-------- Original Message --------
Subject: Re: [Politech] Four examples of what Liz Figueroa's anti-Google
bill would do [priv]
Date: Fri, 23 Apr 2004 14:15:48 -0400
From: Dan Geer <geer@private>
To: Declan McCullagh <declan@private>
CC: dan@private
A prediction: Just as in the 1990s the COTS sector
caught up with the military sector in applications
of cryptography this decade will see the self-same
overtaking but this time of traffic analysis. You
do not need to examine content if you can deploy
enough sensors and make sense of their findings.
--dan
-------- Original Message --------
Subject: Re: [Politech] What would Liz Figueroa's anti-Google bill
really do? [priv]
Date: Fri, 23 Apr 2004 12:10:15 -0700
From: James Ausman <ausman@private>
To: Declan McCullagh <declan@private>
CC: ausman@private
>Is there anything I'm missing?
As it looks now, it would prohibit companies from using things like
CRM mail systems to manage their workflow. I can imagine a way
to obtain consent for scanning, but it would be cumbersome and
a pain for consumers.
Cheers,
Jim Ausman
-------- Original Message --------
Subject: Three dozen things Liz Figueroa's anti-Google bill would break
Date: Sat, 24 Apr 2004 14:48:43 -0700
From: Bill Stewart <bill.stewart@private>
To: Declan McCullagh <declan@private>
At 06:31 AM 4/23/2004, Declan McCullagh wrote:
>Figueroa's office admitted the bill would make it illegal for a California
>company to offer a "family friendly" email service that filtered dirty
>jokes into their own folder, for instance. It would also prohibit
>reviewing incoming messages to make clickable hyperlinks out of text
>phrases like "www.mccullagh.org." It might ban the practice of discarding
>messages with attachments beyond a certain size limit.
>
>Is there anything I'm missing?
Oh, you're probably missing lots of things; certainly Figueroa is :-)
The law is really terribly broken, as most knee-jerk implementations of
good intentions are. I really hope she doesn't mind making
Yahoo and Hotmail's basic services illegal while she's "fixing" Google's
new ones.
For instance, you're missing any automated processing that
you'd like to have an email provider do for you that you would have
otherwise had to do on your own mail system on your own computer,
and any mail services that handle different messages differently,
even simple things like web-based mail readers that display
different kinds of messages differently.
Here are a couple dozen services the law bans that don't involve
advertising privacy issues; you should be able to think of more.
- Autoresponders that thank senders for their email about __x__
Most politicians' email addresses do this,
and most ISP technical support and complaint email addresses do
this.
- Vacationmail responders that say you're not in the office right now,
especially the smart responders that don't reply to mailing lists.
- Closed-account responders that say your new email address is __x___
- the law might even be interpreted to say that SMTP can't
reject email that was sent to a non-existent account.
- Autoresponders that notify the sender that the email system does
automated processing and that their email cannot legally be
accepted
because the sender is not a subscriber to the service.
- Autoresponders that inform the sender that if they'd _like_ to
subscribe to the service and give up lots of private information
in return for being allowed to send mail to its subscribers,
here's how.
- Autoresponders that tell the sender that they can
complain to
<http://democrats.sen.ca.gov/servlet/gov.ca.senate.democrats.pub.members.memDisplayFeedback?district=sd10>Senator.Figueroa@private
+1-916-445-6671 about this invasion of privacy.
- Mail servers that forward high priority messages to your pager
or to another email account or to your cellphone's email gateway
- Mailing list managers that accept subscribe/unsubscribe requests by mail.
This is especially bad, because that's an application
that you really want to run at an ISP instead of your home PC
for reliability reasons.
- Mailing list archivers that make your mailing list list available on
the web
- Email-to-usenet gateways, email-to-ftp gateways (remember those?)
- Email gateways to cellphone text message services,
which usually delete all the mail headers and
turn html and Microsoft formatting into simple text
so you can read the mail on your phone
- Automatically sorting email into folders based on content,
such as putting different mailing lists into different folders
so you can read it more easily.
- Saving attachments into specific folders, such as a web photo service
that lets you send it pictures by email.
- Automatically downloading URLs for images from a web photo service
(this arguably involves third-party privacy,
depending on whether the URL indicates the recipient's info or not,
but there's no way for the recipient's ISP to know that,
and it's the recipient's ISP who's being banned here.)
- Web mail readers that mark high priority messages,
or let you use different colors for different kinds of mail.
The recipient may want this, but you can't do this with
email sent by non-subscribers. Even your friends or employer.
- Web mail readers that sort your mail by Subject: instead of date
- Web mail readers that show the date in your time zone instead of the
sender's
- Web mail readers that don't show you the boring email headers
(like Received: or User-Agent: Mozilla Thunderbird 0.5
(Macintosh/20040208))
just the interesting ones like From: and Subject:
- Web mail readers that translate different email message formats
(like Microsoft RTF or Microsoft Word attachments)
and display them in a form you can read on the web.
- Text mail readers that output your message in a simpler form that
text-to-speech readers for blind people can use.
- Text-to-speech mail readers that also do the audio on the mail server.
This is not only useful for blind people, but it also
enables services like calling up your email by phone.
- Secure Mail services that automatically decrypt your incoming mail if
they can
- Secure mail services that automatically encrypt your incoming mail if
they can
- Email services that charge by volume of mail that you've received,
or don't let you receive mail or attachments if you're over quota.
The law's broadly ambiguous about what "otherwise evaluate" means.
- Web mail services that automatically maintain address books for you,
so you can send mail to "Figueroa" instead of typing
"<http://democrats.sen.ca.gov/servlet/gov.ca.senate.democrats.pub.members.memDisplayFeedback?district=sd10>Senator.Figueroa@private".
- Instant messaging systems that accept IMs from other providers
and not just their own subscribers, because those almost always
have to translate the format. This is an important
openness issue in the industry, and the law appears to forbid it.
- Instant-messaging-to-email gateways (both directions)
- Calendar systems that let you email appointments to them, if run by an ISP
- Calendar systems that accept Instant Messages for appointments
and run on open IM systems
- Calendar systems that send Instant Message reminders, if they're on open
IM systems
- Address-book services like Plaxo which let you send email updates
to tell their customers that you've moved.
It's also not clear to me from a first reading of the law
whether email to the ISP itself, as opposed to email to one of its
customers,
is also covered by the law - can their sales@private address
deliver the mail to the right sales person based on sender or contents?
If one of their employees is out of the office, can their mail system
send an "I'm out of the office" message back?
You can't just fix the law by saying "ok, it can do automated processing
as long as it doesn't involve third parties." Here are a few examples:
- Forwarding your email to other ISPs / pagers / cellphones
- Online polling and political survey services that accept email and
summarize it for the customer.
- Web mail readers that use third party services for special processing,
like translation from English to Spanish or Korean to English
- Mailing list archives that can be read by non-subscribers.
For instance, the http://www.politechbot.com archives
let me read your postings, even though I'm not a subscriber,
and they let Google's web servers see it.
Many Yahoogroups mailing lists allow non-subscribers to read them;
many others don't, and many let you read messages but not
download files or photos.
- Web mail readers that automatically download images from URLs,
which might be online greeting cards, or photos from
photo sharing services, or annoying spam.
I haven't even gotten to the usual jurisdictional issues that apply
when people try to make local laws about the whole internet.
I'm assuming that California wouldn't try to apply this to
email or IM companies running outside of California
just because some subscribers might live in California.
They might try to impose the rules on companies that have
non-California-based email systems and also have California presence -
if Google runs GMAIL from one of their other locations, are they in
violation?
It's realistically too much trouble for a company to run an
email server in California that doesn't accept customers from California.
One problem with the Internet hosting business is that you don't
always know where your suppliers are unless you do lots of
due diligence work - cheap web hosting companies often have
servers in different places, and they'll put your account on
whatever server has space, and the backup will be on another
random server, and move servers around if they buy more space,
so if you're a small company developing interesting
email processing services, you really might not know
whether your server's in California this month.
(I think one of my favorite Australian-run ISPs is currently in New York,
and another one run by a guy in India seems to be outsourced to a server in
Missouri,
and both of them have moved since I started using them -
if I set my vacation-mailer on those accounts, does that make me or them
the criminal?)
Bill Stewart bill.stewart@private
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Tue Apr 27 2004 - 10:48:11 PDT