Okay, time for me to post something...
A. If you code something that allows another person to break the law, you may be liable to be sued for damages by the entity that suffered the damage because of the use of your code. For example, the makers of kazaa, which deliberately used a non-central system to avoid problems suffered by napster, was still successfully sued by the music companies, as it made sharing pirated music a lot easier. On the other hand, if you code vBulletin, and it's used by terrorists to plot bombing attacks, it's doubtful that a court would find Jelsoft liable. What is the essential difference between the two? In the first case, everyone knows you usually use a file sharing script to share files like music or video that are copyright. It's common knowledge. The courts know this. In the second case, everyone knows that a forum script is used for legitimate purposes. The courts also know this. So courts it seems look at what the main purpose of the script is - is it for a legal purpose or illegal purpose. A bit like writing a worm - there is no other use for it except to cause problems. If companies suffer damage, they will look for the worm author.
When it comes to reading your user's PMs, the question you have to ask yourself is:
1. Is this breaching my member's privacy?
a. Do I call them "private" messages?
b. Do I have a privacy policy on my site explaining what I will or will not read?
c. If I do read PMs, do my member's know this explicitly?
d. If they know, do my members give consent?
2. If reading PMs is a breach of privacy, then the next question is, is this illegal? This depends on where you are, where your server is, and where your member is - the law gets complicated here. In general, it's where the server is, but courts may find the laws of the member's country apply.
Remember, just because PMs are in a database that you can access using phpmyadmin does not mean that this is consent given by your member's to read them. They are called "private" messages for a reason.
Similarly, just because your ISP has your emails in their database does not mean you give your ISP consent to read your emails. An ISP may have a privacy policy that allows them to do it under certain circumstances (e.g. law enforcement direction). But normally, you would not like it if you know an ISP employee is reading your personal emails.
Bottom line: Is Floris going to be liable if a member sues a forum owner for breach of privacy? Only if the member decides to sue Floris as well, or the forum owner joins Floris as co-defendant - it's not automatic. Would the member win? The member has to argue that he or she suffered some sort of damages or loss. If he or she can prove this, then the courts will look to see what the purpose of Floris' script is. If the script is primarily used for an illegal purpose, then he may be in trouble. That almost certainly would depend basically on an individual forum's privacy policy. On some forums, it would be fine, since the member has consent to his private messages being read. But on other forums, it may be seen as a breach of privacy by a member.
Personally, I won't be reading member's PMs myself as my privacy policy states that I respect my members' privacy. But you may have a different privacy policy on your site. An absence of a privacy policy (which is crazy in this day and age) does not constitute an absence of privacy.
B. Floris did the right thing by stopping the discussion of privacy in his thread. That thread is for support of his hack. Feel free to discuss this issue here though. It IS an important topic.
[Disclaimer: the above is not formal legal advice - speak to your own lawyer - they are just general principles]
|
More Information