|
Grex > Oldcoop > #240: Subpoenas and Similar Inquiries. | |
|
| Author |
Message |
| 25 new of 106 responses total. |
tod
|
|
response 25 of 106:
| 
Feb 9 17:51 UTC 2005 |
Was the user cc'ed in e-mail with the info given to the courts?
That seems like it should be a given. We're not talking about a Patriot
Act subpoena but Civil Court.
|
mary
|
|
response 26 of 106:
|
Feb 9 18:21 UTC 2005 |
I'm not sure if he/she was or not. In instances where the account
has been frozen for whatever reason, that probably wouldn't be
helpful. And in this case the person hasn't logged in to Grex for a
while and the alternate email address is bogus. But it couldn't
hurt to send something off anyhow and document that we did so.
I like the way this other system has a clearly written policy on how
such things should be handled. For the longest time subpoenas were
a non-issue for Grex. But that seems to be changing and it's
probably time we codified something.
Let's see what comes of this discussion and then try to put it into
a policy. Sound good to you, Todd?
|
tod
|
|
response 27 of 106:
|
Feb 9 18:26 UTC 2005 |
Absolutely. With tools like lynx available for abuse then a policy for
handling complaints and subpoenas seems reasonable.
|
keesan
|
|
response 28 of 106:
|
Feb 9 20:42 UTC 2005 |
How does one abuse with lynx?
|
naftee
|
|
response 29 of 106:
|
Feb 9 21:45 UTC 2005 |
AHAHAA, CLASSIC KEESAN
that was almost too funy
|
naftee
|
|
response 30 of 106:
|
Feb 9 21:46 UTC 2005 |
Oh dear !@ I'm laughing so hard I can't spell
|
aruba
|
|
response 31 of 106:
|
Feb 9 22:13 UTC 2005 |
I think it's appropriate for Grex to respond to a subpoena quickly. Grex is
not a "data haven", and it's not appropriate for us, the users, to put the
board in the position of having to decide whether to comply wih a subpoena
based on the details of the case.
If it's not clear what the subpoena is asking for, or whether it's legal,
those are items for the board to discuss before complying. But, frankly,
we're not paying them enough to go to bat for every user who does something
that causes a sbpoena to be issued against him. And we're certainly not
paying them enough to stand up to law enforcement.
So I think the policy should be that Grex complies with legitimate
subpoenas. And I think everyone should know that.
Sounds to me like Joe did a pretty good job. Thanks Joe.
|
tod
|
|
response 32 of 106:
|
Feb 9 23:35 UTC 2005 |
re #28
Credit card mischief via browser with Grex as the only traceable source
|
dpc
|
|
response 33 of 106:
|
Feb 10 01:53 UTC 2005 |
I am certainly not Grex' legal counsel. I am merely a member of the
Board who happens to be a lawyer.
My big issue is that the Board was never given a chance to decide what
to do about this subpoena in an orderly way. If there is a deadline
in the subpoena, then all we have to do is call up the lawyer who
issued the subpoena and say we need a bit more time in order for our
corporation to determine our position.
No, the user was not notified as far as the e-mail I got from gelinas
indicated.
Suppose a subpoena comes asking for all records on a bunch of users.
Is anyone who happens to visit the PO box and get the subpoena
authorized to run around and gather the info and turn it over to the
subpoena issuer? Hardly.
People should know that once a case begins in the Michigan court
system, *any lawyer* involved can send out a subpoena. A judge never
sees these things unless someone challenges the subpoena.
If the Board ever adopted a policy that we should automatically do
whatever a subpoena asks us to do, that's news to me.
As aruba points out, the Board is not paid. So what? We still have
duties to the corporation, and to our users.
Yes, we need a policy on subpoenas.
|
other
|
|
response 34 of 106:
|
Feb 10 04:55 UTC 2005 |
Aruba, you're failing to make a very important distinction between
subpoenas relating to criminal and civil cases. In civil matters, our
obligations to our users likely outweigh any obligations to blindly
comply (note: IANAL) with the subpoena.
A salient point that Dave makes is that a lawyer can subpoena any
information from any source. That ability does not imply a legal
obligation to provide any and all information thusly requested. There
are definitely possible scenarios in which blind compliance with a
civil subpoena would expose us to severe legal liability.
To formulate a comprehensive policy, we need informed legal opinion. To
operate in absence of policy opens us up to significant risk. We can
mitigate this risk by making it a mandatory part of opening a Grex
account to agree to terms of use which specify our policy on the matter
and giving potential users the choice up front to use Grex or not with
that information available at the time the decision is made.
Similarly, once a policy is implemented, there should be a warning
somehow distributed to all users of Grex that informs them of the
specifics of the policy and declares that continued use of Grex conveys
explicit acceptance of the terms of the policy.
This may all sound hauntingly familiar to anyone who has joined web
forums or subscribed to web services of just about any kind. The legal
disclaimers you see in just about every instance are for exactly this
purpose. The Board of Grex has a responsibility to the organization to
take at very least the minimal step of issuing this kind of warning,
disclaimer or terms of use to all users current and future. We've been
lucky so far.
|
cyklone
|
|
response 35 of 106:
|
Feb 10 11:50 UTC 2005 |
"So I think the policy should be that Grex complies with legitimate
subpoenas"
And exactly how do you determine what is "legitimate" without legal advice
or an established board policy?
|
mary
|
|
response 36 of 106:
|
Feb 10 13:39 UTC 2005 |
Eric, your opinion... what should the board be obligated to do upon
receiving a civil subpoena?
|
aruba
|
|
response 37 of 106:
|
Feb 10 14:37 UTC 2005 |
Re #35: I don't know how to determine if a subpoena is legitimate. But I
don't think we should consult a lawyer each time we get one. That's making
a much bigger deal out if it than it has to be, I think.
I guess I'm warming up to the idea of a usage policy for Grex. Grex has
always tried to have as few rules as possible, so the decision not to have
one is deliberate. But maybe it's time.
|
remmers
|
|
response 38 of 106:
|
Feb 10 18:43 UTC 2005 |
We've had a usage policy statement for a while
(http://cyberspace.org/cgi-bin/grex-limits), but maybe it's time to
revisit it.
Two properties I'd want to see for any usage policy:
(1) Conform to the KISS (Keep It Simple, Stupid) principle. I'm a
minimalist. I'm also allergic to excessive bureaucracy.
(2) Don't make unenforceable rules.
|
scholar
|
|
response 39 of 106:
|
Feb 10 20:11 UTC 2005 |
Like ones that /etc/passwd files raen't allowed.
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
games:x:5:100:games:/usr/games:/bin/sh
man:x:6:100:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
postgres:x:31:32:postgres:/var/lib/postgres:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
list:x:38:38:SmartList:/var/list:/bin/sh
irc:x:39:39:ircd:/var:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/home:/bin/sh
dah:x:1000:1000:David A. Hoffman,,,:/home/dah:/bin/tcsh
sshd:x:100:65534::/var/run/sshd:/bin/false
naftee:x:1001:1001:,,,:/home/naftee:/bin/bash
jlamb:x:1002:1002:,,,:/home/jlamb:/bin/bash
|
tod
|
|
response 40 of 106:
|
Feb 10 22:23 UTC 2005 |
#37 of 39: by Mark A Conger (aruba) on Thu, Feb 10, 2005 (09:37):
Re #35: I don't know how to determine if a subpoena is legitimate. But I
don't think we should consult a lawyer each time we get one. That's making
a much bigger deal out if it than it has to be, I think.
Huh? A subpoena IS a big deal. It may be in Grex's best interest to
construct a policy that meets the approval of one or two lawyers in order for
Cyberspace to CYA. These are EXACTLY the situations where a director of the
board needs to be proactive. Don't leave it up to staff or wait for it to
come back around to bite us in the butt.
|
other
|
|
response 41 of 106:
|
Feb 11 01:19 UTC 2005 |
The first step, in my opinion is to implement a plan to make clear the
policy, whatever it is, to ALL users of the system so that Grex can
legitimately claim due diligence in defense of any claims that might
arise from our policy. That gives potential users the knowledge up
front, so they can opt not to use Grex if they feel that the policy is
not to their liking.
Then, once we have a policy, or if ever that policy changes, we will
have the mechanism in place to inform all existing users to the extent
practicable and to the extent required to establish a good faith effort
in the eyes of the courts.
How we deal with civil subpoenas is not an area I am competent to
address beyond saying that we by rights ought to make the information
available to a user whose information has been subpoenaed as soon as
humanly possible in civil cases, and to the extent that we are not
compromising a criminal investigation in other cases. Civil cases are
disputes between individuals, and our primary responsibility in those
matters is to the party with whom we have an existing relationship.
Ultimately, that is Grex's decision, but to choose otherwise would be to
wave a big "FUCK YOU" flag to anyone considering joining our community.
|
aruba
|
|
response 42 of 106:
|
Feb 11 22:35 UTC 2005 |
I disagree with Eric - saying "we won't go to the mat for you if someone
brings the weight of the legal systm to bear on us" is a long way from
saying "FUCK YOU" in all caps.
|
tod
|
|
response 43 of 106:
|
Feb 11 23:07 UTC 2005 |
Nobody has suggested implementing a wimpy policy that invites all subpoenas
in civil cases, right?
|
mary
|
|
response 44 of 106:
|
Feb 11 23:49 UTC 2005 |
If I understand your question, the answer is yes. I have. I don't
want Grex to be put in the position of treating each subpoena on an
individual basis, of asking for more time to check the merits of a
case, or to interview those involved and their attorneys. Rather,
we should have a policy that clearly states all court subpoenas will
be complied with promptly, period. This policy should be
published where all of our users can see it. Anytime we are served
with a subpoena Grex will, if allowed by law, notify the person
whose information is being sought, and notify the Grex community
that we have acted on such a document.
Anyhow, I'm still doing some research on subpoenas, but that's my
opinion at this point.
|
tod
|
|
response 45 of 106:
|
Feb 12 12:19 UTC 2005 |
So you're going to hand over someone's email to any lawyer that asks?
That's a wreckless approach. On the other hand, I guess if you want people
to know there is no privacy whatsoever on Grex and there is a form of due
diligence to make everyone aware of that fact then the BoD is pretty much in
the clear. I don't use Grex mail for personal e-mail very often so it would
not offend me but I can imagine there are others who may feel differently.
|
mary
|
|
response 46 of 106:
|
Feb 12 13:13 UTC 2005 |
Email is protected, by law, and cannot be included under a civil
suit subpoena.
|
other
|
|
response 47 of 106:
|
Feb 12 16:43 UTC 2005 |
Well, let's be clear about what exact information we're talking about.
If we're subpoenaed for information that is already publicly available
on the system, then our policy should simply be to provide pointers to
the information, leaving the impetus for gathering on the people who
want it.
If it is information that is not publicly available, then we should be
making every user of Grex aware up front of the nature of that
information and why it is stored and what the risks are that are
associated with storing it, such as that it might be subpoenaed and that
if so we will hand it over and unless legally bound otherwise will alert
the affected user specifically and the public at large to the fact as
soon as possible.
|
sholmes
|
|
response 48 of 106:
|
Feb 12 17:48 UTC 2005 |
I think we should know what kind of information is provided. You say email
is protected , but what bout if we save some email in a file in our home
directory? Will that be disclosed ?
|
mary
|
|
response 49 of 106:
|
Feb 12 22:09 UTC 2005 |
Here are two URLs that may be helpful. The first is AOL's policy
on civil subpoenas. The second is the applicable law.
http://legal.web.aol.com/aol/aolpol/civilsubpoena.html
http://assembler.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002701--
--000-.html
|