On Tue, 22 Jan 2008 21:49:32 -0800 Ed Gerck <[EMAIL PROTECTED]> wrote:
> As I commented in the > second paragraph, an attack at the ISP (where SSL/TLS is > of no help) has been the dominant threat -- and that is > why one of the main problems is called "warrantless > wiretapping". Further, because US law does /not/ protect > data at rest, anyone claiming "authorized process" (which > the ISP itself may) can eavesdrop without any required > formality. > Please justify this. Email stored at the ISP is protected in the U.S. by the Stored Communications Act, 18 USC 2701 (http://www4.law.cornell.edu/uscode/18/2701.html). While it's not a well-drafted piece of legislation and has been the subject of much litigation, from the Steve Jackson Games case (http://w2.eff.org/legal/cases/SJG/) to Warshak v. United States (http://www.cs.columbia.edu/~smb/blog/2007-06/2007-06-19.html), I don't see how you can say stored email isn't protected at all. --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
