From: jim bell <jimbell@pacifier.com>
Date: Tue, 3 Sep 1996 16:01:20 +0800
To: Stanton McCandlish <mech@eff.org>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <199609030339.UAA01367@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 PM 9/2/96 -0700, Stanton McCandlish wrote:

>You have to have an anonymizing system that crosses a dozen or so 
>national boundaries to make such an attack infeasible for most large 
>organizations.  You'd need a system that crossed 50 or more widely 
>disparate jurisdictions to make it infeasible to large intelligence or 
>law enforcement agencies, and even then you'd have to NOT have broad 
>international agreements, such as you'd called for or it would be trivial 
>to force all the remailers in the chain to cough up personally 
>identifiable information.
>
>> My assumption is that there will be a wide variety of Net communities with
>> different rules/regulations/attitudes towards anonymity that would apply ex
>
>This is already true.
>
>> some kind of international sanctions; I think that's appropriate.  
>
>That's what bugs me - if there are some kind of sanctions coming from a 
>governmental body (I may be misinterpreting you here), that's probably 
>enough to kill private and well as public anonymity on the Net.
>
>Incidentally, if something does happen from a governmental direction to 
>kill online anonymity, it will probably be readily broadenable to all 
>other media.

At the risk of sounding like a broken record (a phrase that will get ever 
more obscure now that we're in the CD era...) that's why I pushing AP 
(Assassination Politics.)  While anonymous remailers and chains are great 
for security, there ought to be some final bulwark against violations of our 
security and anonymity that doesn't depend on legal arguments, or even 
technical refinements of encryption.  When organizations such as CoS can 
seek Penet data with impunity, and when courts in Finland can let them, 
we're not safe.  

Remember the saying, "The best defense is a good offense."  Playing as we do 
now, it's like saying, "We'll try our best to maintain our security, but if 
it fails too bad."   I propose changing it to, "We'll try our best to 
maintain our security, but if you manage to violate it anyway you're dead."  
As rude as it may sound, one of the best advantages is that this defense is 
free while it's not needed, and is pretty cheap when called upon.

In case anybody has any residual doubts as to whether we should enforce our 
rights in this way, consider this: if we've decided that we have the right 
to anonymity and security (through remailers and encryption) EVEN IF some 
people might misuse those tools to cause crime and potentially even death 
(which, of course, would be an exceedingly rare outcome) then I suggest 
we've already accepted the principle that our rights to use these tools 
daily are more important than the possibility of a rare negative outcome. 
(in the same sense that occasional fatal car accidents don't justify taking 
away all cars.)   And if that's the case, we should also be willing to 
DELIVER a rare negative outcome to anyone who acts to take these rights 
away, particularly if such a person is adequately forewarned of our 
intentions.   


Jim Bell
jimbell@pacifier.com