From: Karl Lui Barrus <klbarrus@owlnet.rice.edu>
Date: Wed, 21 Sep 94 11:51:55 PDT
To: cypherpunks@toad.com
Subject: MAIL: crime and remailers
In-Reply-To: <199409211314.IAA25946@chaos.bsu.edu>
Message-ID: <9409211850.AA00142@arctic.owlnet.rice.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jim Hart wrote:
> A post-hoc attack of examing logs, like what the FBI is probably doing
> now for the RC4 incident, is much more likely... I'll lay even odds
> that the leaker is never found... if the leaker used a well
> constructed message... I set the odds at 1000:1 that we'll ever find
> him via remailer tracing.

Intellectual property rights, export status and all that aside, as a
once (and hopefully future) remailer operator, I am curious and
concerned for the remailer operator in this case.

I see that RSADSI contacted Mr. Perry's employer (jpunix consultants
here in Houston?) and the remailer is "temporarily" shut down.  This
investigation could go a long ways into answering (maybe unfavorably)
several legal matters, such as the seizure of sendmail logs, from
multiple machines if chained.  Will the FBI get cooperation from a
foreign law enforcement if a foriegn remailer was used?  If the mail
was chained through several remailers, will legal action be taken
against each one?

Then there's the liability of the remailer operator, the company who
owned the machine, etc.  Will RSA pursue action against these people?
Can they?  I'm not advocating illegal remailer usage, but I certainly
don't want to see John Perry become the focus of lawsuits as the most
visible target.

John Perry mentioned he was almost fired, except the CEO of JPUnix is
open minded.  Thankfully, I can imagine other organizations wouldn't
have hesitated in firing him.

-- 
Karl L. Barrus: klbarrus@owlnet.rice.edu         
2.3: 5AD633;   D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 
2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5  E8 97 64 7E 20 95 60 D9
"One man's mnemonic is another man's cryptography" - K. Cooper