The witch-hunt against Larry Garfield, part 1

This story has been out there for a while, but I haven’t posted until now because I was letting the story develop a bit more. (I have, in the past, posted too soon before parts of the story have developed and wound up looking, or at least feeling, like an idiot. More on this later.) Now that both sides have posted at least one statement, I feel the story has developed enough that I can go ahead and comment.

At present, I am not a Drupal user, but the issues that this situation presents could just as easily happen to anyone in any community-based free software project (WordPress, Joomla, Concrete 5, etc) and it’s entirely possible that I could wind up a Drupal user at some point in the future (I have set up a Drupal site before that I wound up never actually making a live website). In fact, I see parallels between this story and things that have happened to me in a couple of the various communities I have been involved in over the years. So I don’t see this as a Drupal issue, I see it as a community leadership and project governance issue, and a mighty big one at that.

A recent article on TechCrunch reports on the issues surrounding Larry Garfield and his continued participation in the Drupal project after over a decade of contributions. How the issues came to be is a chilling tale, which I will attempt to summarize in a timeline fashion, but I would like to invite readers to also read Larry’s blog post about the situation (titled appropriately enough “TMI About me”).

The timeline:

  • 2005 (April or later): Larry Garfield begins his involvement with the Drupal project.
  • 2016 October (approximate): Someone finds Larry’s profile on a private website for alternative lifestyles (in this case, it would appear, a BDSM community). This person was “Offended(tm)” (as Larry says it), screenshots a post, and passes it around, which is a direct violation of the site’s terms of service (TOS).
  • Some time later: This post makes it to Drupal’s Community Working Group (CWG), which finds no code of conduct violation that they can take action on. Despite this, a “gossip campaign” continues against Larry.
  • Some time after the above: The CWG informs Larry of the situation, who responds with an open offer for others to speak privately with him about his personal life if they so desire.
  • Late 2016 November (US Thanksgiving weekend) at Drupal Iron Camp in Prague, Czech Republic: Klaus Purer takes up Larry on his offer, though he doesn’t listen to much of what Larry had to say, ending the conversation with a statement that he was going to “distance himself from” Larry. Larry offers a handshake, which I would assume was declined by Mr. Purer.
  • Some time later: Mr. Purer signs up on the same private website, to go “spelunking” through Larry’s post history, sharing the “worst” posts with the CWG (again, in a flagrant violation of the TOS of that site).
  • 2017 January: Larry has a Google Hangouts conversation with Mr. Purer, during which the latter implies he is speaking not only for himself but for another group of anonymous individuals and attempts to blackmail Larry into resigning from his positions in the Drupal community, including his Drupal advocacy within the PHP community. Larry, in his post, states he “do[es] not suffer bullying and threats lightly” and as a result referred the matter back to the CWG, who mediates by having separate conversations between both Larry and Mr. Purer. They conclude again that no code of conduct violation has occurred.
  • Some time after the above: Mr. Purer continues his “spelunking” of the private website and sharing of content from that site with the CWG (still in violation of that website’s TOS).
  • 2017 February 24 (a Friday): Larry gets a phone call from Drupal project lead Dries Buytaert (roughly equivalent to a prominent WordPress user/contributor getting a call from Matt Mullenweg himself). Mr. Buytaert would reveal that he and the Drupal Association’s executive director Megan Sanicki had known about this situation for some time, but not once reached out to Larry until this phone call. Mr. Buytaert asks Larry “to step down from Drupal… in the best interest of the project”. Larry says this is impossible as it would directly impact his career (and due to Larry’s advocacy of Drupal in the PHP community, not necessarily in the best interests of the Drupal project either).
  • 2017 February 27 (the following Monday): Ms. Sanicki sends Larry an email dismissing him from his position as track chair and speaker at DrupalCon “per [his] conversation with Dries [Buytaert]”. From Larry’s blog post: “I do not know if ‘per my conversation with Dries’ means I’m unwelcome in Drupal because of my sex life, I’m unwelcome in Drupal because Dries was afraid Klaus would go public and embarrass the project otherwise, or something else. I have been given no further information than that and still have not been.”
  • After the preceding email: The Board of Directors (of the Drupal project) votes to affirm Ms. Sanicki’s “decision to revoke the session for DrupalCon Baltimore and end the track chair term”. They did this after Larry presented his case in writing when he was unable to present his case in person due to being scheduled to present at a conference.
  • 2017 March 22: Larry makes his blog post (linked below).
  • 2017 March 23: Ms. Sanicki makes a blog post on behalf of the Drupal Association addressing the situation (linked below).
  • 2017 March 26: Techcrunch publishes their article and it is shared to the Cypherpunks email list (and many other places, I’m sure) shortly thereafter.
  • 2017 March 27: Larry makes his second blog post (linked below).
  • 2017 March 29: Ms. Sanicki updates the DA blog post.
  • 2017 March 31: Another DA blog post from Ms. Sanicki (or at least posted from her author account) goes up (linked below).
  • 2017 April 5: Larry makes a third blog post, which I will comment on in more detail in the second part of this post (as this one has already grown to be rather long).

Larry goes on to quote from both the Drupal and DrupalCon Codes of Conduct. The first quote from the Drupal Code of Conduct:

We expect members of the Drupal community to be respectful when dealing with other contributors as well as with people outside the Drupal project and with users of Drupal.

It is obvious to me that at least Mr. Purer and the original as-yet-unnamed individual who found Larry’s profile have violated this rule by sharing information about Larry from a private site where such sharing is prohibited by the TOS. I would think that everyone, including Mr. Buytaert and Ms. Sanicki, who has acted on such information shared in violation of the TOS, should be considered as “having eaten from the fruit of the poisoned tree” as it would be said in US criminal law.

Larry hasn’t broken this rule just by having a different lifestyle and adopting quirks from a subculture. He mentions saying “be well” or “I wish you well” to end a conversation. The US pharmacy Walgreens had their cashiers say “be well” for quite a while, so it’s not like it’s all that weird. I certainly hope they didn’t quit because someone made a stink about it.

And Larry’s quote from the DrupalCon Code of Conduct:

Sponsors, volunteers, speakers, attendees, and other participants should strive to treat all people with dignity and respect, regardless of their culture, religion, physical appearance, disability, race, ethnicity, gender, or sexual orientation.

Larry goes on to refer to Gor as a culture and BDSM as a sexual orientation, both of which I would consider reasonable categorizations. And so the story sat for a few days, while both the Drupal Association made its statement about the issue and Larry made a second blog post about the topic.

I’m not going to go into detail on the second blog post (other than that I made a few edits to the part I wrote before it went up, based on that information). However, I am definitely going to call out Ms. Sanicki’s blatant lies and contradictions in her statement made on behalf of the Drupal Association. My commentary to each quoted section of their statement is directed at the Drupal Association and specifically at Ms. Sanicki:

We want to be clear that the decision to remove Larry’s DrupalCon session and track chair role was not because of his private life or personal beliefs. The Drupal Association stands by our values of inclusivity. Our decision was based on confidential information conveyed in private by many sources. Due to the confidential nature of the situation we cannot and will not disclose any information that may harm any members of our community, including Larry.

Okay, so this wasn’t about his private life. Yet you’re not saying exactly what it was. It’s funny how the reason is so confidential yet Larry has no problem putting out there exactly what parts of his private life people are apparently taking issue with. Even if the community doesn’t have a right to know why you, the Drupal Association, have a problem with Larry remaining a part of the project, Larry himself deserves to know. Larry refused to resign after Mr. Buytaert’s phone call to him, so the fact Larry was summarily removed from his track role and DrupalCon session after that call is a bit more puzzling.

What exact rule(s), in either the Drupal or DrupalCon Codes of Conduct, did Larry break? If there are none, why is he being treated like he did break a rule?

This decision followed our established process. As the Executive Director, charged with safekeeping the goodwill of the organization, I made this decision after considering input from various sources including the Community Working Group (CWG) and Drupal Project Lead, Dries Buytaert. Upon Larry’s request for an appeal, the full board reviewed the situation, all the evidence, and statements provided by Larry. After reviewing the entirety of the information available (including information not in the public view) the decision was upheld.

What you (Ms. Sanicki) did not tell us, is that the CWG is three people, all selected by Mr. Buytaert. Thankfully, the comment saying so was allowed, so the rest of us following this debacle know this. I am also reading between the lines here that the CWG could be seen as an extension of Mr. Buytaert’s ego and that he would be unlikely to pick people that would vote on matters like this against his wishes. The CWG should be picked by leaders in the community and not just the project lead. How can we possibly trust the CWG to make unbiased decisions otherwise?

In order to protect everyone involved we cannot comment more, and trust that the community will be understanding.

I read this as “we are above admitting we really screwed this up and so this dollop of bovine excrement is all we’re going to drop on the concerned members of the community.” Sorry, no sale.

We do see that there are many feelings and questions around this DrupalCon decision and we empathize with those community members. We will continue to monitor comments. We are listening.

Good, then I hope this blog post finds its way to you. I want to know at what point the two of you (Ms. Sanicki and Mr. Buytaert) are going to admit that you screwed this whole thing up and reverse it. Also, Klaus Purer and whoever originally sent the complaint about Larry to the CWG both need to face some serious consequences (though I suspect it was, in fact, Mr. Purer who sent in the original tip). Everything that has wound up being leaked from the private website (mentioned by Larry) and put in the hands of any non-member of that site was done so in violation of that site’s Terms of Service or Acceptable Use Policy (TOS/AUP). It’s all “fruit of the poisoned tree” and if everything stems from what was posted on a private website which was accessed on behalf of the CWG and DA in violation of the TOS/AUP, regardless of who did it, then the foundation of any action against Larry is flawed.

It looks like, per the March 31 blog post to the DA blog, that there may yet be action taken against Mr. Purer. However, Larry still needs to be made whole. If there’s a reason for removing him as speaker and track chair at DrupalCon, then we should know why. And not just vague terms like “holds views that are in opposition with the values of the Drupal project” (which in and of itself shouldn’t be an issue), “[people] suffered from varying degrees of shock and concern” (there’s a reason those kinds of websites are private), or “protect the shared values of the Drupal project” (when the action to remove Larry from community involvement is seen by many as a direct contradiction of those values and the first step down a very slippery slope). No, we the community have the right to know what rules Larry broke, chapter and verse.

I’ve seen these kinds of things unfold before–not to mention experiencing a similar situation myself. I would hope those in charge will do the right thing, and try to fix the damage they have caused to Larry’s career. The more likely outcome, unfortunately, is that they don’t give a tinker’s damn and let the (wrong) decision stand. If Drupal wasn’t Larry’s entire career at this point in his life, this would be much less of an outrage. But it is, and this is the most outrageous thing I’ve ever seen a software project’s leadership do to a contributor–many times more outrageous than what happened to Theo de Raadt as a NetBSD contributor back in 1994 (finding the details of which, I leave as an exercise to the reader).

Mr. Buytaert: If you really wish to “protect the shared values of the Drupal project” then you need to reinstate Larry Garfield as a contributor and issue a sincere and meaningful apology to both Larry and the Drupal community, without any further undue delay. You also need to understand the difference between fantasy roleplay and real-life conduct as a member of the community. It really isn’t any of your business if Larry’s into BDSM or Gorean fantasy role-play, and the fact that information was leaked to you from a private website in violation of its privacy-protecting AUP/TOS doesn’t change that. That Larry has had to make this public just to try and protect himself is outrageous and egregiously offensive not just to me, but to a lot of other people out there (judging by the comments I’ve seen on both your blog and the DA’s blog). You should also strongly consider resigning as project lead because instead of “protect[ing] the shared values of the Drupal project”, you have diminished and tarnished them.

Ms. Sanicki: Your role in wrecking Larry’s career by dismissing him as speaker and track chair at DrupalCon is also egregiously offensive. That you pretend it has nothing to do with leaked details of his private life, leaked to you in violation of a private website’s privacy-protecting AUP/TOS, is perhaps the most egregious lie I have ever seen told in my entire adult life. You have made the Drupal Association look just awful, and as I see it, the most certain way you can fix it is by resigning your position without any further undue delay.

Mr. Purer and the as-yet-unnamed person who, in the words of Larry, was “Offended(tm)” by what you found out about him: Your disrespect for privacy in the quest to ruin a man’s career is shameful. I don’t know how you can look yourselves in the mirror in the morning after doing what you have done. If you lack the integrity to remove yourselves from the Drupal community, I hope the leadership does. To violate the AUP/TOS of a private website, put in place to protect the privacy of its members (not just Larry, but all the other members as well), for the purpose of leaking information to destroy a man’s career because you don’t like what you saw, is saying a huge “fuck you” to how we operate in decent society. It may not be a crime in and of itself to do what you did, but it’s definitely unethical and immoral and probably a civil tort as well. Shame on you.

In part two, Larry’s third blog post (which I had skimmed, but not read in detail, before putting the finishing touches on this one).

Fixing broken tractors, Ukranian style

Recently, the Motherboard blog on Vice.com reported on the extreme measures some US farmers are having to take to fix their John Deere tractors, namely downloading cracked software hosted in countries like the Ukraine and Poland.

From the article:

Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform “unauthorized” repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time.

“When crunch time comes and we break down, chances are we don’t have time to wait for a dealership employee to show up and fix it,” Danny Kluthe, a hog farmer in Nebraska, told his state legislature earlier this month. “Most all the new equipment [requires] a download [to fix].”

The nightmare scenario, and a fear I heard expressed over and over again in talking with farmers, is that John Deere could remotely shut down a tractor and there wouldn’t be anything a farmer could do about it.

The article goes on to describe a license agreement John Deere forced farmers to sign in 2016 October, which not only forbids the farmers from doing their own repairs but includes a covenant not to sue John Deere for “crop loss, lost profits, loss of goodwill, loss of use of equipment …arising from the performance or non-performance of any aspect of the software” running on the embedded systems in the tractors or other equipment. Basically, John Deere is saying “if our tractor breaks, it’s your problem, not ours, for the length of time it’s out of action.”

If this sounds like pure lunacy to you, you’re not alone. I would go as far as to call this one-sided agreement unconscionable. No judge worth his or her salt would possibly uphold such a blatantly lopsided agreement, especially given some of the rather exorbitant rates charged by John Deere: the article mentions $230 plus $130 an hour for a technician to drive out to a site and plug a connector into a USB port to “authorize” a repair done by an independent repair shop (which, of course, they could decline in theory). Given farms are by definition not going to be close to major cities or even larger towns where John Deere technicians are likely to live, a bill for such a service call could potentially cross the thousand-dollar mark.

So the farmers and independent repair shops say to hell with the license agreement and do the repairs in violation of it using cracked software from the Ukraine, Poland, and elsewhere. I can’t really blame them. And it’s possible that despite the license agreement, the repairs themselves may not be quite as unlawful as it first appears, though the acquisition of software intended for use only by “blessed” (i.e. authorized) John Deere technicians could still be against the letter of the law. In 2015 the Librarian of Congress approved an exemption to the Digital Millenium Copyright Act (DMCA) for land vehicles, which would include tractors and farm equipment. Curiously, around the time the exemption went into effect was when John Deere started requiring farmers to sign the license agreements.

One farmer modified his tractor to run on methane produced from pig manure, which I certainly applaud from an environmentalist standpoint. Who is John Deere to say that gasoline is a better fuel than the methane from pig shit (that would ordinarily be considered a waste product outright)? I would think most people (by which I mean non-stockholders in companies involved in the petroleum products trade) would agree that pig poop methane is a far better choice.

But the environmentalist side of me isn’t done. Toward the end of the story, there’s this quote:

“What happens in 20 years when there’s a new tractor out and John Deere doesn’t want to fix these anymore?” the farmer using Ukrainian software told me. “Are we supposed to throw the tractor in the garbage, or what?”

There’s one way to stop this, and it’s a “right to repair” law such as those already under consideration in five states: Nebraska, Minnesota, Kansas, Massachusetts, and New York, with a similar bill targeted more precisely at farm equipment in the works in Wyoming. The bills are modeled after a similar law already passed in Massachusetts targeting motor vehicles (but unfortunately, not including farm equipment it would appear).

Not surprisingly, John Deere is one of the opponents of this legislation, along with companies like Apple, which I have already written about at length on this blog. Gee, I wonder why? Maybe they fear the loss of an income stream built on robbing farmers (or hapless iPhone owners)?

This situation the farmers find themselves in is a large part of the reason why I fight for computing freedom and limit the amount of non-free software I use (and specifically why I do not run Windows on my PC and will never buy any Apple hardware, including Beats headphones).

Taking chess into the courtroom: an out-of-bounds assertion of copyright on chess moves

This is a bit old, but the topic once again came up in conversation when I was chatting on FICS (freechess.org).

According to this chess24.com blog post/press release, a US Federal judge denied monetary damages and a temporary restraining order sought by Agon (World Chess US, Inc. and World Chess Events Ltd.) against three different companies which run chess websites, including obviously the aforementioned chess24.com (the other two sites, it appears, are chessbomb.com and chessgames.com). Essentially Agon claimed copyright over the actual moves of a chess game and thus the ability to control their broadcast. The ruling establishes once and for all that the moves of a chess game cannot be copyrighted; however, the commentary and analysis of a chess game can still be copyrighted as before.

The judge got this one right in throwing out the lawsuit and restraining order. Apparently, common sense was lacking at Agon, something I would hope has been rectified going forward. The current knowledge base of chess, backgammon, checkers, and other board games comes from the moves of all games played before under the same ruleset. (The rules of chess have changed over the centuries, with the most recent rule change regarding the actual play coming sometime in the 19th century, that being the elimination of a requirement that pawn promotions be to a piece already captured, e.g. allowing a second queen or third knight, rook, or bishop. See Wikipedia for more details.)

The article quotes an email from Yasser Seirawan, which I think says a lot about just how absurd Agon’s position was:

Chess event organizers have a monopoly on absolutely clear uncontestable copyrightable materials: They have all photography rights; all webcam rights (of the players in action over the board); all audio rights to their own online show; they have all post-game interview rights; including still photography, video and audio; press conference rights; they have all promotional rights that feature the players; they have merchandizing rights to the players’ images and likenesses; as well as other numerous rights.

[…]

[P]ossessing all these rights, what do they decide to do with their time and money? It really is crazy: They spend large sums to go after the one single right they do not have: Copyright of chess moves for a very, very small period of time. Why do they do this? To prevent others from promoting their event? It really is a self-inflicted injury that is plainly stupid. The chess moves of a chess game have been held to be in public domain for decades, even centuries. The recording of a chess move made is held to be a “fact.”

[…]

Today’s organizers accept that chess game notation falls into public domain but now they make a new argument: They have the copyrights to the chess moves during an event (only) and that immediately after the game is finished (not the event which is days and weeks long), only then do the moves of the games played fall into “public domain.” It is a staggering argument to make. In my view, it is just plain rubbish. How to argue that “ownership” is granted for hours or possibly even minutes? At which government agency should organizers “register” such “fleeting” ownership claims?

Indeed, the idea that one can claim only copyright over the live broadcast of an event is absurd. To be fair, the live broadcast rights to NFL football games are probably its most lucrative property, and the NFL (and AT&T, the owners of DirecTV) would much rather you buy the NFL Sunday Ticket package for you to follow an out of market team than set up a bootleg live feed from your friends in whatever city. (Actually, the NFL and AT&T would be just as happy if you went to a local sports bar that paid the commercial rate for NFL Sunday Ticket, but that’s another story…)

There is really no such income stream from the live broadcast of a chess game, match, or tournament. I hate to admit it, but chess is incredibly slow-moving (most of the time) compared to football, basketball, ice hockey, baseball, MMA, boxing, and auto racing. For that matter, the pace of the game moves slower than even golf, which is hardly the biggest draw on television these days, though it still gets plenty of TV time. Even blitz chess is probably too highbrow for the large audiences that watch sports like football and basketball. Thankfully, for now, we have the Internet for the things too narrowly focused for the 500 channels of cable TV we were promised with the “information superhighway.”

The chess24.com article ends with the following quote:

This year chess24 has now “won” legal battles in both Moscow and New York, but the only real winners in such situations are lawyers. The cases have eaten up a huge amount of time and money that could instead have been devoted to chess, while also damaging the most valuable commodity chess possesses – its positive image.

Attorneys (lawyers) do perform a valuable service for society. To say the least, I would probably not be here to write this blog post were it not for the services of attorneys over the years. I know a lot of people love to make jokes about lawyers and they are probably one of the least-respected professions in existence. It is easy to overlook the good that the good lawyers do, including those who take cases at no cost to the represented (“pro bono”, which literally means “for good” in Latin, referring to the greater good).

The attorneys defending the companies behind these three websites, and in a broader sense, the legal rights of the chess community to discuss and share the moves of high-level games in real time, did not work “pro bono”. Those companies had to pay the attorneys quite a bit of money–and that is money that could, and should, have been used for promoting the game of chess instead. I’m not sure who is responsible for contracting with Agon to be the promoter of chess events, whether it’s someone at FIDE or elsewhere, but this role should be rethought. I would like to see it required, as a condition of organizing future events, that Agon either repay the legal fees of the companies and individuals they sued, or donate an equivalent amount of its profits, adjusted for time value, to national chess federations and/or non-profit online chess-related websites/communities. Nowhere does chess24.com make their legal bill totals public that I can see, but I can imagine the total going into six figures easily, if not surpassing the million-dollar (US) mark.

If Agon is unwilling to do this, then they need to be replaced with promoters who actually give a tinker’s damn about the right thing to do. If we do not hold Agon accountable for trampling on our rights as chess fans and players, then they are free to do it again and again at their leisure, which is completely unacceptable.

Superstition and the safe landing of Flight 666 to HEL on Friday the 13th

Okay, so this is already a bit old (I intended to wrap this up around January 25th, and really, really let it slip), but it still deserves a short piece on it. Incidentally, I think the research I did on this one is worth the wait.

Ordinarily an airline flight is nowhere near being a newsworthy event. Planes take off and land successfully on an average of more than one per second around the world–over 100,000 flights according to this blog post by Gunner Garfors. The only times a flight is newsworthy are when one or two people wind up being the only passengers on the plane, or when a flight is affected by an incident (which need not be an outright “crash” to qualify as newsworthy).

This flight, however, made the news for an entirely different reason. It was Flight 666, which Christians regard as “the number of the beast”, destined for the airport in Helsinki, Finland, airport code HEL. And it took place this past January 13, which was Friday the 13th. Despite just about every superstition saying something would go wrong, nothing did.

Of course, that raises a lot of questions about just how seriously one should take superstitions. There aren’t that many superstitions that I have ever taken that seriously, and certainly the least of them would be 666 being the “number of the beast”. Friday the 13th has only been a truly bad day for me once out of the 72 times it has come up on the calendar since I was born (and most would say it was my own damn fault, but I won’t get into that here). When I travel, I don’t fly (the last time I got on a plane was about 10 years ago and the security procedures have gotten ridiculous), and I think Greyhound schedule numbers all have four digits (though whether they intentionally avoid any ending in or containing 666 is up for debate). Even then, I wouldn’t have any issues boarding a flight 666 even on Friday the 13th. (One of the few airline flights I took, if I remember correctly, was on a Friday the 13th, and I lived to tell about it.)

If only it were that simple. We don’t even know for sure if 666 is the real “number of the beast.” According to this Wikipedia article some early manuscripts have 616 for the “number of the beast” instead of 666. Would this make June 16 the unluckiest (or most devilish) day of the year? Should it have been flight 616 to HEL that we should have been keeping an eye on?

I did search for any record of any airline’s flight 666 or flight 616 crashing or having any type of incident, whether on Friday the 13th or not. So far I have not come up with anything. A Wikipedia article I consulted shows four flights ending in 13 having incidents; I did not check to see if this is within statistical norms but I suspect it is. Given the number of airline incidents over the years, it would be difficult to find all incidents that have ever occurred on a Friday the 13th, regardless of flight number. If there’s enough interest, I’m willing to dig deeper. If someone has already researched this, I’d love to know about it and do a followup post on the topic.

Amending the ECPA: 2017 technology versus 1986 law

From the about-damned-time department:

TechCrunch recently reported that a long-needed update to the Electronic Communications Privacy Act (ECPA) has passed the House of Representatives, a good sign that the bill may actually be signed into law this year.

Unfortunately, the roadblock to passing this bill in 2016 was that the Senate wanted to water down the bill, crippling the gain in privacy that is the whole reason why the bill exists. It is only common sense, in the era of providers like Gmail offering quotas that are effectively infinite thus allowing people to keep everything, that email is just as protected from warrantless searches as any other personal electronic data.

I can’t think of a good reason why emails over 180 days old should be legally obtainable with just a subpoena instead of an actual warrant. This is one reason I have not kept emails on other servers for anything approaching the 180 days in the ECPA. (Interestingly, the other big reason is space: I currently only have emails going back to 2016 November 22 and later, and I’m at 76% quota used. As much as I get right now, I could not keep 180 days’ worth of email on the server I’m using if I wanted to.)

The ECPA is now over three decades old. Its effective date of 1986 October 21 predates widespread public access to the Internet by almost a full decade. The laws which amended it did nothing to amend the 180 day subpoena rule, which is ass-backwards and patently devoid of sense. Even if it did make sense in late 1986, the world has changed a lot in the three decades since. For example: in 1986 UUCP and FidoNet were the predominant forms of exchanging email (unless one was emailing someone on the same BBS that one was dialed into), and today, both are extinct for practical purposes with the impending death of analog telephone lines (though FidoNet still technically exists, most of its traffic now goes across the Internet). The sooner we can get a law that is tuned to the reality of living in 2017 with a connection to the Internet, the better.