Spamcop Blocks Facebook?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Mar 5 02:18:59 UTC 2010


On Thu, 04 Mar 2010 19:42:39 EST, Michael Holstein said:
> 
> > The evesdroppring reported below on csuohio.edu end-users Email is a
> > prima facie violation of the Electronic Communications Privacy Act.
> >   
> 
> I'm not sure why this got under your skin so badly, but aggregate
> statistics != eavesdropping. The SPAM appliance vendor software gathers
> these statistics, and actually includes the "good/bad" percentage on
> every junk summary that goes to the end users.

IANAL, but a quick summary (if the details actually matter, run it past
a lawyer you're paying):

When it's in flight on the wire, courts have held that the various wiretap
statutes apply.  Once you stick it in somebody's mailbox and it's doing
7200RPM on oxide waiting for the user to read it, ECPA applies.  There's
been a lot of case law on this already, because the paperwork needed
(subpoena or wiretap order) for an LEO is different in each case.

Now, if you're doing summary info on From:/To: info, you're almost certainly
doing it while the mail is still "in flight" as you receive it, so the wiretap
rules apply.

And 18 USC 2511 (2)(a)(i) specifically says:

"It shall not be unlawful under this chapter for an operator of a switchboard,
or an officer, employee, or agent of a provider of wire or electronic
communication service, whose facilities are used in the transmission of a wire
or electronic communication, to intercept, disclose, or use that communication
in the normal course of his employment while engaged in any activity which is a
necessary incident to the rendition of his service or to the protection of the
rights or property of the provider of that service, except that a provider of
wire communication service to the public shall not utilize service observing or
random monitoring except for mechanical or service quality control checks."

csuohio's monitoring is arguably "service monitoring" - but keeping track of
aggregate traffic levels so you can manage them is equally obviously a
"service quality control check". (And "quality control check" apparently
covers almost any aggregate statistics you keep as input for operational
config/tuning decisions).

http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511----000-.html

(Again, IANAL, and I'm sure somebody who IAL will correct me if I've egregiously
mis-stated the above. :)

> PS: I *am* abuse at .

Admittedly, I'm not - but he's got the cubicle across the aisle from me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100304/5692ff83/attachment.sig>


More information about the NANOG mailing list