From: Tim May <tcmay@got.net>
Date: Mon, 12 Jan 1998 01:43:49 +0800
To: Ryan Lackey <cypherpunks@Algebra.COM
Subject: Eternity Services
In-Reply-To: <tw73eivi7t4.fsf@the-great-machine.mit.edu>
Message-ID: <v03102800b0deac61cffd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain




I haven't been following the latest round of "Eternity" discussions. I
gather that Ryan's efforts are distinct from Adam Back's efforts, which are
themselves distinct from the seminal Ross Anderson researches (for example,
at http://www.cl.cam.ac.uk/users/rja14/eternity/node4.html).

But Ryan's comments leave me with some questions:


At 3:11 AM -0800 1/11/98, Ryan Lackey wrote:

>If I find investors/customers/etc. by March-July 98 for Eternity DDS, though,
>I'm planning to buy 8 DEC AlphaPC motherboards with dual 21264 processors.
>Some pieces of Eternity DDS are now being implemented in Oracle for
>speed of implementation reasons, and other pieces are being prototyped
>in Scheme (maybe), so even my K6 is getting hammered.  Plus, I'm now testing

Will these be located in the U.S.? Will their locations be publicized? Will
any offshore (non-U.S.) locations be publicized?

Any file system which can be identified as to *location in some legal
jurisdiction*, espeically in the U.S. but also probably in any
OECD/Interpol-compliant non-U.S. locations, will be subject to COMPLETE
SEIZURE under many circumstances:

* if any "child porn" is found by zealous prosecutors to be on the system(s)

* if any "national security violations" are found to be on the system(s)

* if the Software Publisher's Association (SPA) decides or determines that
the Eternity systems are being used for "warez" or other copyright
violations.

In addition, the file systems may be "discoverable" in any number of other
legal situations, and of course subject to subpoenas of all sorts. And
subject to court orders to halt operations, to participate in government
stings, and so on.

Basically, anything a remailer in some country may be subjected
to--lawsuits by Scientology, kiddie porn charges, espionage charges,
etc.--will be something an Eternity server is also subject to.

Except that an Eternity file system is more clearly just a file storage
system, like a filing cabinet or a storage locker, and hence is readily
interpreted in courts around the world as something that law enforcement
may seize, paw through, admit in court, etc. (Remailers are slightly better
protected, for both reasons of "transience" and reasons of some protection
under privacy laws, the ECPA, etc. We have not seen any major court orders
directed at remailers, but I expect them soon. In any case, a file system
containing "warez," child porn, corporate trade secrets, national security
violations, defamatory material, etc., would not be ignored for long.)

So, the talk about the hardware of all these Alpha servers raises some
interesting questions.

I would have thought that a much more robust (against the attacks above)
system would involve:

- nodes scattered amongst many countries, a la remailers

- no known publicized nexus (less bait for lawyers,  prosecutors, etc.)

- changeable nodes, again, a la remailers

- smaller and cheaper nodes, rather than expensive workstation-class nodes

- CD-ROMS made of Eternity files and then sold or distributed widely

- purely cyberspatial locations, with no know nexus

(I point to my own "BlackNet" experiment as one approach.)

It may be that the architectures/strategies being considered by Ryan
Lackey, Adam Back, and others are robust against the attacks described
above.

Basically, if the Eternity service(s) can be traced back to Ryan or Adam or
anyone else, they WILL be subject to court orders telling them to produce
certain files, telling them to cease and desist with regard to certain
distributions, and so on. Even raids to carry off the entire file system
for analysis will be likely.

Consider the Steve Jackson Games case, the Thomas/Amateur Action case, the
Riverside/Alcor case, and other raids which have seized computers and file
systems. Though some of these were later overturned, there was no general
protection granted that a file system, which is like a filing cabinet (of
course) is miraculously exempt from court action.

It is also likely in the extreme that a working Eternity service will
quickly be hit with attackers of various sorts who want to test the limits
of the service, or who want such services shut down. Thus, expect all kinds
of extremely controversial material to be posted....granted, this is a
"reason" for such services, but see how long the system lasts when it
contains child porn, Scientology secrets, lists of CIA agents in Europe,
copies of Microsoft Office for download, and on and on.

And even a decentralized, replicated system will of course still expose the
owner/operator in some jurisdiction to his local laws. (As Julf was exposed
to the laws in his country, and that was just the tip of the iceberg.)

Eternity nodes must not be identifiable, and their locations must not be
known. Anything else is just asking for major trouble.

Comments?



The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."