Except that what really happens is that you end up trying to use a sluggish can-do-everything-and-more framework that does 10 times what you need it to do but fails to do 2-3 critical things that you absolutely need to do. And between the time spent learning the can-do-everything framework and what parts of it you don't care about and the time spent kludging and hacking on it to fill in the missing bits, you end up spending more time than it'd've taken you to write your own from scratch or using more primitive tools.
Been there, done that, got the drawer full of t-shirts.
And this, children, is why you always, always complete the full course of antibiotic treatment, even if you think the problem's cleared up half-way through. If you stop early you leave the small subset of bugs, not enough to cause a visible problem, that are the most resistant to the antibiotics. Lather rinse repeat a few times and you end up with bugs that laugh at antibiotics and proceed to run rampant.
In response to point 2, I'd refer you to his second post (#7). Mercedes Lackey is an established author with name recognition, and she saw the same increase in sales of paper copies as Eric did. If it only works for new authors, why did it work for Ms. Lacky?
Eric Flint and Jim Baen have already refuted Mr. Murdoch's contention with hard sales figures for real books. When electronic versions are made available for free, in a non-DRM-protected format, sales of paper editions increased.
Nope, not according to the settlement terms. If the author sues, the burden will be on Google to show they took reasonable steps (at the very least contacting the publisher to get contact info and/or running a Google search for the author's name). If Google can't, they're liable for standard copyright-infringement damages. And even if Google shows they took reasonable steps and the author wasn't contactable, Google's still on the hook for royalties for every copy they make. At absolute worst the author walks away with the same royalties they'd've gotten for sales of their book. The only way the author suffers is if they didn't want the work available at all, and, well, ask Neal Stephenson how well that works (title: The Big U).
IIRC, if the author is receiving royalty payments then Google isn't going to scan their works and sell them. The opt-out provision only applies to works where the copyright holder is either unknown or not responding to contact attempts (the class of works referred to as "orphan works"). If as an author you've got works out there that Google won't be able to associate with you, it's your responsibility to tell Google about it. To me, that seems reasonable. The alternative is seeing a large body of work disappear because nobody can legally preserve it, which seems to me to be socially undesirable.
IMO the right response to the Indians is "OK then, what's your proposal for handling this? And it's got to allow for the preservation of orphan works in some fashion.".
Sure, this was foreseeable. But at the time nobody needed large quantities of this sort of radiation-detection gear, and nobody foresaw circumstances where we'd suddenly develop a huge demand for it. So when production was stopped, nobody saw the consequences as being any major problem.
Because that leads to a situation where it makes no sense to buy insurance: my premium's going to be my actual costs plus the insurance company's overhead and profit, and I'm better off putting the money into a safe, relatively-liquid investment and letting it earn interest until it's needed.
The problem is that you're thinking of insurance as covering your costs, when insurance is supposed to be a risk pool. The chance of any one person dying of, say, cancer is really unpredictable, but when you look at a population the size of say the entire United States you can predict with pretty high accuracy how many people will die of cancer each year. The idea behind insurance is to get a coverage pool large enough that the aggregate costs become fairly predictable, and then to spread those costs across the entire pool so the annual cost to each member also becomes predictable.
I notice this doesn't extend to plug-ins and extensions found via the various plugins directories and registry keys. If it were me, I'd extend this feature to include saving a list in a locked-down location of all known extensions/add-ons found via the plugin directories and via registry keys. Every time the browser started, if it found a plugin or extension being loaded via the registry or a plugin directory that wasn't on the list, it'd notify the user what the plugin was and ask whether they wanted it enabled or not. That way nothing can get added to the browser without the user knowing and approving of the change.
Down in the advanced options I'd add a setting to give expert users the additional option of removing the plugin by either removing it's files from the plugins directory it was found in or removing it's registry keys depending on how it was found.
SMTP protocol? Hello, why am I wasting my CPU cycles and bandwidth on reading and rejecting a spammer's SMTP exchange? Their IP ranges go into my firewall and their packets get dropped long before they get anywhere near the SMTP server. If they get through that and get caught by the SMTP server's checks then yes they'll get an appropriate error code back, but that's a last-ditch check because Rule #1: you can't trust anything a spammer sends you, this includes their HELO/EHLO command.
When do I clean addresses and domains out of my filters? Usually never. It's just too much trouble to keep tabs on all of them and actively look for them being cleaned up. Once they're in the filters, there they stay until something happens to make me take a look at them. Usually that something'll be someone I know getting caught by the e-mail filters and contacting me out-of-band to find out why I'm not responding to their mail. Or it might be me trying to go to a site I added to the filters ages ago and being blocked when I know it should be clean now, and I go and find it and remove it. But generally, unless something like that motivates me, I've got better things to do with my time than keeping track of all the bad guys I've run across over the years and whether they've mended their ways or not.
More like the gas gauge is working fine but they won't look at it. And when you try to tell them about the gauge and needing to put gas in the car, they respond that they just want to go place in their car and not worry about all that technical stuff. The only way to fix this is to make it their problem: next time they run out of gas on the freeway, be unavailable or unable to come rescue them so they have to call a tow truck and pay through the nose for enough gas to get to a gas station. After a few times of this it's amazing how simple reading the gas gauge becomes for them.
Yep, Costco charges a membership fee. But you'll notice that outside the door they've got a big board listing their specials. They have flyers in the papers telling you what they've got on sale. You can browse their web site and see everything you could buy there if you had a membership. They know you won't buy from them unless you know what they've got available and what the prices are.
Murdoch, by contrast, doesn't want you to know what he's got until after you've paid him. And nobody's going to shell out money blind.
There's a department store. It probably carries a lot of merchandise. But the store owner wants everybody to pay him a fee to walk through the front door. And he wants the local papers to not say what he carries, or what he's got on sale this week. He feels that he should be the only one getting paid for anything that mentions his merchandise.
Would you bother going to his store? Or would you go to the Target or Wal-Mart that's happy to have a flyer in the paper listing everything they've got on sale this week.
Yeah, thought so.
It's your right to be stupid and wrong-headed, Mr. Murdoch. Everyone has that gods-given right. But don't come whining to us when your plan fails to go the way you want it to go. We, after all, never signed any agreement saying we'd only behave the way you want.
No, they're exactly the same. Except that in the case of your e-mail the ISP doesn't need to know your password to access your mail. They have direct access to the storage your e-mail is in, as if Public Storage had a back door into every unit that they had the key to and could use. But if you look in your unit, you'll notice that Public Storage doesn't have a back door, they have to use the same door you do which requires your key to open. By contrast, any employee of your ISP with appropriate privileges can read your mail any time they want regardless of whether or not they have your password. In fact, a good rule to follow is that anybody who has to ask for your password to access your files is not tech support for your ISP, because the real tech support wouldn't need that.
No, they don't know your account password. They don't have to. Your e-mail is laying there in plain text in a file they can read any time they want to. And this has been the case since the dawn of computers: passwords are to deny access to people who don't have access, they do nothing to stop anyone who already has access. And the guy with root always has access.
Contrast this with Public Storage, where the only way into your unit is through a door that's locked with your lock and only you (or people you've given copies of the key to) can open that lock.
Thing is, Google News doesn't reproduce the text. They reproduce a leader, maybe the first sentence or two, and the article is a link back to the original site. So if your advertising is on the page with the article, Google News takes exactly zero away from your advertising revenue because anyone wanting to read your article has to read your page. The only way you have a problem is if your advertising depends on the reader following navigation from your home page, and that's just a stupid way to do things in the first place because the first rule of the Web is that you can't control where users come from. It's not even aggregators, if I personally want to point a friend at your story I'm not going to give them your home page and detailed instructions for how to navigate to the story, I'm going to send them the link to the story itself from my browser's URL bar, and if you're a sensible writer you don't want to make it difficult for people to tell other people about your story.
Basic question: does Public Storage have a copy of the key to your unit? In general, no. They have to either break the law or jump through a number of legal hoops to gain access to your unit. The courts take notice of this, and generally will rule that Public Storage doesn't ordinarily have access to your unit because of the extraordinary steps they'd need to take to gain access. This is a different situation from one where they do have a copy of the key and can gain access by nothing more than taking their copy of the key off it's hook and walking over to your unit.
For #2, as the judge noted, doing that does in fact remove the expectation of privacy. As for #1 and #3, note that in both cases the law sets limits on how and when health-care providers can reveal the contents of your records and on how and when the landlord may access your apartment. The courts give force to legal limits on access that they don't give to self-imposed limits. If I promise not to do something that doesn't have the legal force that a law saying I may not legally do something does.
Landlord isn't a good analogy, because state law usually defines what access he can legally have to your apartment. The courts normally give force to limits imposed by the law that they don't give to self-imposed limits.
No, they don't have access. Ask your bank manager about it. If a box is abandoned, the bank has to have a locksmith in to drill out the lock to get into it. And they aren't even legally allowed to do that simply because the rent's not been paid, there's usually state laws governing what steps they have to take to try to contact the box's owner before they're allowed to break the lock. All of which is enough that the law considers it a bar to normal access (ie. the bank has to take extraordinary steps to gain access).
One flaw in this argument: ISP employees do in fact have access to your e-mail. Hopefully it's only a small number, sysadmins and others with root access, and ISPs usually promise not to use that access except in limited ways without the customer's permission, but that doesn't change whether they have access or not. And the courts are concerned with whether the ISP has access, not whether or not he's promised to use it.
A good analogy would be ordinary bank records vs. the contents of a safe-deposit box. The first the bank has access to, and the customer has limited expectation of privacy regarding them. The second the bank does not have access to, their key physically can't open the box alone, and the customer has a higher expectation of privacy about the contents. If you want an expectation of privacy in your e-mail, you need to insure that your ISP literally cannot access it's contents. A promise from them that they won't isn't sufficient if they can.
True, but UCC Article 2 section 401 has something to say on the matter, specifically that title to the goods passes to the buyer at the time of delivery by the seller unless there's an explicit agreement otherwise. And that agreement has to be in place before delivery, otherwise title's already passed and the buyer can simply refuse the new agreement and retain title. And you'll note that in most software sales there is no explicit agreement entered into before the clerk hands you your package. There's only an implicit agreement requested by Apple, with no attempt to make the terms known to the buyer beforehand, no attempt to get the buyer's explicit acceptance of the agreement and no attempt to refuse to proceed with the sale until the buyer agrees. So the buyer is the owner of the goods after the sale, he holds title to them.
Apple may claim the sale is conditional, but they don't attempt to make it so. They only presume acceptance of their requested terms, and that runs afoul of 2-401's use of that little word "explicit". Which, if you look at the legal history of UCC Article 2, is exactly what it intends. One common abuse by merchants was the inclusion of implicit or hidden terms the buyer wasn't aware of at the time of sale, and 2-401 was written in response. It's commonly called the "quacks like a duck" clause: if it looks like a sale, and it sounds like a sale, then it is a sale as commonly understood and if the merchant wishes otherwise it's up to them to make that clear to the buyer and get them to agree to it.
Of course an obvious response is that the merchant isn't Apple and doesn't have power to transfer title. To which the response is UCC Article 2 section 403 which says that if Apple entrusts it's software to a merchant to sell it automatically gives the merchant all the power to transfer title that Apple would have had. It was again written to counter exactly that sort of claim, allowing consumers to deal with sales exactly as they see them without having to worry about the behavior or desires of a party they're not dealing directly with (ie. when you buy a car from your local Ford dealer you don't have to worry about Ford coming back and saying "No, this was only a lease and not a sale.").
A better title for the article would be "Why people suck at computational error analysis.". Except for the one about the Pentium FDIV bug, every example it gives is one where humans ignored some rule or another governing error propagation in the computations. Back in college, I ran across a book titled "Scientific Analysis on the Pocket Calculator" that had a full third of it's content devoted entirely to error analysis, both of the errors the initial data would introduce (limited precision in the initial data) and ones the calculator itself would cause (limited range, limited number of significant digits, overflow/underflow in intermediate calculations). Computers add the additional fun of dealing with numbers that're rational in base 10 but irrational in base 2. And in school they gloss over all of this, don't bother teaching it. They all teach as if computers have infinite range and an infinite number of significant digits in all calculations. Is it any wonder the results are botched so often?
The thing about safe-deposit boxes is that the bank can literally say to the cops "Sorry, we can't give you access.". Not won't, not don't want to, can't. Opening that box requires two keys, one belonging to the bank and one belonging to the box's owner, and the bank doesn't keep a copy of the owner's key. The cops can demand all they want, the only way the bank can get into that box without the owner being there with his key is to drill the lock out (which banks do have to do when boxes are abandoned or if the owner's lost his key).
If I were setting up a mail server, what I'd do is require every subscriber to generate a public key certificate and upload it to the server. All incoming mail is encrypted with the recipient's public key upon receipt and only stored in encrypted form. All outgoing mail handled by the server is encrypted the same way immediately after being sent along, and filed only in encrypted form. Subscribers need to use a mail client that transparently handles S/MIME- or PGP-encrypted e-mail to view their mail. That way when some LEA comes along with a warrant, I can say to them "Sorry, I can't give you access. The only person who's got the key to unlock those messages is the owner.".
Slashdot Mirror
Except that what really happens is that you end up trying to use a sluggish can-do-everything-and-more framework that does 10 times what you need it to do but fails to do 2-3 critical things that you absolutely need to do. And between the time spent learning the can-do-everything framework and what parts of it you don't care about and the time spent kludging and hacking on it to fill in the missing bits, you end up spending more time than it'd've taken you to write your own from scratch or using more primitive tools.
Been there, done that, got the drawer full of t-shirts.
And this, children, is why you always, always complete the full course of antibiotic treatment, even if you think the problem's cleared up half-way through. If you stop early you leave the small subset of bugs, not enough to cause a visible problem, that are the most resistant to the antibiotics. Lather rinse repeat a few times and you end up with bugs that laugh at antibiotics and proceed to run rampant.
In response to point 2, I'd refer you to his second post (#7). Mercedes Lackey is an established author with name recognition, and she saw the same increase in sales of paper copies as Eric did. If it only works for new authors, why did it work for Ms. Lacky?
Eric Flint and Jim Baen have already refuted Mr. Murdoch's contention with hard sales figures for real books. When electronic versions are made available for free, in a non-DRM-protected format, sales of paper editions increased.
Nope, not according to the settlement terms. If the author sues, the burden will be on Google to show they took reasonable steps (at the very least contacting the publisher to get contact info and/or running a Google search for the author's name). If Google can't, they're liable for standard copyright-infringement damages. And even if Google shows they took reasonable steps and the author wasn't contactable, Google's still on the hook for royalties for every copy they make. At absolute worst the author walks away with the same royalties they'd've gotten for sales of their book. The only way the author suffers is if they didn't want the work available at all, and, well, ask Neal Stephenson how well that works (title: The Big U).
IIRC, if the author is receiving royalty payments then Google isn't going to scan their works and sell them. The opt-out provision only applies to works where the copyright holder is either unknown or not responding to contact attempts (the class of works referred to as "orphan works"). If as an author you've got works out there that Google won't be able to associate with you, it's your responsibility to tell Google about it. To me, that seems reasonable. The alternative is seeing a large body of work disappear because nobody can legally preserve it, which seems to me to be socially undesirable.
IMO the right response to the Indians is "OK then, what's your proposal for handling this? And it's got to allow for the preservation of orphan works in some fashion.".
Sure, this was foreseeable. But at the time nobody needed large quantities of this sort of radiation-detection gear, and nobody foresaw circumstances where we'd suddenly develop a huge demand for it. So when production was stopped, nobody saw the consequences as being any major problem.
Because that leads to a situation where it makes no sense to buy insurance: my premium's going to be my actual costs plus the insurance company's overhead and profit, and I'm better off putting the money into a safe, relatively-liquid investment and letting it earn interest until it's needed.
The problem is that you're thinking of insurance as covering your costs, when insurance is supposed to be a risk pool. The chance of any one person dying of, say, cancer is really unpredictable, but when you look at a population the size of say the entire United States you can predict with pretty high accuracy how many people will die of cancer each year. The idea behind insurance is to get a coverage pool large enough that the aggregate costs become fairly predictable, and then to spread those costs across the entire pool so the annual cost to each member also becomes predictable.
I ranted on this subject a while ago.
I notice this doesn't extend to plug-ins and extensions found via the various plugins directories and registry keys. If it were me, I'd extend this feature to include saving a list in a locked-down location of all known extensions/add-ons found via the plugin directories and via registry keys. Every time the browser started, if it found a plugin or extension being loaded via the registry or a plugin directory that wasn't on the list, it'd notify the user what the plugin was and ask whether they wanted it enabled or not. That way nothing can get added to the browser without the user knowing and approving of the change.
Down in the advanced options I'd add a setting to give expert users the additional option of removing the plugin by either removing it's files from the plugins directory it was found in or removing it's registry keys depending on how it was found.
SMTP protocol? Hello, why am I wasting my CPU cycles and bandwidth on reading and rejecting a spammer's SMTP exchange? Their IP ranges go into my firewall and their packets get dropped long before they get anywhere near the SMTP server. If they get through that and get caught by the SMTP server's checks then yes they'll get an appropriate error code back, but that's a last-ditch check because Rule #1: you can't trust anything a spammer sends you, this includes their HELO/EHLO command.
When do I clean addresses and domains out of my filters? Usually never. It's just too much trouble to keep tabs on all of them and actively look for them being cleaned up. Once they're in the filters, there they stay until something happens to make me take a look at them. Usually that something'll be someone I know getting caught by the e-mail filters and contacting me out-of-band to find out why I'm not responding to their mail. Or it might be me trying to go to a site I added to the filters ages ago and being blocked when I know it should be clean now, and I go and find it and remove it. But generally, unless something like that motivates me, I've got better things to do with my time than keeping track of all the bad guys I've run across over the years and whether they've mended their ways or not.
More like the gas gauge is working fine but they won't look at it. And when you try to tell them about the gauge and needing to put gas in the car, they respond that they just want to go place in their car and not worry about all that technical stuff. The only way to fix this is to make it their problem: next time they run out of gas on the freeway, be unavailable or unable to come rescue them so they have to call a tow truck and pay through the nose for enough gas to get to a gas station. After a few times of this it's amazing how simple reading the gas gauge becomes for them.
Yep, Costco charges a membership fee. But you'll notice that outside the door they've got a big board listing their specials. They have flyers in the papers telling you what they've got on sale. You can browse their web site and see everything you could buy there if you had a membership. They know you won't buy from them unless you know what they've got available and what the prices are.
Murdoch, by contrast, doesn't want you to know what he's got until after you've paid him. And nobody's going to shell out money blind.
There's a department store. It probably carries a lot of merchandise. But the store owner wants everybody to pay him a fee to walk through the front door. And he wants the local papers to not say what he carries, or what he's got on sale this week. He feels that he should be the only one getting paid for anything that mentions his merchandise.
Would you bother going to his store? Or would you go to the Target or Wal-Mart that's happy to have a flyer in the paper listing everything they've got on sale this week.
Yeah, thought so.
It's your right to be stupid and wrong-headed, Mr. Murdoch. Everyone has that gods-given right. But don't come whining to us when your plan fails to go the way you want it to go. We, after all, never signed any agreement saying we'd only behave the way you want.
No, they're exactly the same. Except that in the case of your e-mail the ISP doesn't need to know your password to access your mail. They have direct access to the storage your e-mail is in, as if Public Storage had a back door into every unit that they had the key to and could use. But if you look in your unit, you'll notice that Public Storage doesn't have a back door, they have to use the same door you do which requires your key to open. By contrast, any employee of your ISP with appropriate privileges can read your mail any time they want regardless of whether or not they have your password. In fact, a good rule to follow is that anybody who has to ask for your password to access your files is not tech support for your ISP, because the real tech support wouldn't need that.
No, they don't know your account password. They don't have to. Your e-mail is laying there in plain text in a file they can read any time they want to. And this has been the case since the dawn of computers: passwords are to deny access to people who don't have access, they do nothing to stop anyone who already has access. And the guy with root always has access.
Contrast this with Public Storage, where the only way into your unit is through a door that's locked with your lock and only you (or people you've given copies of the key to) can open that lock.
Thing is, Google News doesn't reproduce the text. They reproduce a leader, maybe the first sentence or two, and the article is a link back to the original site. So if your advertising is on the page with the article, Google News takes exactly zero away from your advertising revenue because anyone wanting to read your article has to read your page. The only way you have a problem is if your advertising depends on the reader following navigation from your home page, and that's just a stupid way to do things in the first place because the first rule of the Web is that you can't control where users come from. It's not even aggregators, if I personally want to point a friend at your story I'm not going to give them your home page and detailed instructions for how to navigate to the story, I'm going to send them the link to the story itself from my browser's URL bar, and if you're a sensible writer you don't want to make it difficult for people to tell other people about your story.
Basic question: does Public Storage have a copy of the key to your unit? In general, no. They have to either break the law or jump through a number of legal hoops to gain access to your unit. The courts take notice of this, and generally will rule that Public Storage doesn't ordinarily have access to your unit because of the extraordinary steps they'd need to take to gain access. This is a different situation from one where they do have a copy of the key and can gain access by nothing more than taking their copy of the key off it's hook and walking over to your unit.
For #2, as the judge noted, doing that does in fact remove the expectation of privacy. As for #1 and #3, note that in both cases the law sets limits on how and when health-care providers can reveal the contents of your records and on how and when the landlord may access your apartment. The courts give force to legal limits on access that they don't give to self-imposed limits. If I promise not to do something that doesn't have the legal force that a law saying I may not legally do something does.
Landlord isn't a good analogy, because state law usually defines what access he can legally have to your apartment. The courts normally give force to limits imposed by the law that they don't give to self-imposed limits.
No, they don't have access. Ask your bank manager about it. If a box is abandoned, the bank has to have a locksmith in to drill out the lock to get into it. And they aren't even legally allowed to do that simply because the rent's not been paid, there's usually state laws governing what steps they have to take to try to contact the box's owner before they're allowed to break the lock. All of which is enough that the law considers it a bar to normal access (ie. the bank has to take extraordinary steps to gain access).
One flaw in this argument: ISP employees do in fact have access to your e-mail. Hopefully it's only a small number, sysadmins and others with root access, and ISPs usually promise not to use that access except in limited ways without the customer's permission, but that doesn't change whether they have access or not. And the courts are concerned with whether the ISP has access, not whether or not he's promised to use it.
A good analogy would be ordinary bank records vs. the contents of a safe-deposit box. The first the bank has access to, and the customer has limited expectation of privacy regarding them. The second the bank does not have access to, their key physically can't open the box alone, and the customer has a higher expectation of privacy about the contents. If you want an expectation of privacy in your e-mail, you need to insure that your ISP literally cannot access it's contents. A promise from them that they won't isn't sufficient if they can.
True, but UCC Article 2 section 401 has something to say on the matter, specifically that title to the goods passes to the buyer at the time of delivery by the seller unless there's an explicit agreement otherwise. And that agreement has to be in place before delivery, otherwise title's already passed and the buyer can simply refuse the new agreement and retain title. And you'll note that in most software sales there is no explicit agreement entered into before the clerk hands you your package. There's only an implicit agreement requested by Apple, with no attempt to make the terms known to the buyer beforehand, no attempt to get the buyer's explicit acceptance of the agreement and no attempt to refuse to proceed with the sale until the buyer agrees. So the buyer is the owner of the goods after the sale, he holds title to them.
Apple may claim the sale is conditional, but they don't attempt to make it so. They only presume acceptance of their requested terms, and that runs afoul of 2-401's use of that little word "explicit". Which, if you look at the legal history of UCC Article 2, is exactly what it intends. One common abuse by merchants was the inclusion of implicit or hidden terms the buyer wasn't aware of at the time of sale, and 2-401 was written in response. It's commonly called the "quacks like a duck" clause: if it looks like a sale, and it sounds like a sale, then it is a sale as commonly understood and if the merchant wishes otherwise it's up to them to make that clear to the buyer and get them to agree to it.
Of course an obvious response is that the merchant isn't Apple and doesn't have power to transfer title. To which the response is UCC Article 2 section 403 which says that if Apple entrusts it's software to a merchant to sell it automatically gives the merchant all the power to transfer title that Apple would have had. It was again written to counter exactly that sort of claim, allowing consumers to deal with sales exactly as they see them without having to worry about the behavior or desires of a party they're not dealing directly with (ie. when you buy a car from your local Ford dealer you don't have to worry about Ford coming back and saying "No, this was only a lease and not a sale.").
A better title for the article would be "Why people suck at computational error analysis.". Except for the one about the Pentium FDIV bug, every example it gives is one where humans ignored some rule or another governing error propagation in the computations. Back in college, I ran across a book titled "Scientific Analysis on the Pocket Calculator" that had a full third of it's content devoted entirely to error analysis, both of the errors the initial data would introduce (limited precision in the initial data) and ones the calculator itself would cause (limited range, limited number of significant digits, overflow/underflow in intermediate calculations). Computers add the additional fun of dealing with numbers that're rational in base 10 but irrational in base 2. And in school they gloss over all of this, don't bother teaching it. They all teach as if computers have infinite range and an infinite number of significant digits in all calculations. Is it any wonder the results are botched so often?
The thing about safe-deposit boxes is that the bank can literally say to the cops "Sorry, we can't give you access.". Not won't, not don't want to, can't. Opening that box requires two keys, one belonging to the bank and one belonging to the box's owner, and the bank doesn't keep a copy of the owner's key. The cops can demand all they want, the only way the bank can get into that box without the owner being there with his key is to drill the lock out (which banks do have to do when boxes are abandoned or if the owner's lost his key).
If I were setting up a mail server, what I'd do is require every subscriber to generate a public key certificate and upload it to the server. All incoming mail is encrypted with the recipient's public key upon receipt and only stored in encrypted form. All outgoing mail handled by the server is encrypted the same way immediately after being sent along, and filed only in encrypted form. Subscribers need to use a mail client that transparently handles S/MIME- or PGP-encrypted e-mail to view their mail. That way when some LEA comes along with a warrant, I can say to them "Sorry, I can't give you access. The only person who's got the key to unlock those messages is the owner.".