On April 7th I attended a conference at John Marshall Law School co- sponsored by the school's Center for Information Technology and Privacy Law (CITPL) and the LAWyers Microcomputer User Group (LAWMUG) on the subject "Sysop Liability: What's Your Exposure?" While an informative exercise, this proved to be more frustrating than enlightening. Short version: The common sense approach taken by most SYSOP's to message monitoring is PROBABLY okay; Liability insurance is a claymore mine waiting to explode; Even software with removed copyrights subjects SYSOP's to copyright liability since there is no such thing as innocent infringement; The law, lawyers, courts and legislatures are in need of significant computer and communications education and will probably have to develop entirely new ways of dealing the the technology, just as new law was required for broadcast media. The first subject of discussion, criminal liability, proved to be the easiest for me to understand. The dilemma here is that vandalism by users will likely get about as much attention as SYSOP complicity in using a BBS to conspire to commit a crime. Not much. However, there was almost universal agreement that the best way for a SYSOP to protect hardware against potential seizure, is to, in effect, become a government informant on any activity on the BBS deemed suspicious. If one or more users post messages that appear to suggest criminal intent, the SYSOP will have an easier time by notifying authorities immediately. If a SYSOP chooses not to monitor messages and file uploads, criminal prosecution isn't likely, but will still require cooperation with authorities if the BBS is subsequently implicated and like Los Angeles SYSOP Tom Tsimpidis, equipment seizure could still happen. And it's best to notify every potentially involved local, state and federal jurisdiction since each tends to view the others in a competitive light and could prove unwilling to share disclosure information which might protect the SYSOP. Next up, the insurance industry informed the seminar that proper disclosure of potential liabilities to an insurance agent could result in drastically increased rates for the recommended one million dollar coverage thought to adequately cover such activities. In other words, if you tell your agent exactly what you're doing, your rates will go up but if you don't and the policy doesn't specifically exclude the activity, you may find the underwriter refusing to honor the contract anyway in the event of serious litigation. On the subject of "virus" and "trojan horse" programs, members of the legal fraternity not already computer literate, and many who are, demonstrated why ignorance of the technology can lead to bad legal advice. During the discussion, a law student, experienced SYSOP and litigant in a computer breach of privacy civil suit, could not understand the significance of the differences between software and hardware disk protection schemes. We may all disagree on the measure of concern that is appropriate in the current "virus infection" issue. It seems to me, however, that ignorance feeds hysteria, and we can little afford less than cold, analytical thinking to resolve the legal and technical problems presented. The afternoon was devoted to the topic of civil liability in areas such as privacy, libel and copyright infringement. Users of the Chicago Computer Society Bulletin Board have been seeing a disclaimer notice which, hopefully, conforms to the provisions of the Electronic Communications Privacy Act. The logon message says, briefly, that we have no provision for private messages; the SYSOP and assistants can read everything; don't use the BBS for private exchanges without understanding this limitation. The opening screen also admonishes against illegal activities, especially the exchange of commercially copyrighted software. A provision of the RBBS-PC software used on the Society BBS includes addressing private mail to other users. Under the terms of the act, I thought it prudent to include the disclaimer to minimize Society exposure. You can still leave private mail, but, especially after the conference, I'm going to be reading everything. What I can't do, under the terms of the act, is make private exchanges between users public or tell others about them. I also have a responsibility, after reading messages, to judge them for possible libel and criminal activity. I will be deleting anything I'm even remotely suspicious about. So far, I haven't had to ponder the moral and ethical question posed by dealing with suspected illegal activity. It is my fervent hope that I never have to blow the whistle on anybody. I won't be making that decision until I'm faced with the problem. Despite attempts to identify computer bulletin boards as being just like ...supermarket bulletin boards; radio/television stations; telephone systems; etc., and then to try to make existing law fit, it's clearer to me now more than ever, that society hasn't addressed the issues at all. There seems to be a significant difference between a PC based bulletin board like the Society's and commercial mainframe systems like Compuserve, The Source, MCI Mail, GEnie, etc., but the issue clouds a bit when PC based systems begin to get as large as Gene Plantz in Hoffman Estates with 12 lines or Bob Mahoney's in Milwaukee with over 30. Further confounding things are networks like FIDO with netmail and echomail where conversations take place from one end of the country to the other, all on PC based equipment, most still single line systems. The free exchange of information and ideas is a cornerstone of our society. I'm reasonably certain, however, that the framers of the constitution never envisioned the computer bulletin board media. This is one of those rare debates which transcends political ideology. There are no constitutional provision to interpret. There is no comparable activity which has been interpreted to fall into existing precedent or for which law has since been created. But, just for the sake of discussion, let's explore some of what has been tried. The First Amendment to the United States Constitution All conversation on a computer bulletin board is covered by the free speech amendment. This still doesn't absolve the speaker from civil libel action. In this example, a BBS is considered the same as a newspaper or book. The Federal Communications Act Like radio and television, a BBS is an electronic media, and should be subject to the same privileges and restraints as other electronic, broadcast media. This position has taken a beating lately with the ruling that since the broadcast media licensing issue arose due to the limited number of airwaves, cable TV is relatively unlimited in its ability to deliver multiple channels and is therefore exempt. If cable TV gets a free ride here, then BBS's represent even more choice. A Private Party in Your Home This all takes place on your property. Therefore, you have a responsibility not to encourage or even knowlingly allow illegal activity, but everyone is there by invitation and you can't possibly know every conversation or action. Of course, open bulletin board systems are not "by invitation only" and activity on the board may contribute to the easy furtherance of copyright infringement. A Telephone-like Utility This is where the Electronic Communications Privacy Act comes into play. It was created primarily to "assure" the privacy of cellular telephone conversations which can be legally monitored with scanner equipment. The telephone company has no responsibility for what you say or even "plot" during a conversation using their equipment. In fact, without specific judicial permission, the phone company can't eavesdrop on you. Bulletin boards are not defined as common carrier utilities, however. Each of these examples can be applied to a limited degree. The most compelling problem, in my opinion however, is that they all conflict with each other. While the first amendment protects speech while still requiring libel standards for the person leaving the message. Where does that leave the SYSOP? If the Communications Act applies, won't that heavily restrict the content of systems? A closed BBS may be like a private party, but what about an open board? If a BBS is like a phone company, how do you stop copyright infringement through the most often used media? How can the SYSOP of a large system be held responsible for everything without crippling the activity on the board? Will every message have to be screened? Must every upload be checked for copyright and "virus" potential before it's made available? There are lots of ways to answer those questions. This conference, like conversations before it, only served to once again ask them. Absent a political constituency to create change, we remain at the whim of a legal system which is ignorant at least and hysterically suspicious at worst.