1997-12-20 - Re: Completely anonymous communications ARE only for “Criminals”

Header Data

From: Charlie Comsec <comsec@nym.alias.net>
To: cypherpunks@toad.com
Message Hash: 569ec260544038ac9d5bf91657d96bf71401f487f018c7e94c5341036b3c9451
Message ID: <19971220202003.18109.qmail@nym.alias.net>
Reply To: <668vgi$bpo@news1.panix.com>
UTC Datetime: 1997-12-20 20:32:13 UTC
Raw Date: Sun, 21 Dec 1997 04:32:13 +0800

Raw message

From: Charlie Comsec <comsec@nym.alias.net>
Date: Sun, 21 Dec 1997 04:32:13 +0800
To: cypherpunks@toad.com
Subject: Re: Completely anonymous communications ARE only for "Criminals"
In-Reply-To: <668vgi$bpo@news1.panix.com>
Message-ID: <19971220202003.18109.qmail@nym.alias.net>
MIME-Version: 1.0
Content-Type: text/plain




-----BEGIN PGP SIGNED MESSAGE-----

politas@dynamite.com.au (Politas) wrote:

> >And if someone makes what you consider an annoying telephone call from a
> >public telephone, should the phone company remove the telephone?  Sure, they
> >may be able to trace the telephone used, but not who used it.
>  
> You are making unnecessary and incorrect parallels.  Tracing the
> telephone used _is_ the equivalent of the sending email address.

Yes but tracing a call to a pay phone is the equivalent to tracing an 
anonymous e-mail back to a remailer.  In fact, anonymous e-mail already 
contains information identifying the remailer it came from, so no additional
tracing effort is required.
 
> >Just as the anonymous person is paying for his own access to the internet.
> >The anonymous caller to your telephone is not paying your monthly telephone
>  
> with anonymous email, you also don't get any information about the
> whereabouts of the person, which you do from the snail mail post
> office.

Perhaps you're unaware that snail mail "remailers" existed long before their
e-mail counterparts came along.  (Perhaps they still do, I haven't checked.)
You'd address a letter, place a stamp on it, and place it inside another
envelope addressed to the remailer service along with whatever fee they
charged, in cash.  When they received it, they'd open the outer envelope,
place the inner envelope back in the mail, throw the outer envelope away,
and pocket their fee.

All the recipient saw was a postmark from a certain post office.  You'd know 
that SOMEBODY mailed the letter at that post office, or at least somewhere 
withing their collection area.  It wasn't necessarily the person who wrote the 
letter, though.  Let's say that you get a letter that's postmarked "Chicago, 
IL".  Upon further investigation, you determine that it was mailed from 
somewhere withing the boundaries of the post office branch which also serves 
O'Hare International Airport, which is the USA's busiest airport.  How does 
that solve your professed need to know who sent it?
 
> >> You'd be amazed
> >> how often people who send "anonymous" letter bombs get caught.
> >
> >Yes, for both the e-mail and snail mail variety.  It's much easier to send 
> >an e-mail bomb from a throwaway ISP account than from a remailer, anyway.
> >Most remailers have fairly small size restrictions, for one thing, and if you
> >start sending too many individual e-mails through a remailer, the software
> >WILL take note of that fact and flag that fact for the operator.
>  
> And your point is?  Email bombs aren't the only thing I am concerned
> about here.

If you'll be specific, then perhaps I can address those concerns.
 
> >> Because I'd like it to be so.  I'm not really calling for anything
> greater 
> >> than we currently have with the phone system.
> >
> >Then you already have that.
>  
> Not if there are anon remailers that store _no_ information about the
> sender of a message.

You said earlier that you were concerned about *REPEATED* abuse.  If you
can do something to prevent a repetition after (or even before) receiving the 
first e-mail you consider abusive, then your problem is solved, is it not?

> >                            If you don't want calls from a certain caller,  
> >you can arrange to have them blocked.  If you don't want "anonymous" calls,
> >you can have incoming calls without caller ID information blocked, just as
> >you can request that the remailers not send you any anonymous e-mail.
>  
> Each remailer separately.  That means at least one message from every
> remailer in the world.  It's almost as bad as spammers offering
> "remove lists" 

There aren't that many remailers around, and a request to one of them to
have your address blocked, with a further request that they pass it on to
their fellow remailer operators should do the trick. If someone is sending
you SPAM via a remailer, then you need to notify the remailer operator.  They
usually act very quickly to stop that from happening, since it wastes their
resources as well as yours.  By its very nature, spam is detectable in a
content-neutral and sender-neutral fashion.

> >(None of this really has anything to do with anonymous PUBLIC posts.)
>  
> None of what?  I included public postings in my statement.  I may not
> have done it explicitly enough.  I really do believe that people
> should be accountable for what they do online.  If they cannot find
> anywhere in the world where those activities are acceptable, then they
> shouldn't be doing it.

That's the whole point of using remailers -- so that some country that wants
to be tyrranical can't hunt down someone in another country that does something
it considers "politically incorrect".  If something annoys you, then stop
reading it.  Killfile the author.  Killfile all remailers if you like.  Don't 
use dynamite (pun intended) to exterminate cockroaches.

> >"Presumed innocent until proven guilty" is still in force here.  I might well
> >say that I can see no purpose for owning a printing press other than to print
> >"subversive" material, yet I still retain that right here in the USA until
> >you can prove that I've used it for illegal purposes.  If you can prove that,
> >then you can get a court injunction against me.  But you can't take away that
> >right based on what you think I *MIGHT* do.
>  
> YEs, and if I can get a court injunction against an anonymous account,
> I expect to be able to trace that back to a person eventually.
> *Possible*  NOT *easy*. 

You're welcome to TRY, but nothing says that the person has any duty to make
it easy for you.

> >Of course, sometimes "breaking laws" IS the reason for anonymity.  If the
> >government were to outlaw the dissemination of certain politically incorrect
> >ideas, then the only way to safely do so might be anonymously.
>  
> Yes, so you find a remailer in a country that will support your
> "political incorrectness".  What's the problem?  

None. The solution you suggest is what already exists.

> You guys have to stop thinking insularly. 

Please define "you guys".

> Yes a single country's govt may not be able to be
> trusted.  But unless we change to a single world totalitarian govt
> (which I think unlikely), there will always be somewhere that
> political freedom will be promoted.

There is.  And there are places that allow anonymous remailers to operate as
they currently do.  I have no problem with that.  Do you?
 
> >If you feel that strongly about anonymous e-mail, then simply ask the
> >remailer operators to have your address blocked from receiving any. Your
> >(potential) problem is then solved.
>  
> I'm not really worried about it.  I don't normally annoy people enough
> for them to worry about me.  Although, I hardly think that it is a
> "simple" thing to tell everyone who runs an anonymous remailer
> anything.

Have you even TRIED?  You seem to be inventing problems where none exist.
If you're not worried about yourself, how do you know that others appreciate
your worrying on their behalf?

> >> Oh come now, you make it sound like Hotmail are doing it all out of the
> >> goodness of their hearts.  They *are* making money, you know.
> >
> >I'm sure they are, but the extra costs of positively IDing users would have
> >to be paid somehow.
>  
> What extra costs?  storing the IP address or the email address used to
> register the account? 

Are you offering to donate the disk space?  If you can convince Hotmail and
other providers to do what you're suggesting, and provided they properly
inform all new and existing users of this new policy far enough in advance
to make other plans if they so desire, I would not object.

Just don't expect anyone with a need for more than superficial "anonymity"
to use such a service.  Indeed, they probably already don't, anyway.

> >Of course they can.  Ultimately, each person is responsible for maintaining
> >his own privacy.  There's always a risk.
>  
> Not if you can use an anonymous remailer that keeps no information to
> trace you with.  That's just making it too easy.

"Too easy"?  How so?  Are you saying that protecting one's privacy should be
difficult?

You're also being redundant when you say "anonymous remailer that keeps no 
information to trace you with".  If they store the information you're 
suggesting, then you're quite obviously NOT anonymous, even if some users
mistakenly think they are.

> >                                         Those who anonymously (and illegally)
> >used fax machines to send uncensored news out of China during the Tianamen
> >Square uprising were obviously taking such a risk.  Does it bother you that
> >the technology did not exist to identify and prosecute those who did so?
>  
> The technology did exist.  The necessary information may not have been
> available to those who wanted to use it, but it did exist.  If all the 
> countries involved had been cooperating, they could have been found.
> Freedom from the oppressive regime is provided by the other country.

And so if you convince the Australian government to ban truly anonymous
remailers, they may still exist in other countries to protect Aussies.  There
already are countries that have banned encryption and anonymous communication.
AFAIC, any regime that's that paranoid about anonymity is an "oppressive 
regime" as you've termed it.  To quote one of the USA's founders, 

  "When the government fears the people there is liberty. 
   When the people fear the government there is tyranny".
   
> >No, but that's a different scenario than the telephone company requiring a
> >form of positive identification before using a pay phone.  You aren't
> >assuming that these "repeated offenses" involving pay phones all were made
> >using the SAME TELEPHONE each time, are you?  Not all harrassing callers
> >would be that stupid, although some might be. 
>  
> Of course not.  But if someone is repeatedly phoning me, it is quite
> possible that spread out police could be able to catch the person
> calling with a good enough organisation.  The effort required is
> immense, fairly similar to the effort required to convince another
> country to accept a warrant to break privacy of an anonymous remailer.

And if the remailer stored no information to tempt litigious individuals,
firms, and governments, then that problem would be solved altogether.  It's the same principle that stores
use when they leave their cash registers EMPTY and UNLOCKED at night.  A thief
will often cause more damage to the cash register breaking into it than the
amount of the money that it contains.  What you're suggesting is that the
person's privacy be violated BEFORE any law is broken, just in case he MIGHT
break a law later.

> >In the case of anonymous e-mail, you can trace it back to the remailer
> >utilized just like you can trace a phone call back to the telephone used.
> >But what does thay buy you?  You still don't know WHO made the call or sent
> >the e-mail.  Actually in the case of anonymous e-mail you have one additional
> >safeguard.  You can ask to be blocked from receiving anonymous e-mail.  Try
> >telling the telephone company that you want to be blocked from receiving
> >calls from any pay phone!
>  
> So, if I want to not receive anonymous email, I'd have to contact
> every single anonymous remailer in the world, and ask to be excluded?
> Sorry, that kind of argument just doesn't wash.  Anyway, what if I
> want to be able to receive anonymous messages, but I just want this
> one person who is trampling on my rights to stop?  Why should I give
> in to them?

It's your choice.  Go visit the list of remailers currently in operation and
count how many there are.  If it's too much trouble for you to send a single
block request, CCed to a dozen or so addresses, then you probably don't have
a strong enough case to go to court, obtain a warrant or subpoena, either.
By the time you go through that process, you'll have invested far more time
and effort than sending an e-mail or two to prevent the problem.

> And Peter da Silva was calling me silly?  

I don't speak for him, nor he for me.

> About the main one I can  
> think of is harassment.  That can be anonymous, and can certainly be
> illegal, depending on the level of harassment.  

If it's not serious enough for you to request that your e-mail address
be blocked, then why should the authorities think it's serious enough to
devote the resources to hunt down your harasser?

> >And if something is merely annoying, then prevention makes more sense than
> >building in the ability to hunt down the sender.
>  
> Why not both?  Trying to 100% prevent something without crippling your
> own lifestyle can be difficult.  I wouldn't want to prevent all 
> anonymous email reaching me, and I wouldn't want to give up on the
> usefulness of email.

If the only purpose of anonymous e-mail is to break the law, then why
WOULDN'T you want to block it?  Do you have some reason you'd want to hear
from people you consider lawbreakers?

> If someone really wants to send me email, there
> is no way I can prevent it short of not allowing any untrusted
> accounts to email me.  And that's reducing my lifestyle.  It's giving  
> in.

That's your choice.  The solution exists if you choose to use it.

> >Like anonymous e-mail itself, any surefire means of identifying the sender of
> >a message is also prone to abuse.  That's why the "Big Brother Inside"  
> >concept is a cure that's worse than the disease.
>  
> Only within a single country.  With an international network like this
> one, it is ridiculously easy to get around the laws of any one
> country.  Getting around the laws of EVERY country on the net is a lot
> harder, and should rightly be so. 

So if somebody in Argentina decides to harrass someone in England, how would
what you're proposing solve that problem?

> Besides, there's no such thing as a 'surefire' means of identifying 
> the sender with the method I proposed.  It would still be possible to
> get anonymous messages out.

It's good to see that you're finally coming to that realization.  I'd just
like to keep it so.
 
> Consider who needs to cooperate in order to trace an anonymous-
> remailer message when tracing information has been stored:
>  
> The recipient
> The recipient's local law enforcement
> The recipient's local court system (possibly)
> The anonymous remailer's local law enforcement
> The anonymous remailer (even if forced to assist by law, they can
> still refuse to divulge information, and/or tip off the sender) 
> The anonymous remailer's local court system (possibly)
> The anonymous remailer's local government
> The sender's local law enforcement
> The sender's local court system
> The sender's local government
>  
> Still think that "Big Brother" is a problem here?  Even a public
> posting only removes the top three layers here.

All this to nail a public poster who's offended you?  The problem with an
idealistic approach like this is that the prohibitive expense of defending
against frivolous litigation tends to circumvent most of the safeguards
you're hypothesizing here.  If the remailer doesn't have the financial 
resources to match those of the attacker, whether it be the Church of 
Scientology trying to silence a dissident ex-member or the government of 
Iran trying to prosecute an anonymous poster for "blasphemy against Islam", 
what protects the anonymous poster's legitmate privacy concerns?

The point you're missing is that you're trying to bypass due process and
violate the privacy of every sender on the theory that he MIGHT eventually
do something illegal.  Unless the remailer had already violated the sender's
privacy by storing identifying information, then your hunt would stop right 
there.

The remailers have found from experience that it's easier to simply not store
unneeccessary identifying information on the sender in the first place, rather 
than spending money on needless litigation trying to keep it confidential 
later on.

How would your proposal be implemented?  Some international law requiring
remailers to start keeping logs of their users' e-mail?  By your own admission,
all it would take is one hold out who refused to host "Big Brother Inside" to
defeat your scheme.

- ---
Finger <comsec@nym.alias.net> for PGP public key (Key ID=19BE8B0D)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBNJwboAbp0h8ZvosNAQFSDQf+JdYWHlNfjN26ORY3igmU9MwjqZ1+4ePA
Qq3duSGRPyX2p0b2miY1iFjz5jo8AgBb7H8kq4c3pM8/8/NHnqTQHDQNwwuH3492
IqGhBq7STvtNalhiifIyLkC5x7DG7PAn7KcthfKt0JA/Ii7oXWOgGojmr/yVwdPt
vq0TKUs6G7lzKYMexMfRN0pJJPT40B6GqKlp+x/9CRDeYZotu3xpN4vFxHp4ysFI
f1o3lIrDlH15iRVcKSwi4a0dOHUhpiAalB7OK+my402q4uIIR8iSX5l9lfvSau4D
lCSvXZgtdvwEszbjwCeTLYY0JXE0Rnmozedjralt/34fAOuzDEPJ1w==
=+f0t
-----END PGP SIGNATURE-----






Thread