The ECPA permits ISPs and telecos to reveal the identification of the
participants in a communication. Though, the Privacy Protection Act may
impose some additional requirements. Usuaully, ISPs have no interest in
providing this information without a warrant or subpoena. Privacy is part
of the service customers purchase.
In the current system, it is not hard to nail down the originator, given
there is Law Enforcement interest in finding our the identity. An IP
address works just as good as a phone number. Even an open proxy has logs,
or can be logged.
In some cases, it has been hard to find out the identity via a civil
action, as in the RIAA V Verizon. That case is not yet decided. AOL had a
somewhat similar case, where it resisted a subpoena for identification.
That case has some quirks, though. The plaintiffs also didn't want to be
identified, and I think it was considered to be frivolous or malicious
suit. I don't remember all the details.
However, sans Law Enforcement requests, or civil subpoenas, it is
difficult. It is unlikely that would change, though. And privacy groups
would want to keep it that way, at least so that a court would decide
whether the identity is wanted for frivolous or malicious reasons. I
support the EFF in this view.
Anyway, with Type 1 and Type 2 spam, this is unnecessary, since they tell
you how to contact them in the message. It is only hard with Type 3 abuse,
which is generally involved in crimes that Law Enforcement could pursue,
but won't, for lack of interest.
On Thu, 29 May 2003, Tony Hain wrote:
Iljitsch van Beijnum wrote:
On donderdag, mei 29, 2003, at 21:34 Europe/Amsterdam, Tony
The fundamental legal issue we need to deal with is the ability to
absolutely identify the originator of the mail. Is that
any existing privacy laws? If not, identity would provide
the means to
pursue financial recourse for wasted time and resources. If
so, we have
a non-technical issue that may prevent any solution.
Too bad the bad ideas get much more air time than the good ones.
Yesterday some really good points were brought up, today we're mostly
rehashing the bad stuff.
About the law: current laws are unable to keep spam in check.
I was not asking about spam law. I was trying to be specific about any
privacy laws that would prevent identification of the originator of a
message. As long as there is a legal way to undeniably trace the message
origin, there is a chance we can build a technical approach to bulk
message handling system that will end random spam.
The real question is whether the current protocols
exhibit flaws that make the spam problem worse than it would
those flaws; and whether improved protocols can be implemented and
deployed at reasonable levels of effectiveness and efficiency.
I would argue yes, in that it is impossible to nail down the originator
with the current system.
It seems the answer to this was "no" five or six years ago.
In the mean
time, many things have changed. We now have more advanced techniques
and more processing power at our disposal. Also, spamming in general
has become much worse and many more children are online now, who are
subjected to spam that isn't always "child friendly" to say
Maybe the answer is still "no" but the time is right to at least
revisit the question.