1997-12-23 - Re: Accountability and Traceless Remailers

Header Data

From: Charlie Comsec <comsec@nym.alias.net>
To: cypherpunks@toad.com
Message Hash: e8ad1083d35949b326de2903791b83357c83cb2cae93e741f4cab23854cf2f29
Message ID: <19971223154002.22967.qmail@nym.alias.net>
Reply To: <349fc1b7.510925872@news.cbr.aone.net.au>
UTC Datetime: 1997-12-23 15:47:37 UTC
Raw Date: Tue, 23 Dec 1997 23:47:37 +0800

Raw message

From: Charlie Comsec <comsec@nym.alias.net>
Date: Tue, 23 Dec 1997 23:47:37 +0800
To: cypherpunks@toad.com
Subject: Re: Accountability and Traceless Remailers
In-Reply-To: <349fc1b7.510925872@news.cbr.aone.net.au>
Message-ID: <19971223154002.22967.qmail@nym.alias.net>
MIME-Version: 1.0
Content-Type: text/plain




-----BEGIN PGP SIGNED MESSAGE-----

politas@dynamite.com.au (Politas) wrote:

> >Then what's the point of going to all the trouble of tracking someone down if
> >you're unwilling or unable to take appropriate legal action against him
> >after he's found?
>  
> Well, you don't (can't) know that until you find the responsible person,
>  can you?

You're missing the point.  You would have already made that decision before
you started the ball rolling.  By your own scenario, you'd already have filed
a court case and presented PROBABLE CAUSE that the law had been violated in
order to convince a judge to start issuing subpoenas, etc.

Do you really think the legal systems of several sovreign countries would go
to all this effort to identify a person that you only *MIGHT* want to sue?
If you caused all this expense and then decided not to sue, they'd be well 
justified in BILLING YOU for all the costs incurred.  Short of an outright 
criminal act where the government intervenes and prosecutes, in most civil 
cases it's customary for the accuser (plaintiff) to pay all of the costs in 
advance, then attempt to collect them from the defendant.  If you file a 
frivolous case, then later drop it, you're still stuck with paying the fees.

What's more, if you do all that, the person you tracked down (but never proved
any wrongdoing against) would have a perfect case to countersue you for
invasion of privacy.
 
> >I don't recall ever saying that.  How do you run a person out of
> >an unmoderated NG?
>  
> By continually posting attacks and offensive material under different
> nyms.

If you're easily offended, then an unmoderated usenet NG is not the place for
you.  I don't think you could ever enact enough laws to force people to be
nice to each other.
 
> >Nor do I understand the "who refuses to be killfilable" part, either.  How can
> >someone you don't even know control your killfile?
>  
> If someone keeps changing their nym, it is impossible to killfile them.

Then your beef is with ISPs like Netcom and AOL, not the remailers.  AOLers can
change screen names at will, and Netcom subscribers are free to put just
about anything in the From: line that they choose to.  I'm just citing two
examples.  The vast majority of the people giving usenet a bad name are doing
so with non-anonymous accounts at ISPs that couldn't care less what their
users say or do.  As I said before, just visit some of the usenet NGs where
people are being called "pedophiles" by people posting under their own user
IDs from well known ISPs.  That's about as clear-cut case of libel as you're
going to get (unless everyone so accused really is a pedophile) and yet I'll
bet that if I complained to the ISPs that nothing would be done.  I have no
reason to do so, but it's hard to believe that somebody hasn't complained by
now, and yet the flamers still have their accounts.  If the present system
is incapable of dealing with identifiable offenders, why worry about the few
anonymous ones among them?  Presumably if you track an anonymous poster down 
to an account at one of these ISPs, you'll be no better off than with those 
who now do the same thing openly.

You've also now switched the subject from arguably illegal behavior to that
which is merely annoying.  I'm not even sure that accusing a person of child
molestation in the context of an ongoing flame battle constitutes a winnable
case of libel, but it's the closest I can come.

> It doesn't stop you calling the police, it just stops them being able to
> do anything.

That's still your decision.  But if the person isn't "worth suing" by whatever
standards you use, then it doesn't matter whether he's anonymous or not.
 
> >Using a remailer does not make a person unidentifiable, just untraceable.
> >There is a difference.
>   
> What??????  How can I identify an anonymous poster if I can't trace
> them?  How can I use their posts as evidence if there is no way to trace
> those posts back to them?

That's like saying that you can't identify a masked bank robber just because
you didn't see him drive up and happen to take down his license number.  Bank
robbers are convicted all the time, even if they couldn't be identified at the
scene.  They were overheard planning the crime before hand.  They were caught
bragging about it afterwards.  They were caught spending the stolen money.  A
few stupid ones even visited the bank again without a mask to transact normal
business and a teller recognized their voice.

Thus, it is possible to deter and prosecute bank robbers without fingerprinting
everyone who merely walks into the bank.
 
> >Banks are a poor analogy, because anonymity is more analogous to paying cash.
> >When you sign your name to a check, you're already identifying yourself.
> >Banking is an inherently identity-based institution.  You're asking someone
> >to trust you, and it's up to you to prove yourself to be trustworthy.
>  
> Email and news postings are also inherently identity-based.

You'd like them to be, but they aren't.
  
> >A check is made valuable or worthless by virtue of the validity of its
> >signature.  Ideas can be evaluated on their own merit, just like paper
> >currency can.  I don't need to see two forms of ID to determine whether that
> >$100 bill you just handed me is genuine or counterfeit.
>  
> Look, you were saying that remailers storing ID information is treating
> people like criminals, and is unacceptable.  

No, I'm saying that FORCING remailer operators to collect this information
from their users is unacceptable.  The banks are doing what they believe to
be in their own best interests, just as the remailers are.

> I am saying that it is
> obviously acceptable for other institutions providing services to store
> a lot more information.  You aren't saying that banks are behaving
> unacceptably in storing ID information, so why is it unacceptable for a
> remailer to store far less information?

What you're proposing is like refusing cash and requiring that people pay via
traceable check.  I'm proposing giving people the option of doing either.  If
you don't want to accept cash in payment, nobody will force you to.  But don't
impose that rule on everyone else.

> >The solution being what?  Surrendering freedom for the sake of supposed
> >security?  I don't see that there is necessarily a dilemma between protecting
> >victims versus preserving the freedoms of average citizens.
>  
> Anonymity is not a right.  It is a privilege that can be granted by a
> person in a position to do so.  It is a privilege that should be able to
> be taken away if it is abused.

Under Australian law, perhaps, but not US.  We have a "Bill of Rights" here,
not a "list of optional privileges".  Our Supreme Court has already ruled
that anonymous speech is protected under the First Amendment to our
constitution.  Yes, free speech can be revoked if it's misused, but that's
only AFTER an offense has occurred and a proper restraining order has been
obtained.  What you're proposing requires a breach of one's privacy BEFORE 
any law has been broken.

> >It seems that every solution I offer Politas' is countered with a "yeah, but
> >what about .... " objection.  In an imperfect world, government cannot
> >completely protect people from themselves.
>  
> Society is all about protecting people from others, not themselves.

Maybe Australia didn't experiment with such things as Prohibition, then.
 
> >I'm really trying to understand what Politas' wants, but it's difficult.  I've
> >suggested several solutions to his hypothetical problems that don't infringe
> >on the freedoms of the innocent, but each is quickly rejected.
>  
> All your solutions involve the victim suffering for the acts of the
> perpetrator.  That is hardly justice.

Neither is the alternative.  You don't punish a person until AFTER he's been
convicted.  You say "anonymity is a privilege", but your proposal doesn't even
allow that.  How can I be ANONYMOUS if I have to IDENTIFY myself first?  I'd
lose the privilege before I even received it.  If I have to tell somebody who
I am, then I'm not anonymous.

> What I want is accountability.  If you are doing something wrong, you 
> should be accountable for it.  It is an underlying thread to all systems
> of justice.

In most free countries, the burden of proof is on the accuser.  What you're
proposing is like demanding that since you feel that your neighbor is a
"suspicious character", he ought to be required to wear an electronic device
at all times so that *IF* he should do something wrong, he can be traced.  That
technology exists, but it's only used after a person has been convicted and is
then released on probation or parole.

There's nothing in your scenario that couldn't be put in place AFTER you'd
shown probable cause that a law was being broken via a remailer.  The picture
that both you and Gary have painted is of a repeated pattern of offenses.
If you could demonstrate that the law was being broken, you could get the
proper courts to order that this tracing be instituted, for a limited period
of time, until the culprit was caught or the wrongdoing ended.  Why subject
all remailer users to this in advance just in case something MIGHT happen?
BTW, I'm not endorsing this compromise idea, just pointing out that less
onerous measures exist than what you're suggesting.
 
> Your solutions are the equivalent of saying, "Well, if you don't go into
> that part of town, you won't get mugged again."

You're changing the scenario.  It's more like going into a country where
Australians are unpopular and being called names.  You have your choice of
returning to that country or not.  Usenet is not in such a state that when
somebody calls you names on the playground you can call in a NetCop to
make those mean kids stop calling you names.

Even under you proposal, I doubt that you'd find a single country where
remailers are allowed to operate that would force a remailer operator to
violate a user's privacy over a usenet flame attack.

If you wander into a NG where someone doesn't like you, you can either stick
around and defend yourself, flame the person back, or move along.

Now what sort of usenet "mugging" did you have in mind that you think ALL the
governments under which remailers operate would be willing to exert their
legal clout to identify and prosecute the perpetrator?  Can you cite one
example, perhaps, of a real case in which your proposal would have been
effective?

- ----
Finger <comsec@nym.alias.net> for PGP public key (Key ID=19BE8B0D)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBNJ/C2Abp0h8ZvosNAQGUTwf9FEwJBEjD6HZsYXAaKzTKJMeVOUYoK7z2
/zEU9jNpCrdCO2Fm3TryB7nXHiJyV2HlqUHijgnoYGQsJBeTIKqtpIMG60z4Oi6F
THH9ke2bhQmfhkAgWHEZpjj7873mpL50r5lmBrSnwuBkUPejAa3JGR5XFLY4mHau
Rxcl+41vyW4YA6AN2IT7F/JFe1YBQLc/i6jgI01ATzEKtRxg0sOfOxiceRm5J6ke
CQhmb2ISG2yWetZFH6CY1vslz+6j/bTG9nPGc31LhfPSqLMFKNjlPsuiA11K6Un1
+9bofYFXm/HGvxqqmi4pKnV/D0eSYpUqb2krO+EIdOZaVhv5L9HJHA==
=Rl46
-----END PGP SIGNATURE-----






Thread