1998-01-11 - Re: Eternity Services

Header Data

From: Tim May <tcmay@got.net>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: b5e2fc621f96d337ac2f0b580568322c5e8aaa41d8091ead7bca5090b158bdb4
Message ID: <v03102801b0df03d95cd4@[207.167.93.63]>
Reply To: <v03102800b0deac61cffd@[207.167.93.63]>
UTC Datetime: 1998-01-11 23:52:03 UTC
Raw Date: Mon, 12 Jan 1998 07:52:03 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Mon, 12 Jan 1998 07:52:03 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Eternity Services
In-Reply-To: <v03102800b0deac61cffd@[207.167.93.63]>
Message-ID: <v03102801b0df03d95cd4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 3:06 PM -0800 1/11/98, Adam Back wrote:

>Archiving USENET as a separable enterprise which charges for access
>(altavista for example charges via advertisements) seems less
>problematic than directly trying to build a database of controversial
>materials.  Archiving it all partly reduces your liability I think,
>because you are not being selective, you just happen to have a
>business which archives USENET.  However there are two problems with
>this: a) volume -- USENET daily volume is huge; b) the censors will
>ask you to remove articles they object to from the archive.

News spool services are already showing signs of getting into this "Usenet
censorship" business in a bigger way. Some news spool services honor
cancellations (and some don't).  Some don't carry the "sensitive"
newsgroups. And so on. Nothing in their setup really exempts them from
child porn prosecutions--no more so than a bookstore or video store is
exempted, as the various busts of bookstores and whatnot show, including
the "Tin Drum" video rental case in Oklahoma City.


>The solution I am using is to keep reposting articles via remailers.
>Have agents which you pay to repost.  This presents the illusion of

This of course doesn't scale at all well. It is semi-OK for a tiny, sparse
set of reposted items, but fails utterly for larger database sets. (If and
when Adam's reposted volumes begin to get significant, he will be viewed as
a spammer. :-) )

>> - CD-ROMS made of Eternity files and then sold or distributed widely
>
>This is an interesting suggestion, but surely would open the
>distributor up for liability, especially if copyright software were
>amongst the documents.  Were you thinking of
>

The CD-ROM distribution is just a side aspect, to get some set of data
widely dispersed. For example, if the data base is of "abortion" or
"euthanasia" information (a la Hemlock Society), which various parties want
suppressed, then handing out freebie CD-ROMs is one step.

Many examples of this: Samizdats in Russia, crypto/PGP diskettes handed out
at conferences (was Ray Arachelian doing this several years ago?), and
various religious and social tracts. Obviously, this is what broadsheets
and fliers are designed to do. Self-publishing in general.

If the intent is to collect money for the data base accesses, then of
course other considerations come into play.

(Critical to these "Eternity" things is a good model of the customers, the
reasons for the data, etc.)



>> - purely cyberspatial locations, with no know nexus
>>
>> (I point to my own "BlackNet" experiment as one approach.)
>
>This is the best option.  Make it entirely distributed, so there is no
>nexus, period.  cyberspacial -> meatspace mappings are often easier to
>trace than we would wish, especially where there is continued usage
>(for example there are various active attacks which can make progress
>even against mixmaster remailers).  This is the weak point of my
>reposting agent, be that human, or automated.

My model, contained in the actual working software (*), allowed customers
to pick some topic, enclose a public key and payment, use a remailer to
post, then collect the information some time later. Using Usenet, but not
by reposting the actual data. Only pointers.

(* I say "working" in the sense that the concept was very easy to
demonstrate just by using PGP and remailers. Not much more than what I
demonstrated in 1993 would be needed to deploy a real system. Except for
one thing: true digital cash. Not the bullshit one-way-traceable stuff that
Chaum and others are now pushing, but the original, online-cleared or
escrow-cleared form, a la the work of Goldberg et. al. For some of these
applications, below, simple token- or coupon-based schemes might work
adequately.)

How these models will work using existing infrastructure (Usenet,
remailers, Web proxies, etc.) depends on some factors. It might be useful
to consider some benchmark applications, such as:

1. Anonymous purchase of financially important data. (A good example being
the Arbitron ratings for radio markets...subscription to Arbitron is quite
expensive, and posting of results on Usenet is prosecuted by Arbitron. A
good example of a BlackNet market.)

2. Anonymous purchase of long articles, e.g., encycopedia results...

(I'm not sure there's still a market for this....)

3. Anonymous purchase of "term papers." (A thriving market for ghostwritten
articles...already migrating to the Web, but lacking adequate anonymizing
methods.)

This is an example of a very large data base (all term papers on file)
which cannot possibly by distributed feasibly by Usenet.

And so on...lots of various examples.

The whole Eternity thing is interesting, but we haven't made a lot of
progress, it seems to me. (I distributed a proposal a bit similar to what
Ross Anderson was proposing, a proposal more oriented toward making a
_persistent_ Web URL for academics and lawyers to reliably cite, with less
of the "404--File Not Found" sorts of messages, the things which make the
Web largely unusable for academic and scientific citations.)


>> It is also likely in the extreme that a working Eternity service will
>> quickly be hit with attackers of various sorts who want to test the limits
>> of the service, or who want such services shut down.
>
>I agree with this prediction.  Remailers have seen this pattern, with
>`baiting' of operators, and apparently people posting controversial
>materials and reporting the materials to the SPA or others themselves,
>etc.

Yep, it's hard to disagree with this. Any centralized "Eternity service"
will be hit with various kinds of attacks in quick order.

Building a data base, as Ryan comments seem to indicate he is mostly
interested in doing, is the least of the concerns.

--Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








Thread