From: smb@research.att.com
To: cypherpunks@toad.com
Message Hash: a6bca8a4482ba64348e606bfdd09c3a232902515f92e1f8918abaf3a7be4f63d
Message ID: <9310181804.AA11971@toad.com>
Reply To: N/A
UTC Datetime: 1993-10-18 18:07:15 UTC
Raw Date: Mon, 18 Oct 93 11:07:15 PDT
From: smb@research.att.com
Date: Mon, 18 Oct 93 11:07:15 PDT
To: cypherpunks@toad.com
Subject: jrk@sys.uea.ac.uk (Richard Kennaway)
Message-ID: <9310181804.AA11971@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
I have a fairly strong bias these days towards staying out of meta-
discussions on mailing lists and newsgroups, and primarily contributing
when I have some particular expertise I can bring to bear. I'll break
that rule now...
There's a persistent tendency on this list to confuse technical
feasibility, political feasibility, and ultimate desirability. The
whole business about pseudonyms is a good example.
Guess what -- the ability to use pseudonyms is not new. Yes, the Net
makes it easier, but they're far from rare in the ``real world''. The
potential for abuse is obvious -- and that's why the government has
tried to make it harder and harder to create truly-functional aliases,
to the point of criminalizing many aspects of it.
Nor is the concept of an anoymous spending mechanism new. We speak of
``digital cash'' for a reason -- its essential properties are modeled
on those of real cash. Of course, when real cash became problematic
for the government, they did the obvious -- they promulgated laws and
regulations regarding what you can do with it (i.e., the rules on forms
to be filled out when leaving the country, the bank rules on large cash
transactions, etc.).
Are any of these laws 100% effective? Or even substantially
effective? Of course not -- but they've accomplished two things. One,
they've raised the ante for playing certain games that the government
doesn't want played. Two -- and probably more important -- they've
provided the government with a new weapon to use against you. Can't
convict Al Capone of racketeering? No problem; just charge him with
tax evasion.
So it is with the net. When email and digital cash become social
forces in the larger community, as opposed to our electronic
subcommunity, you'll start to see more regulation. It might not even
be purely governmental; the large companies that want to run ``the''
net have their own agendas, which concern things like large profits and
keeping the government away, and have little to do with privacy.
Remember Prodigy? I haven't noticed that it's lacking for customers
because of their policies. Or -- envision, if you will, an ukase that
the FCC will regulate the Internet, and that anyone who wants to
connect will have to agree to an acceptable use policy that includes
the requirement that all mail be digitally signed, both by the
individual and by the site, and that mailers enforce this requirement.
Can't happen?
Nor do I think that ``offshore data havens'' will help. Apart from the
fact that most major governments are basically in accord on the
question of who makes the rules (them, not the people -- or did you see
any governments denouncing Clipper? I saw lots of endorsements), there
is a potent weapon that can be used: mandatory disconnection from the
net for any country that doesn't co-operate enough. (Even the famed
Swiss banking system is under a lot of pressure these days on such
issues, and they and the Swiss government are co-operating a lot more
with other countries. Wanna place any bets on creating a whole new
anonymity structure?) For that matter, international bandwidth is a
matter for diplomats as well as technicians; permission to create new
circuits will simply be withheld. If you doubt me, try placing a call
to Cuba, or to the former USSR. After your Nth ``circuits busy''
message, don't bother asking why the long distance carriers haven't
installed more trunks, when there's obviously a demand for them.
Certainly, there are ways around some restrictions. The inability to
call directly between Israel and the Arab countries has bred call-
forwarders. But to the extent that these have come to official notice
of governments that care to suppress the traffic, they've been shut
down. This is force majeure, friends, not bits on a wire.
Cryptographic technology is an enabling mechanism for various social
changes. It by no means makes them inevitable. Don't delude yourself
on that; the political will to do something is more important when
various alternatives exist. To allude to fiction again, I've heard
people cite Margaret Atwater's ``The Handmaid's Tale'' as an argument
against electronic banking and the like. In the book, at the stroke of
a pen all women's bank accounts were cancelled. But that's the wrong
lesson; the real issue was the governmental decision to take the
action. And throughout the centuries, governments have had no trouble
stripping hated minority groups of their assets, without any need for
computers.
If you want a Brave New Digital World, it isn't sufficient to build the
tools. You also have to convince people that it's a good idea. Oh,
the online world is coming; no doubt about that. But people have to
be convinced that privacy and the like is in their interests, that
it will solve problems that *they* will have. Equally important, they
have to be convinced that it will not create new problems, to their
perception (and the perception may have little to do with reality.
500 -- nay, 500,000 -- channels of digital information to the home
will do nothing to educate those who prefer to learn about the world
from McData Services, or from CBS/NBC/ABC/Fox/AP/UPI. There are
myriad sources of information right now that most folks never see,
because they don't know of them, don't trust them, or just don't want
to bother. Face it, it's easier to let someone else do the editing
-- but then you have to trust them.
Do you want an example? Here's how to shut down an anonymous remailer.
First, find a name for a host that no longer exists. Send a note through
the remailer to someone putatively on that host, making it appear like
a stolen account (bin@foo.bar.edu, or some such). The mail should appear
to discuss criminal activity, and be signed with a name from the proper
ethnic group. The message will be queued forever, of course, and will
likely be stored on the backup tapes for the mail spool directory. Next,
send a message through the remailer to president@whitehouse.gov, threatening
the president. Poof -- the Secret Service *will* come investigating
(those guys have no sense of humor). They may or may not believe that
the planted note is genuine. But they will approach the appropriate dean
to demand that this tool of criminal activity be shut down.
Quick -- how many remailers have the support of the university? How many
boards of trustees -- at state universities, often linked to the government
-- will back them, if the Secret Service ``requests'' that they be shut
down.
The answer, of course, is to have a defense ready in terms that such
people can accept. Show the good remailers can do (i.e., alt.abuse.recovery,
though I know of the controversy surrounding it). Show them as a
paradigm for privacy. And show that abuses are not tolerated by the
community. The recent ``traitor mail'' here is actually a good example.
While there have been refreshingly few calls for limiting anonymity,
there's also been no tolerance for the ideas expressed.
I've gone on too long, and this message has started to ramble. Enough
for now.
--Steve Bellovin
Return to October 1993
Return to “smb@research.att.com”
1993-10-18 (Mon, 18 Oct 93 11:07:15 PDT) - jrk@sys.uea.ac.uk (Richard Kennaway) - smb@research.att.com