Home page logo

bugtraq logo Bugtraq mailing list archives

RE: Does VeriSign's SiteFinder service violate the ECPA?
From: Frank Nospam <fuy1 () umbc edu>
Date: Thu, 25 Sep 2003 13:29:14 -0400

At 10:47 AM -0400 9/25/03, Justin Hahn wrote:
As an aside, I find it very curious that people characterize HTTP
traffic done in the clear (i.e. unencrypted) on the public internet
as private data. If I shout my Social Security Number out loud in

Your premise is unacceptable. By this reasoning, would you consider
 it okay for the major backbone carriers to intercept any cleartext
 sent across their lines and pass the data to marketers/Ashcroft/etc?

HTTP may not be encrypted, but it is point-to-point, not broadcast.

I'd be careful making legal arguments, but I suspect that if Verisign is
doing anything with this data they are justifying it as being "Public" and
that if people are foolish enough to transmit "Private" data in a "Public" 
medium they can't be held liable. (But of course, that's for the courts to

IANAL either, but I would consider it much closer to wiretapping.
 Verisign is NOT the intended recipient of typo traffic, but it is
 intentionally gathering that data.

JHU CTY Distance Education - Math Courses http://cty.jhu.edu/tutorials

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]