1997-12-22 - Re: Completely anonymous communications ARE only for “Criminals”

Header Data

From: Charlie Comsec <comsec@nym.alias.net>
To: remailer-politics@server1.efga.org
Message Hash: bd10e1ebf69341299088d2c194c75fe9602eecf72607ba9bb8b694f1e0b7f104
Message ID: <19971222182005.21737.qmail@nym.alias.net>
Reply To: <349a9e71.174166558@news.cbr.aone.net.au>
UTC Datetime: 1997-12-22 18:31:07 UTC
Raw Date: Tue, 23 Dec 1997 02:31:07 +0800

Raw message

From: Charlie Comsec <comsec@nym.alias.net>
Date: Tue, 23 Dec 1997 02:31:07 +0800
To: remailer-politics@server1.efga.org
Subject: Re: Completely anonymous communications ARE only for "Criminals"
In-Reply-To: <349a9e71.174166558@news.cbr.aone.net.au>
Message-ID: <19971222182005.21737.qmail@nym.alias.net>
MIME-Version: 1.0
Content-Type: text/plain




-----BEGIN PGP SIGNED MESSAGE-----

gburnore@netcom.com (Gary L. Burnore) wrote:

> :  I suspect that there is very little that can be done, and
> :that holds true for non-anonymous posts as well.  Just looking at some of the
> :massive cross-posts with subject lines that say "So-and-so is a pedophile"
> :(some of them with Netcom addresses who seem to be able to hang onto their
> :accounts despite making such accusations),
>  
> I think it's more that those who are "accused" are likely not suing because of
> the cost and trouble.

That's a decision each individual has to make.  Usenet is full of blowhards
that keep threatening to sue over real or imagined grievances, but never do.
You're merely pointing out the impracticalities of Politas' suggestions about
punishing usenet wrongdoers.  Why go to the bother of implementing protocols
which invade the privacy of innocent users just to catch the occasional law
breaker if it's not worth the cost and trouble to sue the culprit once he's 
identified?
 
> : I'd say that usenet is a different
> :ballgame from the print media where for-profit publishers have deeper pockets.
>  
> Exactly, deeper pockets.

That and the fact that it's easier to prove actual damages via the print media
because people tend to believe paper and ink more than they do usenet posts.
Usenet posts are taken with a grain (or ton) of salt by most readers.
 
> :The problem with tort laws is that to successfully sue for libel you have to
> :prove damages as well as prove that what was said was false. Thus, you'd have
> :to prove to a jury that someone made a defamatory statement about you that was
> :false, that people believed it, and that your reputation has suffered
> :measurably as a result.
>  
> That's usually not difficult.  One person says you did something you didn't
> do. As soon as a second person repeats what the first person said, you've
> proof that people believed it. That's reason enough to say your reputation has 
> suffered.

You'd also have to prove that the person who repeated it didn't already think
you were a n'eer-do-well prior to the post.  If somebody already thinks you're 
a shady character and a post merely reinforces that belief, it'd be hard to 
make a case that your reputation had been damaged by that post.  The case 
you'd have to make is that a person previously thought your character was 
impeccable until an anonymous post convinced him that you were a scoundrel.  
I suspect that would be a hard sell with most juries.  Most people put the 
credibility of usenet posts (even non-anonymous ones) on par with things they 
find scrawled on rest room walls.

> :  Identifying the person who posted the message is only  
> :a small part of the problem.
>  
> It's the biggest piece of the puzzle.  Without it, the rest is useless.

And it's not much better with non-anonymous posts.  When confronted with making
a defamatory post, one can always claim that it was forged, or that someone
hacked his account, stole his password, or used a terminal that was 
inadvertently left logged in while the person was at lunch to make the 
defamatory post without his knowledge or consent.  Without some reliable means 
of authentication, such as PGP signing, how are you going to prove that the 
person named as the poster really posted it?  Inserting a remailer into this 
scenario only adds an additional link to an already tenuous chain of evidence.

> :Moreover, if the plaintiff has attained the status of a "public figure", he  
> :has to prove additionally that the defendant KNOWINGLY and MAILICIOUSLY  
> :published FALSE information.
>  
> That too would be easy in USENet.  I say you did something you didn't do.  You
> say "post evidence or shut up".  I say it again or even just follow up to your
> "post evidence or shut up" message and I'm doing it knowingly.

The person could easily justify saving the evidence to be used in his defense 
for a courtroom rather than revealing it on usenet, though.  A "post evidence 
or shut up" challenge really does nothing to put a person on notice that his 
claims are false.  It's always possible that the statements were true and that 
the challenger is bluffing in the hope that the accuser really has no 
evidence.  Remember, the test is whether the poster KNEW his statements were 
false.
 
> :  Thus, if you said that Clinton sexually harassed
> :Paula Jones, it's unlikely that the President could sue you and win. He'd have
> :to prove that you knew the accusation was false and made it anyway with
> :malicious intent.
>  
> But if you're Paula Jones and it's proven that what you accused didn't happen,
> you could be sued by the President.

True.  I was talking about the case of a third-party who could have been
acting on his belief, perhaps wrong, that Paula Jones was telling the truth.

Apply the rationale you previously suggested to this case.  Suppose I say
that Clinton sexually harassed Paula Jones and he challenged me to "post the
evidence or shut up".  Would that demand obligate me to shut up?  Would it
somehow put me on notice that Clinton was innocent?  I don't think so.

> :> Hotmail DOES know who signs up and uses their mail service (at least the
> :> connection information such as IP and provider.
> :
> :That's probably reason enough for someone who truly needs anonymity to avoid
> :such a service.  The problem is that once it's known that the identifying
> :information exists somewhere, the keeper of that information becomes a
> :target for coercion, bribery, hacking, burglary, etc.
>  
> Only if someone uses their site in an abusive fashion.  Like any other 
> service.

I would not assume the motives of a person willing to engage in such tactics
to be honorable ones.  It could just as easily be a person out to exact
revenge on a whistleblower.  Look at the person who blew the whistle on the
tobacco industry.  Imagine if he'd done it anonymously.  Imagine if the next
person in that position decides he doesn't want to become a target by
revealing his identity.  It's hardly a case of using a site in an abusive
fashion, but it still might get the attention of someone wanting desperately
to identify and silence a "trouble maker" like that.

Requiring a remailer operator to store data that could later be used to
prosecute an accused criminal also makes that same data vulnerable to 
compromise by those with no legally defensible need to gain access to it.
A "black bag job" is often more expedient than going through the proper legal
channels.
 
> :> There's still no way to do something even if the law has already been broken. 
> :
> :If someone has already been convicted of an offense that involved the
> :internet, it might be possible to suggest that one condition of any probation
> :or parole be to avoid using the internet, similar to what happens when one is
> :convicted of drunk driving.  Many jurisdictions allow victim input into the
> :sentencing/parole process.
> :  
> :(I'm not advocating this, merely pointing out that it's possible.)  
>  
> You skipped the apprehension and prosecution  and jumped to after sentencing.

I assumed that apprehension and prosecution would precede sentencing.  You did
state that "the law has already been broken", and that is a decision for a 
judge and jury to decide, so I assumed that it had already been made in a 
trial.
 
> :The problem is that devising workable solutions to problems that don't yet
> :exist is much more difficult that resolving problems that do already exist.
>  
> Many say the problem does exist.

I was dealing with Politas' specific concern.  Not only did he state that the
problem didn't exist, but he doubted that it ever would be a problem FOR HIM.  
I made no attempt to generalize the answer, only deal with Politas' concerns 
that were motivating his call for changes.
 
> :And that's doubly true if the person refuses to implement the preventive
> :measures already suggested.
>  
> He can still only implement _SOME_ measures.  Others are beyond his control.
> He can't make the other person stop posting false information.

I'm not sure about Australia, but that's true in the United States.  The
Supreme Court has ruled that prior restraint, based on what someone MIGHT do,
is an unconstitutional infringement upon freedom of speech.

> :  It's sort of like saying, "Why should I be careful 
> :with that hot coffee?  I'll just wait until it spills and injures me, then  
> :I can sue someone!" 
>  
> Only true for those things under his control.  If the "attacker" never sends
> him an email, it'd be hard to argue that the fact that he didn't block his
> email address proved he didn't protect himself. 

And I've never been injured by spilling hot coffee in my lap either, but
common sense dictates that I should take reasonable precautions to prevent it
before it happens.  You presumably lock your front door when you leave, even
if you've never been burglarized, right?

Remember, we're operating from Politas' premise that the only people who use
anonymous communications are "criminals", so unless he has some reason for
wanting to hear from "criminals", HE has no excuse not to pre-emptively block
anonymous mail.  YMMV, of course.
 
> :I do too.  But his premise was used to support his suggested remedy.  If an
> :anonymous user is NOT presumed to be a criminal, then you can't justify
> :treating him like one.
>  
> I still wonder about what to do about "suspects" on the net.  How do you
> investigate one suspected without harming those NOT suspected?

If by "suspect" you mean someone that you have REASONABLE CAUSE to believe
is committing a crime, you have a number of legal remedies.  A US Attorney
could get a search warrant for the suspect's computer(s), subpoena his ISP's
access logs, perhaps even request a wiretap on his link to the internet.  In
a civil case you'd have to do the legwork yourself, but I'm sure that many
of the same tools are available.

But if you had an identifiable suspect in mind, then his attempts at
remaining anonymous would have been for naught.  Maintaining one's privacy
requires more than just technology.

If you didn't have probable cause, but had narrowed it down to a short list
of potential culprits, then you might wish to engage the services of a private
investigator with expertise on the internet to assist you.  (You could also
hire your friendly neighborhood hacker for a lot less, but you'd be assuming
a lot more liability for any illegalities in his "investigation" than you
would in dealing with a licensed, bonded professional.)
 
> :Take "libel", for example.  Let's suppose a law were enacted today to make
> :defaming the President of the United States a criminal offense.  How much
> :success do you think you'd have in forcing a remailer in Libya or Iraq to
> :aid in hunting down such an offender?
>  
> None.

That was my point.  Politas' contention that remailers were being used to
perpetrate crimes that are prosecutable in EVERY COUNTRY is hard to believe.
There are crimes that fall into that category, of course, but I can't think
of one that's possible to commit anonymously via a remailer.

Most countries, I suspect, would be even less likely to intervene against
an innocent third party, the remailer operator, to subpoena confidential
data for the sake of a civil matter between two foreign individuals.

The lessons of the Church of Scientology vs. Julf debacle have hopefully
been learned and it won't easily be repeated.  The fact that a single
(vulnerable) individual stood between a dissident poster and a litigious 
organization served as a wake-up call to many remailer users.  Many will now 
accept nothing less than REAL anonymity, not the snake oil "trust me, I'm from
the government" approach to privacy and personal security that some want.
 
- ---
Finger <comsec@nym.alias.net> for PGP public key (Key ID=19BE8B0D)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBNJ6iggbp0h8ZvosNAQHAHgf/SpLYO7EUHMg4Efh7jctXF04R3Aww5h8M
QAWCv5vOSe/AOQ79303lMNRDeaiU5d5fN+3LyGAEEa+RujZ5s+YGALhDq54Vmjdi
Zrq6UXdB4geFWvbm3vU2ODYIEAAPvxxQj6heL6zUvbjkBj5BwCxng7vCsp+uMa0L
N7rRnx4MxblzxRzi/9ypniOHAHWPRr+1y6JTID1mxEy2TxfB7le4zL2nrh0b0SdH
pPtCoxi4qwA+khPDqbZl0OSIj5DIar8LW862Zkk9fBPrxBKMGAoKx/V6K8VM2Rqg
9XUtEdRuETfL/TyGEG7aEFw0DEwdeflEGGrkVmls1pYzH17/5fqc2Q==
=phEE
-----END PGP SIGNATURE-----






Thread