| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Sep 2003 13:29:14 -0400 From: Frank Nospam <fuy1@...c.edu> To: Justin Hahn <jeh@...fitlogic.com> Cc: BUGTRAQ@...URITYFOCUS.COM Subject: RE: Does VeriSign's SiteFinder service violate the ECPA? At 10:47 AM -0400 9/25/03, Justin Hahn wrote: >As an aside, I find it very curious that people characterize HTTP >traffic done in the clear (i.e. unencrypted) on the public internet >as private data. If I shout my Social Security Number out loud in Your premise is unacceptable. By this reasoning, would you consider it okay for the major backbone carriers to intercept any cleartext sent across their lines and pass the data to marketers/Ashcroft/etc? HTTP may not be encrypted, but it is point-to-point, not broadcast. >I'd be careful making legal arguments, but I suspect that if Verisign is >doing anything with this data they are justifying it as being "Public" and >that if people are foolish enough to transmit "Private" data in a "Public" >medium they can't be held liable. (But of course, that's for the courts to IANAL either, but I would consider it much closer to wiretapping. Verisign is NOT the intended recipient of typo traffic, but it is intentionally gathering that data. -- JHU CTY Distance Education - Math Courses http://cty.jhu.edu/tutorials
Powered by blists - more mailing lists