-----Original Message-----
From: Alex Rousskov [mailto:rousskov(_at_)measurement-factory(_dot_)com]
Sent: Tuesday, July 06, 2004 12:16 PM
To: jfcm
Cc: ietf-openproxy(_at_)imc(_dot_)org
Subject: Re: is SMTP a candidate for OPES ?
jfc,
IMHO, the stupidity of judges or laws should not limit
OPES scope. OPES framework (in a broad sense) is applicable
to any communication between content producer and content
consumer. Whether the unit of communication is "stored and
forwarded" or "just forwarded" is irrelevant from
architecture/scope point of view. It may affect how and when
the adaptations are performed, but not whether they can be
performed in an OPES-compliant way.
The old OPES architecture draft may not reflect this
and other scope concerns, but that's a different question/problem.
Alex.
On Tue, 6 Jul 2004, jfcm wrote:
The attached piece of real world's information seems to be worth
consideration. This is legal, political and US centric.
Nevertheless
it means that SMTP (mail transfer) is not seen by many (legally and
technically) as a stream but as fast store and forward and that
different legal rules (and therefore
applications/business/demands/offers may be conceived depending on
where is the filter (on the protocol or on the node).
It seems to me this is another contradiction of OPES/ONES with the
"protocol on the wire" and "dumb network/smart host" concepts. I am
not an SMPT pro, but I suppose that the difference is that in HTTP
forwards a flow of datagrams while SMTP
stops+store+forwards a group
of datagrams building an entire message. For example, you
cannot know
the true user's value of a mail before you got to the
attachement or
to the final signature. jfc
--------------
From the New York Times --
http://www.nytimes.com/2004/07/06/technology/06net.html
You've Got Mail (and Court Says Others Can Read It)
By SAUL HANSELL
When everything is working right, an e-mail message appears to zip
instantaneously from the sender to the recipient's inbox. But in
reality, most messages make several momentary stops as they are
processed by various computers en route to their destination.
Those short stops may make no difference to the users, but
they make
an enormous difference to the privacy that e-mail is accorded under
federal law.
Last week a federal appeals court in Boston ruled that
federal wiretap
laws do not apply to e-mail messages if they are stored, even for a
millisecond, on the computers of the Internet providers
that process
them - meaning that it can be legal for the government or others to
read such messages without a court order.
The ruling was a surprise to many people, because in 1986 Congress
specifically amended the wiretap laws to incorporate new
technologies
like e-mail. Some argue that the ruling's implications could affect
emerging applications like Internet-based phone calls and Gmail,
Google's new e-mail service, which shows advertising based on the
content of a subscriber's e-mail messages.
"The court has eviscerated the protections that Congress
established
back in the 1980's," said Marc Rotenberg, the executive director of
the Electronic Privacy Information Center, a civil liberties group.
But other experts argue that the Boston case will have little
practical effect. The outcry, said Stuart Baker, a privacy
lawyer with
Steptoe & Johnson in Washington, is "much ado about nothing."
Mr. Baker pointed out that even under the broadest
interpretation of
the law, Congress made it easier for prosecutors and
lawyers in civil
cases to read other people's e-mail messages than to listen
to their
phone calls. The wiretap law - which requires prosecutors to prove
their need for a wiretap and forbids civil litigants from
ever using
them - applies to e-mail messages only when they are in transit.
But in a 1986 law, Congress created a second category,
called stored
communication, for messages that had been delivered to recipients'
inboxes but not yet read. That law, the Stored Communications Act,
grants significant protection to e-mail messages, but does
not go as
far as the wiretap law: it lets prosecutors have access to stored
messages with a search warrant, while imposing stricter
requirements
on parties in civil suits.
Interestingly, messages that have been read but remain on
the Internet
provider's computer system have very little protection. Prosecutors
can typically gain access to an opened e-mail message with a simple
subpoena rather than a search warrant. Similarly, lawyers in civil
cases, including divorces, can subpoena opened e-mail messages.
The case in Boston involved an online bookseller, now
called Alibris.
In 1998, the company offered e-mail accounts to book dealers and,
hoping to gain market advantage, secretly copied messages they
received from Amazon.com. In 1999, Alibris and one employee pleaded
guilty to criminal wiretapping charges.
But a supervisor, Bradford C. Councilman, fought the
charges, saying
he did not know about the scheme. He also moved to have the case
dismissed on the ground that the wiretapping law did not apply. He
argued that because the messages had been on the hard drive of
Alibris's computer while they were being processed for
delivery, they
counted as stored communication. The wiretap law bans a
company from
monitoring the communications of its customers, except in a
few cases.
But it does not ban a company from reading customers' stored
communications.
"Congress recognized that any time you store communication,
there is
an inherent loss of privacy," said Mr. Councilman's lawyer, Andrew
Good of Good & Cormier in Boston.
In 2003, a federal district court in Boston agreed with Mr.
Councilman's interpretation of the wiretap law and
dismissed the case.
Last week, the First Circuit Court of Appeals, in a 2-to-1
decision,
affirmed that decision.
Because most major Internet providers have explicit
policies against
reading their customers' e-mail messages, the ruling would seem to
have little effect on most people.
But this year Google is testing a service called Gmail, which
electronically scans the content of the e-mail messages its
customers
receive and then displays related ads. Privacy groups have
argued that
the service is intrusive, and some have claimed it violates wiretap
laws. The Councilman decision, if it stands, could undercut that
argument.
Federal prosecutors, who often argue that wiretap
restrictions do not
apply in government investigations, were in the somewhat surprising
position of arguing that those same laws should apply to Mr.
Councilman's conduct. A spokesman for the United States attorney's
office in Boston said the department had not decided whether to
appeal.
Mr. Baker said that another federal appeals court ruling, in San
Francisco, is already making it hard for prosecutors to retrieve
e-mail that has been read and remains on an Internet provider's
system.
In that case, Theofel v. Farey-Jones, a small Internet provider
responded to a subpoena by giving a lawyer copies of 339 e-mail
messages received by two of its customers.
The customers claimed the subpoena was so broad it violated the
wiretap and stored communication laws. A district court agreed the
subpoenas were too broad, but ruled they were within the law. The
plaintiffs appealed, and the Justice Department filed a
friend of the
court brief arguing that the Stored Communications Act should not
apply.
In February, the appeals court ruled that e-mail stored on the
computer server of an Internet provider is indeed covered by the
Stored Communications Act, even after it has been read. The court
noted that the act refers both to messages before they are
delivered
and to backup copies kept by the Internet provider. "An obvious
purpose for storing a message on an I.S.P.'s server after
delivery,"
the court wrote, " is to provide a second copy of the
message in the
event that the user needs to download it again - if, for
example, the
message is accidentally erased from the user's own computer."
Calling e-mail "stored communication" does not necessarily reduce
privacy protections for most e-mail users. While the
Councilman ruling
would limit the applicability of wiretap laws to e-mail, it
appears to
apply to a very small number of potential cases. The
Theofel decision,
by contrast, by defining more e-mail as "stored communications," is
restricting access to e-mail in a wide range of cases in the Ninth
Circuit, and could have a far greater effect on privacy if
courts in
the rest of the country follow that ruling.