Sorry for top-postins.
I can see the intention of the law makers, but I wonder if there
will be any user who will be willing to underwrite the risk that
he/she will be exposing the system...
I am betting, if you handed them a piece of paper to chose whether
they would turn over their rights (to machine-inspect and delete any
message) or underwriting the potential security risks (damage other
peoples property/data), they would go for the former.
I bet this would work for Universities --I am not sure if ISPs would
like to do that though.
Would this not imply that a spam-assasin type solution would also be
illegal if it 'auto-deletes' detected spam?
Summarising from an article in the German monthly "Linux Magazin" [1] and my
own inquiries:
0a. If it is your own mail, do whatever you want
0b. If it's not your mail, you can't touch it. You _must_ not look at it
(except for correct delivery), you _must_ not change the contents. You _must_
not suppress it
1. No deletion (auto-deleting users' trash cans should probably be OK)
2. Automated spam- oder virus scanning only allowed as opt-in-solution
3. If it does contain spam/viruses you _must_ not silently delete the message.
The only way out: assign it to a spam-folder. Which the user has to empty
himself any way he wants. Some people use another opt-in for automatic
deletion, I don't know if that's allowed.
4. If you are a company: just forbid your employees to do private mail. Then
all incoming mails are, by default, the company's, which you can scan and
throw away at will. This is a position that is mostly, but not universally,
accepted
If you think that's difficult to live with, you are right. A university I know
was unable to install a spam filter at their incoming line due to these
regulations (and boy, they'd have needed a *huge* trashcan). If you're an
ISP, it's living hell.
If you think it's cool that somebody's taking good care of privacy, I tend to
agree with you nonetheless. Come on over and we'll have a beer.
