From: Hal <74076.1041@CompuServe.COM>
Date: Wed, 3 Mar 93 10:45:08 PST
To: CYPHERPUNKS <CYPHERPUNKS@toad.com>
Subject: REMAIL: Juries...
Message-ID: <930303173253_74076.1041_DHJ77-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


Tim Moors offers an interesting suggestion that a jury should be used
to decide when a remailer operator should pierce the anonymity of an
especially egregious poster.  But I could see a way this could fail.

If a post really is terrible, one might expect the poster to have taken
some extra precautions.  What if Tim's jury starts up, deliberates,
argues, goes back and forth, and finally decides that the real email
address of the poster should be revealed.  When this is done, it may
well turn out that the original email address was forged, or was another
remailer which doesn't keep logs!

This would mean that no replies to the message would have worked, but
if the posting was harmful enough the poster might have been willing
to give up the capability to receive private replies (he can always
read followup postings on the newsgroup).

In a case like this, all the effort on the part of the jury would have
been wasted.

We should also realize that, in a sufficiently bad case, there may
well have been law enforcement involvement, anyway.  If the harm is
"real world" (not just something net folk would object to) then the
jury activity may be superfluous, as court orders could have been used
to force the remailer to reveal his mappings.

I wonder, though, if Tim's jury could be married with Marc Horowitz's
idea to have remailer operators support anonymous posting only from
"approved" pseudonyms.  Marc's idea was that people would literally
buy approval of given digital pseudonyms (e.g. public keys).  This
approval would be granted by the operator(s) themselves, or buy some
other agencies, and would be shown by a public log of signed pseudonymous
public keys.  Each message through the remailer would have to be digitally
signed by one of these approved keys.

(The approval process would be _completely anonymous_, that is, there
would be _no_ correspondence between real identities and approved
pseudonyms.)

Then, if someone posted abusive messages, their approval could be cancelled.
Their digital pseudonym (e.g. public key) would be removed from the list
of approved "nyms" (I like Eli's shorthand).  This way they could not
post any more, at least unless they were willing to spend more of their
hard-earned money to buy approval of another nym.  This way we get the
parallels to the postal service.

If the approval agencies donated their earnings then this would not
represent commercialization so it could even be done today.

(Another thought along these lines would be to use Karl Barrus' digital
bank to buy approval.  I'm not sure this would work, but it's worth
considering.)

One weakness of Marc's proposal was what criteria would be used to yank
approval of nyms.  A person might be reluctant to pay real money for
an approval certificate if he knew that it could be removed just because
some blowhard complained about one of his postings.  And remailer operators
would be constantly forced to make judgement calls (as I gather Julf is
today).

Perhaps Tim's juries could serve this purpose.  People would get their
approval certificate removed only upon a jury's recommendation.  The jury
could even be specified in advance, composed of respected but fair members
of the net community.

If people had this kind of assurance that their posting privileges would
be lost only under a fair system like this, they would be more willing to
pay for an anonymous posting certificate.

Hal Finney