------------- continued from previous message --------
CHAPTER 8 -SETTING UP FILE LIBRARIES
Q: Where can I get an assorted selection of shareware/freeware files
to start up the file libraries on my BBS?
8.01 - Shareware vendors
- Public Brand Software
Public Brand Software BBS, (317)856-2087
Commercial Shareware Vendor
Public Brand Software, Indianapolis, IN
- Megafile Distribution System - Eastern Shore Communications
The Megafile Distribution System (MDS) is a sysop-only file
collection system designed to fulfill the needs of established
and growing bulletin board systems.
Long-distance calling for file collection is expensive. Those
bulletin board systems able to afford this type of file collection
have the luxury of being current, collecting files on the day that
they are released.
For those systems not able to afford the long-distance luxury, CD-ROMs
have traditionally been used to increase a bulletin board system's
capacity, with the drawback that files are four to six months old when
they are placed online.
MDS fits in between these two methods. File collection is done in the
same manner as the large systems do, each and every day. Depending on
the plan you choose, one or two 60-megabyte tapes are delivered
to you each week at consistent 3- to 4-day intervals
(e.g., Monday/Thursday, Tuesday/Friday, Wednesday/Saturday, etc).
This turnaround maintains currency in your file collection while
at the same time keeping your collection costs low.
All files are virus checked using two different programs, all known
BBS advertising is removed, and AV-stamped or ARJ-security-envelope
file integrity is maintained wherever possible. File listings are
delivered in both FILES.BBS and PCBoard formats, allowing their
immediate addition to your system without further processing.
MDS pricing is based on volume, reflected below:
One-Week Package: (Cost Per Tape in) (Cost Per Tape in)
----------------- (Canadian Dollars) (U.S. Dollars)
(Total Order Value) (Total Order Value)
(in Brackets) (in Brackets)
Single Tape $37.50 ($37.50) $26.75 ($26.75)
Total Number of Tapes in Package: 1
Two Tapes $28.50 ($57.00) $20.35 ($40.70)
Total Number of Tapes in Package: 2
4-Week Package: (Cost Per Tape in) (Cost Per Tape in)
----------------- (Canadian Dollars) (U.S. Dollars)
(Total Order Value) (Total Order Value)
(in Brackets) (in Brackets)
Single Tape $30.00 ($120.00) $21.50 ($86.00)
Total Number of Tapes in Package: 4
Two Tapes $22.50 ($180.00) $16.00 ($128.55)
Total Number of Tapes in Package: 8
13-Week Package: (Cost Per Tape in) (Cost Per Tape in)
---------------- (Canadian Dollars) (U.S. Dollars)
(Total Order Value) (Total Order Value)
(in Brackets) (in Brackets)
Single Tape $25.00 ($325.00) $17.85 ($232.15)
Total Number of Tapes in Package: 13
Two Tapes $18.75 ($487.50) $13.40 ($348.20)
Total Number of Tapes in Package: 26
Rates are calculated based on customer-supplied tapes, deliverable
with prepayment. C.O.D. and credit-card orders are not accepted.
All shipping costs (your choice of carrier) and applicable taxes
For further information, please contact:
Eastern Shore Communications
FidoNet Address: 1:229/112
Internet: firstname.lastname@example.org (Richard Munro)
HOF TAPE NETWORK
- Get 100-120 Megs Of Files On Tape For $14.99
- All Files Are No Later Then 4 Months Old
- Files Range From PCBoard, Windows, Games, Utilities, etc..
- Each Directory Has It Own FILES.BBS
- All Files Have Been Scanned For Viruses
- You Can Either Send HOF Tape Network The Tape Or Buy One From Them.
- If You Send HOF Tape Network A Tape It Must Be Formatted
- HOF Tape Network Ships 2nd Day Air
- There Is A New Issue Every Month. That Means 100-120 Every Month For
You or Your BBS.
- Orders Can Be Taken via: Netmail, Internet E-Mail, or Via BBS
- New Issues Are Shipped the 1st Of Every Month
Contacting HOF Tape Network
Fidonet: 1:2215/600 or 1:2215/610
BBS: (216)493-3522 or (216)492-2871
NUMBER YOU WISH TO PURCHASE: ___ @ $14.99
TAPES WISH TO PURCHASE : __ @ $15.00
SHIPPING / ORDER : ___ @ $10.00 / TAPE
8.02 - Encouraging your users to upload
- Topic 8.02 will be available in future versions of
the BBS FAQ.
CHAPTER 9 - LEGAL ISSUES FACING THE BBS SYSOP
Version 0.9 - June 24, 1994.
Copyright (c) 1994 Carl J. Elitz
This chapter contains a general discussion of some of the
legal risks facing those who run computer bulletin board systems
(BBS' or boards), along with some suggestions for reducing those
risks. It is not yet in the familiar Q&A format, but may be
modified in future revisions.
Please consider the discussion that follows for educational
purposes only and not as a substitute for legal advice. The
suggestions made below should be used only as a starting point for
your own consideration of the issues presented and may not be
suitable for your individual situation. If you need legal advice,
consult with an attorney licensed to practice in your jurisdiction.
Those with a practical interest in the subject are referred to
Lance Rose's and Jonathan Wallace's book, SYSLAW (2nd Ed. 1992),
(available by calling PC Information Group at 1-800-321-8285). At
present, this is the definitive book on the subject and a good
source of information for the new or experienced sysop. Cost is
A more scholarly treatment of many of the same issues can be
found in a law review article written by David J. Loundy, "E-Law:
Legal Issues Affecting Computer Information Systems and System
Operator Liability," 80 Alb. L. J. Sci. & Tech. Vol 3 (1993).
Loundy's article is available in many law libraries and on the
internet via anonymous ftp from the Electronic Frontier Foundation:
ftp.eff.org (path /pub/EFF/policy/Legal/e-law.paper).
Please note: the following does not necessarily apply to BBS'
running outside the United States. Obviously, the laws of other
jurisdictions may be quite different.
Finally, please recognize that this chapter is an evolving
document in its early stages of development. Suggestions for
improvement are welcome. The author can be reached at either of the
following internet address sites: email@example.com or
9.1 The Legal Risks
Your legal exposure as a BBS sysop is not insignificant. Even
if your intentions are good, mistakes or errors in judgment expose
you to both civil and criminal liability. This is due, in large
part, to the fact that there will be so many people calling your
board, each with his or her own agenda. If you fail to educate
yourself on the basic risks, your exposure increases dramatically.
9.1.1 Civil Lawsuits
Filing a civil suit in the United States is a relatively
simple and inexpensive process for a plaintiff, usually costing
less than the latest version of your favorite word processing
software. Indeed, a caller or other person who believes she has
a case against you may find an attorney willing to represent her
for a "contingency fee," charging only if the suit results in money
damages against you.
The costs of litigation for you as the defendant, on the other
hand, will undoubtably be high -- right from the beginning. Unlike
the plaintiff's attorney, your attorney cannot work on a
contingency fee and will insist upon being paid whether you win or
lose, perhaps well before the case is even over. In almost all
cases, you will not be able to recover your attorney's fees, even
if you prevail. So called "reasonable fees" can grow into the
thousands of dollars in a matter of weeks, ending up costing many
more times the price of your entire BBS equipment
and software. Moreover, failure to win a lawsuit can have
devastating implications for you, your business, even your
family. This is because, in the United States at least, the law
gives to a wrongfully injured plaintiff the right to recover all
damages which were "caused" by your improper actions. There are few
limits on the amount that can be recovered in most civil cases.
9.1.2 Criminal Liability
In addition to civil liability, the BBS sysop can encounter
problems with the local, state or federal government under the
criminal laws. This exposure should be obvious. For example, if you
knowingly use your BBS to store or distribute copyrighted material,
obscene photographs, child pornography or stolen information, or if
you encourage others to do so, you may face severe penalties --
perhaps even time in jail.
Your legal exposure in a criminal case is not limited to those
situations, however, where you yourself deliberately commit
criminal acts. If the authorities come to suspect your board
contains evidence necessary to prove a criminal case against one of
your callers, you may find yourself in the middle, trying to
protect yourself from the effects of the investigation.
Do not underestimate the trouble that can be caused by
improper caller conduct. Four years ago federal agents and local
authorities raided boards in twelve cities around the country as
part of something the federal government named "Operation Sun
Devil." Agents conducting the searches carried warrants which gave
them the right to seize computer equipment in an attempt to locate
"hackers" believed to be exchanging stolen credit card numbers
through the use of computer bulletin board systems. Agents searched
both homes and businesses and confiscated computers and peripheral
equipment such as monitors and printers. While there has been just
one conviction relating to computer crime so far, agents have yet
to return all of the equipment.
9.2 The Major Issues and Some Suggestions
There is some good news: most of the risks your board faces
can be minimized if you take an active approach to the problem.
Your first step should be to familiarize yourself with the types of
claims that may be brought against you or which may involve your
board, and then proceed with this knowledge in mind.
Negligence actions are the most common type of civil claim
brought in the United States. At the heart of the negligence claim
is the legal concept of "duty." Duty is the standard by which the
law judges a defendant's conduct when a plaintiff is harmed. It is
your "duty" as a sysop that exposes you to liability. If you
violate your duty to your callers or others and create an
"unreasonable risk" which causes harm, you may be held
liable for negligence and be required to pay money damages as
Like the BBS technology itself, BBS law is quite new and the
"duties" applicable to BBS sysops and the "unreasonable risks"
callers may face are not well established. In general, and in the
absence of legislation on the subject, it will be judges who will
decide what legal duties systems operators have toward callers. In
making this type of decision, judges will consider the costs of
imposing a specific duty upon a sysop in comparison to the benefits
of imposing that duty in favor of callers and others who may be
affected by the BBS. In the absence of cases on the subject (and
their are very few), judges will simply make the decision based
upon what they believe is reasonable in light of the facts.
There is simply no way of knowing what specific duties a
plaintiff might claim you have breached and, therefore, no easy way
of protecting yourself. This means that you must consider carefully
the possible legal duties judges may one day place upon you as a
BBS system operator. No doubt lawyers will someday argue that a
sysop should have the legal duty to scan for viruses, process
electronic mail in a way that prevents it from being destroyed or
unreasonably delayed and to protect caller passwords. There are no
doubt other potential duties BBS sysops will be required to meet.
In cases where you are accused of violating a legal duty, a jury
could be asked to decide if your failure to meet your duty caused
the defendant harm. In a jurisdiction that allows it, the plaintiff
may be able to claim that a virus destroyed important business
records or that misdelivered mail caused an important meeting to be
missed. Damages for such loses could be extremely costly.
There is no simple or easy way to avoid negligence claims.
However, legal "disclaimers" can help. A disclaimer is a statement
which gives notice to your callers that you do not intend to be
held responsible for specific harm which may occur from the use of
your BBS. For example, you might explain to callers that electronic
mail may be accidentally lost or destroyed and that you will not be
liable for any harm that may come from such an accident. If a
disclaimer is properly made, it can be quite effective in limiting
your liability. Cases filed against defendants are often dismissed
early on the strength of a well written disclaimer. The best
disclaimers clearly describe a specific risk a caller may face and
then state that it is the caller, and not you, who will bear the
risk of any injury.
Admittedly, the law in this area is vague. There is also no
way of knowing for sure what specific duties the law is likely to
place upon you. It is rarely ever a certainty that a particular
disclaimer will be upheld in court. Indeed, even the fact that you
do not charge callers for access may not provide you with a
defense to a negligence claim.
The following are suggestions that you should consider:
1. Tell your callers what you will do and what you will not do
in your role as sysop and be sure to follow through on your
commitments to your callers. Give your users fair notice when you
decide to change your policies.
2. Keep copious records as to the board's formal policies,
including when changes are made and any problems you may have in
enforcing rules. If you discover a caller violating the rules,
record the details of what has happened and put these records in a
safe place. Law suits sometimes are filed long after an event
happens. Three months later you might not otherwise remember the
3. Put BBS disclaimers in a prominent location. Consider using
capital and/or bold letters to emphasize the risk of harm callers
may face from using your board. Get some form of affirmative act
from each caller that indicates they have read the disclaimers --
this will be useful someday should you ever need to show that the
caller was aware of its terms. While this does not have to be on
paper, each caller should at some point have to proceed through a
screen in which he or she acknowledges having read the
disclaimers and agrees to them. In an ideal world, your BBS
software would create a log of this event and store it
4. Recognize that you can not disclaim certain legal duties
and do not put too much faith in any disclaimer -- you can never be
sure what will and will not be legally enforceable. Consider the
disclaimer as additional protection, not your first line of
5. Finally, if some factual situation arises which has the
potential to harm your callers, react promptly to take control of
the situation. Think of your BBS as an extension of your home and
your callers as your guests. If you believe that there is something
or someone who may expose your callers to an "unreasonable risk" of
harm or loss, recognize the fact that it is you who could be
9.2.2 Breach of Contract
Another very common type of civil suit is one based upon
contract law. In many ways a breach of contract case is similar to
a negligence case. Indeed, often a plaintiff will allege both
breach of contract and negligence claims in the same suit.
Contrary to what some may think, there is no general
requirement that contracts be signed or that they be in writing.
One requirement of every contract, however, is "consideration." You
generally cannot be held liable in a contract action unless you
have somehow agreed to do something for your callers AND your
callers have agreed, as a corresponding obligation, to do something
Note that a sysop who asks nothing from his callers is
unlikely to be faced with a contract claim. In such a situation the
callers cannot claim to have provided the sysop any "consideration"
sufficient to create a contract. One way a sysop can reduce legal
liability, therefore, is to run a "free" board open to anyone who
wishes to use it.
Many sysops recognize the liabilities that may attach if they
enter into a contractual relationship with callers. In order to
avoid doing so they ask for "donations" instead of payments. Be
aware, however, that if you grant access to special areas of your
BBS to "donating" members or provide them with special services,
you may be creating a contract with them. In such a situation, you
give access to the restricted area in return for the donation. The
fact that the payment is called a "donation" does not prevent it
from being "consideration" sufficient to support the creation of a
Be aware also that consideration does not have to be in the
form of money. By way if illustration, consider the fact that many
boards have upload/download ratios whereby a caller's download
privileges are set proportionally to the number or amount of data
he uploads to the board. A good argument can be made that the
caller's uploaded data constitutes legal consideration for a
contract with the sysop. The sysop's BBS receives the benefit of
the uploaded data. In return, the caller has the right to receive
the downloaded data.
If you and your callers have a contractual relationship, it is
important for you to recognize what your obligations toward your
callers are. For example, if you tell callers that mail dropped off
on your board will be uploaded to a network at least four times a
day, do not be surprised if users come to rely upon your
representation and begin to consider it part of the services you
contractually agreed to provide to them. If you accept payment from
callers for a month of BBS access, you have an obligation to see
that the board, in fact, remains open for that month.
As noted, one way to avoid liability is to avoid entering into
any contractual arrangements with callers. A better approach,
however, is to deliberately enter into a contractual relationship
with your callers, being very specific about what obligations you
will and will not assume and what benefits you expect your callers
to provide to you. By stating up front what rules govern the use of
your board and what obligations you are willing to take on, and by
making clear to callers that these rules are a condition of using
your board, you create the "consideration" necessary to make a
An example of one possible caller contract is found in the
SYSLAW book mentioned in the introduction above. There is no magic
formula, however, for creating a formal caller contract. Before
investing in a BBS, call around and take a look at what other
sysops require from their callers. At a minimum, a "caller
contract" should include:
(1) a statement recognizing that your BBS receives some
tangible benefit from callers. Remember, consideration must run in
two directions for a valid contract to exist. If your callers
provide payment to you, this is sufficient. If you do not charge
callers, you have to be more creative in stating what it is that
your board receives. If you do not charge callers, caller
"participation" in your board may be sufficient.
(2) an indication that callers must comply with the rules of
the BBS as a condition of using the board;
(3) a statement that the rules may be changed as the sysop
(4) a provision that caller questions about the agreement will
be answered by the sysop and changes to the agreement will be made
(5) a description of the BBS and its various services and
areas, including a statement indicating that these may be changed
at the sysop's discretion (see below for special provisions
regarding "adult" areas);
(6) the costs to the caller of using the system, including any
"upload/download" ratio requirements;
(7) a statement regarding how electronic mail will be treated
(8) an indication that the law governing any dispute will be
the law of the place where the BBS is located (as opposed to the
law of the place where the caller is located);
(9) notice that you reserve the right to shut the BBS down and
refund any payments made by callers, as well as a provision giving
notice to callers that you reserve the right to ban callers for
violating the board's rules as you deem necessary.
In creating a caller contract, keep in mind that plain
language that your callers can understand is far better than any
"legalese." If your callers are incapable of understanding the
language of your agreement, it is possible that the agreement would
not be enforced in your favor, should you ever need to rely upon
Viruses present one of the most well-known problems facing the
on-line community. These programs are often written to produce
unexpected or disastrous results for an unwary user such as
erasing the user's hard drive. Hiding viruses inside other programs
and then uploading the contaminated programs to a BBS is a favorite
way of spreading a computer virus.
Fortunately, there are programs that search for, and then
eliminate, most computer viruses. Many BBS sysops provide, as a
service to callers, basic virus scanning. This service allows
callers to exchange programs with some degree of protection.
Scanning for viruses is probably a good idea. Many callers
expect it and it is possible that the law could hold you to such a
duty. What is not a good idea, however, is misrepresenting to your
callers the extent of what can be done to protect them from such
programs. Viruses are often written with the goal of avoiding
detection. There is always a degree of risk that scanning may fail
and you should be up-front with your callers about this
To protect yourself, consider the following suggestions:
1. Scan for viruses regularly and do not post programs for
general use until they have undergone a virus scan. Do not assume
that commercially produced programs or programs distributed on CD
ROM are virus-free.
2. Let your callers know that you cannot guarantee that
programs on your board are safe. Disclose prominently that there
are risks that the virus scanning program you use may miss
3. If you are unwilling or unable to scan for viruses, make
this fact clearly known and include it in your contract with
9.2.4 Public Messages and Defamation
A defamation is a false statement made publicly which has the
effect of harming another's reputation. Sometimes defamation is
referred to as "libel" or "slander".
While the First Amendment of the U.S. Constitution guarantees
the right of individuals to say almost anything they desire, the
First Amendment does not always protect a speaker from being held
liable for the harm caused by his or her speech. Thus, a person
whose reputation has been wrongly injured may bring suit against
those who "publish" the statement, even if the "publisher" is not
the original speaker.
Note that a "publisher" does not have to "print" the
defamation. For example, radio and television stations have been
sued for "publishing" defamatory statements. You may be surprised
to find that defendants can be sued for defamation even when the
statements made by the defendant are reported in the form of an
accurate quotation of another's words. Put in a slightly different
way, accurate "re-publications" of a defamatory statement may
create liability for the re-publisher.
There are several defenses a publisher of a statement may have
against a plaintiff claiming defamation. For example, the U.S.
constitution protects a publisher from law suits by "public
figures" to a certain extent. Those who have deliberately become
"public figures" may sue for defamation only if able to show that
the defendant published the statement with actual knowledge that
the statement was false or with "reckless disregard" of whether it
was false. This constitutional defense protects defendants from
being sued by famous people for things said about them reasonably
believed by the speaker to be true.
Notice that a defendant who makes defamatory statements about
someone who is not a "public figure" does not get the same
constitutional protections. In other words, you can be liable for
making false statements about a private person, even if you
believed the statements were true when you made them. Obviously,
you must be careful what you "publish" on your board about anyone
whose reputation might be harmed.
There are other important defenses a "publisher" may have.
Simple name-calling is not defamatory as a general rule, even when
it is offensive. Such statements are not thought to bring actual
harm to a person's reputation.
A defendant who can show that the statement alleged to be
defamatory is truthful will also prevail in a defamation suit
because a defamation is, by definition, an untrue statement.
Another useful rule to keep in mind is that the dead cannot be
defamed, at least not in most jurisdictions.
There are many other defenses. The savvy sysop will not,
however, rely upon legal defenses to protect herself against
defamation suits. It may cost nearly as much to defend a defamation
suit as it would to settle a case with a caller or other third
person. It is far better to prevent yourself from becoming a legal
target in the first place.
In order to protect yourself from a defamation claims before
the fact, consider these suggestions:
1. Think carefully about the two types of defamation risks you
face as a sysop before you act. These are the risk that you may:
(1) directly defame a caller or some other person, either through
a deliberate or carelessly made statement and (2) re-publish a
defamatory statement initially made by one of your callers or
someone else. Passing on a false rumor can amount to actionable
2. Actively discourage callers from "flaming" one another in
public message areas. Some callers take great pride in using sharp
wit to make others look stupid. Such comments quickly deteriorate
into personal attacks. Personal attacks can quickly deteriorate
3. Keep in mind that your callers may not be who they say they
are and that some callers may be using aliases. This means that you
must be particularly careful. Posting a public notice that you have
banned a caller who you name because "he has been uploading
child pornography" may seem like a perfectly reasonable thing to
announce a system bulletin, until it turns out that the person you
have named has never logged onto your board and that an imposter is
the real culprit. In handling sensitive matters, discretion is
always the best advice.
9.2.5 E-mail, Privacy, and ECPA
Unlike public messages, callers who send e-mail to specific
individuals do not expect their messages to be publicized or read
by anyone but the intended recipient. Many sysops are concerned,
however, that without monitoring caller e-mail they cannot be sure
that users are not violating the law and exposing their board to
legal risk such as that faced by the sysops in the Operation Sun
Before you make any policy for your BBS involving electronic
mail, you should be aware of federal legislation called the Electronic
Communications Privacy Act or "ECPA." ECPA is a federal law which
governs electronic mail in all 50 states.
Under ECPA, BBS communications are protected under federal
wiretapping laws. BBS callers now have the statutory right to
expect that their electronic mail will not be intercepted or read
by others. This means that you, as a BBS sysop, have a federally
mandated obligation to keep caller communications private. Only the
sender or intended recipient may make the message public.
The good news is that ECPA mandates a higher level of
protection for you and your callers against authorities who want to
search your BBS for evidence of criminal activity. Because of ECPA
and the existence of private electronic mail on your board,
authorities are theoretically limited by ECPA in the types of
searches they may lawfully conduct against you.
ECPA does not mean that a sysop is prohibited from viewing
caller e-mail. The law creates a specific exception for sysops who
provide "electronic communication services." The exception is
narrow, however, and there is the potential for a sysop to get into
trouble if he or she does not treat caller e-mail with a certain
degree of care and professionalism.
Under ECPA, a sysop may intercept and view user e-mail,
disclose its contents to others or use information found there ONLY
to the extent necessary for the operation of the board and/or for
the protection of the sysop or with the "lawful consent" of one of
the parties sending or receiving the message. While sysops may
monitor callers to ensure that they are not transmitting
copyrighted materials or violating some other aspect of the law,
they must act like the doctor or lawyer who learns a client secret.
The information must be kept in confidence.
THIS POINT BEARS REPEATING: You may not use information you
learn from your caller's private messages to your advantage or
disclose e-mail to others outside of what is necessary to protect
yourself and your property. This requires the sysop to exercise a
fair degree of restraint.
Suggestions in this area include:
1. Monitor electronic mail, but do so only occasionally and to
the extent necessary to assure yourself that there is nothing
improper occurring on the board. Resist the urge to disclose or
otherwise comment on items you discover through reading your
callers' e-mail. Again, it is important that you act with a high
degree of professionalism and DO NOT use information learned in
reading electronic mail to your own personal or business advantage.
2. Do not put too much faith in any disclaimer you may make
about there not being any facilities for "private" e-mail. While
many sysops appear to have bought into the idea that the ECPA
privacy requirements may be avoided by stating that there "are no
facilities provided for private electronic mail," and while such a
disclaimer may provide you with some level of protection, recognize
that there are not yet any cases discussing the legal effect of
these disclaimers in the BBS context.
3. Process all e-mail in the same way and in a routine manner
and do not delay in processing mail. Your rights to monitor
electronic mail under ECPA apply only to your activities undertaken
"in the normal course" of running your board.
Perhaps the "hottest" topic right now in the BBS privacy area
concerns "encryption." Encryption allows a user to scramble e-mail
messages so that only the person who knows a secret key can read
the message. Sysops who understand their legal exposure are
rightfully nervous about encryption. No doubt drug cartels,
racketeers and terrorists are using this new technology. It is now
widely believed that encryption technology has gotten to the point
where even the U.S. government is unable to "break the code" and
the uses to which encryption programs can be put will not be lost
on those who are determined to break the law.
It is reasonable to assume that callers who cannot encrypt
their messages are less likely to violate the law when using your
BBS. This means that the use of encryption on your BBS increases
your legal exposure. If encryption creates exposure, should you ban
encryption from use on your board? Some would argue that you
should. After all, why take unnecessary chances?
Others are not so quick to ban encryption. While encryption
may allow abuses to occur on your board, encryption also allows
law-abiding people the opportunity to transact business and conduct
discussions of a private nature without fear that someone may be
eavesdropping. Lawyers can exchange information with clients.
People can transmit their credit card numbers without fear of
having this information stolen. Americans have long-claimed to
cherish the right to express ideas freely and to associate with
others in privacy and without interference. While there is no
general prohibition whatsoever against a sysop denying his callers
the right to use encryption, there is something distasteful about
such a rule.
To help protect yourself against the improper use of your
board by callers who encrypt messages consider the following:
1. Pay attention to who is using encryption and consider why
this may be necessary for the specific caller. It should be a rare
caller who feels the need to encrypt all outgoing messages or who
receives only encrypted messages.
2. If you decide to allow encrypted messages, try to gauge
whether there is an unusual volume of encrypted traffic and, if
suspicious, feel free to call a user's attention to your concerns.
You are within your rights to ask the caller for the encryption key
to messages that pass through the board if you wish (although you
will certainly then have a legal duty to protect that key if you
accept it). If you are still uncomfortable after discussing the
issue with a specific caller, let him or her know that you will no
longer allow the posting of encrypted messages. If he or she
complains, refer them to another board and, if necessary, refund
any fees paid to you for the use of the BBS.
3. Set out your policies regarding encryption up-front, along
with other BBS rules. Make clear if you allow encryption that you
reserve the right to take any action you feel necessary to protect
4. Inform yourself about an encryption program currently being
distributed called PGP. PGP stands for "Pretty Good Privacy" and
the use of PGP on computer bulletin boards is quickly growing in
popularity. While there is probably little chance of being sued for
distributing recent copies of PGP, you should be aware that early
versions of program may violate U.S. patent laws. Moreover, PGP and
programs like it have been classified by the U.S. government as a
being "munitions" (weapons or military supplies) due to their high
level of sophistication. It is currently illegal to export this
program or even deliver it to a non-U.S. citizen inside the U.S.
You may wish to restrict the distribution of PGP to callers who are
located in the U.S. and who verify to you their U.S. citizenship
-------- continued in next message ---------