the form >of private censorship of a posting. I assume people will be risk- >averse, and tend to censor anything that looks dubious first, >and maybe ask questions later. I think these are the essence of the problem. Most conscientious sysops I know would certainly check out reports of questionable material on their systems. But how to determine the unlawfulness of the material can be a problem. And it would be very easy for a sysop to take the safe route and err on the censorship side of things. <<*>><<*>><<*>><<*>><<*>><<*>><<*>><<*>> Cliff Figallo fig@eff.org Director, Electronic Frontier Foundation (617)864-0665 (voice) Cambridge Office (617)864-0866 (fax) ;Date 21 Oct 92 18:31:37 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 92 18:07:21 EDT Trotter Hardy writes: > Mike Godwin replies: > > > > There are "cases"? I believe there is only one case of this sort. Applying > > My torts book lists this case: Heller v. Bianco, 111 Cal. > App. 2d 424, 244 P.2d 757 (1952). Message on bathroom wall > of a bar, inviting readers to call such and such a number > for "Isabelle" who was prepared to "indulge in illicit > amatory adventures," says the court. While I think it's possible to get the same result under the post-Smith v. California, post-Times v. Sullivan regime of libel law, it should be noted that this is a 1952 case. As Trotter's posting demonstrates, however, there clearly was _scienter_ in that case. Note to non-lawyers: _scienter_ is just a handy way of saying "the defendant actually knew about it." --Mike ;Date 21 Oct 92 18:31:43 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: tien@well.sf.ca.us (Lee Tien) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 21 Oct 1992 16:13:36 -0700 This breaks with the current thread somewhat. Earlier, Lance Rose suggested that the BBS is not the press. I am not sure why he said that, because it seems perfectly reasonable to me for a sysop/BBS to view herself as providing a vehicle of information and opinion, which to me IS the press. This does not imply, I hasten to add, that the only First Amendment rights involved are those of the sysop/BBS. We have both sysop/BBS rights and user rights here. Moreover, we also have user rights with regard to freedom of association. I think it important to emphasize the associatinal component, particularly in relation to questions of privacy and/or anonymity. Talley, NAACP v. Alabama ex rel Patterson, suggest that compelled disclosure requires a good justification. I would prefer that in our policy discussions we seek to preserve as much room as possible for online anonymity. ;Date 22 Oct 92 09:33:28 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: RE: BBS liability paranoia Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID RM1:125/111=2AE67568 >----------------------- Do not change this line -----------------------------< To: bbslaw@eff.org U> If the conduct you describe is just email forwarding, the U> sysop may be getting in bigger trouble by reviewing the U> contents of the message to decide whether to forward or U> return. The Electronic Communications Privacy Act U> prohibits a person or entity providing an email service U> from divulging the contents of a message unless certain U> exceptions apply. In one case, the sysop handling third-party traffic returned the mail undelivered, claiming that because (in one case) it was encrypted, it was illegal because he could *not* review it. The sysops in question have agreed ahead of time to handle third-party mail. My feelign on this was that deleting, modifying or refusing third-party traffic selectively (barring obvious illegalities, etc) was illegal itself under ECPA and probably other laws. Am I correct? --- ReadMail * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111) ;Date 22 Oct 92 10:19:21 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: RE: BBS liability paranoia Options: kill-sent private ;Status: (read 1 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID RM1:125/111=2AE68029 >----------------------- Do not change this line -----------------------------< To: bbslaw@eff.org (Shari: I think there is a signifigant delay in gating this mailinig list to/from me. My apologies if outside your time window. -- tomj) U> If the conduct you describe is just email forwarding, the U> sysop may be getting in bigger trouble by reviewing the U> contents of the message to decide whether to forward or U> return. The Electronic Communications Privacy Act U> prohibits a person or entity providing an email service U> from divulging the contents of a message unless certain U> exceptions apply. In one case, the sysop handling third-party traffic returned the mail undelivered, claiming that because (in one case) it was encrypted, it was illegal because he could *not* review it. The sysops in question have agreed ahead of time to handle third-party mail. My feelign on this was that deleting, modifying or refusing third-party traffic selectively (barring obvious illegalities, etc) was illegal itself under ECPA and probably other laws. Am I correct? --- ReadMail * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111) ;Date 22 Oct 92 09:38:56 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: question of the day Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID RM1:125/111=2AE676B0 >----------------------- Do not change this line -----------------------------< to: bbslaw@eff.org (/PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD -- your message formatting makes readable reply nearly impossible... can you skip the left margin?) U> 3. Why can't the fidonet transmission example be U> handled by U> making it a condition of contract for hooking to U> the nearest U> node that messages in transit will be forwarded U> without U> review? We have this "document", POLICY4, that was written by complete novices (not including me) that states "no encryption in FidoNet". It's filled with legalese nonsense (no lawyer was consulted), it is unsigned and some people simply consider it the "law". I'm having a hard time trying to convince people that the existence of this document doesn't override US, state and local law. --- ReadMail * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111) ;Date 22 Oct 92 11:34:38 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: re: sysop liability Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings) To: bbslaw@eff.org (bbslaw mailing list) Date: Thu, 22 Oct 92 10:18:18 PDT U> I'm just U> wondering, all you nonlawyers out there, do you feel any U> more confident about your rights and responsibilities now U> that the barristers (and a few other brave souls) have U> given their two cents worth? Actually, yes, somewhat. My original concern, stated in here earlier, was specifically about third-party traffic, which was answered very quickly; I take it to mean that it's rather clear that stomping on in-transit third-party mail is a no-no without obvious reason. I would like to use this thread in some way to present to FidoNet; what extent of disclosure is acceptable? The problems are *so basic*, like the parameters of liability regarding third-party traffic, what was stated re: copyright vs. uploads, the low danger of forwarding in-transit mail, the ECPA protection of in-transit mail, etc, I don't think it will read like "here's everything that is OK to do cuz they said so". If I write something (pending a nod from here) for a FidoNews article, would review and approval (in here for example) suffice? --- ReadMail * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111) -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG ;Date 22 Oct 92 17:52:25 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: re: sysop liability Options: kill-sent private ;Status: (read 1 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: ssteele@eff.org To: bbslaw@eff.org (bbslaw mailing list) Date: Thu, 22 Oct 1992 16:21:52 -0400 Message from Shari Steele. Tom Jennings writes: >If I write something (pending a nod from here) for a FidoNews >article, would review and approval (in here for example) suffice? Yes. As long as people in this group do not object to what you have written, that should be enough. For everyone out there, please make sure you clear anything you write about this conference with those members of the group involved. The conference itself, however, may not be copied to other sources. ;Date 22 Oct 92 23:04:53 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: question of the day Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 23 Oct 92 00:48:16 EDT David Johnson writes: >3. Why can't the fidonet transmission example be handled by >making it a condition of contract for hooking to the nearest >node that messages in transit will be forwarded without >review? Lance Rose replies: Yes, that seems the obvious solution. Now for the easy part - getting fidonet node operators all to agree . . . (As Foghorn Leghorn would say: that's a joke, son . . .) - Lance ;Date 22 Oct 92 23:04:55 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 23 Oct 92 00:48:50 EDT Lance Rose responds to Lee Tien: Lee says: A BBS need not be "press". A book store is not press. A magazine distributor is not "press". And these were the models used for CIS in the Cubby case. It's not that I want to be a stickler for terminology, but "press" carries, for me at least, the connotation of "publisher". And to that extent, it overstates a BBS' responsibility for the contents of the materials that flow through it. Don't forget, the BBS is also a postal service, a hardware store, a convention center, a shopping mall . . . - Lance ;Date 22 Oct 92 23:04:56 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 23 Oct 92 00:48:33 EDT Lance Rose responds to Mike Godwin: Mike writes: Mike, I think there is some requirement of reasonableness under the circumstances. Of course, the main circumstance is the First Amendment character of the BBS, which at the very least sets an upper limit of onerousness, and may also, by defining a shorter range from the least to greatest possible review requirement as compared to non-First Amendment operations, generally relax the required review even in cases where a total review of all BBS traffic would not be impracticable. Off the top of my head, I can think of two factors leading to a review situation. One is that sysops are generally on notice that illicit materials of all sorts might go through their BBS. While this does not mean they're on notice as to any given message or file they have not actually seen, it may mean they have to walk the beat every now and then. It might be different from magazines or bookstores in that there is a greater variety of illegal stuff that can go through BBS' - not only newsletters and text files, but pirated programs, viruses, etc. The other is that sysops are uniquely in a situation to prevent damage from damaging materials. If sysops are not held responsible, then effectively there may be no one at all guarding against damage due to online materials. Judges may not be willing to see that situation get set up, or continue. I don't see why there can't be a reasonable review duty. It does not necessarily conflict with 1st Amendment. For instance, it can easily be argued that the First Amendment isnot even implicated until the review obligation becomes so heavy that a chilling effect arises. It is unrealistic to contend that even the slightest review obligation automtically creates an impermissible chilling effect. I agree with the spirit of your position, but don't see it as entirely sustainable in application. - Lance ;Date 23 Oct 92 06:39:01 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: paulb143@aol.com To: bbslaw@eff.org (bbslaw mailing list) Date: Fri, 23 Oct 92 06:53:56 EDT >From Paul Bernstein: Re: The following comments by David Johnson: ******************************************* "All that said, there may be good reason to try to relax or reduce any inference of a particularly burdensome duty of review: by crystallizing the industry view of good practice and, perhaps, by legislation providing some conditional immunity from liability as a means of facilitating the free flow of ideas. Absent legislation of that character, which has been discussed from time to time, the extent of the sysop's duty will be set over time by judges (or juries!) with after-the-fact judgements." *************************************** HEAR, HEAR! Industry standards and legislative direction provide the "rules of the road" and clear direction that Sysops demand and absolutely require. Without it, we're thrashing about blindfolded in a jungle full of ferocious animals, quick sand and poisonious snakes -- in such a case, one's ultimate fate is certain although the timing of that fate is not predictable with certainty. Paul ;Date 23 Oct 92 18:28:43 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: sysop liability Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: tex@well.sf.ca.us (John Coate) To: bbslaw@eff.org (bbslaw mailing list) Date: Fri, 23 Oct 1992 08:23:54 -0700 >At what point do you take on an obligation to serve everyone? Most BBS owners >can (though rarely do) throw off any user who offends them. But if the local >diner refused to serve someone because of personal dislike, there would quite >likely be a lawsuit filed shortly thereafter. This is a situation where you need to hang onto copies of the various incidents that led to the removal so the sysop can demonstrate that discrimination of the type that is actionable did not occur. Since you can't see race or age or gender online, this lind of discrimination suit would be very hard to pursue. On the WELL we were threatened by such things once in awhile but the argument was so weak it was never pursued. The closest we ever came to feeling like we really *would* get sued over tossing someone was when the person in question was a lawyer! ;Date 23 Oct 92 18:28:48 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: thardy@mail.wm.edu (Trotter Hardy) To: bbslaw@eff.org (bbslaw mailing list) Date: 23 Oct 92 11:56:06 Lance Rose said this: > Of course, the main circumstance is the First Amendment character of > the BBS, which at the very least sets an upper limit of onerousness, and may > also, by defining a shorter range from the least to greatest possible review > requirement as compared to non-First Amendment operations, generally relax > the required review even in cases where a total review of all BBS traffic > would not be impracticable. > > Off the top of my head, I can think of two factors leading to a > review situation. One is that sysops are generally on notice that illicit > materials of all sorts might go through their BBS. While this does not mean > they're on notice as to any given message or file they have not actually > seen, it may mean they have to walk the beat every now and then. It might > be different from magazines or bookstores in that there is a greater > variety of illegal stuff that can go through BBS' - not only newsletters and > text files, but pirated programs, viruses, etc. > I wonder if we are talking too much in the abstract about the First Amend., reasonable review, etc. Court cases are brought on the basis of one or more particularized causes of action: defamation, invasion of privacy, copyright infringement, etc. The First Amend. and reasonable review and a host of other aspects that people have mentioned may be relevant in different ways (or not at all) to these different legal theories. E.g.: I have not researched the question of whether one person, say an employer, can be "vicariously" liable for another's (say an employee's) defamatory remarks. A plausible reading of the Gertz case would be that they cannot: Gertz requires some degree of "fault" in a defamation case and vicarious liability is essentially liability without fault. (I am not asserting that this is the law because I don't know if it is or not.) But Gertz is not applicable to copyright cases, and those cases rely on vicarious liability all the time: a nightclub owner is liable for copyright infringement by a band hired to play music if the music is copyrighted and nobody has paid a license fee for the privilege. What this suggests to me is that questions of liability cannot usefully be addressed from the standpoint of "whether and when a sysop is liable," even though that is a natural and desirable thing to do from the syops's perspective. Rather, we have to look at particular allegations of liability: is a sysop liable for invasion of privacy when s/he does such and such. Is a sysop liable for copyright infringement when s/he does so and so. Etc. etc. Perhaps that is what the sysop's legal book does that Lance referred to. Trotter Hardy ;Date 23 Oct 92 18:29:32 From: Uucp@1:125/555 To: Tom Jennings@1:125/111 Subject: Keystone Options: kill-sent private ;Status: recv'd (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!uunet.UU.NET!xanadu!xanadu.com!tribble From: tribble@xanadu.com (E. Dean Tribble) To: uunet!soda.berkeley.edu!hughes@uunet.UU.NET Date: Fri, 23 Oct 92 09:31:09 PDT Cc: cypherpunks@toad.com The Compuserver decision some months ago supported this indirectly: Compuserver was held not liable for mail and postings on their system, because they don't claim to read them. I don't beleive Compuserve is a common carrier, so the precedence supports the result you want. dean ;Date 24 Oct 92 21:40:39 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 24 Oct 92 23:30:19 EDT Lance Rose responds to Maurice Weitman: Maurice writes: Lance reponds: I don't think a checklist of the sort you allude to can be put together. Like it or not, the subject of what needs sysop response, and what response is appropriate, requires well-informed sysop judgment. I believe the answer is educating sysops. The grey areas where decisions are difficult will never go away. But the clear cases can be made obvious with education and practice. ;Date 24 Oct 92 21:40:40 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 24 Oct 92 23:30:42 EDT Lance Rose responds to Trotter Hardy: Trotter says: I wonder if we are talking too much in the abstract about the First Amend., reasonable review, etc. Court cases are brought on the basis of one or more particularized causes of action: defamation, invasion of privacy, copyright infringement, etc. The First Amend. and reasonable review and a host of other aspects that people have mentioned may be relevant in different ways (or not at all) to these different legal theories. Lance responds: This is not a question of abstraction at all. In each case of liability, no matter the type, if sysops are held liable, then a review obligation for the type of material involved in that case is automatically placed on sysops. And for 1st Amendment purposes, the question is always the same: does the burden of this type and level of review create a "chilling effect" for BBS operations? Trotter says: But Gertz is not applicable to copyright cases, and those cases rely on vicarious liability all the time: a nightclub owner is liable for copyright infringement by a band hired to play music if the music is copyrighted and nobody has paid a license fee for the privilege. Lance says: The remedy of injunction after the fact is always available in copyright cases regardless of the defendant's knowledge. But the possibility of such an injunction would not realistically chill sysops. In the real world, they would cease posting copyright violations long before any judge's decision on the material at issue came down, unless they were deliberately testing some edge of the law. The real "chiller" in copyright cases is the possibility of big damages. And that possibility has the same effect, and is subject to the same 1st Amendment limitations, as the possibility of any other legal liability or remedy that would lead to burdensome responsibilities for sysops. ;Date 24 Oct 92 21:40:41 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: review duties and access Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 24 Oct 92 23:30:55 EDT Lance Rose responds to David Johnson: David says: I would like to ask Lance one question about the book. As I read it, he suggests that a sysop should offer to consult with a user when the user has questions about whether what the user is doing is illegal. Do you really think a sysop should hold herself out as available to rule, in real time, on the legality of a user's actions? Maybe it is always better to invite discussion with users and talk things through but (as you can tell) a general offer of consultation like that would make me somewhat nervous. Lance responds: I don't believe I recommended doing it in real time. I also don't think of it as a legal consultation. I imagine in many "grey area" cases, the sysop will simply tell the user he has no idea whether it is legal, but he is/is not comfortable with what the user is doing in a given case. I don't know that a crystalline-perfect prescription for sysops is possible. All I was trying to do was suggest a perpetually open door for discussion between sysops and users. I don't see the sysop's task, when looking to deal with liability issues, as merely to pursue the most risk-averse route. The purpose of running a BBS is not to avoid risk. Risk avoidance has to be woven in with the BBS' other activities, which latter are its actual reason for being in the first place. Guess I'm not a classic lawyer . . . That's okay, I don't believe you have to defend every creep who walks in your door, either ;Date 25 Oct 92 02:03:17 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: LEGAL SITUATION Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: JACK.RICKARD@boardwatch.com To: bbslaw@eff.org (bbslaw mailing list) Date: Sat Oct 24 17:21:38 1992 I like the paradigm pioneered on the WELL that everyone online is responsible for their own words and actions, and in a legal sense, I would like that to emerge as the enforcement model. On my own system, I don't monitor much of anything - public or private - unless it is a conversation I happen to be interested in (in the case of public conversations) or something another caller complains about (which in general must be a public conversation). I rather don't care if people encrypt messages, as long as I don't have to participate to correspond (there is a growing "miff" among those who want their conversations private if you just tell them you don't want to be bothered with it all). And while there are BBS operators who read everything like a hawk, I'm very uncomfortable with the concept that we are responsible under law to do so. Actually, I haven't heard of a lot of difficulty with BBS operators being charged with anything as the result of third party conversations on their systems, and while it could be a problem, I would expect not. The heart of the message and message monitoring problem with regards to law enforcement is that the BBS itself tends to be a superb evidence gathering machine. BBS operators discovering discussions of illegal activities have in some cases notified authorities - only to be rewarded with the loss of their machines for weeks or months. Whether the BBS operator is "liable" for the actions or messages is a bit moot. If law enforcement suspects it is going on on a BBS, they can essentially confiscate the equipment and the BBS operator is forced to deal with a legal system they can't afford to even come in contact with in order to regain the equipment. And I think this is somewhat unique to bulletin boards. It would never occur to law enforcement to confiscate a telco central office switch because conversations and discussions of illegal activity went through it. But because of the recording facility of bulletin boards, the equipment is subject to arrest whether or not anyone even thinks the BBS operator is at fault or has any liability. This is part of an overall breakdown I perceive in how laws are applied to differing groups using the same technologies. Large news gathering entities have a good deal of protection regarding video tapes made, for example. The thinking seems to be that we "can't afford" to extend these same protections to "relatively irresponsible" individuals with video camcorders. Because it is the same technology is not the issue, apparently, but rather that CBS is less likely to do something we don't like and don't know about than a person with a camcorder taping LA rioters. Likewise, bulletin boards give the same communication utility we are used to thinking of as being controlled by CompuServe, or Prodigy, or some other large entity our government can easily deal with coercively, to individuals where this same type of control simply doesn't work. Camcorders for the masses. Online services run by teenagers. Naturally, I take an almost acidicly libertarian view of all of this and think we DO need legislation - NOT to regulate bulletin boards, but to regulate law enforcement to ensure that when they deal with a 14 year old running a C-64 BBS for two hours each night, they do so with EXACTLY the same respect for law that they do when dealing with BellSouth or AT&T. The challenge this brings is not limited to bulletin boards or camcorders. Increasingly, we will see technologies that today are comfortably limited to large controllable entities migrate to individuals. What happens when I can have my own comm satellite for $5000? Jack Rickard Boardwatch Magazine ;Date 25 Oct 92 02:03:18 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: RE: LEGAL SITUATION Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: JACK.RICKARD@boardwatch.com To: bbslaw@eff.org (bbslaw mailing list) Date: Sat Oct 24 17:57:48 1992 > Does anyone have an opinion on the (FidoNet) case where, third party > traffic is killed or modified by a non-addressee (on intermediate > systems through which the traffic is flowing)? Has this been > addressed > in other electronic store-and-forward systems? > > This is becoming of critical importance in FidoNet and we're all > completely in the dark. > > tomj@fidosw.fidonet.org > > I have an opinion Tom, but it may not be worth much. I can't imagine there being any legal liability for in transit mail at all. As I mentioned in another message, I'm nearly as concerned about the effective death of a BBS for evidenciary purposes as legal liability. But even there, visability as to precisely which systems in-transit mail passes through would be pretty limited to most governmental authorities unless the messages actually appear in a public conference where someone could dial in and see them. My own take is that you have BBS operators within FidoNet that just resent the fact that they can't nose about through mail passing through their system. I pass out a very tiny bit of in-transit mail, and I couldn't even tell you how much or when, without doing a bit of mucking about to make a determination. The nature of FidoNet itself may cause this to be problematical. And I know any scent of rules will cause a furor. But it sounds like more of an organizational determination than a legal one. It is just this type of fractious incident that has driven the net toward irrelevancy for netmail. I'm communicating from Boardwatch BBS to other BBSs primarily through the Internet now for precisely this reason. In the Internet, there are mail delivery failures, but they are not caused generally by some intermediary sysadmin disapproving of contents or format. If it were me, and its not, I would require expeditious handling of ALL routed and in-transit mail as a requisite for membership. If you don't, any of 16000 BBS operators in FidoNet who doesn't approve of encryption in general or encrypted mail can stop traffic. At LEAST the guy who stopped it in this case sent a message to both parties. I would imagine you and George are the only ones that could make it stick. I don't think you're going to find a legal precedent requiring BBS operators to pass encrypted mail, and realistically, I can't picture any realistic liability an operator could have for encrypted mail passing in one port, out another (or the same) with no public display on the BBS. Jack Rickard Boardwatch Magazine. ;Date 25 Oct 92 02:03:19 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: QUESTION OF THE DAY Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: JACK.RICKARD@boardwatch.com To: bbslaw@eff.org (bbslaw mailing list) Date: Sun Oct 25 00:52:44 1992 > (It should be noted that "adult" bookstore owners and proprietors of > > topless bars are held liable not because they've reviewed everything > beforehand, but because the nature of what they offer is such that > courts > are willing to impute _scienter_ with regard to obscenity. This > exception > to the rule of Smith v. California is pretty narrow.) > I agree Mike. If a BBS ran a message area labeled CREDIT CARD FRAUD EXCHANGE or something implying that here is the place to discuss software piracy matchups, the BBS itself is hosting illegal activity with that intent. This is a VERY different situation from two or three callers discussing such activities through unreviewed private e-mail out of the 600 callers frequenting the board. The problem this keeps coming back to as a practical matter, however, is that if the CALLER is liable for their own illegal activity, how does the BBS operator, assuming no one in the universe believes the operator is part of the crime, keep the computer and system the BBS runs on from being seized as part of the evidenciary process? Jack Rickard Boardwatch Magazine ;Date 25 Oct 92 10:50:15 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: RE: LEGAL SITUATION Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: paulb143@aol.com To: bbslaw@eff.org (bbslaw mailing list) Date: Sun, 25 Oct 92 09:12:51 EST From: Paul Bernstein Responding to: Jack Rickard Jack Rickard: you have hit the nail on the head! Putting my BBS Sysop hat on . . . I do NOT want to have to read messages (or fear that I must do so) . . . for absent my being told that criminal activity is afoot, I want my constituents to learn about and use the technology! PROTECTION of Sysops is THE KEY here, as Jack notes! I am TOTALLY AGAINST any concept that says the courts can and will solve our problems: First of all, going to court is VERY expensive! Second, the decisions by trial courts mean NOTHING and are likely to be inconsistent for many reasons. My mention of the MPAA is not for "ratings" but for the creation of "standards" and "Rules of Conduct" that, if they became industry standards, would give Sysops some strong assurance that they are in compliance with the law. If Sysops will have to rely on future court decisions, then all you will have left, after we lawyers tell our BBS-clients to go out of business because they can't afford us . . . is the BIG outfits like CIS, Prodigy, etc., and there goes the innovation and exploration that this technology demands. It't time for Sysops to take their future into their own hands and not rely on the courts or overly expensive law firms that 99.99% of BBS-Sysops cannot afford. ;Date 25 Oct 92 10:50:16 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: RE: QUESTION OF THE DAY Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: paulb143@aol.com To: bbslaw@eff.org (bbslaw mailing list) Date: Sun, 25 Oct 92 09:22:24 EST From: Paul Bernstein Jack Rickard raises a proper question about how Sysops protect themselves from seizure of the BBS. In Illinois there have been cases where, if Preliminary Injunctions (obtained on an emergency basis) were dissolved as having been found at a later date to be unfounded, then the injured party (the one against whom the original injunction was issued) is entitled to substantial damages! Sorry to harp on this folks, but if there were a Sysops equivalent to the MPAA and if one of the rules a Sysops subscribed to as a member was to "Keep weekly backups of ALL MATERIALS on the BBS," and if that became public knowledge, AND, IF THE LAWYERS WOULD WORK TOGETHER TO FORGE A MOTION AND BRIEF ON THE SUBJECT, clearly demonstrating the significant financial legal liability a governmental agency was exposing itself to from an "illegal" seizure . . .THEN, you're on your way to clearing the way for Sysop's continued exploration of the technology without fear. For then, governmental agencies with subpoenas could grab the back-up disks and information and not the main BBS,....at least, not without A FULL AND COMPLETE court hearing and adjudication!!! The keys and answers are here, I should think. What's wrong with a "CODE OF ETHICS?" What's wrong with "Rules of Conduct?" What's wrong with subscribing to such codes of ethics and conduct? Why can't we have "Custom and Usage" and our own equivalent of the MPAA? Clearly, this still leaves open the potential for court action, but if we have brief and memorandum of law databanks and lawyers around the country who are Sysop-oriented and have enough interest in the technology to do some Pro Bono work . . . we can head off Washington intervention (which is sure to come as the technology becomes politically potent) and prevent the courts from destroying us. What's wrong with such suggestions? And, why shouldn't we move in that direction with this conference? PaulB ;Date 25 Oct 92 11:57:54 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Sun, 25 Oct 92 14:52:23 EST > Lance Rose writes: > Mike writes: > > requirement of reasonable review when booksellers and magazine distributors > are not. Want to tackle that one, David?> > > Mike, I think there is some requirement of reasonableness under the > circumstances. There doesn't seem to be one grounded in Constitutional law, however. A bookstore owner may know full well that Kitty Kelley's book on Nancy Reagan may be libelous or that Madonna's book SEX may be obscene; even so, the Supreme Court has never held that bookstore owners can Constitutionally be held to a standard of "reasonable review." > Off the top of my head, I can think of two factors leading to a > review situation. One is that sysops are generally on notice that illicit > materials of all sorts might go through their BBS. I simply don't think this is the case. I don't think BBSs are any more marginal an information medium than bookstores are, legally speaking. A sysop has no greater "notice" that, say, libelous material is passing through her BBS than a bookstore owner has as to libelous books he may be carrying. The same is true of obscenity or criminal copyright infringement. > While this does not mean > they're on notice as to any given message or file they have not actually > seen, it may mean they have to walk the beat every now and then. Any imposition of a "walking the beat" requirement for sysops that is not imposed on bookstore owners has to be grounded in a Constitutional distinction. Here, the distinction seems to be the (questionable) one of supposing that BBSs are more likely to be the venue of illegal communications than bookstores are. God help us if this distinction ever does get enshrined in Constitutional law. It should be noted that lots of crimes are plotted in restaurants and bars, too, but the law does not require bar owners to review conversations. > The other is that sysops are uniquely in a situation to prevent > damage from damaging materials. If sysops are not held responsible, then > effectively there may be no one at all guarding against damage due to online > materials. The position here is not unique. Bookstore owners could also act to prevent libel or obscenity in a community. > Judges may not be willing to see that situation get set up, or > continue. It is possible in "real life" for vandals to get away with harming people and property. The law does not require that someone *always* be held responsible. > I don't see why there can't be a reasonable review duty. It does not > necessarily conflict with 1st Amendment. F To me, it does, unless there is an interpretation of the First Amendment that sets BBSs up in a unique legal category. > I agree with the spirit of your position, but don't see it as > entirely sustainable in application. It shoudl be noted that the "scanning for viruses" requirement on a sysop has nothing to do with communication or First Amendment protected interests. I think that's just a negligence issue that can be handled by traditional tort principles. --Mike Godwin ;Date 25 Oct 92 22:01:14 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Mon, 26 Oct 92 0:26:57 EST Lee Tien writes: > I agree wholeheartedly with (I think it was Trotter Hardy) the > person who recommended that we NOT analyze sysop/BBS liability > in general First Amendment terms. Why not? BBSs are used for core First Amendment interests of speech and press and associatin. What is your Constitutional theory for privileging printed material over BBSs? > If we look back at the question Shari started us off with, > each of the subject-matter areas involves different doctrines. > Like it or not, First Amendment law is sensitive to "categories" > of speech, at least as applied by present-day courts. Right. But this statement is vague enough not to be of much use in telling us how to treat BBSs. Is there anyone who has used a BBS who does not believe that what he is doing is speaking, or hearing other people speak? Why should BBS-based speech and publication and association have any *different* First Amendment protections from those of newspapers, public assemblies, bookstores, and pubs? On what Constitutional theory can we justify the distinction? --Mike ;Date 26 Oct 92 07:01:33 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: tien@well.sf.ca.us (Lee Tien) To: bbslaw@eff.org (bbslaw mailing list) Date: Mon, 26 Oct 1992 06:55:08 -0800 In response to Mike Godwin: Mike has, I believe, missed the point I meant to endorse: I don't for a moment doubt the applicability of the First Amendment's protections to sysops/BBSs. I said: > If we look back at the question Shari started us off with, > each of the subject-matter areas involves different doctrines. > Like it or not, First Amendment law is sensitive to "categories" > of speech, at least as applied by present-day courts. and Mike commented: Right. But this statement is vague enough not to be of much use in telling us how to treat BBSs. I apologize for being vague. I meant to suggest once more that instead of addressing "sysop liability" we address "sysop liability in relation to specific kinds of speech"-- and work on the most important ones first. Each "problem category"-- obscenity, indecent speech, child pornography, advocacy of illegality, copyright infringement, defamation, classified/national defense information, commercial speech, and so on, has its own doctrines. They are all of course related through the First Amendment, but the doctrines reflect not only logic but history and the context of case law development. It seems to me that when a sysop discovers that information arguably falling within such categories is being disseminated via her BBS, she needs to know rather specific things beyond general First Amendment principles: what statutes are on the books, federal and state; what kind of penalties are involved; what does the common law say, etc. --Lee Tien ;Date 26 Oct 92 07:31:59 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 26 Oct 92 09:56:41 EST Lance Rose reponds to Mike Godwin: At somepoint competing considerations can and do get balanced, either expressly or implicitly. Your position seems absolutist (and I don;t mean 1st Amendment absolutism of the sort advocated by Black), which is itself suspect. A reasonable review requirement would not arise from the Constitution. Saying there are Constitutional limits on liability does not mean Constitutional "permission" is required for each attribution of liability, especially safely short of whatver "limits" may be established. You missed my point that additional kinds of things can pass through BBS' - credit card numbers, etc. Also, you can have a BBS with a certain character that makes it more likely to carry illegal materials,such as a pirate board - and some requirement for the sysop to be aware of this. This is a factual point, and needs to be settled on that basis. It need not be enshrined anywhere, but recognition of the possibility can lead to an ad hoc approach, rather than enshrining the opposite - ie., that BBS' by definition are no more likely to carry illegal materials than bbok stores. LR> Judges may not be willing to see that situation get set up, or > continue. MG Look at the reality. Books are almost all published by big companies, and there is realistic recourse aginst the publishers. In a BBS situation, there is far less realistic accountability by the posters. LR> I don't see why there can't be a reasonable review duty. It does not > necessarily conflict with 1st Amendment. MG You're placing the limit on liability before the basis of liability. First, one determines if there is a duty. Second, you look to see if it creates the kind of "chilling effect" that implicates the 1st Amendment, and whether that means the duty mustbe cut off due to Constitutional considerations. Categorical distinctions of the sort you allude to are neither logically necessary nor mandated in this situation. - Lance ;Date 26 Oct 92 20:05:59 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: IMPOSITION OF RESPONSIB Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: JACK.RICKARD@boardwatch.com To: bbslaw@eff.org (bbslaw mailing list) Date: Sun Oct 25 20:36:55 1992 Jack Rickard (Boardwatch Magazine) responding to Trotter Hardy: > For these reasons, I think people are putting way too much > faith in the desirability of Congressional (or State > legislative) resolution of the issues of liability. > I too am a little torn by this. There is a wide variety of system that falls under the rubrick of "BBS" or for that matter "online service" and new ones are emerging. Defining rights and responsibilities legislatively tends to harden the environmental form, and might alter the development of new services in the future to "work around" existing laws. At the same time, our current situation seems to be in straining to read tea leaves by applying pieces of existing laws and case precedent to "similar" situations online. I guess what I "thought" I was hearing was not a call for legislation, but a call for voluntary guidelines set forth by some voluntary industry association. This more casual "environment" would then be something that would naturally be taken into account during litigation involving bulletin boards and where no clearly applicable legal precedent prevailed, might have an influence on a court decision by establishing a legitimate forum for what a BBS operator "thought" his rights and responsibilities were in some legitimate way. The problem I have even with that is that it has to cover a lot of ground. Tom Jennings just brought up Policy 4. Actually, I think this document began right here in Denver in Net 104 from a single sysop disgruntled with the previous policy document. An entirely self nominated working committee rose to develop this document in a private echo conference and after many months of wrangling presented it to the Net. Few could actually bear to read through all of it as it was quite lengthy and endlessly detailed and I don't recall that it ever gained a mandate, but many do think it is the "law" within FidoNet. And within the BBS and online community, I think a case could be made that despite the diversity within the net, FidoNet systems tend to be a particular "type" of system that does not necessarily share common ground with chat services, the relatively new class of small Internet access services, public conferencing systems, product support BBSs, etc. At the same time, there does appear to be an emerging need for some form of guideline. Julian A. Smith, a professor of history of science and technology at Ryerson Polytechnical Institute wrote an interesting article in the October 92 issue of "Toronto Computes" titled "Sysop Code of Ethics Urged." It delineated an entire series of horrors BBS operators have visited on their callers - many involving abuses of trust regarding private electronic mail, sexual matchmaking activities, and various forms of denying access based on religion, political views, etc. In many ways, it seems that freedom of speech is often a freedom afforded BBS operators and NOT their callers. So I think we will see increasing pressure toward SOME form of regulation of online activities. And while I don't personally see much in the way of good coming from ANY such regulation, we may be forced to choose between regulation we as online participants can participate in the formation of, or regulation generated by most anyone willing to catch the publicity that the next mass media wave doing the "BBS story" causes. Jack Rickard ;Date 26 Oct 92 20:06:04 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: tex@well.sf.ca.us (John Coate) To: bbslaw@eff.org (bbslaw mailing list) Date: Mon, 26 Oct 1992 09:01:11 -0800 Mike Godwin writes: Is there anyone who has used a BBS who does not believe that what he is doing is speaking, or hearing other people speak? Why should BBS-based speech and publication and association have any *different* First Amendment protections from those of newspapers, public assemblies, bookstores, and pubs? On what Constitutional theory can we justify the distinction? I agree completely. -JC ;Date 26 Oct 92 20:06:43 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Mon, 26 Oct 92 14:37:52 EST Lee Tien writes: > Mike has, I believe, missed the point I meant to endorse: Always possible. Since I'm on the road this week, I tend to be distracted a little more easily. > I apologize for being vague. I meant to suggest once more that > instead of addressing "sysop liability" we address "sysop liability > in relation to specific kinds of speech"-- and work on the most > important ones first. > > Each "problem category"-- obscenity, indecent speech, child > pornography, advocacy of illegality, copyright infringement, > defamation, classified/national defense information, commercial > speech, and so on, has its own doctrines. They are all of course > related through the First Amendment, but the doctrines reflect > not only logic but history and the context of case law development. Some of these categories are not separate, Lee. Child pornography, like obscenity, requires _scienter_ rather than "failure to conduct reasonable review" for liability. The same is true for defamation. (Note that I'm talking about redistributors here, not the original speakers.) Criminal liability for copyright infringement or distribution of defense information *also* requires _scienter_. (I read the statutes in Titles 17 and 18.) Maurice Weitzman of the WELL is not going to be held liable on any of these grounds without proof that he intended for the material to be there, or at least knew it was there. Mere negligence (failure to review) won't be enough. Mo may still be an innocent infringer of copyrighted materials without _scienter_, but as Lance has pointed out (and I agree), these provisions of copyright protection have already struck a balance that seems not to be unduly chilling. "Indecent speech," regardless of the misleading dictum in Sable Communications v. FCC, is a category not applied outside of broadcasting. Even the most subtle and nuanced understanding of First Amendment jurisprudence has to grant that the *default* protections of BBS publications and forums are just the same as those for other media; to argue a different set of protections for BBSs requires a distinction that passes Constitutional analysis. And, certainly, a *lessening* of protections, such as "reasonable review" requirement derived from "industry practice" would have to survive the highest standard of First Amendment analysis. > It seems to me that when a sysop discovers that information > arguably falling within such categories is being disseminated > via her BBS, she needs to know rather specific things beyond > general First Amendment principles: what statutes are on the > books, federal and state; what kind of penalties are involved; > what does the common law say, etc. I agree that a sysop's duty *to remedy* may vary, *once the _scienter_ reequirement is met*, as in your example here. But a duty to remedy is not the same as a duty to review. --Mike ;Date 26 Oct 92 20:06:46 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: imposition of responsibility Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: mnemonic@eff.org (Mike Godwin) To: bbslaw@eff.org (bbslaw mailing list) Date: Mon, 26 Oct 92 14:57:15 EST Lance Rose writes: > At somepoint competing considerations can and do get balanced, > either expressly or implicitly. Your position seems absolutist (and I don;t > mean 1st Amendment absolutism of the sort advocated by Black), which is > itself suspect. I don't see how it is "absolutist" to say that the same (nonabsolutist) First Amendment protections that apply to other media apply to BBSs as well. Look at how BBSs are used--as publishers, forums, and redistributors of information. The balancing of competing considerations for those uses has already taken place. But it should be noted (as, I believe, scholars from Melville Nimmer to Larry Tribe have noted) that a "balancing test" alone provides inadequate protection of First Amendment interests. (I'll give you a cite on this when I get back to the office.) > You missed my point that additional kinds of things can pass through BBS' - > credit card numbers, etc. I caught that point, actually, and responded to it generically, by noting that criminal liability hinges on _scienter_. That's a Due Process requirement *as well as* a First Amendment requirement--check the Supreme Court's holding in Liparota and progeny. > Also, you can have a BBS with a certain character that makes it more likely > to carry illegal materials,such as a pirate board - and some requirement > for the sysop to be aware of this. I think a pirate BBS meets the "dirty book store exception" to Smith v. California, don't you? In that case, it's easy to impute _scienter_ to the sysop, even if he didn't know the spcific illegal material in question. > It need not > be enshrined anywhere, but recognition of the possibility can lead to an ad > hoc approach, rather than enshrining the opposite - ie., that BBS' by > definition are no more likely to carry illegal materials than bbok stores. But, Lance, there *are* presumptions as to the legitimacy of speech and expression under the First Amendment. Even if I'm having a conversation at a bar that is a known criminal hangout, my speech is presumptively legal. Do we want to have different presumptions when the speech is on a BBS? I don't see how the Constitution allows this. > Look at the reality. Books are almost all published by big companies, and > there is realistic recourse aginst the publishers. In a BBS situation, > there is far less realistic accountability by the posters. So we're told. But in how many cases has the perpetrator of unprotected speech been impossible to trace? My guess is that the number is fewer than five. (I'm being charitable.) > You're placing the limit on liability before the basis of liability. First, > one determines if there is a duty. Second, you look to see if it creates > the kind of "chilling effect" that implicates the 1st Amendment, and whether > that means the duty mustbe cut off due to Constitutional considerations. This is the wrong order, Lance. In First Amendment analysis, Step One is to presume First Amendment protection. Step Two is see whether the speech in question falls into any of the well-defined exceptions. Starting out by determining whether there is a duty is generic *tort* analysis, not First Amendment analysis. > Categorical distinctions of the sort you allude to are neither logically > necessary nor mandated in this situation. First Amendment analysis does in fact rely on categorical distinctions of the sort I allude to. See Nimmer's treatise, for example. --Mike ;Date 28 Oct 92 07:52:27 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: Imposition of Resp. Options: kill-sent private ;Status: (read 5 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 28 Oct 92 10:43:35 EST Lance Rose responds to Lee Tien: Lee says: >It seems to me that when a sysop discovers that information >arguably falling within such categories is being disseminated >via her BBS, she needs to know rather specific things beyond >general First Amendment principles: what statutes are on the >books, federal and state; what kind of penalties are involved; >what does the common law say, etc. Lance responds: But most of the 1st Amendment discussion here has to do with the duty to monitor or review before specific discoveries are made. No one said that the 1st Amendment protects against knowing dissemination of illegal material. I think you're arguing against a straw man here. ;Date 28 Oct 92 07:58:23 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: Imposition of Resp. Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 28 Oct 92 10:43:46 EST Lance Rose reponds to Trotter Hardy: Trotter says: > *ANY* laws restricting sysops from doing whatever they like exert a chilling effect. I don't think you are going to convince courts or Congress, however, that therefore the only rules that make any sense are rules that totally immunize sysops from liability for anything. That's why I think talking about a chilling effect is too general to be much of a guide to liability. Lance responds: I don't advocate or believe that rules totally immunizing sysops will be enacted or created under common law. If you recall, in my discussion here with Mike Godwin, I see strong reasons to believe there will be some measure of liability. I *do* believe we can talk about chilling effects generally, though. Or at least a certain kind of chilling effect - that which flows from any legal rule which would lead to an obligation to review all materials on the BBS. This kind of rule could come from any substantive legal area where a ruling of responsibility for damages without specific knowledge of the damaging material arises. Because it's the same practical burden in each case - having to monitor or review stuff in order to avoid legal liability. The chilling effect in each case would be quantified according to how much of a monitoring obligation would be placed on the sysop. That quantum of monitoring may itself depend on the substantive legal area under consideration, and of course at that level the requirements of that substantive field of law would need to be examined, but the practical effect of monitoring obligations, once set, can be dealt with similarly across all fields of law from which the monitoring obligations were derived. ;Date 28 Oct 92 08:58:30 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: Imposition of Resp. Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: tex@well.sf.ca.us (John Coate) To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 28 Oct 1992 08:00:26 -0800 can we identify forces or agencies or individuals who really think or have advocated that sysops should monitor everything on their board? I know that Prodigy does it, but that is because they want to maintain their family standards. They aren't compelled to do so. What is going on now, what momentum is there really that is pushing things in this direction? Certainly I fear the possibility of it, and I deplore in general notions that one should do something like that just because it's technologically easy to do it. But who is really pushing towards that? I hear about the NSA and the FBI and "law enforcement", but who is really pushing for this? -- John Coate ;Date 29 Oct 92 08:34:38 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: IMPOSITION OF RESPONSIB Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: JACK.RICKARD@boardwatch.com To: bbslaw@eff.org (bbslaw mailing list) Date: Wed Oct 28 23:47:39 1992 > > coming from ANY such regulation, we may be forced to choose > between regulation > > we as online participants can participate in the formation of, or > regulation > > generated by most anyone willing to catch the publicity that the > next mass > > media wave doing the "BBS story" causes. > > > > I don't know that a guideline will forestall or mitigate the > inevitable articles on BBS's, but there's a chance. I am > sure that the articles will come, sooner or later. > Actually, the articles are being done rather regularly now, albeit in waves. My point was that with each rash of articles decrying pedophilia online, obscene pictures, etc. (media attracting elements of the online experience) the call for "action" increases. These calls are usually from someone with no experience online at all and those they turn to "for action" similarly ill equipped. Up to this point, our legislators have been so out of ken to what's going on online, they have very nearly in some cases passed legislation affecting bulletin boards and online services without any awareness that it would have any effect on them, and in some cases only vaguely aware they existed. The offending legislation would be INTENDED to address some other matter entirely. I'm not really advocating that we rush out and legislate ourselves before someone else does, but rather noting an increasing pressure toward some form of regulation. Jack Rickard ;Date 29 Oct 92 09:05:06 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: third-party mail Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings) To: bbslaw@eff.org (bbslaw mailing list) Date: Thu, 29 Oct 92 01:46:13 PDT Maybe this question is too elementary, but it's dear to me. Maybe it's considered a change of subject here, for which I'll apologize ahead of time. Regarding third-party traffic liability. Assuming that I do some terribly illegal thing, over the Internet, you can legally persue me. However I don't believe you can sue the operator of each system that carried that illegal traffic. Is this not true? Is it "clear" that internet sites carrying IP traffic are carriers? If a message containing illegal material sits in storage, however temporary, on a particular system, is the operator of that system liable for its contents? This is the sort of thing that is of incredibly burning and immediate importance in FidoNet, certainly, and it's not hard to imagine elsewhere. --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG ;Date 27 Oct 92 11:05:48 From: Jesse David Hollington@1:125/33 To: Christopher Baker@1:125/111 Subject: BBS privacy/Sysop responsibility Options: ;Status: (read 2 times) ;MSGID: 1:225/1.0 2aed68dc >----------------------- Do not change this line -----------------------------< CB> if, as the article states, it is legal in the United States for 'anyone' CB> to 'legally encrypt an electronic message', how does FidoNet forbid such CB> a thing if they are so worried about legal operation? [grin] In my experience with what I can only describe as the "inherent stupidities of FidoNet Politics" I imagine it was developed to allow people to feel they have some level of "control" over what goes through their systems. That, plus the paranoid folks who are worried that the police might show up on their doorstep someday to seize their computer because of a message that passed through it. This is not only an unrealistic, but a downright ludicrous assumption. In my legal wanderings into Canadian law on the policies of encryption, privacy, and carrier status, I discovered that the fact that FidoNet Policy prohibits encrypted mail could actually *create* liability for the average Sysop, by implying that the Sysop has an obligation to monitor mail passing through their system. It's actually an extremely dangerous precedent to set, and one that I do not like at all. When I was RC12, I wanted to setup a local Regional "policy" that countermanded the Policy 4 clause, and I received permission from George Peace to do so due to the supposed legal differences between U.S. and Canadian law. Unfortunately, the said policy never quite got off the ground because more pressing matters intervened. Cheers, Jesse. --- Maximus 2.01wb * Origin: On a Clear Disk You Can Seek Forever (1:225/1) SEEN-BY: 11/2 13/13 109/25 123/19 124/1 125/20 28 33 111 125 180 1212 203/1 SEEN-BY: 203/23 205/10 209/209 308/60 390/1 396/1 ;PATH: 225/1 12/12 13/13 396/1 203/23 1 125/125 33 ;Date 29 Oct 92 13:54:53 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: monitoring Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD =LANGATE/ADMD=TELEMAIL/C=US/@sprint.com To: bbslaw@eff.org (bbslaw mailing list) Date: 29 Oct 92 01:11:00 UT ---------------------------------- Forwarded ---------------------------------- From: David Johnson at WCP1PO Date: 10/29/92 8:31AM To: RFC-822:bbslaw.eff.org at INTERNET Subject: monitoring ------------------------------------------------------------------------------- ------------------------------------------------------------------- From David Johnson: With the possible exception of some overly zealous FidoNet sysops, I don't know of anyone who wants to increase the amount of monitoring. The question is likely to arise in a context in which someone claims to have been harmed by a message, the sysop did not in fact know of the message, but the claimant asserts that the sysop "should have known" of the message. It may be easier to defend against such a claim if the sysop engaged in some reasonable, perhaps "industry standard" (voluntary) review of PUBLIC messages than it would be if the sysop simply closed her eyes while grasping a copy of the constitution. Consider viruses, for a moment, because the first amendment argument is least helpful there. The Computer Fraud and Abuse act amendments in the crime bill that didn't pass would have added criminal liability for "reckless" distribution of dangerous code. I think a sysop that does not use readily available software to screen for viruses is courting disaster. If one gets through, the effort to do some screening is the sysop's best defense. I agree that the potential chilling arguments are more powerful in other areas, like defamation. But this really impacts on the level of review, and on what industry practice will and should be, rather than allowing sysops to flip over to the proposition that there is no obligation to review. In contrast, private email, even to a large group, might well be conducted without review (absent some specific reason to be suspicious) because the message is sent with some expectation of privacy. One puzzle: as email list reflectors replace or supplement stored public postings, a message can be sent "privately" to a long list of people the sender has not met. That may mean the public/private posting distinction will not private a stable line for distinguishing between various levels of sysop obligations, over time. ;Date 29 Oct 92 13:55:14 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: third-party mail Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: tien@well.sf.ca.us (Lee Tien) To: bbslaw@eff.org (bbslaw mailing list) Date: Thu, 29 Oct 1992 13:44:32 -0800 This is Lee Tien responding to Tom Jennings's post which posed the following questions: Assuming that I do some terribly illegal thing, over the Internet, you can legally persue me. However I don't believe you can sue the operator of each system that carried that illegal traffic. Is this not true? Is it "clear" that internet sites carrying IP traffic are carriers? If a message containing illegal material sits in storage, however temporary, on a particular system, is the operator of that system liable for its contents? Lee asks: Tom, can you clarify what you mean by "illegal traffic," perhaps by concrete illustration? ;Date 29 Oct 92 13:55:14 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: third-party mail Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw From: tien@well.sf.ca.us (Lee Tien) To: bbslaw@eff.org (bbslaw mailing list) Date: Thu, 29 Oct 1992 13:44:32 -0800 This is Lee Tien responding to Tom Jennings's post which posed the following questions: Assuming that I do some terribly illegal thing, over the Internet, you can legally persue me. However I don't believe you can sue the operator of each system that carried that illegal traffic. Is this not true? Is it "clear" that internet sites carrying IP traffic are carriers? If a message containing illegal material sits in storage, however temporary, on a particular system, is the operator of that system liable for its contents? Lee asks: Tom, can you clarify what you mean by "illegal traffic," perhaps by concrete illustration? ;Date 29 Oct 92 15:55:48 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: Re: third-party mail Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID 1:125/111 2AF00985 >----------------------- Do not change this line -----------------------------< To: bbslaw@eff.org U> From: tien@well.sf.ca.us (Lee Tien) U> This is Lee Tien responding to Tom Jennings's post which U> posed the following questions: U> U> Assuming that I do some terribly illegal thing, over the U> Internet, you can legally persue me. However I don't ... [etc] U> Lee asks: Tom, can you clarify what you mean by "illegal U> traffic," U> perhaps by concrete illustration? ?! Does it really matter? Pick some thing. Credit card number, I slander you, whatever. My point was, are the intermediate systems liable for forwarding on a message that contains text that contains something illegal. My *real* question is, I assume the 2,000,000 systems that comprise the Internet are not liable if you and I conduct some sort of illegal business, in email, that passes through one or more intermediate systems. Is this not true? I know there can be extenuating circumstances, examples on either or any extreme, etc. Just pick something in the middle, in your mind. --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) ;Date 29 Oct 92 19:31:52 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: re: Re: third-party mail Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings) To: bbslaw@eff.org (bbslaw mailing list) Date: Thu, 29 Oct 92 15:55:48 PDT U> From: tien@well.sf.ca.us (Lee Tien) U> This is Lee Tien responding to Tom Jennings's post which U> posed the following questions: U> U> Assuming that I do some terribly illegal thing, over the U> Internet, you can legally persue me. However I don't ... [etc] U> Lee asks: Tom, can you clarify what you mean by "illegal U> traffic," U> perhaps by concrete illustration? ?! Does it really matter? Pick some thing. Credit card number, I slander you, whatever. My point was, are the intermediate systems liable for forwarding on a message that contains text that contains something illegal. My *real* question is, I assume the 2,000,000 systems that comprise the Internet are not liable if you and I conduct some sort of illegal business, in email, that passes through one or more intermediate systems. Is this not true? I know there can be extenuating circumstances, examples on either or any extreme, etc. Just pick something in the middle, in your mind. --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG ;Date 29 Oct 92 21:01:10 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: THIRD-PARTY MAIL Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: JACK.RICKARD@boardwatch.com To: bbslaw@eff.org (bbslaw mailing list) Date: Thu Oct 29 21:27:13 1992 > Lee asks: Tom, can you clarify what you mean by "illegal traffic," > perhaps by concrete illustration? Does this imply that the degree of sysop liability for third party traffic passing mechanically over his system is a function of how "illegal" the traffic is or its nature? Traffic through both Internet and Fidonet is of a nature that operators in either network COULD conceivably view an individual message. But it is NOT quite as simple as editing a file, particularly in the case of Fidonet. Mail comes in compressed in batches with LOTS of other mail, it is unpacked, sorted, repacked and compressed, and resent, all quite automatically. It IS technically possible to snag mail, open up, and look at individual messages, but it is generally NOT as convenient as most participants of this conference may believe. And for the lackadaisical, such as myself, I couldn't give you a good figure on the rough number of packets moving through, much less what's in them, without an investigation. If some of those messages dealt with murder vice simple narcotics possession, or the overthrow of the United States as opposed to credit card numbers, am I MORE liable for this message traffic? I think the question is are we liable AT ALL for third party message traffic we AND our immediate callers don't participate in or have knowledge of. I would strongly advocate we are not, but stranger things have happened at the bar, and I would have to defer to keener and more experienced legal minds than mine. But I'm a bit unclear as to what impact the "degree of illegality" of the message content would have on this. In a perfect world, I would think liability would be tied more directly to the degree of sysop participation in than crime than in his complicity in allowing it to pass mechanically over his equipment. Why don't for the purposes of concrete illustration, we assume it was a message plotting to feed the President cocain, force him to look at photos of naked three year olds, and ultimately kill him in an effort to overthrow the government of the United States while making a snuff film. And figure three stolen credit card numbers in the tagline somewhere. That can be the "slightly" illegal message. We can assume a conversation over what time to set off a planted thermonuclear device in Chicago as the "heavily illegal" message. Taking the thermonuclear message, am I part of the plot if the message passes through my system? Was I negligent if Chicago lands on Detroit and I didn't monitor my mail carefully? I technically have it within my power, if not convenience, to have read the message and notified authorities. In doing their investigation into "What the Hell Happened to Chicago?" will the constabulary want to know what I was doing at 3:12 AM on November 3rd when the "E-Mail that Ate Chicago" passed through my BBS? I can't picture it. In this scenario, I can't imagine anyone caring which BBS it went through anymore than they would trace which particular CO switches a voice conversation went through that involved a crime. I think we may wind up faced with law enforcement trying to "tap in" via bulletin boards to monitor such traffic as they do with telcos, and undoubtedly, they're going to have to learn to unpack and read messages (not much to that) to do so. The current urge in the FBI to deal with new technologies by passing a law requiring vendors and telcos to make life easy for the FBI at everyone elses expense poses some problems. But I cannot picture the BBS operator liable for illegal activity involving third party e-mail traffic essentially "routed" through their equipment. Jack Rickard Boardwatch Magazine ;Date 29 Oct 92 21:08:27 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RECEIVED FILE RE SYSOP ORGANIZA Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: JACK.RICKARD@boardwatch.com To: bbslaw@eff.org (bbslaw mailing list) Date: Thu Oct 29 21:44:15 1992 I received this file today from a concerned reader - representative of a fairly regular stream over the past few months. Jack Rickard ============================================================================== 10-28-92 An Open Letter to all Sysops Most of you have by now heard at least something about the legal prosecution of one BBS or another for reasons usually pertaining to the distribution of adult material such as GIFS, etc. The gist of the argument seems to be that the wrong people ( kids, those finding the material to be morally offensive, etc.) are able to gain access to material that is otherwise handled very responsibly by the Sysops of our country. My purpose in writing to you has nothing to do with sermonizing, lectures, or anything along that line. I am a user of BBS's, and am not a Sysop. I am, however, a nationally published writer, computer consultant, and electronics technician, and I hope that gains your attention long enough for me to point out a few things that should be of key interest to anyone currently operating a BBS. Fortunately, I have an experienced Sysop to guide me in understanding the day to day operation operation of a BBS. He has allowed me a window into your world, the issues that concern you, and what is important to most of you. I find you to be very creative, outspoken, and dedicated people. Because of this, I know that many of you are wondering what could happen to your world should Uncle Sam decide to come in and start throwing regulations around. Is there some type of threat to the free, independant operation of a BBS?. And if so, what form might it take, what defense could be used against it?. Let me summarize the current climate, and " lay it on the line " for you. The future of BBS operations in the United States will come under regulation. This cannot be stopped. What has ocurred so far is the first faint rumbling of a coming storm. Be it profiteering communications outfits, morally outraged citizens, whatever, the " Golden Age " of BBS operation is passing. What form the future takes can be controlled, however. You, as Sysops, are going to have to find some common ground, some established standards, and unite behind them. If there is no unified voice among Sysops on at least those points which can be used to attack you, then you will be powerless against any individual or special interest group that chooses to make an example of your method of operation, or the content of the material that you choose to present. It is being proven right now that that the law has virtually no way of determining intent or willfull wrongdoing in your desire to present a free means of information exchange and distribution. This means that charges against a BBS can be filed on a " learn as you go " basis by the authorities of any community in which your signal is recieved, should their local statutes be violated. Anyone who tells you different is lying. Period. Licensing the operation of a BBS will follow as soon as a sufficient threat is established by any individual or group willing to shout loud enough. Legal precedents have been established that can make this happen a lot sooner than you might imagine. This will be followed by mandates required to meet the licensing standards. In short, control will come. And with the revenue potential of thousands of BBS's all across the country, some clown in Washington is going to make this cost you money. You would, in effect,wind up having to pay for your own prosecution You have the most powerful tools available to combat your enemies. They consist of your communication abilities, and the voice of those now using your BBS's. There is no reason ( other than negligence on your collective parts ) that you cannot determine the future course of BBS operation in the U.S. The creation of a BBS is something intensely personal. Because of this you have never been able to unite on a set of standards for BBS operation. I don't blame you. But now you must consider the possibility of giving up part of the control ( the entire extent of which cannot be known ) of your creation to an entity that cannot possibly respond to the diverse range of your operating philosophies. It is time to begin pooling ideas on how you will defend yourselves. It must be done. It's irritating, perhaps distasteful to some or most of you, but it must be done. My contact point is Digital Escape, in Monroeville, AL. The Sysop, Michael Harrison, can talk to you in a language that you are more familiar with. He is dedicated to keeping BBS control in your hands, where it belongs. Any ideas, comments, etc, would be most welcome. with. I will help in any way I can. My thanks, Billy W. Godfrey This Letter is Being sent to you Unedited by Digital Escape BBS. 205-575-1924. I have seen and heard of quite a few systems being closed down for this reason or that. I would like to see an organiztion formed to just give us a voice. I know what many of you are thinking, "Oh no, Another someone trying to tell me what to do with MY system." This is not the case. I don't want anyone telling me what to do either. But if an organization was formed and a Member list was kept, it would represent numbers! When the sikco petafile gets busted for his BBS then the other BBSes can say "Hey, he was a lone wolf and in no way represents the BBSes in our organization." This is the only way I can see to protect our independence, not restrict it. Law makers only see numbers and law enforcement is, for the most part, unaware of what real BBSes do. I believe this is why systems are siezed before charges are filed. You can't have your car taken till someone figures out if you were speeding or not, so how is it that systems can be taken till it is figured out what laws (if any) were broken. If any one is interested in just such an organization. You can contact me at Digital Escape BBS (205) 575-1924. ;Date 30 Oct 92 06:38:54 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: THIRD-PARTY MAIL Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: thardy@mail.wm.edu (Trotter Hardy) To: bbslaw@eff.org (bbslaw mailing list) Date: 30 Oct 92 09:52:50 This message from Trotter Hardy -------------------------------- Jack Rickard writes: > Traffic through both Internet and Fidonet is of a nature that operators in > either network COULD conceivably view an individual message. But it is NOT > quite as simple as editing a file, particularly in the case of Fidonet. Mail > comes in compressed in batches with LOTS of other mail, it is unpacked, sorted, > repacked and compressed, and resent, all quite automatically. It IS > technically possible to snag mail, open up, and look at individual messages, > but it is generally NOT as convenient as most participants of this conference > may believe. Criminal liability is a bit outside of my area, but here are my thoughts about BBS's as intermediaries. First, BBS's that simply pass compressed mail on to another node are serving in a sense as "common carriers." Most common carriers are heavily regulated: the (local) telephone service, U.S. mail, electric power, trains, etc. There are private carriers with less regulation: UPS, trucking companies. But few if any carriers that have no regulation at all. (If any of you are regulatory lawyers and have other examples of non-regulated carriers, please correct me.) That may well mean pressure to regulate BBS's at some point. Second, I do not think that UPS would be criminally liable for delivering a package of cocain, as long as it had no reason to know of the package contents. It could, of course, X-ray all packages. It could advise customers that it will open all packages. But it doesn't do either as far as I know. That leads me--not a criminal lawyer and so not fully knowledgeable about it--to conclude that Fido sysops serving as hubs for mail distribution do not have to read every message on pain of facing criminal liability. I think the harder questions will relate to boards where the sysop has more involvement than simply passing the mail to the next node. Trotter Hardy (Fido 1:271/118) ;Date 30 Oct 92 06:38:54 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: THIRD-PARTY MAIL Options: kill-sent private ;Status: (read 4 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!eff.org!bbslaw-request From: thardy@mail.wm.edu (Trotter Hardy) To: bbslaw@eff.org (bbslaw mailing list) Date: 30 Oct 92 09:52:50 This message from Trotter Hardy -------------------------------- Jack Rickard writes: > Traffic through both Internet and Fidonet is of a nature that operators in > either network COULD conceivably view an individual message. But it is NOT > quite as simple as editing a file, particularly in the case of Fidonet. Mail > comes in compressed in batches with LOTS of other mail, it is unpacked, sorted, > repacked and compressed, and resent, all quite automatically. It IS > technically possible to snag mail, open up, and look at individual messages, > but it is generally NOT as convenient as most participants of this conference > may believe. Criminal liability is a bit outside of my area, but here are my thoughts about BBS's as intermediaries. First, BBS's that simply pass compressed mail on to another node are serving in a sense as "common carriers." Most common carriers are heavily regulated: the (local) telephone service, U.S. mail, electric power, trains, etc. There are private carriers with less regulation: UPS, trucking companies. But few if any carriers that have no regulation at all. (If any of you are regulatory lawyers and have other examples of non-regulated carriers, please correct me.) That may well mean pressure to regulate BBS's at some point. Second, I do not think that UPS would be criminally liable for delivering a package of cocain, as long as it had no reason to know of the package contents. It could, of course, X-ray all packages. It could advise customers that it will open all packages. But it doesn't do either as far as I know. That leads me--not a criminal lawyer and so not fully knowledgeable about it--to conclude that Fido sysops serving as hubs for mail distribution do not have to read every message on pain of facing criminal liability. I think the harder questions will relate to boards where the sysop has more involvement than simply passing the mail to the next node. Trotter Hardy (Fido 1:271/118) ;Date 30 Oct 92 12:22:01 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: RE: THIRD-PARTY MAIL Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID 1:125/111 2AF128EA >----------------------- Do not change this line -----------------------------< to: bbslaw@eff.org U> From: thardy@mail.wm.edu (Trotter Hardy) U> I think the harder questions will relate to boards U> where the sysop has more involvement than simply U> passing the mail to the next node. I'm not sure what you mean about "harder". My interest in this mailing list was because it might shed light on actual problems we're having today, not just for plotting the future. Today is where the problems are, that will define the path for tomorrow. THe hardest thing as I see it, now and today, is to be able to provide today's sysops with enough information to be able to understand what the issues are, what the bounds of liability are. I do NOT mean, easy answers "this is safe and that is dangerous". I had thought that the "systems handling third-party traffic are relatively not liable for message content" relative to local BBS message areas and conferences, could be a fairly straightforward opinion/statement/interpretation, without anyone sticking their neck out or making blanket statements that we all know are not possible. To tell the truth, I was hoping the discussions here would have applicability to today's problems, not just what-if's and where-are-we-going's, but I think that's just my usual impatience... --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) ;Date 30 Oct 92 12:31:52 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: RE: THIRD-PARTY MAIL Options: kill-sent private ;Status: (read 1 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID 1:125/111 2AF12B39 >----------------------- Do not change this line -----------------------------< to: bbslaw@eff.org U> From: thardy@mail.wm.edu (Trotter Hardy) U> I think the harder questions will relate to boards U> where the sysop has more involvement than simply U> passing the mail to the next node. I'm not sure what you mean about "harder". My interest in this mailing list was because it might shed light on actual problems we're having today, not just for plotting the future. Today is where the problems are, that will define the path for tomorrow. THe hardest thing as I see it, now and today, is to be able to provide today's sysops with enough information to be able to understand what the issues are, what the bounds of liability are. I do NOT mean, easy answers "this is safe and that is dangerous". I had thought that the "systems handling third-party traffic are relatively not liable for message content" relative to local BBS message areas and conferences, could be a fairly straightforward opinion/statement/interpretation, without anyone sticking their neck out or making blanket statements that we all know are not possible. To tell the truth, I was hoping the discussions here would have more applicability to today's problems, not just what-if's and where-are-we-going's, but I think that's just my usual impatience... --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) ;Date 31 Oct 92 09:06:55 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: Third party . . . Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 ;At least one blank line must follow this line. From kumr!eff.org!bbslaw-request From: 72230.2044@compuserve.com (Lance Rose) To: bbslaw@eff.org (bbslaw mailing list) Date: 31 Oct 92 11:30:46 EST Lance Rose reponds to Tom Jennings: Tom, I've stayed out of this because I had little to add that others were not already saying. I understand your concern for non-sound-byte answers to the boundaries of liability. In fact, I wrote a book about that very subject - SysLaw. It addresses the "distributor" function of sysops and network nodes, and lays out many of the issues. I tried to point out where things were clear and where they were unclear, and describe factors at work in the latter case. My own interest in this mailing list is to discuss some of those unclear areas with the few others genuinely involved in the field right now. Like you, I'm a little surprised at the relative lack of a day-to-day, practical approach to a lot of the questions being raised. But you can help fix that, to the extent you're interested . FWIW, the term "carriers" carries some baggage that probably makes it not a good one for discussion. It raises connotations of "common carriers", which tend to be highly regulated - a prospect I don't believe I have seen anyone here advance at all, and I'm sure it's not saomething you advocate, either. There are a variety of terms one can use. I tend to say somrthing like "merely distribute". ;Date 31 Oct 92 12:21:08 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: Re: Third party . . . Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID 1:125/111 2AF27A35 ;At least one blank line must follow this line. to: bbslaw@eff.org U> Lance Rose reponds to Tom Jennings: Thanks for your comments, I appreciate them greatly! U> FWIW, the term "carriers" carries some baggage that U> probably makes it not a good one for discussion. It U> raises connotations of "common carriers", which tend to U> be highly regulated - a prospect I don't believe I have U> seen anyone here advance at all, and I'm sure it's not U> saomething you advocate, either. re: carriers. I thought there was a difference between carriers and common carriers. Common carriers are highly regulated, but I don't think FidoNet etc come even close to their status. I will use other terms, probably our "in transit" which I think suffices. Mainly though, I thought that I needed to translate local FidoNet concepts like "in-transit" messages to "third party" messages since my words fell >clunk< to the floor here. "Carrier" I used merely to convey the role that FidoNet hosts and hubs play (which you're probably aware of). FidoNet also seems to have some sort of credibility problem, because it sprang up from "nowhere" and it's organization is puzzling to most, and it's not populated with (or beholden to) the Usual Suspects (ie. industry and universities). --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) ;Date 01 Nov 92 18:32:57 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: RE: THIRD-PARTY MAIL Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 ;At least one blank line must follow this line. From kumr!eff.org!bbslaw-request From: Shari.Steele@eff.org (ssteele@eff.org) To: bbslaw@eff.org (bbslaw mailing list) Date: Sun, 1 Nov 1992 21:09:40 -0500 Jack Rickard writes: >I think we may wind up >faced with law enforcement trying to "tap in" via bulletin boards to monitor >such traffic as they do with telcos, and undoubtedly, they're going to have to >learn to unpack and read messages (not much to that) to do so. The current >urge in the FBI to deal with new technologies by passing a law requiring >vendors and telcos to make life easy for the FBI at everyone elses expense >poses some problems. Shari Steele responds: Like most of us, I'm struggling to understand the full scope of the FBI's proposal and how it could affect BBSs. (It clearly will have _some_ effect.) I assume that by now everyone knows that if passed, the FBI's "digital telephony" proposal would require all carriers and developers of information services to provide backdoors so that the bureau could do legal wiretaps of digital transmissions. Here's the question: What will this mean for SysOps, particularly ones who carry a network node? For example, suppose the FBI knows that Tom Jennings has a FidoNet node and that the message relating to the nuking of Chicago will be passing through Tom's node. The FBI does not suspect Tom of being part of the plot. Could they still execute a legal search warrant to search messages passing through his board, never logging on to either boards on the sending or receiving ends? I assume that Tom would not be liable for such a message, but could he be liable for not providing the feds with access to his node and with the knowledge to uncrunch the message under the new proposal (assuming they had a valid warrant)? I suspect that he could. ;Date 02 Nov 92 05:30:15 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: FBI proposal Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 ;At least one blank line must follow this line. From kumr!eff.org!bbslaw-request From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD =LANGATE/ADMD=TELEMAIL/C=US/@sprint.com To: bbslaw@eff.org (bbslaw mailing list) Date: 2 Nov 92 08:20:00 UT David Johnson, responding to Shari Steele: Any sysop is already required to comply with a valid search warrant. (Sysop's can, by contract, have some impact on their own duty to tell users about government requests for information -- unless the government gets an order prohibiting disclosure). The FBI proposal doesn't alter the obligation to comply with a warrant but, instead, requires that communication systems be designed so that authorized interception of particular conversations is technically possible. In other words, it would forbid (after a time lag, and subject to exceptions) the use of communications systems that are configured so that specific transmissions cannot be intercepted contemporaneously with their receipt. I don't think this proposal would change the way the law impacts on local BBS operators. It could create severe problems for providers of centralized systems. It is part of a general pattern of government activity to resist encryption and other means of assuring communications privacy. Mindful of Lance's suggestions that we focus on practical issues, I would suggest that sysops should make sure they have a user agreement that clearly states their policy on the privacy of electronic mail, their policies re encryption, and the procedures they intend to follow if the government requests access to messages or files on their system. ;Date 03 Nov 92 12:59:26 From: Tom Jennings@1:125/111 To: Rich Veraa@1:125/33 Subject: re: Routed Mail Options: kill-sent ;Status: (read 1 times) ;INTL 1:125/33 1:125/111 ;PID ReadMail ;MSGID 1:125/111 2AF677AF RV> The only regulations RV> that pertain here are those on the phone companies whose RV> facilities we use... I think this is incorrect. Like it or not, FidoNet is a communications medium. "Hobbiest" is not a defense, it doesn't remove legal obligation nor liability. In fact we carry communications, and therefore incur legal obligations and liabilities. The extent of which is undetermined (an understatement!), but they are there. We can't do "whatever we please" simply because we're hobbiests. I wish this were true, but it's not. That's what I meant earlier about "being greater than the sum of our parts". The mere fact of setting up a BBS sets up all sorts of legal entanglements, whether you're aware of them or not. Obviously 99.99% of the time it makes no difference -- yes I know people get busted spuriously, and there are even Bad Guy sysops out there -- but the vast majority simply operate their systems as they "see fit" and never have a practical worry. But I think this is changing for number of reasons, including but not limited to -- our vastly increasing numbers; increasing disregard for civil liberties; electronic comm. used in society, biz and gov't; new technologies such as encryption and the social questions this raises; and plain old greed. We can't pretend we're 14th century feudal fiefdoms any longer. Your BBS isn't just "part of your living room" it's part of a technological, legal and social structure larger than any one person or group. The only way you can COMPLETELY control it is to withdraw completely. --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) ;Date 03 Nov 92 11:47:12 From: Uucp@1:125/555 To: Tom Jennings@1:125/111 Subject: RE: BELAT Options: kill-sent private ;Status: recv'd (read 3 times) ;INTL 1:125/111 1:125/555 From kumr!boardwatch.com!JACK.RICKARD From: JACK.RICKARD@boardwatch.com To: TOM.JENNINGS@f111.n125.z1.fidonet.org Date: Sun Nov 01 05:54:21 1992 > Hey, no one method applies universally. For living situations and > communications systems with thousands of components, decentralized I > think works best. I've put on shows, with 4 - 5 bands, assorted > performers, rented halls, got insurance, paid performers, handled > trouble guests, 1500+ audiences, etc, and I can tell you we (Shred > of > Dignity, our little cooperative household) run them in a pretty damn > top-down manner. > I agree. My point was that we may societally face more "organization" challenges in the future that don't really have proven models. For many, the concept of having an effective organization cooperatively without some authoritarian centralized structure is beyond their ken. For some future purposes, it may be impossible to do some things without such a decentralized model. And while there have been several - I think the FidoNet concept, warts and all, demonstrates 17,000 people voluntarily doing something on a global basis. > And a separate THANKS! for your participation in the bbslaw mailing > list. Sheesh, but those guys would rather stay off in a tangent > removed from the planet, than deal with icky BBS people. I detect > more than a little condescension. > Yes, a good deal more than a little. There is a pattern, particularly in academia, of resisting a technology for years. After it is a fait accompli, they have quite a struggle to make the transition to the point where they can claim to have actually invented it (there idea in the first place). I think we're seeing quite a bit of it going on on several fronts. The actual people running bulletin boards do pose a problem in making that transition stick. I'm going to Washington this week to participate in a National Academy of Sciences panel on "Rights and Responsibilities" online. Part of the process of making it theirs. I'm the "token" BBS guy. While I really do not like this particular type of gathering, I think they do need to get a little shiv in the ribs from the BBS end of things. On the mailing list in particular, it is largely an EFF thing. We're doing quite a bit of a strange dance with the EFF after my response to John Coat's letter in the November Boardwatch. It caused a bit of a stir in EFFland. I think at this point, they do want to be involved with BBS, but they want to do it from some form of superior position. They can have the upper ground position as far as I'm concerned, but if they are to do BBSland any good, they're going to have to learn the real issues. Most of the "condescending" is really that on any specifics, they haven't a clue, love to posture on high minded constitutional issues, and don't quite even have a vocabulary to do so as it applies to moving mail, moderating echoes/conferences, and dealing with real callers. Your nuts and bolts questions appear to go unanswered but I think they actually cause some education here that is valuable. They're quite comfortable with legal theorizing about online issues in general, but few of them have run a system ever. The sum total of online experience of some of them is the WELL and the EFF box. Since you and I just aren't likely to suddenly have a stroke and undergo personality changes, it's unlikely we'll do anyone any good as Washington lobbyists. To whatever degree we can provide input/education to surrogates who actually like that sort of life and can operate effectively in that environment, we can probably work to benefit the BBS community. If we have to listen to a little faux paternalistic condescension in the process, what the hell. I don't mind. We're not going to change them. We don't want to be them. But we might give em a nudge in a productive direction. Forgive the length. Jack Rickard ;Date 03 Nov 92 11:48:57 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: FBI PROPOSAL Options: kill-sent private ;Status: (read 3 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!bbslaw-request From: djw@eff.org (Daniel J. Weitzner) To: bbslaw@eff.org (bbslaw mailing list) Date: Tue, 3 Nov 1992 13:51:55 -0500 Danny Weitzner responds to Jack Rickard. Jack writes: >Actually, I think it would have an impact on BBS operators. Tom Jenning's >original query regarded third party mail routers handling of ENCRYPTED >electronic mail. The routing system would be technically unable to provide >such access should this FBI proposal become law. I'm not sure what Jack means by the reference to encryption. The current FBI proposal does not mention encryption, nor does it explicitly restrict the use of encryption. An earlier wiretapping proposal, known as the "plain text requirement" was floated by law enforcement in 1991, but was stopped. That proposal would have required communications carriers to provide the 'plain text' of any communication upon presentation of a valid warrant from law enforcement. I certainly agree with David Johnson's point that the FBI proposal is part of a larger government pattern to restrict communications privacy (including encryption), but mention of the encryption problem is conspicuously absent from the Digital Telephony proposal. So I'm not sure what Jack means by "technically unable"? Danny ;Date 03 Nov 92 11:47:35 From: Uucp@1:125/555 To: Tom Jennings@1:125/111 Subject: re: re: Official Start of BBS Legal Group Conference Options: kill-sent private ;Status: recv'd (read 7 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!ssteele From: ssteele@eff.org To: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings) Date: Mon, 2 Nov 1992 15:59:06 -0500 Hi Tom. Sorry it's taken me so long to get back to you re: a Dear SysOp column for FidoNews. I was at InterOp last week and have been feeling really swamped. But I think I'm finally getting my head above water now. Bi-weekly would be as much as I could handle for the column (monthly would be even better for me if that's enough for you), and two or three questions sounds about right. It would be great if you could collect questions and pass them on to me. I'd also like to start receiving FidoNews. Could you add me to the mailing list? I will come up with a paragraph to include with each column about EFF. Perhaps this can change with each issue to reflect something current we're doing here. Thanks for giving us the soapbox. I know that FidoNews reaches a lot of people we want to reach. Shari ;Date 04 Nov 92 16:25:55 From: Tom Jennings@1:125/111 To: Uucp@1:125/555 Subject: re: re: re: Official Start of BBS Legal Group Conference Options: kill-sent private ;Status: IN-TRANSIT (read 1 times) ;INTL 1:125/555 1:125/111 ;PID ReadMail ;MSGID 1:125/111 2AF7F993 to: ssteele@eff.org re: "Dear Sysop" column in FidoNews U> Bi-weekly would be as much as I could handle for the U> column (monthly would be even better for me if that's U> enough for you), and two or three questions sounds about U> right. It would be great if you could collect questions U> and pass them on to me. Monthly is fine. Maybe it can ramp up if desired, but monthly is cetainly fine. As far as volume goes, I'll simply filter out dreck, and pass you the rest (I'll try to give you no more than a dozen, for example). You can do as much or as little as you like. A page of text (60 ASCII lines) output would be a great size. U> I'd also like to start receiving FidoNews. Could you add U> me to the mailing list? FidoNet doesn't have mailing lists. It can be FTP'ed from ftp.ieee.org, in the ~ftp/fidonet/fidonews directory. I don't kno whow often/when that directory is updated. I can arrange to get you a copy directly if that route is not useful. ... which brings up another point. This is more or less criticism of the EFF in general, nothing personal! EFF professes to want to address BBSs, but I have never seen any direct interest from EFF into how they actually work. Even after repeated info-dumps to EFF people, they remain completely ignorant about the most basic operational details. Also, EFF does not run a BBS, which gives them very little credibility in the BBS world. There is also more than a little condescension from EFF and Internetters in general; as an example, the attitude in 'bbslaw' is, to tell you the truth, infuriating. -------- Maybe I'll offer to run an EFF-official BBS at my physical site. I could gate EFF to FidoNet, for instance, and field BBS/Internet questions and connectivity issues. I could gate the FidoNet echo conferences (exact newsgroup equiv) and they'd be available to EFF and the internet, and vice versa. I'd want hardware (EFF owned is fine) and a small compensation. I will "soon" have a direct internet connect (I run through a UFGATE now) on my own hardware. I think EFF should seriously consider this. I do good work and I'm inexpensive :-) I don't like to criticize without offering potential solutions. I can give a complete rundown on requirements, startup costs, operating expenses, capabilities, etc. I will see EFF people this weekend, so if this isn't a completely nuts idea, maybe you could pass it to Gerard or Mitch or... -------- BBSs are signifigant, and signifigantly different from corporate networking. Not inferior/superior, but different. *Completely* different, technically and more importantly, socially. I'll try to impress this upon EFFers I talk to at Hackers this weekend. About 1% or less of BBSs have internet connectivity; it's simply too pricey to get connected, and there is a signifigant technology and social hump to get over. (Example #1: my386/DOS 5.0 box has functions such that if I had to buy commercial unix box, say a smallish Sun, with functional-equiv. features, would be > $20,000; hardware, OS, word processing, other apps, multitasking, LAN, telecomm, etc. Example #2: how does one learn unix, Internet, USENET, UUCP, etc? In schools or part of job function. BBS people have GONE to school (60% or something) but are not IN school; they are professionals (again that 60% numbers comes back, BOARDWATCH survey or something) but not necessarily comp. sci. types. Result: no access. None of this is criticism of you, directly or even indirectly. I know the EFF is overloaded, and taking on more tasks difficult if not impossible. It may simply not be EFFs place to be knowledgeable about BBSing. The "Dear Sysop" column is almost separate, because of the specific nature of the stuff that will pass through it (ie. reasonably large-scale issues of liability and such) shouldn't require sysoping experience, though that would certainly help. Sorry to rant at you. No tip-of-the-iceberg anger at you or EFF. Just another info-dump, admittedly with residual frustration from reading bbslaw... :-) Upon your final approval, I'll announce the start of a "Dear Sysop" column for FidoNews. I might make it slightly more general, and field some of the questions myself, which will lighten your load and allow a broader range (such as obscure techie things). Please let me know your thoughts on the column header ("...write to DEAR SYSOP with your questions on peeling rutabagas and suchlike to...") incl. subjects you'd like to handle. If you want, you can make up an initial column out of your files; this will give a real example of what you want people to see, and respond to. --- ReadMail * Origin: tomj@fidosw.fidonet.org / World Power Systems (1:125/111) ;Date 04 Nov 92 13:36:26 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: wrapping it up Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!bbslaw-request From: fig@eff.org To: bbslaw@eff.org (bbslaw mailing list) Date: Tue, 3 Nov 1992 16:27:05 -0500 Having taken part in numerous iterations of this discussion over the years, both online and in person, I can only note that there is still no clearly correct and proven right answer to the basic question of sysop liability. It is good that we have more lawyers than we did before discussing the legal minutiae and case law relating to these issues. Only by focusing in ever more detail on the variables that determine whether and where a sysop should or should not be held accountable can we be sure that, when a breakthrough does occur in the law, it is noticed and publicized. The question of import at this time remains, "How should a sysop behave in this uncertain situation?" In my time at the WELL, I always tried to make sure that my intentions were clear. Although the WELL (and I, by implication) was criticized for being vague in stating the basic ground rule of You Own Your Own Words, we endeavored through megabytes of internal public discussion to impart the real meaning of those words. I always felt that, had the WELL been busted for harboring criminal activities of any sort, I had a history of good intentions to fall back on. I know that good intentions are no excuse for ignorance of the law, but when the law itself is unclear, those good intentions might, at least, give you a fighting chance. The alternative is to stop participating. <<*>><<*>><<*>><<*>><<*>><<*>><<*>><<*>> Cliff Figallo fig@eff.org Director, Electronic Frontier Foundation (617)864-0665 (voice) Cambridge Office (617)864-0866 (fax) ;Date 04 Nov 92 13:37:08 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: wrapping it up Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!bbslaw-request From: paulb143@aol.com To: bbslaw@eff.org (bbslaw mailing list) Date: Tue, 03 Nov 92 22:46:47 EST Cliff's points are well taken and illustrate the problem BBS Syops (pioneers in a brave new, powerful world) have. The problems we have been discussing are not new --- many of these were brought forth at a conference at the John Marshall Law School in June, 1985 -- involving many people including myself, Jerry Berman and professor George B. Trubow. What's happened inbetween? Some Sysops got hit by the government and paid a fortune in legal fees to law firms that, really, knew little about the technology. While the rich afforded justice, the overwhelming majority of Sysops flew by the seat of their pants and had a "Damn the torpoedoes, full speed ahead" mentality! Foolish, is it not? We did it as pioneers in the wild West ignored wild animals, Indians, adverse weather, etc. The world of online technology is too important to leave to judges on a case by case basis or even to legislatures that engage in trade offs and compromises. Sysops must be free to explore and innovate, unafraid of what they must....can....or should do in various hypothetical situations. If on actual notice of actual criminal activity then, yes, some action is appropriate. But absent such intent and actual criminal action, Sysops should-must have freedom -- freedom to act ..... freedom to speak ..... freedom to do. This conference has been most worthwhile and informative. My many thanks to the Electronic Frontier Foundation for the idea of having the conference and finding a way to financially support it. It is clearly appropriate to continue this dialog. Thanks for letting me be a small part of this wonderful group of thoughtful and able individuals. Paul Bernstein ;Date 04 Nov 92 13:37:09 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: FBI proposal Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!bbslaw-request From: paulb143@aol.com To: bbslaw@eff.org (bbslaw mailing list) Date: Tue, 03 Nov 92 22:33:02 EST David: If you and I are negotiating an agreement for our clients or engaging in strategy regarding a pending court case, we might well wish to encrypt our communications to assure privacy of communications, even from the eyes of a potential super-user. What right has the United States government to tell us that we may not do so or to require our encryption program to be so easy to break that they can do so at any time and with ease? Paul ;Date 04 Nov 92 13:37:38 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: Re: That's It? Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!bbslaw-request From: thardy@mail.wm.edu (Trotter Hardy) To: bbslaw@eff.org (bbslaw mailing list) Date: 4 Nov 92 13:00:52 This msg is from Trotter Hardy ------------------------------- Shari Steele said this: > Based on the response to this conference, > EFF will be sponsoring future get-togethers, each with its own specific > focus. Just think of today as the last day of this first conference. > Thanks for hosting the conference, Shari! I thought it went well, and I do hope that you will consider it a kind of "agenda setter" for future conferences. One useful way to focus in on particular questions is to collect a set of real or hypothetical situations that are worrying sysops--something more specific than "I am running a BBS: am I liable for anything?" Maybe more like something someone mentioned earlier: "I serve as a mail hub; encrypted (or compressed) mail goes through me to others. Must I examine the mail for defamatory content?" Or "what if I know of a message on my BBS that appears to be defamatory. Must I remove it? Warn the sender to remove it?" Etc. Another fear of sysops is that BBS's may become regulated. I don't know how likely that is, but a general sense that much private activity is now regulated is certainly not irrational. A conference might be held to discuss the why's and wherefore's of regulation, and which aspects of BBS operation are most likely to be the object of regulatory envy. Perhaps if the rationales that are used to justify regulation can be flushed out and coherently expressed, it would make it easier to marshall arguments against it. Thanks again for hosting the conference. I look forward to further efforts at clarifying the law in this critical area. Trotter Hardy ;Date 04 Nov 92 13:37:41 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: last thoughts Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!bbslaw-request From: /PN=David.Johnson/OU=WCP1PO/O=SMWCP/PRMD =LANGATE/ADMD=TELEMAIL/C=US/@sprint.com To: bbslaw@eff.org (bbslaw mailing list) Date: 4 Nov 92 00:15:00 UT From David Johnson: I think the discussion has shown that as more and more people join in electronic communication, the networks and bulletin boards will be unable to escape the same kinds of pressures and rules as apply in the non-electronic world. It also shows, however, that those rules will change over time in light of the new facts and experiences provided by this new medium. Unfortunately, that means we cannot offer any greater level of certainty to sysops than we can to anyone else. But the good news is that (1) absolute and rigid decrees are not likely to withstand the pressure of circumstance and common sense practice and (2) good intentions and responsibility matter. This conference itself demonstrates that we may be able to use the new medium to help alleviate the inherent uncertainty -- by providing for a discussion of the tough issues and helping to develop a voluntary "industry practice." I congratulate Shari Steele and EFF on their leadership. ;Date 04 Nov 92 14:36:40 From: Uucp@1:125/555 To: Tomj@1:125/111 Subject: coming to a close Options: kill-sent private ;Status: (read 2 times) ;INTL 1:125/111 1:125/555 From kumr!eff.org!bbslaw-request From: ssteele@eff.org To: bbslaw@eff.org (bbslaw mailing list) Date: Wed, 4 Nov 1992 16:42:30 -0500 Message from Shari Steele: I, like Lance, am feeling a little unsettled about where we are right now in our discussion of legal issues online. But I also know that we're talking about territory that is currently unsettled. That is why those of us at EFF felt it was so important to encourage this exchange. I'd like to thank everyone in this group for their contributions to the discussion. Our work in predicting how the laws might go and in actually having some effect on those laws is far from over. I hope that you all will be available to help in discussions of more specific issues in the future. EFF's current plans are as follows: I will write up a report on this conference and distribute it to all of you for your approval. From this report, and my copies of all conference messages, I hope to distill several important legal issues that merit further discussion. Then, beginning in January, EFF plans on sponsoring several one-week long e-mail conferences to discuss these specific issues. From there, we're hoping to put together some materials for SysOps, offering them hands-on guidance on things they should or should not do when setting up/running their boards. All of you who participate in these conferences will be credited on any materials EFF produces as a result. Again, thanks for all of the interesting and provocative comments. I will be in touch. Shari P.S. - For the time being, the bbslaw list will be disabled. Please call (202/544-9237) or write (ssteele@eff.org) me if you want to contact the group. ;Date 03 Nov 92 07:11:06 From: Mike Riddle@1:125/33 To: Tom J, Steve C, Et Al@1:125/111 Subject: An Attempt at Clarification Options: ;Status: (read 2 times) ;DID:8015 9 1333 In the thread about BBS law and sysop liability, we are going around the flagpole on at least three different (legally speaking) topics. I'll share some initial thoughts on this, and hopefully within the next week or so come up with a longer analysis. 1. Criminal liability for routed, encrypted mail. Virtually none, unless the sysop is receiving mail via his public key and is actually a party to the conspiracy. "Scienter", or actual knowledge and intent, is almost always an essential element of a crime. Even in conspiracy, you must in some way know an illegal act is being done or considered. 2. Civil forfeiture. Much more probable, as the government has gone to some extremes in this regard. For example, a case the Supreme Court recently agreed to hear involves a person who bought a house from someone who allegedly used it in illegal activities. The government alleges that the house may be forfeited, with the buyer having recourse in contract against the seller or the title insurer. Scary, and applicable to BBSes and the computers on which they run. 3. Policy 4. Can say whatever it wants. Since the ill-considered breakup of IFNA, Fidonet has existed as an unicorporated association of individual sysops. The agreement to route mail, and all other aspects of the network, exist as a form of contract. The contract may say whatever it wants, and as long as it is not contrary to public policy, the courts will enforce it. Encrypted mail is forbidden by the written contract (Policy 4) in routed form. Unless a sysop has modified the contract verbally or in writing, or by continued action by processing encrypted, routed, mail, then such is prohibited by the contract. 4. Internet. I've got a feeler out for the RFC. While in one sense internet is much less organized than Fidonet, in another it's much more "together." And internet has some big players. Internet also has an RFC out for something called PEM--Privacy Enhanced Mail. From the written reports, which are all I have, PEM is in most respects superior to PGP, but PGP beats it in some others. Since I don't yet know who/how PEM was developed, I can't hazard an opinion as to its security. (One interesting part of PEM is its -MIC feature, which presents a signed message in plain text, not ASCII-encoded, and has a detached signature. Which is what I would suggest to Zimmermann as a needed feature, if mail to him didn't bounce.) --- Ybbat (DRBBS) 8.9 v. 3.13 r.3 * Origin: inns.omahug.org +1 402 593-1192 (1:285/27.0) SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 111 125 180 SEEN-BY: 125/1212 203/1 23 205/10 209/209 280/1 390/1 396/1 ;PATH: 285/27 2 283/657 13/13 396/1 203/23 125/125 33