From: Tim May <tcmay@got.net>
Date: Sun, 1 Jun 1997 03:52:06 +0800
To: Marc Rotenberg <declan@well.com>
Subject: Re: Rotenberg as the Uber Enemy
In-Reply-To: <Pine.GSO.3.95.970531090958.6950A-100000@well.com>
Message-ID: <v03102805afb627d83acf@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 PM -0700 5/31/97, Marc Rotenberg wrote:
>Back to Tim's original point, I wonder if he knows
>that the P-TRAK data that Lexis/Nexis said was
>"public information" was actually taken from
>credit reports collected and sold by TransUnion.
>TU was able to sell the data because of a loophole
>in the Fair Credit Reporting Act. Sure, you post
>to the net that's public, but a lot of data collection
>is much more sleazy.

In my view, the Fair Credit Reporting Act is an unconstitutional
restriction on my right to compile records as I see fit.

Under the FCRA, if I take newspaper reports and public filings, for
example, of someone's bankruptcy in 1985 and make this part of "Tim's
Credit Evaluation" of that person, I have violated the FCRA.

(I believe the current "limit" for such "rememberances" is 8 years. Why
should the government have any ability to tell me I must "forget" records
older than 8 years? In fact, what part of "Congress shall make no law..."
do they not understand?)

More  to the point of the Cypherpunks list--and this is something we talked
about at the very first physical meeting, almost 5 years ago--it will
become increasingly easy for the FCRA to be bypassed with offshore data
havens.

Such data havens, discussed in physical form by Sterling in '88 ("Islands
in the Net"), and others (some even earlier than Sterling), and in
"cyberspace" form by many us (e.g., BlackNet, a working cyberspace data
haven), will be completely unaffected by legislation such as the FCRA.

(Though what will happen is that legislators will attempt to felonize
contacts with such data bases, much as they are doing with Internet
gambling. Remailers and Web proxies solve this problem. The usual arms
race.)

>I'd also appreciate some comment/criticism on
>the piece I did for Wired. My point was that
>in countries where there are legal rights to
>privacy it will be easier for technologies of privacy
>to flourish. I gave as examples the fact that PRZ
>was nearly indicted in the US while David Chaum
>was being applauded by the European Commission
>for building anonymous payment schemes. The OECD
>crypto policy drafting experience confirmed my
>suspicion.

I seldom read "Wired," so I didn't see this one. But the issues of Europe
vs. the U.S. are notoriously complex. For every "Europe is better" point,
such as not applying pressure to PRZ, there are the obvious counterpoints,
such as Compuserve being prosecuted in Germany, the nearly full ban on
crypto in France, the extradition of an American neo-Nazi publisher from
Belgium to Germany, and so on.

And as for Chaum and Digicash, Digicash is now in Silicon Valley. No firm
conclusions can be drawn one way or another.

Oh, and as for privacy in Europe, I'll remember how much they cherish
privacy the next time I'm required to leave my passport with the hotel
front desk (Europeans confirm that the police compile lists each night from
said deposited passports). They were still doing this in 1983 when I spent
6 weeks travelling through Europe; and it wasn't to ensure I'd pay my bill,
as they had my credit card stuff for that.


>Let me also try to explain how the simple-minded
>First Amendment-privacy rights trade-off often
>misses the point about privacy claims.  Consider
>the article about Judge Bork's video viewing
>habits back in 1987. Should Congress/the Courts
>prevent City Paper from publishing the article?
>Of course not. Could Congress/the Courts require
>video record stores not to disclose customer
>records without explict consent? You decide.

The best solution is neither of these options: Video rental stores don't
need True Names except to collect on unreturned tapes. (They might _like_
True Names, or at least mailing addresses, for advertising reasons, but
they don't _need_ them, and, like Radio Shack, will not make it a
requirement for a transaction.)

As with other such items, deposits work well here. My localvideo store does
not require true names, so long as a sufficient deposit is left for each
tape. Most persons use credit cards as the "return guaranty." Note also
that credit cards need not be in the true name of anyone, via various
options, much discussed on various lists.


>For the hardcore free market types, take a look
>at Posner's *Economics of Justice.* There are
>good economic reasons for privacy laws, e.g.
>do you really want to negotiate with the telcos
>on a case-by-case basis whether they can sell
>the contents of your phonecalls?

Such negotiations would likely not be on a case by case basis, for
transaction cost reasons on both sides. But I have no problem with
"allowing" a phone company to offer a cheaper service, for example, which
told customers it would sell the contents of the calls, or insert
advertisements at random intervals during a call, or whatever.

(Or even a phone company which offered to negotiate on a per call
basis...as with the cases above, I expect such a venture would flop, but
that's a different issue from whether such services should be "allowed."

And, in fact, the situation Marc describes is already with us on the Web.
Some sites sell lists of those who hit their sites. How is this different
from the Bork or phone cases?

It isn't.


>To be clear, I do believe that there should be
>laws to protect the right of privacy and that
>there should be an office within the federal
>government to advocate on behalf of privacy
>interests. I also believe that if such an agency
>had been established in 1991 when it was proposed,
>it would have been much harder for the government
>to push subsequently for digital telephony, Clipper,
>GAK, etc.

I don't believe there should be such laws, obviously.

And more importantly, strong crypto provides numerous monkeywrenchings of
such laws.

Pass a law requiring return addresses on all messages....the effect will be
to move the spam sites offshore. Then what do you do?

Pass a law like the Fair Credit Reporting Act saying it's a crime for Tim
May to "remember" and "tell others" that Suzie Hopkins skipped out on her
rent in 1988...the effect will be for the TransUnions and Equifaxes of the
near future to locate themselves in the Cayman Islands, beyond the FCRA.

Pass a law to make it a crime for a prospective employer or lender to
connect to this site in the Cayman Islands...the effect will be to increase
use of Web proxies and anonymous remailers.

And so on. Crypto anarchy means monkeywrenching these do-gooder laws.

(When EPIC and ACLU figure out the real implications of strong crypto, look
for them to talk about "compromises" on access to strong crypto....hey,
maybe SAFE is an indication they've started to realize what is coming.)

--Tim May



There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."