|
|
| Author |
Message |
mary
|
|
Patriot's Act and Grex
| 
Sep 14 14:22 UTC 2003 |
I've been reading about the implication of the Patriot's Act
and wonder what power it could have over Grex. We've always been
clear that should law enforcement contact us, with the appropriate
paperwork, we'd comply and supply information that was covered
under the warrant.
But could the FBI, CIA, or police come to us demanding user
information and not need a warrant? Could we be prosecuted
if we told the user about request? Would we be allowed to
determine our (Grex's) rights and contact an attorney or
the ACLU for advice?
Libraries, banks, schools and other entities are being
put under the government's thumb in regards to these
searches. Where does Grex stand?
|
| 116 responses total. |
scg
|
|
response 1 of 116:
|
Sep 14 16:43 UTC 2003 |
Grex has a long history of giving out more information to law enforcement
without a warrant than the Clinton Administration Justice Department said was
legal. This hasn't seemed to bother anybody on the staff when I've pointed
it out before.
Post-Patriot Act I'm not sure what the law is, but my impression is that there
are still a lot of procedures for law enforcement to follow when requesting
information. In the pre-Patriot Act era, law enforcement often didn't follow
the required procedures, and the Electronic Communications Privacy Act put
some legal burden on those being asked for the information to not provide
information to law enforcement without the appropriate court orders. My
suspicion is that law enforcement agents probably still don't have a very good
idea of what the post-Patriot Act procedures are, and Grex could still get
into some legal trouble for complying with an improper request.
My first suggestion would be to talk to a lawyer who knows this sort of thing,
and find out what the current law says regarding responding to law enforcement
requests. At that point somebody (the board? The membership?) needs to
decide whether the current requirements are something Grex can live with, and
either develop a policy that complies with current law or make a conscious
descion to fight it.
|
russ
|
|
response 2 of 116:
|
Sep 14 22:21 UTC 2003 |
I suggest that Grex staff place a notice in the MOTD that Grex
has never turned any user's records over to LE pursuant to the
USA PATRIOT act. If it ever happens that Grex is required to
do so, the staffer involved could remove the notice without
violating the terms of the law (no user would be identified,
after all). It's far more likely that CALEA would be used
instead of USA-PATRIOT anyway.
|
other
|
|
response 3 of 116:
|
Sep 14 22:39 UTC 2003 |
I like it.
|
mary
|
|
response 4 of 116:
|
Sep 14 23:34 UTC 2003 |
I guess if we were approached under any of the new rulings I'd like
to see us get some advice on the legality of the search or
investigation before being helpful. If it were me, I'd contact the
ACLU staff and ask if they'd care to offer advice or recommend
someone who might help us out. I know they are heavily involved in
fighting this legislation.
It's my understanding that even seeking their advice would make us
punishable under the law. Is that true? Should that matter in
terms of our course of action?
The reason I'd like to discuss what we *might* do is we won't be
able to talk about it if it happens. Would the users want us to
take a position that might be seen as non-compliant even if that
means the system could be seized? Would they be understanding of
those involved if staff simply complied with all requests and
didn't say a word to anyone? Should we do the right thing or the
safe thing?
|
gelinas
|
|
response 5 of 116:
|
Sep 15 00:42 UTC 2003 |
Hmm.... I'm inclined to do the right thing. In most cases, the only way to
get the Supreme Court to review a law is to appeal a conviction.
|
other
|
|
response 6 of 116:
|
Sep 15 00:49 UTC 2003 |
I'm also inclined to do the right thing, and I believe that the ACLU
would happily back us on it. I don't think that we could be subject to
prosecution for consulting an attorney about our rights and obligations
under the law if presented with an order to provide information.
If in doubt, we could simply require proof that the person presenting the
order is actually a law enforcement official and that the order pertains
to a current investigation, and during the delay before that proof is
provided, we could make the attorney contact. After all, we would only
be fulfilling our obligations to National Security to be absolutely
certain that any information we provide is actually going to Law
Enforcement and not some terrorist posing as same in order to subvert the
system.
|
aruba
|
|
response 7 of 116:
|
Sep 15 02:48 UTC 2003 |
Could someone (Mary?) give a primer on what kinds of requests we might
receive, and what the secrecy requirements seem to be?
|
sholmes
|
|
response 8 of 116:
|
Sep 15 03:12 UTC 2003 |
What kind of information are we talking about ? A user's personal files ?>
or say things like party logs ? ( which is public viewable anyway , but does
that mean we have to be careful of what we say in party ? )
|
other
|
|
response 9 of 116:
|
Sep 15 03:56 UTC 2003 |
Re: #7
The only thing that IS clear is that the Patriot Act forbids
revealing to a person whose records have been ordered turned over that
such an order has been given, received or acted upon. Presumably, just
based on the scattered information we do have, the information to be
provided could conceivably be anything at all to which we have access (as
root). Anyone who has actually read the full text of the act, or
consulted with an attorney regarding its impacts, please correct me as
necessary.
|
gelinas
|
|
response 10 of 116:
|
Sep 15 04:12 UTC 2003 |
I've read bits and pieces of the act, but what's really interesting are the
implementing regulations. I've been trying to read through the one jointly
issued by Treasury, the SEC and a few others on limiting money-laundering.
|
scg
|
|
response 11 of 116:
|
Sep 15 06:55 UTC 2003 |
You can always talk to your lawyer about what the law requires you to do in
a specific case. The lawyer may not be able to talk about it with anybody
else.
I'd strongly suggest not going to the ACLU for legal advice. The ACLU is a
wonderful organization, but they have a pretty set agenda. If you've decided
to take a legal stand on something and at that point the ACLU is willing to
provide representaiton, that's great. But Grex needs its own non-ACLU legal
counsel to first define what the legal obligations are.
The way this is supposed to work at companies that get these requests on a
regular basis is that they have a lawyer (or legal department) who has already
agreed to review this sort of request. Any request from law enforcement goes
straight to the lawyer, who says yes or no to the request and decides what
information will be given to who. This is important, as the law enforcement
people often aren't willing to wait for a decision, and the legal consequences
of saying no to a proper request *or* yes to an improper request can be quite
bad.
Really, the only question anybody should be asking at this point in this
discussion is who the good lawyers are in Ann Arbor for dealing with wiretap
law, who might be willing to do some pro-bono work.
|
mary
|
|
response 12 of 116:
|
Sep 15 11:02 UTC 2003 |
Re: #7: Here is a URL the text of the act and a nice summary of
the reasons for concern. In terms of what we might be asked to
hand over? I suspect it could be just about anything on someone
they are interested in knowing more about, all done with extreme
secrecy and lack of oversight.
http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12126&c=207
|
asddsa
|
|
response 13 of 116:
|
Sep 15 15:36 UTC 2003 |
Why not move GreX to Canada, where both the patriot act and DMCA don't
matter?
|
dah
|
|
response 14 of 116:
|
Sep 15 18:29 UTC 2003 |
Wrong.
|
other
|
|
response 15 of 116:
|
Sep 15 22:47 UTC 2003 |
There is a major distinction to be made here, by the way, between the
ideals expressed by some of the board and staff about how to justly
respond to a Patriot Act order, and the kind of response our obligations
to Grex might determine. It is easy to imagine that this would be a very
difficult line to draw, but an extremely important one as well.
|
mary
|
|
response 16 of 116:
|
Sep 15 23:29 UTC 2003 |
Exactly. Which is why I was asking for feedback from the
users.
How to respond would need to be a judgement call on the part
of those involved. But I'd sure like to know how the users
at large would feel about Grex taking some chances with our
response.
|
gull
|
|
response 17 of 116:
|
Sep 15 23:31 UTC 2003 |
I think it's more likely we'd be presented with a self-serve DMCA
subpoena than a PATRIOT Act information request, though either is
possible. While we're on the subject we might want to decide what we'd
do if the RIAA filed a subpoena for user information.
|
mary
|
|
response 18 of 116:
|
Sep 15 23:38 UTC 2003 |
In a nutshell, what are the differences between those
three entities?
|
other
|
|
response 19 of 116:
|
Sep 16 00:04 UTC 2003 |
Umm, without input from the membership, our default course of action
should be to comply with the law as fully possible in order to minimize
the risk to the uninterrupted operation of Grex.
The only way I could see clear to differing from that course would be if
a majority of the membership voted to put Grex on the block if it came to
it, in a challenge to the law. It would eat away at me to just comply,
and I might resign in order to register my personal opposition to
compliance even though my proper obligation as a board member would be to
comply.
For that matter, do we even have a policy which would cover a scenario in
which a substantial portion of the board simultaneously resigned?
|
russ
|
|
response 20 of 116:
|
Sep 16 01:08 UTC 2003 |
This response has been erased.
|
newjp2
|
|
response 21 of 116:
|
Sep 16 13:54 UTC 2003 |
19: Rewrite the quorum requirement so that it specifies a percentage rather
than an absolute number.
|
cross
|
|
response 22 of 116:
|
Sep 16 20:34 UTC 2003 |
Has law enforcement ever asked grex for any information before at all?
|
mary
|
|
response 23 of 116:
|
Sep 16 21:31 UTC 2003 |
Yes.
|
cross
|
|
response 24 of 116:
|
Sep 16 22:01 UTC 2003 |
Perhaps if we had some more information about that, to the staff members
who were involved can discuss it without violating anyone's privacy, we'd
be in a better position to discuss it, yes yes?
|