PART 9 CHAPTER 8 SETTING UP FILE LIBRARIES Q Where can I get

---
Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

------------- continued from previous message -------- PART 9 ********************************************************************* CHAPTER 8 -SETTING UP FILE LIBRARIES ********************************************************************* Q: Where can I get an assorted selection of shareware/freeware files to start up the file libraries on my BBS? =-=-=-=-=-=-=-=-=-=-=-=-= 8.01 - Shareware vendors =-=-=-=-=-=-=-=-=-=-=-=-= - Public Brand Software ======================= Public Brand Software BBS, (317)856-2087 Commercial Shareware Vendor Public Brand Software, Indianapolis, IN - Megafile Distribution System - Eastern Shore Communications ============================================================ The Megafile Distribution System (MDS) is a sysop-only file collection system designed to fulfill the needs of established and growing bulletin board systems. Long-distance calling for file collection is expensive. Those bulletin board systems able to afford this type of file collection have the luxury of being current, collecting files on the day that they are released. For those systems not able to afford the long-distance luxury, CD-ROMs have traditionally been used to increase a bulletin board system's capacity, with the drawback that files are four to six months old when they are placed online. MDS fits in between these two methods. File collection is done in the same manner as the large systems do, each and every day. Depending on the plan you choose, one or two 60-megabyte tapes are delivered to you each week at consistent 3- to 4-day intervals (e.g., Monday/Thursday, Tuesday/Friday, Wednesday/Saturday, etc). This turnaround maintains currency in your file collection while at the same time keeping your collection costs low. All files are virus checked using two different programs, all known BBS advertising is removed, and AV-stamped or ARJ-security-envelope file integrity is maintained wherever possible. File listings are delivered in both FILES.BBS and PCBoard formats, allowing their immediate addition to your system without further processing. MDS pricing is based on volume, reflected below: ------------------------------------------------- One-Week Package: (Cost Per Tape in) (Cost Per Tape in) ----------------- (Canadian Dollars) (U.S. Dollars) (Total Order Value) (Total Order Value) (in Brackets) (in Brackets) ------------------ ------------------ Single Tape $37.50 ($37.50) $26.75 ($26.75) Total Number of Tapes in Package: 1 Two Tapes $28.50 ($57.00) $20.35 ($40.70) Total Number of Tapes in Package: 2 ------------------------------------------------------------------ 4-Week Package: (Cost Per Tape in) (Cost Per Tape in) ----------------- (Canadian Dollars) (U.S. Dollars) (Total Order Value) (Total Order Value) (in Brackets) (in Brackets) ------------------ ------------------ Single Tape $30.00 ($120.00) $21.50 ($86.00) Total Number of Tapes in Package: 4 Two Tapes $22.50 ($180.00) $16.00 ($128.55) Total Number of Tapes in Package: 8 ------------------------------------------------------------------- 13-Week Package: (Cost Per Tape in) (Cost Per Tape in) ---------------- (Canadian Dollars) (U.S. Dollars) (Total Order Value) (Total Order Value) (in Brackets) (in Brackets) ------------------ ------------------ Single Tape $25.00 ($325.00) $17.85 ($232.15) Total Number of Tapes in Package: 13 Two Tapes $18.75 ($487.50) $13.40 ($348.20) Total Number of Tapes in Package: 26 Rates are calculated based on customer-supplied tapes, deliverable with prepayment. C.O.D. and credit-card orders are not accepted. All shipping costs (your choice of carrier) and applicable taxes extra. For further information, please contact: ------------------------------------------ Richard Munro Eastern Shore Communications Voice: 416-428-1056 BBS: 416-683-7368 FidoNet Address: 1:229/112 Internet: richard.munro@westonia.com (Richard Munro) =================== HOF TAPE NETWORK =================== - Get 100-120 Megs Of Files On Tape For $14.99 - All Files Are No Later Then 4 Months Old - Files Range From PCBoard, Windows, Games, Utilities, etc.. - Each Directory Has It Own FILES.BBS - All Files Have Been Scanned For Viruses - You Can Either Send HOF Tape Network The Tape Or Buy One From Them. - If You Send HOF Tape Network A Tape It Must Be Formatted - HOF Tape Network Ships 2nd Day Air - There Is A New Issue Every Month. That Means 100-120 Every Month For You or Your BBS. - Orders Can Be Taken via: Netmail, Internet E-Mail, or Via BBS - New Issues Are Shipped the 1st Of Every Month Contacting HOF Tape Network --------------------------------------------- Fidonet: 1:2215/600 or 1:2215/610 Internet: hoftape@scpcug.com BBS: (216)493-3522 or (216)492-2871 NUMBER YOU WISH TO PURCHASE: ___ @ $14.99 TAPES WISH TO PURCHASE : __ @ $15.00 SHIPPING / ORDER : ___ @ $10.00 / TAPE ========================================= 8.02 - Encouraging your users to upload ========================================= - Topic 8.02 will be available in future versions of the BBS FAQ. ********************************************************************* CHAPTER 9 - LEGAL ISSUES FACING THE BBS SYSOP ********************************************************************* Version 0.9 - June 24, 1994. Copyright (c) 1994 Carl J. Elitz 9.0 Introduction ================ This chapter contains a general discussion of some of the legal risks facing those who run computer bulletin board systems (BBS' or boards), along with some suggestions for reducing those risks. It is not yet in the familiar Q&A format, but may be modified in future revisions. Please consider the discussion that follows for educational purposes only and not as a substitute for legal advice. The suggestions made below should be used only as a starting point for your own consideration of the issues presented and may not be suitable for your individual situation. If you need legal advice, consult with an attorney licensed to practice in your jurisdiction. Those with a practical interest in the subject are referred to Lance Rose's and Jonathan Wallace's book, SYSLAW (2nd Ed. 1992), (available by calling PC Information Group at 1-800-321-8285). At present, this is the definitive book on the subject and a good source of information for the new or experienced sysop. Cost is about $38. A more scholarly treatment of many of the same issues can be found in a law review article written by David J. Loundy, "E-Law: Legal Issues Affecting Computer Information Systems and System Operator Liability," 80 Alb. L. J. Sci. & Tech. Vol 3 (1993). Loundy's article is available in many law libraries and on the internet via anonymous ftp from the Electronic Frontier Foundation: ftp.eff.org (path /pub/EFF/policy/Legal/e-law.paper). Please note: the following does not necessarily apply to BBS' running outside the United States. Obviously, the laws of other jurisdictions may be quite different. Finally, please recognize that this chapter is an evolving document in its early stages of development. Suggestions for improvement are welcome. The author can be reached at either of the following internet address sites: carl.elitz@n9csa.com or reds@ripco.com. 9.1 The Legal Risks =================== Your legal exposure as a BBS sysop is not insignificant. Even if your intentions are good, mistakes or errors in judgment expose you to both civil and criminal liability. This is due, in large part, to the fact that there will be so many people calling your board, each with his or her own agenda. If you fail to educate yourself on the basic risks, your exposure increases dramatically. 9.1.1 Civil Lawsuits -------------------- Filing a civil suit in the United States is a relatively simple and inexpensive process for a plaintiff, usually costing less than the latest version of your favorite word processing software. Indeed, a caller or other person who believes she has a case against you may find an attorney willing to represent her for a "contingency fee," charging only if the suit results in money damages against you. The costs of litigation for you as the defendant, on the other hand, will undoubtably be high -- right from the beginning. Unlike the plaintiff's attorney, your attorney cannot work on a contingency fee and will insist upon being paid whether you win or lose, perhaps well before the case is even over. In almost all cases, you will not be able to recover your attorney's fees, even if you prevail. So called "reasonable fees" can grow into the thousands of dollars in a matter of weeks, ending up costing many more times the price of your entire BBS equipment and software. Moreover, failure to win a lawsuit can have devastating implications for you, your business, even your family. This is because, in the United States at least, the law gives to a wrongfully injured plaintiff the right to recover all damages which were "caused" by your improper actions. There are few limits on the amount that can be recovered in most civil cases. 9.1.2 Criminal Liability ------------------------- In addition to civil liability, the BBS sysop can encounter problems with the local, state or federal government under the criminal laws. This exposure should be obvious. For example, if you knowingly use your BBS to store or distribute copyrighted material, obscene photographs, child pornography or stolen information, or if you encourage others to do so, you may face severe penalties -- perhaps even time in jail. Your legal exposure in a criminal case is not limited to those situations, however, where you yourself deliberately commit criminal acts. If the authorities come to suspect your board contains evidence necessary to prove a criminal case against one of your callers, you may find yourself in the middle, trying to protect yourself from the effects of the investigation. Do not underestimate the trouble that can be caused by improper caller conduct. Four years ago federal agents and local authorities raided boards in twelve cities around the country as part of something the federal government named "Operation Sun Devil." Agents conducting the searches carried warrants which gave them the right to seize computer equipment in an attempt to locate "hackers" believed to be exchanging stolen credit card numbers through the use of computer bulletin board systems. Agents searched both homes and businesses and confiscated computers and peripheral equipment such as monitors and printers. While there has been just one conviction relating to computer crime so far, agents have yet to return all of the equipment. 9.2 The Major Issues and Some Suggestions ========================================= There is some good news: most of the risks your board faces can be minimized if you take an active approach to the problem. Your first step should be to familiarize yourself with the types of claims that may be brought against you or which may involve your board, and then proceed with this knowledge in mind. 9.2.1 Negligence ---------------- Negligence actions are the most common type of civil claim brought in the United States. At the heart of the negligence claim is the legal concept of "duty." Duty is the standard by which the law judges a defendant's conduct when a plaintiff is harmed. It is your "duty" as a sysop that exposes you to liability. If you violate your duty to your callers or others and create an "unreasonable risk" which causes harm, you may be held liable for negligence and be required to pay money damages as compensation. Like the BBS technology itself, BBS law is quite new and the "duties" applicable to BBS sysops and the "unreasonable risks" callers may face are not well established. In general, and in the absence of legislation on the subject, it will be judges who will decide what legal duties systems operators have toward callers. In making this type of decision, judges will consider the costs of imposing a specific duty upon a sysop in comparison to the benefits of imposing that duty in favor of callers and others who may be affected by the BBS. In the absence of cases on the subject (and their are very few), judges will simply make the decision based upon what they believe is reasonable in light of the facts. There is simply no way of knowing what specific duties a plaintiff might claim you have breached and, therefore, no easy way of protecting yourself. This means that you must consider carefully the possible legal duties judges may one day place upon you as a BBS system operator. No doubt lawyers will someday argue that a sysop should have the legal duty to scan for viruses, process electronic mail in a way that prevents it from being destroyed or unreasonably delayed and to protect caller passwords. There are no doubt other potential duties BBS sysops will be required to meet. In cases where you are accused of violating a legal duty, a jury could be asked to decide if your failure to meet your duty caused the defendant harm. In a jurisdiction that allows it, the plaintiff may be able to claim that a virus destroyed important business records or that misdelivered mail caused an important meeting to be missed. Damages for such loses could be extremely costly. There is no simple or easy way to avoid negligence claims. However, legal "disclaimers" can help. A disclaimer is a statement which gives notice to your callers that you do not intend to be held responsible for specific harm which may occur from the use of your BBS. For example, you might explain to callers that electronic mail may be accidentally lost or destroyed and that you will not be liable for any harm that may come from such an accident. If a disclaimer is properly made, it can be quite effective in limiting your liability. Cases filed against defendants are often dismissed early on the strength of a well written disclaimer. The best disclaimers clearly describe a specific risk a caller may face and then state that it is the caller, and not you, who will bear the risk of any injury. Admittedly, the law in this area is vague. There is also no way of knowing for sure what specific duties the law is likely to place upon you. It is rarely ever a certainty that a particular disclaimer will be upheld in court. Indeed, even the fact that you do not charge callers for access may not provide you with a defense to a negligence claim. The following are suggestions that you should consider: 1. Tell your callers what you will do and what you will not do in your role as sysop and be sure to follow through on your commitments to your callers. Give your users fair notice when you decide to change your policies. 2. Keep copious records as to the board's formal policies, including when changes are made and any problems you may have in enforcing rules. If you discover a caller violating the rules, record the details of what has happened and put these records in a safe place. Law suits sometimes are filed long after an event happens. Three months later you might not otherwise remember the incident. 3. Put BBS disclaimers in a prominent location. Consider using capital and/or bold letters to emphasize the risk of harm callers may face from using your board. Get some form of affirmative act from each caller that indicates they have read the disclaimers -- this will be useful someday should you ever need to show that the caller was aware of its terms. While this does not have to be on paper, each caller should at some point have to proceed through a screen in which he or she acknowledges having read the disclaimers and agrees to them. In an ideal world, your BBS software would create a log of this event and store it permanently. 4. Recognize that you can not disclaim certain legal duties and do not put too much faith in any disclaimer -- you can never be sure what will and will not be legally enforceable. Consider the disclaimer as additional protection, not your first line of defense. 5. Finally, if some factual situation arises which has the potential to harm your callers, react promptly to take control of the situation. Think of your BBS as an extension of your home and your callers as your guests. If you believe that there is something or someone who may expose your callers to an "unreasonable risk" of harm or loss, recognize the fact that it is you who could be ultimately liable. 9.2.2 Breach of Contract ------------------------ Another very common type of civil suit is one based upon contract law. In many ways a breach of contract case is similar to a negligence case. Indeed, often a plaintiff will allege both breach of contract and negligence claims in the same suit. Contrary to what some may think, there is no general requirement that contracts be signed or that they be in writing. One requirement of every contract, however, is "consideration." You generally cannot be held liable in a contract action unless you have somehow agreed to do something for your callers AND your callers have agreed, as a corresponding obligation, to do something for you. Note that a sysop who asks nothing from his callers is unlikely to be faced with a contract claim. In such a situation the callers cannot claim to have provided the sysop any "consideration" sufficient to create a contract. One way a sysop can reduce legal liability, therefore, is to run a "free" board open to anyone who wishes to use it. Many sysops recognize the liabilities that may attach if they enter into a contractual relationship with callers. In order to avoid doing so they ask for "donations" instead of payments. Be aware, however, that if you grant access to special areas of your BBS to "donating" members or provide them with special services, you may be creating a contract with them. In such a situation, you give access to the restricted area in return for the donation. The fact that the payment is called a "donation" does not prevent it from being "consideration" sufficient to support the creation of a contract. Be aware also that consideration does not have to be in the form of money. By way if illustration, consider the fact that many boards have upload/download ratios whereby a caller's download privileges are set proportionally to the number or amount of data he uploads to the board. A good argument can be made that the caller's uploaded data constitutes legal consideration for a contract with the sysop. The sysop's BBS receives the benefit of the uploaded data. In return, the caller has the right to receive the downloaded data. If you and your callers have a contractual relationship, it is important for you to recognize what your obligations toward your callers are. For example, if you tell callers that mail dropped off on your board will be uploaded to a network at least four times a day, do not be surprised if users come to rely upon your representation and begin to consider it part of the services you contractually agreed to provide to them. If you accept payment from callers for a month of BBS access, you have an obligation to see that the board, in fact, remains open for that month. As noted, one way to avoid liability is to avoid entering into any contractual arrangements with callers. A better approach, however, is to deliberately enter into a contractual relationship with your callers, being very specific about what obligations you will and will not assume and what benefits you expect your callers to provide to you. By stating up front what rules govern the use of your board and what obligations you are willing to take on, and by making clear to callers that these rules are a condition of using your board, you create the "consideration" necessary to make a contract. An example of one possible caller contract is found in the SYSLAW book mentioned in the introduction above. There is no magic formula, however, for creating a formal caller contract. Before investing in a BBS, call around and take a look at what other sysops require from their callers. At a minimum, a "caller contract" should include: (1) a statement recognizing that your BBS receives some tangible benefit from callers. Remember, consideration must run in two directions for a valid contract to exist. If your callers provide payment to you, this is sufficient. If you do not charge callers, you have to be more creative in stating what it is that your board receives. If you do not charge callers, caller "participation" in your board may be sufficient. (2) an indication that callers must comply with the rules of the BBS as a condition of using the board; (3) a statement that the rules may be changed as the sysop feels necessary; (4) a provision that caller questions about the agreement will be answered by the sysop and changes to the agreement will be made if necessary; (5) a description of the BBS and its various services and areas, including a statement indicating that these may be changed at the sysop's discretion (see below for special provisions regarding "adult" areas); (6) the costs to the caller of using the system, including any "upload/download" ratio requirements; (7) a statement regarding how electronic mail will be treated (see below); (8) an indication that the law governing any dispute will be the law of the place where the BBS is located (as opposed to the law of the place where the caller is located); (9) notice that you reserve the right to shut the BBS down and refund any payments made by callers, as well as a provision giving notice to callers that you reserve the right to ban callers for violating the board's rules as you deem necessary. In creating a caller contract, keep in mind that plain language that your callers can understand is far better than any "legalese." If your callers are incapable of understanding the language of your agreement, it is possible that the agreement would not be enforced in your favor, should you ever need to rely upon it. 9.2.3 Viruses ------------- Viruses present one of the most well-known problems facing the on-line community. These programs are often written to produce unexpected or disastrous results for an unwary user such as erasing the user's hard drive. Hiding viruses inside other programs and then uploading the contaminated programs to a BBS is a favorite way of spreading a computer virus. Fortunately, there are programs that search for, and then eliminate, most computer viruses. Many BBS sysops provide, as a service to callers, basic virus scanning. This service allows callers to exchange programs with some degree of protection. Scanning for viruses is probably a good idea. Many callers expect it and it is possible that the law could hold you to such a duty. What is not a good idea, however, is misrepresenting to your callers the extent of what can be done to protect them from such programs. Viruses are often written with the goal of avoiding detection. There is always a degree of risk that scanning may fail and you should be up-front with your callers about this possibility. To protect yourself, consider the following suggestions: 1. Scan for viruses regularly and do not post programs for general use until they have undergone a virus scan. Do not assume that commercially produced programs or programs distributed on CD ROM are virus-free. 2. Let your callers know that you cannot guarantee that programs on your board are safe. Disclose prominently that there are risks that the virus scanning program you use may miss something harmful. 3. If you are unwilling or unable to scan for viruses, make this fact clearly known and include it in your contract with callers. 9.2.4 Public Messages and Defamation ------------------------------------ A defamation is a false statement made publicly which has the effect of harming another's reputation. Sometimes defamation is referred to as "libel" or "slander". While the First Amendment of the U.S. Constitution guarantees the right of individuals to say almost anything they desire, the First Amendment does not always protect a speaker from being held liable for the harm caused by his or her speech. Thus, a person whose reputation has been wrongly injured may bring suit against those who "publish" the statement, even if the "publisher" is not the original speaker. Note that a "publisher" does not have to "print" the defamation. For example, radio and television stations have been sued for "publishing" defamatory statements. You may be surprised to find that defendants can be sued for defamation even when the statements made by the defendant are reported in the form of an accurate quotation of another's words. Put in a slightly different way, accurate "re-publications" of a defamatory statement may create liability for the re-publisher. There are several defenses a publisher of a statement may have against a plaintiff claiming defamation. For example, the U.S. constitution protects a publisher from law suits by "public figures" to a certain extent. Those who have deliberately become "public figures" may sue for defamation only if able to show that the defendant published the statement with actual knowledge that the statement was false or with "reckless disregard" of whether it was false. This constitutional defense protects defendants from being sued by famous people for things said about them reasonably believed by the speaker to be true. Notice that a defendant who makes defamatory statements about someone who is not a "public figure" does not get the same constitutional protections. In other words, you can be liable for making false statements about a private person, even if you believed the statements were true when you made them. Obviously, you must be careful what you "publish" on your board about anyone whose reputation might be harmed. There are other important defenses a "publisher" may have. Simple name-calling is not defamatory as a general rule, even when it is offensive. Such statements are not thought to bring actual harm to a person's reputation. A defendant who can show that the statement alleged to be defamatory is truthful will also prevail in a defamation suit because a defamation is, by definition, an untrue statement. Another useful rule to keep in mind is that the dead cannot be defamed, at least not in most jurisdictions. There are many other defenses. The savvy sysop will not, however, rely upon legal defenses to protect herself against defamation suits. It may cost nearly as much to defend a defamation suit as it would to settle a case with a caller or other third person. It is far better to prevent yourself from becoming a legal target in the first place. In order to protect yourself from a defamation claims before the fact, consider these suggestions: 1. Think carefully about the two types of defamation risks you face as a sysop before you act. These are the risk that you may: (1) directly defame a caller or some other person, either through a deliberate or carelessly made statement and (2) re-publish a defamatory statement initially made by one of your callers or someone else. Passing on a false rumor can amount to actionable defamation. 2. Actively discourage callers from "flaming" one another in public message areas. Some callers take great pride in using sharp wit to make others look stupid. Such comments quickly deteriorate into personal attacks. Personal attacks can quickly deteriorate into libel. 3. Keep in mind that your callers may not be who they say they are and that some callers may be using aliases. This means that you must be particularly careful. Posting a public notice that you have banned a caller who you name because "he has been uploading child pornography" may seem like a perfectly reasonable thing to announce a system bulletin, until it turns out that the person you have named has never logged onto your board and that an imposter is the real culprit. In handling sensitive matters, discretion is always the best advice. 9.2.5 E-mail, Privacy, and ECPA ------------------------------- Unlike public messages, callers who send e-mail to specific individuals do not expect their messages to be publicized or read by anyone but the intended recipient. Many sysops are concerned, however, that without monitoring caller e-mail they cannot be sure that users are not violating the law and exposing their board to legal risk such as that faced by the sysops in the Operation Sun Devil raids. Before you make any policy for your BBS involving electronic mail, you should be aware of federal legislation called the Electronic Communications Privacy Act or "ECPA." ECPA is a federal law which governs electronic mail in all 50 states. Under ECPA, BBS communications are protected under federal wiretapping laws. BBS callers now have the statutory right to expect that their electronic mail will not be intercepted or read by others. This means that you, as a BBS sysop, have a federally mandated obligation to keep caller communications private. Only the sender or intended recipient may make the message public. The good news is that ECPA mandates a higher level of protection for you and your callers against authorities who want to search your BBS for evidence of criminal activity. Because of ECPA and the existence of private electronic mail on your board, authorities are theoretically limited by ECPA in the types of searches they may lawfully conduct against you. ECPA does not mean that a sysop is prohibited from viewing caller e-mail. The law creates a specific exception for sysops who provide "electronic communication services." The exception is narrow, however, and there is the potential for a sysop to get into trouble if he or she does not treat caller e-mail with a certain degree of care and professionalism. Under ECPA, a sysop may intercept and view user e-mail, disclose its contents to others or use information found there ONLY to the extent necessary for the operation of the board and/or for the protection of the sysop or with the "lawful consent" of one of the parties sending or receiving the message. While sysops may monitor callers to ensure that they are not transmitting copyrighted materials or violating some other aspect of the law, they must act like the doctor or lawyer who learns a client secret. The information must be kept in confidence. THIS POINT BEARS REPEATING: You may not use information you learn from your caller's private messages to your advantage or disclose e-mail to others outside of what is necessary to protect yourself and your property. This requires the sysop to exercise a fair degree of restraint. Suggestions in this area include: 1. Monitor electronic mail, but do so only occasionally and to the extent necessary to assure yourself that there is nothing improper occurring on the board. Resist the urge to disclose or otherwise comment on items you discover through reading your callers' e-mail. Again, it is important that you act with a high degree of professionalism and DO NOT use information learned in reading electronic mail to your own personal or business advantage. 2. Do not put too much faith in any disclaimer you may make about there not being any facilities for "private" e-mail. While many sysops appear to have bought into the idea that the ECPA privacy requirements may be avoided by stating that there "are no facilities provided for private electronic mail," and while such a disclaimer may provide you with some level of protection, recognize that there are not yet any cases discussing the legal effect of these disclaimers in the BBS context. 3. Process all e-mail in the same way and in a routine manner and do not delay in processing mail. Your rights to monitor electronic mail under ECPA apply only to your activities undertaken "in the normal course" of running your board. 9.2.6 Encryption ---------------- Perhaps the "hottest" topic right now in the BBS privacy area concerns "encryption." Encryption allows a user to scramble e-mail messages so that only the person who knows a secret key can read the message. Sysops who understand their legal exposure are rightfully nervous about encryption. No doubt drug cartels, racketeers and terrorists are using this new technology. It is now widely believed that encryption technology has gotten to the point where even the U.S. government is unable to "break the code" and the uses to which encryption programs can be put will not be lost on those who are determined to break the law. It is reasonable to assume that callers who cannot encrypt their messages are less likely to violate the law when using your BBS. This means that the use of encryption on your BBS increases your legal exposure. If encryption creates exposure, should you ban encryption from use on your board? Some would argue that you should. After all, why take unnecessary chances? Others are not so quick to ban encryption. While encryption may allow abuses to occur on your board, encryption also allows law-abiding people the opportunity to transact business and conduct discussions of a private nature without fear that someone may be eavesdropping. Lawyers can exchange information with clients. People can transmit their credit card numbers without fear of having this information stolen. Americans have long-claimed to cherish the right to express ideas freely and to associate with others in privacy and without interference. While there is no general prohibition whatsoever against a sysop denying his callers the right to use encryption, there is something distasteful about such a rule. To help protect yourself against the improper use of your board by callers who encrypt messages consider the following: 1. Pay attention to who is using encryption and consider why this may be necessary for the specific caller. It should be a rare caller who feels the need to encrypt all outgoing messages or who receives only encrypted messages. 2. If you decide to allow encrypted messages, try to gauge whether there is an unusual volume of encrypted traffic and, if suspicious, feel free to call a user's attention to your concerns. You are within your rights to ask the caller for the encryption key to messages that pass through the board if you wish (although you will certainly then have a legal duty to protect that key if you accept it). If you are still uncomfortable after discussing the issue with a specific caller, let him or her know that you will no longer allow the posting of encrypted messages. If he or she complains, refer them to another board and, if necessary, refund any fees paid to you for the use of the BBS. 3. Set out your policies regarding encryption up-front, along with other BBS rules. Make clear if you allow encryption that you reserve the right to take any action you feel necessary to protect your BBS. 4. Inform yourself about an encryption program currently being distributed called PGP. PGP stands for "Pretty Good Privacy" and the use of PGP on computer bulletin boards is quickly growing in popularity. While there is probably little chance of being sued for distributing recent copies of PGP, you should be aware that early versions of program may violate U.S. patent laws. Moreover, PGP and programs like it have been classified by the U.S. government as a being "munitions" (weapons or military supplies) due to their high level of sophistication. It is currently illegal to export this program or even deliver it to a non-U.S. citizen inside the U.S. You may wish to restrict the distribution of PGP to callers who are located in the U.S. and who verify to you their U.S. citizenship status. -------- continued in next message ---------

---

E-Mail Fredric L. Rice / The Skeptic Tank