From: bill.stewart@pobox.com
Date: Wed, 14 Jan 1998 09:49:12 +0800
To: Ryan Lackey <rdl@mit.edu>
Subject: Re: Eternity Services
In-Reply-To: <v03102806b0df4ce0852e@[207.167.93.63]>
Message-ID: <3.0.5.32.19980113091745.00856d80@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



hAt 12:49 AM 1/12/98 EST, Ryan Lackey wrote:
>[Tim May wrote:]
>> I am surprised, I have to admit, that Ryan is talking so much about raising
>> money, getting investors, etc., when no _working model_ of his scheme has
>> been deployed for people to play with, find weaknesses in, etc.
>
>No working model has been deployed by me as of yet.  However, most of the
>components are "solved problems", with existing working models.  Worst case,
>it would be possible to accomplish equivalent functionality by linking
>these by remailers and hoping no one shuts down the remailers.

My guess is that the technical aspects are relatively solvable,
at least if the market comes through with reasonable digicash.
The technical design can be fun, and lots of pieces exist.
The "Don't Quit Your Day Job" (or in this case, school) criteria are 
harder - doing the business plan that makes a reasonable case that
1 - Service Providers using your model can make money
2 - You personally can make money
3 - Potential investors (including you) can make money
	funding the development
Three obvious business models for you and your investors are
2a - Operate the service yourself, hiring people or renting space
	in as many countries as you need for safety/reliability
2b - Sell/license the software to commercial providers
2c - Freeware, perhaps with some way for you to get advertising revenue
	or at least sufficient fame to get consulting business.

Which combinations of these options can achieve wide usage depends
a lot on your models of users of the system; some of those models
are moneymakers, some aren't, some are safe, some are dangerous,
and some just attract a sleazy clientele.  Here are a few models

- public, permanant, non-controversial - the archive business
	for URLs for academic papers, news services,
	and possibly for contracts, wills, court documents, etc., 
	which may have some privacy (e.g. an encrypted document 
	showing the owners and keyids) or may not be indexed.
	This model is easy, and the only reason you need
	to franchise the business rather than running it yourself
	is to increase the confidence of the users that the
	service will be permanent.  The obvious financial model
	is that computers and storage become cheaper every year,
	so the cost of 100 years of storage is probably only
	25-100% higher than 5 years of storage.  The costs of retrieval
	are different from the costs of storage; you may do something
	like advertising banners to handle frequent-retrieval vs.
	occasional-retrieval material, or charge directly per hit, etc.

- public, permanent, controversial - political manifestos,
	samizdata, Singaporean chewing-gum recipes, 
	formerly secret documents of governments and businesses.
	Spreading across multiple jurisdictions is
	critical here, but governments do cooperate enough
	that few places are safe for everything.  For instance,
	a Finnish court might order a server to stop publishing
	copyrighted Scientology documents based on a US court order;
	anything copyrighted needs to be hosted by non-Berne-convention
	locations.  I don't know how cooperative governments are about
	libel suits from other jurisdictions; "libel against governments"
	is clearly a different case from regular personal libel.

- non-indexed semi-public medium-term controversial -
	porn servers, warez, credit reporting services, and the like.
	By "non-indexed semi-public", I mean things that you can
	retrieve if you know the name and maybe have a password,
	but can't retrieve if you don't, and maybe they're encrypted.
	Some of them may be revenue generators for the storage customer
	(e.g. they've got advertising banners, or they require digicash
	to be collected somehow, or maybe there's a password-of-the-month
	needed to decrypt them, which is sold separately from distribution.)
	Here you need to worry about attacks, since pictures that are
	legal in LA or Paris may be illegal in Memphis, Tokyo, or Riyadh,
	and transaction data that's legal in Anguilla may violate
	data privacy laws in Berlin or fair credit reporting in Washington,
	and warez that are gray-market in Beijing may get you jailed in
	Redmond (while the porn that's legal in Redmond may get you 
	jailed in Beijing.)  
	You also have to worry about targeted attacks - the government
	that can't stop you from publishing the Anti-Great-Satan Manifesto
	can go plant child porn and stolen Microsoft warez on your server
	to get you shut down in your home country.

- non-indexed semi-public medium-term non-controversial -
	encrypted corporate backups and the like.  If you've implemented
	things right, a subpoena for all your files worldwide still
	won't let anybody find a useful piece of non-indexed data,
	but can still let anybody with the name and password recover it.
	Indexing becomes the job of the user; the index for a user
	is just another data file.  This may be where you make the 
	legitimate money, if you can convince enough businesses to
	use your services, and where you provide the cover traffic
	for the controversial material.
				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639