[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a0600200bbb98d336c77e@[128.220.149.122]>
Date: Thu, 25 Sep 2003 13:29:14 -0400
From: Frank Nospam <fuy1@...c.edu>
To: Justin Hahn <jeh@...fitlogic.com>
Cc: BUGTRAQ@...URITYFOCUS.COM
Subject: RE: Does VeriSign's SiteFinder service violate the ECPA?
At 10:47 AM -0400 9/25/03, Justin Hahn wrote:
>As an aside, I find it very curious that people characterize HTTP
>traffic done in the clear (i.e. unencrypted) on the public internet
>as private data. If I shout my Social Security Number out loud in
Your premise is unacceptable. By this reasoning, would you consider
it okay for the major backbone carriers to intercept any cleartext
sent across their lines and pass the data to marketers/Ashcroft/etc?
HTTP may not be encrypted, but it is point-to-point, not broadcast.
>I'd be careful making legal arguments, but I suspect that if Verisign is
>doing anything with this data they are justifying it as being "Public" and
>that if people are foolish enough to transmit "Private" data in a "Public"
>medium they can't be held liable. (But of course, that's for the courts to
IANAL either, but I would consider it much closer to wiretapping.
Verisign is NOT the intended recipient of typo traffic, but it is
intentionally gathering that data.
--
JHU CTY Distance Education - Math Courses http://cty.jhu.edu/tutorials
Powered by blists - more mailing lists