[Cryptography] Sonic.net implements DNSSEC, performs MITM against customers. Are they legally liable?

John Levine johnl at iecc.com
Fri Oct 10 11:44:50 EDT 2014


> They DID 
>make the decision, based on content, what traffic they would 
>carry on DNSSEC.  As a result, didn't they become liable for 
>damages from crimes committed by the abuse of that service?

Nerds playing junior lawyer rarely turn out well, but what the heck.

A) Like all Internet providers, they have a service agreement for their
users, and you waived your remedies against them by being a customer:

https://wiki.sonic.net/wiki/Category:Policies

B) This is clearly a screwup on Sonic's part, not malicious.  It's
very hard to persuade a court that a mistake was so egregious that
it's tantamount to malice.

For the specific example of the CFAA, that outlaws unauthorized access
to computers.  Sonic is obviously authorized to access their own
equipmment.  Sending you data you don't like is not access.

R's,
John


More information about the cryptography mailing list