Policy: June 2004 Archives

U.S. vs Councilman opens door for admin snoops

The Electronic Frontier Foundation charges that this weeks appeals court decision in U.S. vs Councilman gives your ISP the right to monitor your email.

The court brief is http://www.ca1.uscourts.gov/pdf.opinions/03-1383-01A.pdf

The defendant used procmail and sendmail to monitor email from Amazon to the booksellers and other email clients that used his mailserver. He used a form of store and forward to do this. I believe the courts have held that wiretapping is grabbing the message off the line with a sniffer. It is a different charge when the mail is in storage. The courts dismissed the charges against the defendant stating that at the time the message was copied it wasn't in transit.

I agree that he is not guilty of wiretapping. I'll have to go reread the Stored Communications Act to see if his claim of being a service provider is correct. I am currently in a cyberlaw class and we read the lower court ruling on US v Councilman a couple weeks ago. So I was pretty excited to see this case.

By Roger on June 30, 2004 7:07 PM |

Ex-AOL Employee Arrested in Spam Caper

I'm sure by now you've seen the articles on the AOL employee who stole millions of screen names and sold them to spammers. Jason Smathers was not authorized to have access to the screen name list but used another employees access code to steal it.[1]

According to an article I saw posted over at Harry Waldron's site, this is expected to be the first prosecution under the CAN SPAM act. The maximum penalties are 5 years $250k. I wonder if harsher penalties would be available if he was tried under theft of trade secrets or some unauthorized computer access law?

Hopefully many companies will take this as a sign that its time to review their layers of protection and review internal procedures to make sure stuff like this cannot happen. That is twice in recent months that AOL has been in the news because their employees have abused their position. Earlier a call center drone admitted to improperly using personal information belonging to celebrity customers to forge relationships with them under false pretenses.

Perhaps audit logs that track patterns of use would have caught the Mr Smathers as he stole an authorized users account.


[1]"Ex-AOL employee arrested in spam caper." the Washington Times June 24th 2004 C8.

By Roger on June 24, 2004 6:37 PM |
Main Index | Archives | Policy: July 2004 »

About this Archive

This page is a archive of entries in the Policy category from June 2004.

Policy: July 2004 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Policy: June 2004: Monthly Archives

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search