On Mon, 22 Sep 2003, Doug Royer wrote: > >>The HIPPA argument doesn't fly at all. However, Verisign is also subject > >>to the ECPA, and may not disclose the contents email, any more than any > >>other communications providers can. No confidentiality (HIPPA or > >>otherwise) is broken. > >> > >>I'm not sure if you are ignorant of HIPPA, the ECPA, or just > >>fear-mongering. I guess all those people who used to say there were no > >>laws on the internet must now be thinking "well, there ought to be". Well, > >>they're in luck. It just happens there are laws already. > >> > > You reall do not have a clue about HIPPA regulations. Actually, I have customers who are hospitals and health care providers and pharmaceutical companies. I have a copy of the HIPPA regulations. I have a clue about HIPPA regulations. HIPPA covers _medical_ information. Email addresses are not medical information. The email address in an email message is not a medical record protected by HIPPA. Third, the email address is already being disclosed to the ISP running the relay. The relevant privacy law involving email is the ECPA, not HIPPA. Verisign is prevented from disclosing the contents of any email, as is the ISP. Quite obviously, Verisign is not improperly disclosing any information. Contrary assertions are FUD. --Dean