cypherpunks-legacy
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
December 2003
- 8635 participants
- 56359 discussions
Hi,
Forwarded message:
> From: "William H. Geiger III" <whgiii(a)amaranth.com>
> Date: Wed, 04 Jun 97 22:31:07 -0500
> Subject: Re: Webpage picketing (fwd)
> I as Joe Sixpack want to goto http://www.bigtits.com
>
> You as goodie-2-shoes want to picket this site.
>
> Inorder to do this you wish to have me goto http://www.NOW.com and see
> their anti-porn page before I can see the bigtits page. (wether I actually
> goto their website or the page is automatically downloaded is irrelevant
> for the disscusion).
Not exactly, I am saying it would be legaly permissible under the same chain
of reasoning that allows picketing at a public sidewalk in front of a
business to extend it to network traffic which traversed a public link in
the chain of nodes between user and server. I am in effect saying the
end point publicly funded servers on a section of publicly funded network,
not the user or the actual target server (who again have no more stake in
this than in an actual picket line - none), would be required to provide
3rd party single pages before serving the actual target of the user based
upon the same sorts of situations that arise in meatland.
Is that clearer?
> Where exactly is it in the constution that say that your free speech
> rights extend to the point where you can force me to read what you have to
> say when I don't want to?
The 1st Amendment, when you are traversing public property, be it a sidewalk
or stretch of network cable. It is simply a matter of strategy and geography
if for you to get to where you want to go you have to go through public
property on which I desire to speak. Neither you nor your intended
destination has anything to say about it.
> I just don't see how you can make this leap regardless of who is doing the
> funding.
Then you don't understand how picketing works. To get to the private store
you must cross public property. The public is free to use that property to
their own ends within the law. The law allows, through the 1st Amendment,
anyone to stand on that public stip and make certain claims about adjacent
private parties. Hell, you can legaly picket a private individuals house as
long as you do it from the sidewalk - which by extension means that they
could specificaly picket your personal server if they desired as long as
they did it from a publicly funded stretch of network.
> I'll leave the numerous analogies alone for a latter post. I just don't
> see where anyone has the right to tell me what I must read.
As long as you are not using everybody elses money (ie public funds) to get
there they don't. But your not wanting to see the picketers in front of
Bookstop on the sidewalk in no way impacts their right to be there and your
total impunity to do anything about it legaly short of picketing yourself.
_______________________________________________________________________
| |
| Speak the truth, but leave immediately after. |
| |
| Slovenian Proverb |
| |
| Jim Choate ravage(a)ssz.com |
| The Armadillo Group www.ssz.com |
| Austin, Texas, USA 512-451-7087 |
|_______________________________________________________________________|
2
1
-----BEGIN PGP SIGNED MESSAGE-----
>Yes, some pathetic strange little boys swaggering around in never-never
>land. Lonely individuals with shriveled hearts, stunted morals, and
>feverish imaginations, who brag contemptuously of their superiority
>over "sheeple", and boast of their heroic roles in the coming
>revolution.
I hope you're not referring to Lucky, or Time May, or me. Lucky has a
successful career in a computer-related field. Tim was exceedingly well-
integrated into the work force at Intel and did a great deal of valuable and
lucrative work for them. I am married with four children (who I never sent to
a government school) and get along well with a host of friends and co-workers.
I have achieved a modicum of success as a writer and speaker. I happen to be
a neo-victorian myself.
Why is it that when someone like Al Gore expresses strong and extremist views
as he did in "Earth in the Lurch" (or whatever that book was called) no one
ever claims that he is " a pathetic strange little boy swaggering around in
never-never land. A lonely individual with a shriveled heart, stunted morals,
and a feverish imagination."
How do you know our hearts are shriveled? Can it be because we can do the
math and figure out the Feds are *much* bigger killers than McVeigh? Why
don't you bleed for *their* victims. Remember, government's crimes are worse
than private crimes (even apart from the higher body count) because a serious
breach of duty and trust is involved.
Look, people are bound to disagree over social policy and even right and
wrong. But since everyone is much more powerful than they used to be, a force-
based monopoly on policy and morality ("others" government) just can't be
sustained anymore. Your side just simply doesn't have the artillery. It
would be better for everyone if you would recognize reality, step back, and
allow self-government to replace others-government. It will happen anyway.
DCF
-----BEGIN PGP SIGNATURE-----
Version: 5.0 beta
Charset: noconv
iQCVAwUBM5Y9G4VO4r4sgSPhAQFeMgP/ayBfrwGflaw19qP6EgC3BaEJNWdpk+K7
71CAV/krUGfsWPAB9LO7p5p14F9wt1wsVqjrd6uQFae2eDiq0lLR+byLKrLRgN1W
iAK6VTkgO9O37Mx4842i74fUbcw8WqcSrZM5fmWhQSmpCEYe6d04UCj8ITj183GI
+gAvWp4dY6w=
=FQyL
-----END PGP SIGNATURE-----
1
0
Yesterday I forwarded questions about spam from a friend who was speaking
before the FTC next week. Here are most of the replies I received, which
I've attached below. Some may have appeared here already.
From: glee harrah cady <glee(a)netcom.com>
From: Wei Dai <weidai(a)eskimo.com>
From: Stanton McCandlish <mech(a)eff.org>
From: Robert Moskowitz <rgm3(a)chrysler.com>
From: "Halpert, James - DC" <jhalpert(a)pipermar.com>
From: Azeem Azhar <aja(a)economist.com>
From: Mark Grant <mark(a)unicorn.com>
From: Charlie Stross <charlie(a)public.antipope.org>
From: Bill Frantz <frantz(a)netcom.com>
From: "Shabbir J. Safdar" <shabbir(a)vtw.org>
From: djones(a)insight.dcss.McMaster.CA (David Jones)
From: wyang(a)ktel.osc.edu
From: clinton(a)annoy.com (Clinton at Annoy)
From: Eric Murray <ericm(a)lne.com>
From: Ray Everett-Church <ray(a)everett.org>
From: Chris Poupart <jyhad(a)odyssee.net>
From: "Marius Loots" <MLOOTS(a)medic.up.ac.za>
From: Roger Bohn <Rbohn(a)UCSD.edu>
-Declan
***********
Date: Wed, 4 Jun 1997 15:26:33 -0700 (PDT)
From: glee harrah cady <glee(a)netcom.com>
To: Declan McCullagh <declan(a)well.com>
A large amount of real costs are principally being borne not by the
individual recipient but by the networks that are being abused in the
process, which costs the users of the networks involved. Lots of spammers
are not using "their own" networks to send out the spam, but using the
open nature of the Internet to relay the messages off the mail servers of
networks throughout the world. One really egregious instance of which
I've been told is that someone used a mailserver in New Zealand as a relay
for a large spam. I've heard that data charges in New Zealand are for
info in AND out, the provider had to pay for the privilege. SInce this
was a third-hand story, I can't cite you chapter and verse -- wish I
could. When lots of spam hits a single network, email processing for all
customers, whether or not they are recipients of that particular spam, is
slowed. Lots of networks have this problem. Unlike email systems that
stored one copy of an email, regardless of the number of recipients, the
systems we're using on the Internet today send real physical bits for each
message that take up space on mail queues. This, too, inhibits email of
all involved. Then, folks have to deal with the fact that the spam is on
their network: tech support folks are paid to answer queries about it,
sysadmins are paid to toss it out (in cases where it hits large intranets
-- one company local to here has two sysadmins that do nothing but get rid
of spam coming into their local net) or to manage the disk space required
to store the stuff.
Smaller providers are getting killed with the stuff.
The reason that many of us provider-types find more to like the Torricelli
approach is that it goes after the deceptive practices that make it harder
for us all to trace the sources of the spam: the hiding behind false or
not accurate domain names; the hiding of the actual email address of the
spammer; the harvesting of names and addresses from the open directories
of whitepage services or of online providers, etc. This approach, we
think will be more effective at getting to the root of the problem than
labelling speech. After all, it's not only commercial speech that is
being sent as spam and it's not responsible marketers who are doing it
either.
I'm not sure that legislation is actually needed to address the problem.
I could make an argument that said that the deceptive practices that are
making it difficult to go after the spammers actually fall into the
purview of the FTC. I am concerned that we don't legislate something
that we'll really be sorry about later.
As usual, summarizing a complex and difficult policy and operational
issue in one short email probably causes problems, too. I hope I've not
left out anything, but probably I did. Ask if what I've said isn't
clear.
:-)
____________________________
glee harrah cady Manager, Public Policy, NETCOM
+1.408.881.3227 1.800.NETCOM-1 glee(a)netcom.com
co-author, _Mastering the Internet_, Sybex, 1995 & 1996
*********
Date: Wed, 4 Jun 1997 23:39:28 -0700 (PDT)
From: Wei Dai <weidai(a)eskimo.com>
To: Declan McCullagh <declan(a)well.com>
Here's a cost that's seldomly counted: the occasionally useful spam that
we delete without reading because most spam are simply garbage.
I would argue that any spam protection system that does not allow useful
spam to get through is flawed.
*********
From: Stanton McCandlish <mech(a)eff.org>
To: declan(a)well.com
Date: Wed, 4 Jun 1997 16:22:12 -0700 (PDT)
Cc: fight-censorship-announce(a)vorlon.mit.edu,
mech(a)eff.org (Stanton McCandlish)
Feel free to send this to FC, etc.
This response does not constitute and official EFF position, but I believe
it acurately reflects thinking here that will become EFF position shortly.
Declan McCullagh typed:
>
> A friend who's going to be on one of the FTC panels next week sent me a
> few questions about spam. Does anyone want to try their hand at answering
> them? I'll forward along all responses I get.
>
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another. I would
ALL/MULTIPLE USERS
* cost of storage (ISP, user or both, depending on mail system) in disk
space and memory (remember it takes RAM to load a mailbox into any
modern email program).
* severe degradation and sometimes destruction of forums as they are
over-run by spammage.
* reputational harm and loss of all usefulness of Internet account (after
being subject to a spammer's header forgery listing the innocent victim
as the sender, who then receives all the hatemail the spamming
generates).
INDIVIDUAL END USER ADDITIONAL COSTS
* time to read/examine
* time to delete
* time to filter
* time to unsubscribe, complain, or otherwise respond
* increased ISP/online service subscription fees as provider costs are
passed on to customers.
* per byte, per minute or per message costs from ISP (not all users)
* per minute costs from phone or other conduit provider (not all
users)
CORPORATE END USER ADDITIONAL COSTS
* lost productivity due to time sinks mentioned above, frustration,
etc.
* missed opportunities, deadlines, etc., due to too much mail to sort
thru resulting in important messages being missed. Major potential for
corporate lossage here.
CORPORATE ADMINISTRATOR ADDL. COSTS
* time (often quite a lot) filtering dependent users' mail, blocking
spamming sites, contending with filled up disks, and other wastes of
stafftime due to spamming.
ISP/ONLINE SERVICE ADDL. COSTS
* Help desk and admins' time filtering/blocking by customer request (not
all sites do this)
* Help desk and admins' time filtering/blocking by necessity to prevent
exceedingly abusive spammers sucking up all available disk space
* admins' time in cleanup after one of their users engages is spamming or
is perceived to have done so due to forged headers, and 1000s of angry
victims send in complaints, threats, etc.
* company's losses in market share and reputation after one of their users
engages is spamming or is perceived to have done so due to forged
headers
* admins' time in cleanup after one of their users engages is
spamming or is perceived to have done so due to forged headers, and 10s
or more of angry victims become vigilantes, and hack the provider, SYN
flood them, send them crippling emailbombs, etc.
* company's losses in mkt. share and reputation after their service slows,
crashes or otherwise is negatively affected by such attacks.
* company's liability when other subscribers sue for breach of contract,
for return of subscription fees, etc., due to such outtages or
degradation of service
* CEO & legal staff time researching if any recourse is available.
* increased connectivity costs as 56K, T1, etc. high-speed connections are
not fast enough to keep up with all the spam (e.g. it is currently
physically impossible to carry a full "Big 8" and alt Usenet feed with
only a T1 connection [verify with a major ISP if in doubt], largely due
to the amount of spamming in the alt groups.
* increased staffing costs as more people have to be hired or consulted to
deal with the problems caused by spammers.
Please feel free to send suggestions for addtions to this list, which I've
made for other purposes than answering Declan's query.
Remember that TIME = MONEY and RESOURCES = MONEY in all above
formulations.
> like to know how to quantify it, and
> compare it with the cost of sending
> e-mail.
It costs roughly $20 for Net access[*], plus the cost of a
spamming-targeted mailing list ($50?) to send multiple millions of
messages.
[Actually this is not really true - unless AOL has changed the
capabilities of its trial accounts, it actaully costs NOTHING to set up a
temporary account that is capable of massive spammage. Worse yet, the
technology to MAKE massive email lists is trivially available and/or
creatable, so one does not even have to buy such a list. ZERO cost at
all.)
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
Certainly. There are many other problems:
1) Any ban is going to be very difficult to write in a way that will
survive constitutional scrutiny.
2) Banning all commercial email is obvioulys stupid and unconstitutional -
I have a First Amendment right to receive commercial messages if I want
to.
3) Banning all unsolicited email is obviously stupid and unconstitutional
- I have a First Amendment right right to tell IBM that I like their web
page, even if they didn't ask me for my comments.
4) Banning all commercial unsolicited email is obviously stupid and
arguably unconstitutional. I probably have a right to send you a message
offering my product if something in an email or a post or web page by you
indicated you might be interested in what I'm offering. Additionally, such
a ban does not speak to the issue - commerciality is not the problem.
Religious and political rants are, to most people, an even more offensive
form of spamming that advertisements are.
5) Despite the optimism of some, no local (i.e. national) law will ever
stop spam, it will simply move spammers off-shore. That fewer
respondents will buy, due to distrust of foreign merchants, is irrelevant
- the spamming business model is successful if only 1 out of a million
people makes a purchase, because there are essentially no costs.
6) All such bans attack content. This makes them presumptively
unconstitutional right from the start. The issue of spamming cannot be
solved with a ban. Spamming as a problem is divisible into TWO problems:
a) Theft, abuse or usurpation of resources owned by specific parties (i.e.
ISP connectivity, staff time, etc., and your productivity), or owned by
everyone (tragedy of the commons). This is a matter of the right to not
be forced to bear the costs of another's expression (a component of the
right to freedom of speech and press), with shades of the right to use
public resources (i.e. offline if some bully, every time you try to go a
public park, blocks your entrance into the park, you can get an injunction
against this person. Hard to map this kind of thing to the offline world
though, on legal grounds even if the ethics of the situation are plain as
day.)
b) Violation of the recipient's right to be left alone (a component of the
right to privacy) and right to not be forced to read another's expression
(a component of the right to free speech and press). Spammers love to
contort this last into another *almost* opposite right - the right to
speak freekly in public even if it offends someone. They avoid the issue
of not having a right to do this in private spaces, and not having a right
to force others to bear their costs even for public expression.
Anyway, the privacy and freedom to not read issues seem to apply
principally if not only to private email, while the arguments in point a)
seem to apply to private mail, and forums (mailing lists, newsgroups).
These two problems require different solutions (and probably in fact both
require combinations of several different solutions, ranging from class
action suits to fraud prosecution to better filters to increased system
security to prevent forgery to tighter users contract to "don't route
spamming ISP's traffic" agreements between ISPs and NSPs, etc., etc.)
EFF is forming a working group to try to size up the various options and
possible solutions and see which ones are viable, which ones are best for
rights and for the Internet, which are expedient but would harm the public
interest, which are unconstitutional or otherwise bad, and so on.
We also have to look at this beyond the here-and-now. What about ISPs that
in the fine print say they sell their entire user base's contact info to
e-marketers? What about the use of "push" technology for spam-like
purposes? What about a MoU between all backbones and major NSPs to simply
drop service to any "spammer haven" ISP? What about calls for direct
regulation by the FTC or FCC? Or by a UN body? Many proposals are flying,
many problems envisioned (and some being missed by most), and many people
are getting increasingly hysterical about this so we need to find
some solutions quickly. None of the legislation produced so far does
anything but cause more damage.
--
Stanton McCandlish mech(a)eff.org
Electronic Frontier Foundation Program Director
http://www.eff.org/~mech +1 415 436 9333 x105 (v), +1 415 436 9333 (f)
Are YOU an EFF member? http://www.eff.org/join
*********
Date: Thu, 05 Jun 1997 06:52:36 -0400
To: declan(a)relay.pathfinder.com,
From: Robert Moskowitz <rgm3(a)chrysler.com>
Morning Declan.
In today's Internet charging scheme, there are two costs to the Internet
consumer: Time to retrieve mail, and time to process scams. The first will
fade as higher bandwidth solutions come into play. The later may never
fade. Most users are not email savy, even if their email software is.
People do dumb things like post to USENET groups and then get on the big
spam lists, further increasing their mail filtering efforts.
But let's put this into perspective. Today, I might send 5 - 10 minutes
everyday, sorting through my USMail. Now I am a good recycler, and I open
everyone and put all of the papers into the proper bins; some days this can
take me 20 minutes.
Despite my Eudora Pro filters that color flag suspected spams (I don't
delete them, the filters might be in error) for easy delete, I have dozens
of emails among my hunderds of messages to read before trashing. Maybe 5 -
10 minutes a day.
I really do not think spam is all that bad unless....
What I have discovered is that recreational email, ie use of USENET and
recreational LISTSERVs is the way that people get on spam lists. Us
techies thus may have a very low spam to message ratio. But poor johnQpub,
naively posts to alt.rec.sailboats and then gets 100 spams a day
semi-related to sailing (Sherri would LOVE to go sailing with you...).
Interestingly, the answer to spam is NOT filters to block it, but filters
to move ligitamate mail into folders for processing and leave your IN box
for quick scan/trashing. Thus the cost of spam to the user is education
and GOOD (read not free) email software.
Now the cost to mail handlers is different, but they can and should fight
back. Look at the lawsuit by flowers.com. Tracy and her husband run a
small time operation. The spam that used their domain name as the reply-to
cost them time and business. They are going after the kid. This is
costing them, but it will get them on a list of 'do not spam' sights, we hope.
Robert Moskowitz
Chrysler Corporation
(810) 758-8212
*********
From: "Halpert, James - DC" <jhalpert(a)pipermar.com>
Date: Wed, 04 Jun 97 17:00:00 DST
Declan,
Very high volume spam can and does burden service providers'
systems. Remember the cost of sending a million or so e-mails
is very low, but engineering a network to handle, say, 200,000
improperly addressed e-mails that collect on a service provider's
mail server costs a good deal more. Herein lies an economic
problem.
This is not to say that the Constitution shouldn't be sacrificed on
the altar of an economic problem, but the concern about high volume
spam should not be dismissed as trivial.
-- Jim Halpert
*********
Date: Thu, 5 Jun 1997 00:10:54 +0100
To: declan(a)well.com
From: Azeem Azhar <aja(a)economist.com>
Declan,
Here are a variety of costs:
1. phone costs (non-us)
2. traffic costs (if you are one of the customers on metered useage that
e.g. UUnet and BBNplanet offer)
3. hard-drive costs (my mac crashed a few weeks ago losing data in another
application because an incoming e-mail took up my last bit of drive space.
technically myu fault, i know, but a cost nonetheless.)
4. my time (to write and check anti-spam filters. it took me over an hour
to construct a good system in eudora. my charge out rate is GBP100 an hour,
minimum 8 hours.)
5. CPU time on mail-relays on the way. e-mail *does* impose a measurable
load on an SMTP host.
Azeem
Azeem Azhar vx: +44 171 830 7133
The Economist fx: +44 171 681 1358
25 St James Street e-mail: aja(a)economist.com
London SW1A 1HG www: http://www.economist.com/
Disclaimer: The views expressed in this email do not necessarily represent
those of my employer.
*********
Date: Thu, 5 Jun 1997 02:43:02 -0700 (PDT)
From: Mark Grant <mark(a)unicorn.com>
To: declan(a)well.com
> What are the costs to consumers of unsolicited e-mail?
Up to 150k of disk space, up to about 50 seconds of connect time for those
who download it by modem (assuming 28.8k), a few seconds of time to delete
it or a few minutes to send complaint mail back to their ISP.
Worse is the indirect cost to consumers through the hassle it causes to
their ISPs. They need faster links and more powerful mail servers to
process the extra unwanted data and take time to install filters and deal
with spammers. I've already had one spammer send out mail with a false
unicorn.com return address which took a day of my time to sort out.
>If you banned commercial e-mail, wouldn't it just affect legitimate
>commercial transactions?
Of course. Banning it is dumb and will cause all sorts of unexpected
problems. A few class-action suits should eliminate most of them.
Mark
(postmaster(a)unicorn.com)
*********
Date: Thu, 5 Jun 1997 11:02:49 +0100 (BST)
From: Charlie Stross <charlie(a)public.antipope.org>
To: Declan McCullagh <declan(a)well.com>
On Wed, 4 Jun 1997, Declan McCullagh wrote:
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another.
Those are minimal.
Here in the UK, there are NO free local phone calls (unless you're lucky
enough to live in Hull, or have a cableco who want to let you yack to your
neighbours - it's a long and boring story). Furthermore, if you receive
email via SMTP or UUCP (rather than via a mailbox reader protocol like
POP3 or whatever) you can't filter the junk out before it reaches you.
Thus, receiving spam costs money, in terms of dialup connect time.
Moreover, some spammers use really poor, munged, address lists; I've
seen 100Kb mails (a couple of minutes of download time on an old 14.4K
modem, which is what many people still use) with maybe a 1K payload at
the end of the headers.
Given that I've got three or four users on my dialup site, and we get
an average of 5 UCEs/person/day, it's probably costing us 5-15 pence/day
extra on the phone bill. Not significant for _one_ site, but if you
multiply by two million (est. number of UK internet users) you get
a plague that's costing about 20 million UK pounds/year -- to the
unwilling victims.
This is before you factor in the online services like Compuserve or CIX
that charge per unit connect time, or charge for mail received from the
internet.
The real victims, though, are the people whose addresses the spammers bung
in the Reply-to: fields, so that they get mailbombed by indignant
recipients.
-- Charlie Stross
*********
Date: Wed, 4 Jun 1997 23:17:10 -0700
To: Declan McCullagh <declan(a)well.com>, cypherpunks(a)toad.com
From: Bill Frantz <frantz(a)netcom.com>
At 12:45 PM -0700 6/4/97, Declan McCullagh asked:
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another. I would
> like to know how to quantify it, and
> compare it with the cost of sending
> e-mail.
I don't think the costs of the 1-3 spam messages I get each day is
significant. (But I don't post to Usenet.)
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
Can you say regulatory arbitrage? The current social controls on spam are
good enough that no one with any positive reputation wants to have anything
to do with it. This means that spammers have to use anonymous offshore
answering services. The widespread hatred of spam and spammers should keep
the total amount under control without the legal action and in spite of the
very low cost of spamming.
The recent problems Spamford has been having with denial of service attacks
is just one example of the social control process. The flood of hostile
email spammers who include real email addresses receive are another.
Legitimate commercial email does not evoke these strong reactions.
-------------------------------------------------------------------------
Bill Frantz | The Internet was designed | Periwinkle -- Consulting
(408)356-8506 | to protect the free world | 16345 Englewood Ave.
frantz(a)netcom.com | from hostile governments. | Los Gatos, CA 95032, USA
*********
Date: Wed, 4 Jun 1997 16:15:27 -0400
To: Declan McCullagh <declan(a)well.com>, fight-censorship(a)vorlon.mit.edu
From: "Shabbir J. Safdar" <shabbir(a)vtw.org>
The combined EF-Florida/EFF-Austin/VTW filings for the FTC workshop will
contain an exhaustive examination of the costs associated with junk email
and the technology paradigms for addressing it.
It's a technology paper, and doesn't take any particular political agenda.
-S
*********
Date: Wed, 4 Jun 97 16:11:58 EDT
From: djones(a)insight.dcss.McMaster.CA (David Jones)
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another. I would
> like to know how to quantify it, and
> compare it with the cost of sending
> e-mail.
To many people, the cost of spam is simply the time and tedium wasted
deleted unwanted messages. Pretty minimal. A burdensome set of
regulatory restrictions would also be an annoyance as people waste time
and effory making sure reasonable email correspondence "complies"
with the new rules.
To some users of certain online services, they must pay for
email messages or disk space and must pay for connect time.
In these cases, there is a real and measurable monetary cost
of spam. I'm sorry, I can't quantify that for you.
At the organizational level, some companies may pay for
Internet traffic bandwidth. If a significant fraction of
the traffic is wasted on spam (actually I *really* doubt this is the case)
then it could be calculated.
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
Hang on. A true "pyramid scheme" requires the victims to
send money to the folks operating the scheme. Therefore, they
can't be entirely anonymous ... or they'd never be able to cash in!
Banning "commercial email" is just nuts. Should we also
ban "business-related email" ? Or "advertising email" ?
.... or what about "political advertising on the Net" ??
The Canadian government just made the front page of HotWired's
online magazine for being foolish enough to ban certain political
advertisements on the Net. Surely the U.S. won't make the same mistake.
-- David Jones, PhD
president, Electronic Frontier Canada -- djones(a)efc.ca
*********
Date: Wed, 4 Jun 1997 18:15:59 -0400 (EDT)
From: wyang(a)ktel.osc.edu
To: declan(a)well.com
Hi.
I run a Free-Net -- a community outreach project of the Ohio State
University and the Ohio Supercomputer Center, which gives free access
to anyone who lives in our service area (we're serving about 20,000
people right now -- I understand that, in our service area, Compuserve
only has about 12,000 customers).
I don't read the censorship fighting list, but someone who does
forwarded me your message.
I don't know about user costs... but I do know about network-level
(provider-level) costs. Disk space is only PART of the computational
problem. There's also the swallowing of network bandwidth, and the
drain on compute resources (CPU/RAM).
My site normally carries about 25,000 unique message ID's per day.
Our estimates (these are eyeball numbers, not based on hard-and-fast
numbers) make it look as though 10% to 20% of those messages are spam.
That's ten to twenty percent of our e-mail operation cost being
immediately put toward spam. Beyond that, our users complain about
spam. A lot. Right now, about an hour of my time every day is spent
dealing with spam complaints (about other sites spamming us, mind).
That's 1/8th of my work time, with a massive opportunity cost (as well
as a real cost). The other staff members are *also* getting similar
time drains. We currently estimate that between $500 and $2000 per
month is completely lost to spammers -- funds redirected away from our
community outreach/service mission, SUBSIDIZING COMMERCIAL OPERATIONS
which generally do not enrich our community. That monthly cost is
being drained out of a very small ($150k - $200k per year) project
budget which is only getting smaller because people only donate to our
donation-driven budget when they like what's going on, and they don't
like spam.
You might try to call it the cost of doing business... except for the
fact that I'm not a normal network carrier. I'm a Free-Net, one of
those community-minded sites that's trying to make sure that access to
the informational wealth on the Internet is available at price that
everyone can afford (free). Universal access is being threatened by
this kind of activity, which has a massive user-level costs and
implications. Most Free-Nets are incapable of handling the constant
barrage of spam, and the complaints they generate.
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
Everything can be traced on the 'net. The question is what the cost
of tracing it is going to be.
You need to remember that there's virtually NO cost associated with
*sending* spam. ISP connectivity costs, maybe bandwidth metering for
a couple of messages.
Those messages, however, can be expanded (1:1,000,000 kinds of ratios
are potentially possible; one message can theoretically generate a
MILLION spam messages; in practice, I've seen 1:10,000 ratios). The
networks that carry the traffic are taking that computational and
network-bandwidth cost. And they get hit by complaints from their
users.
I recognize that no matter what the law is going to do, you're not
going to *stop* spam. The issue is to reduce the volume of spam
enough to make sure that the cost is reduced to acceptable and
absorbable cost-levels. That may mean making spamming tools such as
"e-mail blaster" criminal tools.
Free speech is great... but it's only free when it's not invasive into
the rights of others. Spam *is* invasive, and there are clear,
acceptable, and frankly more effective alternative methods for
communicating commercial messages.
-Bill
System Manager, Lead System Administrator
The Greater Columbus Free-Net
********
From: clinton(a)annoy.com (Clinton at Annoy)
To: "'declan(a)well.com'" <declan(a)well.com>
It is vital to distinguish between "unsolicited email" and "spam".
Spam is essentially considered mass e-mailing for commercial purposes,
(usually such as the selling of a product or service).
If "unsolicited e-mail" is rendered illegal, what will happen to someone who
mistakenly sends an email to the wrong address? It's like prosecuting
someone for dialing the wrong number.
What about a deliberately targeted, but unsolicited email that is crafted to express
displeasure to a politician, for instance? To be potentially prosecuted on such a basis
could (and will) place a severe chill on the rights of people to communicate freely
with elected officials - the cornerstone of democracy.
A protocol to deal with spamming is by no means unwelcome, but to confuse it with unsolicited
email is potentially very dangerous. Especially with a government so intent on censoring the
free flow of information and thought. Perhaps the first place to start would be to clearly
define spam.
Clinton Fein
Publisher and Editor
annoy.com
*************
From: Eric Murray <ericm(a)lne.com>
Subject: Re: Spam costs and questions
To: declan(a)well.com
Date: Wed, 4 Jun 1997 14:09:42 -0700 (PDT)
Declan McCullagh writes:
>
> A friend who's going to be speaking on one of the FTC panels next week
> sent me a few questions about spam. Does anyone want to try their hand at
> answering them? I'll forward along all responses I get.
>
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another. I would
> like to know how to quantify it, and
> compare it with the cost of sending
> e-mail.
Also there's the cost of network transport of spam, both from
the spammer's host to the recipient's ISP, and from the ISP
to the recipients PC. The last is often the worst, as it eats up
time the victim could be using to do something productive.
In addition, most spam is bounced through an innocent third party
who has a good network connection, like a university.
Sending out a lot of spam takes much bandwidth, so the spammer
steals the bandwidth and processing power from the innocent third party.
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
Spammers need to have a way that you can respond to them.
Since spam is legal, and they don't want email in return, they
include phone numbers, fax numbers, or snail-mail addresses
for people to reply to. If spam were illegal, then spammers
could be tracked via the phone numbers. It's only the email's
return path that's difficult to trace- spam, because it is selling
something, must have a way for potential customers to respond.
Most of the purported 'anti-spam' legislation is thinly-disguised
LEGITIMIZATION of spam!! Anything that puts the burden on ISPs
or recipients to filter out 'tagged' messages legitimizes
spam. As annoying as spam is, I would much prefer that nothing
be done rather than a poorly-thought-out law. So far, all the proposed
laws I have seen have had flaws in them that make me unable to
support them. To be honest, I can not myself come up with a law that
I would find acceptable. It's a hard problem.
--
Eric Murray ericm(a)lne.com Privacy through technology!
Network security and encryption consulting. PGP keyid:E03F65E5
***********
Date: Wed, 4 Jun 97 16:10:07 -0400
From: Ray Everett-Church <ray(a)everett.org>
To: "Declan McCullagh" <declan(a)well.com>, <fight-censorship(a)vorlon.mit.edu>
On 6/4/97 3:44 PM, Declan McCullagh (declan(a)well.com) wrote:
>A friend who's going to be speaking on one of the FTC panels next week
>sent me a few questions about spam. Does anyone want to try their hand at
>answering them? I'll forward along all responses I get.
>
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another. I would
> like to know how to quantify it, and
> compare it with the cost of sending
> e-mail.
I also will be speaking at the FTC next week and address that question in
my FTC filing which can be seen at
<http://www.smart.net/~everett/comment.html>
The short version of the answer is that UCE is difficult to assign a
clear cost to in part because it is spread over such an ever widening
base that the more people you spam, the harder it is to know where the
costs are concentrated. However there are costs to the bandwidth provider
for the site originating the spam in terms of consumed bandwidth, there's
also costs of consumed bandwidth leading into every site that receives
the mail. Once it arrives at an ISP, there are costs in terms of the CPU
time and system efficiency issues, and disk space consumed, and costs for
the consumers who may have to spend more time and money (if they pay on a
metered basis) to download and sort through the stuff. It's hard to
quantify in dollars and cents, but lets look at the quantities we're
talking about. AOL has publically estimated that they process about 30
million pieces of email a day and further they've publically estimated
that 40-45% of that is spam. I recently sampled 3 days of my regular spam
load and the average piece was a hair over 5000 bytes. 5k * 13 million
messages, you're talking roughly 65 million kilobytes a day. (somebody
please correct my math... i'm a lawyer not an accountant). Since people
don't read their email every day, some of that must be stored for several
days. And if it is bouncing back to an invalid sender address, the rest
ends up in the postmaster mailbox. Assuming that those same figures and
costs are spread among other ISPs as well, that's a heck of a lot of data
to transmit and store...which translates into costs for ISPs and their
customers.
>
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
I don't think anybody wants to ban all commercial mail, just the
unsolicited advertisements for which the advertisers don't bear the real
costs. If you're truly trying to operate a moneymaking business, you've
got to have someplace for people to send the money... So regardless of
how you disguise the headers, you still have a means of tracking down the
culprit... and in the case of the Smith legislation you'd have the chance
to recover up to $1500 per message. There is at least one major national
collection agency that I know of who is chomping at the bit to recover
that for you.
-Ray
<everett(a)cauce.org>
-------------------------------------------------------------------------
Ray Everett-Church, Esq. <ray(a)everett.org> www.everett.org/~everett
This mail isn't legal advice. Opinion(RE-C) != Opinion(clients(RE-C))
(C)1997 Ray Everett-Church ** Help outlaw "spam"=> http://www.cauce.org
-------------------------------------------------------------------------
********
Date: Wed, 04 Jun 1997 19:20:36 -0400
From: Chris Poupart <jyhad(a)odyssee.net>
To: declan(a)well.com
<quote>
If you banned commercial e-mail,
wouldn't it just affect legitimate
commercial transactions? That is to say,
wouldn't fly-by-night pyramid-scheme
builders still be able to spam? I would
think that if they are so untraceable
that it's hard to block their spam that
it wouldn't really matter if it were
simply made illegal.
</quote>
making spam illegal would be a futile plan, unless the authorities were
given the power to persue not just the sender, but the people for whome
it advertises. Not only could the fly-by-night pyramid-schemes work,
but there are programs out there that allow you to route your e-mail so
that it is Anonymous, now these programs can also do bulk mailing... I
think you get my picture. If you could also press charges against the
advertised company (providing it was authorised by them), then that
might work. If not, well then with all the free e-mail available
(www.hotmail.com and www.netaddress.com or .net I can't remember),
people might want to set up an e-mail account to use with Usenet and to
give as pw, ect, and then they could keep one privit and "secret"
amongst their friends. The internet has flourished w/out government
help and I beleive that it will continiue to do so.
Chris Poupart
Montreal, Canada
--
Chris Poupart mailto:chris@peacefire.org
Support Freedom of Speech and visit:
http://www.peacefire.org | http://www.eff.org
http://www.geocities.com/Colosseum/Field/6078/censor-index.html
**********
From: "Marius Loots" <MLOOTS(a)medic.up.ac.za>
To: Declan McCullagh <declan(a)well.com>
Date: Thu, 5 Jun 1997 11:16:21 GMT+2
Hallo Declan
I really enjoy your list. The mailings are very interesting and
relevant. Thanks. My thoughts on the two questions:
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another. I would
> like to know how to quantify it, and
> compare it with the cost of sending
> e-mail.
It would be extremely difficult to quantify in monetary terms. It has
been long since I had one of those BIG things in my mailbox. Most of
these has lately been smaller emails that compare well in size to some of
the material I send around. Because harddrives are not that expensive
anymore, storage space is IMO, not a factor at all.
The irritation factor is my biggest concern. You have to sort it from
the valuable mail, that takes time. You have to delete it, that takes
time. And some people has to download it, that takes time.
This eating up of my time, irritates me. And with the present information
overload, time is one of the few things we definitely don't have.
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
You are not going to be able to ban it. As long as email is email, there
will be people using it to spam. Even if you make it illegal, it will
still happen.
A few quick thoughts or ideas to be kicked around:
1. What could be made illegal is the selling of email addresses.
2. Ban *unsolicited* commercial email
3. Make ISP who supply service for free or without proper checking liable
for prosecution if spam comes from their system.
4. Black-list people that are caught spamming (use in tandem with 3).
A number of these spammers are not once-only fly-by-nighters. They strike
again and again. Because it is not illegal at the moment, no-one can do
anything. I am not able to write the legalese but these are some rough
thoughts on the matter.
Unsolicited email is unsolicited email, and the sooner we get that out of
the system, the better.
Groetnis
Marius Loots
-------------------------------------------------------
Maestro mloots(a)medic.up.ac.za +27-12-319-2144 pgp2.6
TOP 50 on the SA WebChart - Have a look and vote NOW!!!
http://www.geocities.com/Athens/6398
Add some Chaos to your Life and put the World in Order
-------------------------------------------------------
*********
Date: Wed, 4 Jun 1997 13:28:38 -0700
To: declan(a)relay.pathfinder.com
From: Roger Bohn <Rbohn(a)UCSD.edu>
Subject: Re: Spam costs and questions
At 3:47 PM -0400 6/4/97, Declan McCullagh wrote:
>A friend who's going to be speaking on one of the FTC panels next week
>sent me a few questions about spam. Does anyone want to try their hand at
>answering them? I'll forward along all responses I get.
>
> What are the costs to consumers of
> unsolicited e-mail? I guess the time it
> takes to delete it might be one, hard
> drive space might be another. I would
> like to know how to quantify it, and
> compare it with the cost of sending
> e-mail.
A big cost is that it reduces the S/N ratio of e-mail. As the amount of
spam goes up, sooner or later you start missing legitimate messages that
you should have read, because you do blanket erases, don't read carefully,
close down entire accounts, etc. Personally I've not reached that point,
but spam is growing exponentially so I give it 2 years.
Cost of telephone connect time is also a consideration for most users.
Even if you are on a flat phone rate, there is an opportunity cost from
having your phone tied up longer. (Yes, even if you have 2 lines--the
members of my household are always fighting over the second line.)
>
> If you banned commercial e-mail,
> wouldn't it just affect legitimate
> commercial transactions? That is to say,
> wouldn't fly-by-night pyramid-scheme
> builders still be able to spam? I would
> think that if they are so untraceable
> that it's hard to block their spam that
> it wouldn't really matter if it were
> simply made illegal.
>
Yes and no. Fly by nights would continue, certainly. But look how
successful the mail fraud laws have been at limiting (not eradicating) mail
based pyramid schemes, for example. Laws, if carefully drawn, would have
an effect.
I think mandatory labeling is much better than banning commercial e-mail,
by the way. An outright ban has several problems, in the U.S. at least.
A mandatory label deals with the S/N issue cited above (you can filter
commercial messages), and as mail packages get smarter they can be set to
not download messages selectively, thus dealing with the other problems.
Something as draconian as an outright ban also encourages lawbreaking more
than a labeling provision would.
Roger Bohn
###
8
25
Tim May wrote:
> However, the focus, at least for why he has been denied bail, is strongly
> on the "assassination politics" essays and communications, and on
> "overthrowing the government" sorts of things. (This according to the
> affidavit, and according to what Greg Broiles relayed from Bell's
> court-appointed lawyer.)
Actually, I haven't spoken with Bell's attorney, but John Young did. My
comments about Jim and his situation, jail policies, etc., are based on
reading the search warrant docs, the complaint, and on a general
understanding of the practical/applied side of criminal law. I don't have
any knowledge about the specific facts of this case that aren't on my site
or John Young's. Several of us from C2Net did talk with Jim's mom on the
telephone a day or two after the raid, but didn't learn anything that
hasn't been covered in the various newspaper articles about the case.
Has anyone read/heard anything about the nature of the grand jury
proceedings which are scheduled? The articles I've seen have suggested that
perhaps Jim will get good news from the grand jury - but I'm wondering if
it's not the federal prosecutor's way to seek *more* charges, fish for more
evidence (witnesses can be subpoena'd to testify before the grand jury, and
aren't allowed to have their own counsel present with them in the hearing
room during their testimony, although they are allowed to take the Fifth)
and/or try out some of the weirder conspiracy/militia stuff in front of
more or less ordinary citizens. A grand jury indictment (or refusal to
indict) is a good way for a prosecutor to deflect scrutiny/publicity from
their own decisions, and blame the outcome on a third party. If they
indict, the prosecutor points to their decision as proof that s/he isn't
just indulging a personal vendetta against the defendant. If they don't
indict, the prosecutor can point out that s/he did their best but was
thwarted by a third party.
--
Greg Broiles | US crypto export control policy in a nutshell:
gbroiles(a)netbox.com |
http://www.io.com/~gbroiles | Export jobs, not crypto.
|
1
0
I think that analogies are useful to illustrate a point, but a poor basis
for making new laws or new policies. I think it makes more sense to look at
the reasoning behind the first policy, and/or the combination of conditions
and policies that created it, and see if they're present (or not) in the
situation which seems to require a new policy.
In the particular case of the Internet, I don't think it's at all clear
that a public highway is the best (or only) analogy which is appropriate -
for example, one could also draw an analogy to a *freeway* .. which, at
least in many places, are not open to picketers or pedestrians of any sort.
Another easy analogy is to the postal service - it's more or less
government-run (haven't kept track of the precise line that's drawn), but
there's certainly no right to "picket" communications sent using this
government-owned media .. I don't get to add extra pages to letters that my
neighbors get, nor they to mine. And there's no First Amendment problem
there - if I want to communicate with someone about an issue, I can send
them mail. Third parties have no right to interfere, nor to learn our names
so that they can bombard us with mail.
And the same is true for communications sent by private carriers like FedEx
and UPS, even where those private carriers use public facilities like roads
and sidewalks and airports to carry on their private businesses, delivering
private communications. Incidental use of a public facility does not
nationalize a private person/organization. (I think the argument is
stronger where a private party monopolizes a public resource - but I
suspect that my gut reaction to that isn't compatible with what courts are
doing these days.)
This discussion is getting waylaid with a host of weakly-related and
poorly-understood legal doctrines - e.g., a "right to picket", "public
forums", and "right to privacy". Instead of getting bogged down in those
tarpits (or distracted by their attractive pseudo-official flavor), let's
focus on the real question(s) at hand. I understand to proposal to be that
it'd be somehow beneficial if the government interferes with communications
between consenting parties if the communication happens to touch or utilize
a publically owned/funded resource ... or that such interference is allowed
or required by the First Amendment. I think that presents a much clearer
and more fundamental First Amendment question - e.g., can the government
force me to say things I don't want to say? Can the government intercept
speech from me to another person and preface or wrap it with some sort of
counterargument provided by people who disagree with me? I think the answer
is (and should be) a slam-dunk "no". No tricky analogies needed.
--
Greg Broiles | US crypto export control policy in a nutshell:
gbroiles(a)netbox.com |
http://www.io.com/~gbroiles | Export jobs, not crypto.
|
1
0
*sigh* --Declan
---------- Forwarded message ----------
Date: Wed, 4 Jun 1997 23:34:45 -0700 (PDT)
From: Audrie Krause <akrause(a)igc.apc.org>
To: declan(a)well.com
Cc: fight-censorship(a)vorlon.mit.edu
Subject: Re: Micro$oft Monitor: Sidewalk Spam
Sorry, Declan, I don't share your rather naive belief that industry is going
to regulate itself.
At 01:37 AM 6/1/97 -0400, Declan McCullagh wrote:
>Glad to see Net Action is pointing out potential privacy violations or
>potential for spam (though there seems to be no evidence saying Microsoft
>in fact has sent such spam).
>
>But what I find interesting is that NetAction is using the Net, the
>press, the media to broadcast Microsoft's bad privacy policies. Then
>people can choose to visit or not, or to read the notice more carefully.
>
>Thus I see no need for FTC rulemaking. I hope that is what NetAction will
>be saying to the FTC. Etrust is another solution NetAction should support.
>
1
0
> As to the Children of OKC, people who turn the care of their children
> over to government employees or contractors do not place too high a
> value on those children.
I certainly don`t agree that a high value was not placed on the lives of
the children by their parents, but the parents were guilty of naivety,
stupidity and placing the children at risk.
> think those children who died weren't cared for? You are a sick person who
> should seriously consider therapy. Anyone who read this and said "Yeah!"
I certainly feel the parents, though guilty of no crime, have only
themselves to blame for the needless deaths of their children.
> understand this? There is no reason to blow up kids. It's wrong. For any
> reason.
Of course, but the children shouldn`t have been there in the first place.
McVeigh, if he did it, is guilty of murder, on those children alone. He
commited an initiation of violence against innocent and defenceless human
beings, this is why I believe the bomber, whoever he/she is, should die
for their crimes, BUT, the childrens lives were placed at risk by their
parents because they believed they would be safe in a federal government
building, very bad move. I`m not absolving McVeigh from guilt, just
pointing out basic facts.
> who may be important to you have parents who "care" about them enough to
> scour the planet to find a good,safe day care that isn't withing the blast
> radius or
> shooting range of :
>
> A government office.
> A large corporations headquarters.
> A law firm.
> A post office.
> A town square.
> A restaurant.
> A bank.
> Anywhere some asshole might have a gun and go loopy.
> Anywhere some asshole might have a car be drunk and go loopy.
> Anywhere some asshole might have a gun and a car and be drunk and go loopy.
The bottom 3 suggestions are clearly an excessive over-generalisation of
the point, the parents could not really be reasonably expected to believe
their children would be harmed by a crazed gunman. As for the drunk
driver, do you let your kids run unattended on busy roads?
Placing them in a federal building was a stupid act, not criminal, but
most definitely not the act of a sensible person.
> To all the dipshits who could possibly think otherwise. I should also
> mention it is an EQUALLY fucked up thing to blow up adults.
Depends who those adults are, as I said in a post yesterday, I do not
subscribe to the "save the children!" mentality, and killing an innocent
adult is as criminal as killing an innocent child, but those children
could not possibly have initiated agression against McVeigh, because they
were under the age of criminal responsibility (which is a hazy area, but
I think this case is pretty clear cut). Blowing up guilty, evil, and
government affiliated adults is to be highly commended.
> Like my fellow Santa Clara County Resident Bill Frantz said :
>
> For cypherpunks this comes down to: Make code, not bombs.
True, code will lead to further liberation in the virtual communities,
but bombs are an effective device for ending the corrupt tyrannical
government that rules us.
Datacomms Technologies data security
Paul Bradley, Paul(a)fatmans.demon.co.uk
Paul(a)crypto.uk.eu.org, Paul(a)cryptography.uk.eu.org
Http://www.cryptography.home.ml.org/
Email for PGP public key, ID: FC76DA85
"Don`t forget to mount a scratch monkey"
1
0
On Thu, Jun 05, 1997 at 12:14:20AM -0400, frissell(a)panix.com wrote:
>>Yes, some pathetic strange little boys swaggering around in never-never
>>land. Lonely individuals with shriveled hearts, stunted morals, and
>>feverish imaginations, who brag contemptuously of their superiority
>>over "sheeple", and boast of their heroic roles in the coming
>>revolution.
>
>I hope you're not referring to Lucky, or Time May, or me. Lucky has a
>successful career in a computer-related field. Tim was exceedingly well-
>integrated into the work force at Intel and did a great deal of valuable and
>lucrative work for them. I am married with four children (who I never sent to
>a government school) and get along well with a host of friends and co-workers.
> I have achieved a modicum of success as a writer and speaker. I happen to be
>a neo-victorian myself.
Clinton has a *very* successful career as a politician, and has done
a great deal for Intel, in that role. And he is a great family man
who also gets along well with a host of people.
I was characterizing the people Lucky described:
Some on this list will even say that the kids' deaths fortunately
reduced the negative impact their parents can have on the gene pool.
If you, Lucky, or Tim hold such sentiments in your heart, then I am
referring to you. Lucky's statement that people putting their
children in daycare in a federal building are "criminally stupid" is
simply contemptible.
>Why is it that when someone like Al Gore expresses strong and extremist views
>as he did in "Earth in the Lurch" (or whatever that book was called) no one
>ever claims that he is " a pathetic strange little boy swaggering around in
>never-never land. A lonely individual with a shriveled heart, stunted morals,
>and a feverish imagination."
Of course, Gore has been called far worse things, many times over.
Probably on this very list. You know that, I know that.
>
>How do you know our hearts are shriveled? Can it be because we can do the
>math and figure out the Feds are *much* bigger killers than McVeigh?
No Duncan. It's because your first thought is to do that math. It is
one thing to be aware of the many, many failings of human beings and
their governments. It is another thing to savor rightous anger,
keeping score, and thinking of suitable revenge. Besides, who the
heck are "the Feds"? What set of human beings are you thinking about?
>Why
>don't you bleed for *their* victims.
I do. Though I wouldn't use that metaphor.
>Remember, government's crimes are worse
>than private crimes (even apart from the higher body count) because a serious
>breach of duty and trust is involved.
Keeping score again, eh? Government -5 billion, Duncan 10.
>Look, people are bound to disagree over social policy and even right and
>wrong. But since everyone is much more powerful than they used to be,
>a force-
>based monopoly on policy and morality ("others" government) just can't be
>sustained anymore.
Why on earth would you think that?
>Your side just simply doesn't have the artillery.
"My" side? You probably mean the "government". If so, you are
deluded. If not, you are right -- I personally have only a small
armory -- a few automatic weapons, two tactical nukes, some
conventional explosives, and a big pocket knife -- just your average
homeowner arsenal.
>It
>would be better for everyone if you would recognize reality, step back, and
>allow self-government to replace others-government.
I'm not standing in anyone's way, and it wouldn't make any difference
at all if I did, because I am an insignificant zero who comforts
himself with the thought that being a clown is an honorable
profession. That's reality. You should take a hit, sometime -- it's
heavy stuff. But you know who really needs a heavy dose -- it's that
Bob Hettinga fellow -- his head is shaped strangely like a big brick,
and he gets it wedged in the strangest places.
> It will happen anyway.
Yep. And the second coming is just around the corner, now that
the comet has arrived with the mother ship.
--
Kent Crispin "No reason to get excited",
kent(a)songbird.com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html
3
2
Alan (alano(a)teleport.com) wrote:
>Currently, use of the Mixmaster remailer system is out of reach of most
>of the average users out there. The only serious project to address that
>need has been Private Idaho and development has stopped on that project.
Privtool (my PGP-aware mail program for Unix) has supported Mixmaster
remailing for years (just click a box and off it goes) and would also
support nym.alias.net if it hadn't gone down just as I started building in
the capability (it currently supports decryption but not posting). Anyone
who wants to use my remailing code is free to rip it off under the GPL.
Currently there are at least two people developing Private Idaho and
possibly more. However, even command-line Mixmaster remailing is much
simpler than using the Type-I remailers.
>Currently the nymserver network is in pretty bad shape as well. They are
>difficult to use and are dependant on the whims of the remailer network.
I've been playing with Premail and found it pretty easy to use. As I said
above, reliability is the main problem; particularly when you lose the
entire domain now and again.
Mark
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Watching the rapid fire succession of Administration rulings
and gambits, and the developments of various contending legislative
proposals and industry initiatives, along with all the debate over the
differing implications and portents of this distracting plethora of
moves and countermoves, has made for quite an intriguing spectacle.
In particular, the recent controversies over threatening elements in
the SAFE bill and the motives of the legislators involved, as well as
the contentions concerning Netscape's aims or quality of judgment in
its latest key recovery announcements reminded me of some lines from
R.G.H. Siu's _The Craft of Power_:
...There is an increasing need as time goes on for a voluntary
surrender of freedom on the part of the people at large or at least
for a relative passivity toward encroachments on it. An essential
instrument for bringing this predisposition into being is
propaganda. The purpose of your propaganda, then, should not be
sympathetic education but subtle manipulation. [...] Orthodoxy
should not comprise your primary objective in propaganda, but what
Jaques Ellul has called orthopraxy. This is "an action that in
itself, and not because of the value judgments of the person who is
acting, leads directly to a goal, which for the individual is not a
conscious and intentional objective to be attained, but which is
considered such by the propagandist." Knowing the real action to be
taken in furtherance of the objective behind the informational
barrage, the propagandist "maneuvers the instrument that will secure
this action."
I thought Lucky Green keenly observed what might be considered
an example of this process in action when a while back on the
Cryptography list he wrote:
> This simply attests to the thoroughness with which the GAK forces
> have managed to frame the debate. There is zero need for key recover
> if the goal is to locally obtain plaintext. However, the vast
> majority of large businesses out there have been convinced that they
> need key recovery to achieve this goal.
> Therefore they are now demanding to be given a specific method for
> achieving this goal, the method most beneficial to outside forces.
> A truly brilliant deception.
It is certainly a sly move, but like other sleights of hand, it
benefits when a certain naivete is present in its targets. For
businesses, there is an additional economic calculus involved that can
sometimes make the deceptions harder to discern, or easier to swallow,
or both to varying degrees. But for the adamant opponents of GAK,
these subterfuges should not seem so obscure. It's clear by now that
the core pro-GAK forces have a good appreciation of Sun Tzu's dictum
that "All warfare is based on deception."
There are some other passages from Sun Tzu that seem somewhat
topical to recent events.
In all fighting, the direct method may be used for joining battle,
but indirect methods will be needed in order to secure victory.
Indirect tactics, efficiently applied, are inexhaustible as Heaven
and Earth, unending as the flow of rivers and streams; like the sun
and the moon, they end but to begin anew; like the four season's,
they pass away to return once more.
...Thus one who is skillful at keeping the enemy on the move
maintains deceitful appearances, according to which the enemy will
act. He sacrifices something, that the enemy may snatch at it.
By holding out baits, he keeps him on the march; then with a body of
picked men he lies in wait for him.
Of course, the nature of the battlefield and the makeup of the forces
contending are more complicated, subtle, and considerably more
abstracted than the matters that Sun Tzu was concerned with.
Nevertheless, certain themes remain timeless in warfare both military
and psycho-political. Documents that EPIC and others have managed to
acquire through FOIA requests show that duplicity has been part of the
game plan on this issue since prior to the Klinton Administration.
The hardcore surveillance state forces have long subscribed to the
principle that "In war, practice dissimulation, and you will succeed."
My impression is that they have adhered pretty consistently to that
principle so far.
It seems that some of the internecine controversy of late amongst the
various factions in general opposition to GAK and other forms of
privacy escrow and intrusion, to varying degrees, comes from
disagreements regarding the relative merit or malignancy of differing
political approaches and the motivations of the political actors
involved. In part, this can depend upon where on the
Anarchist-Minarchist-Benevolent_social_welfare_state spectrum they
come from, and the intensity of their mistrust, or outright hostility,
toward the process and role of government, but numerous other factors
are involved. Many of these disagreements are valid and will continue
(hopefully, though, not to the point of serving the purposes of the
main adversary). One could argue that some who might really believe
they are trying to preserve privacy will end up undermining it
instead. The road to hell can indeed be paved with good intensions,
as well as bad, naive, opportunistic, calculating, or craven... But
in a broader strategic sense, those paving the road to hell, or what
they are paving it with, can be less important than understanding the
mentality of those who sway its course there, and the means they use
to achieve their ends. Chief among these means is their use of
deceit.
Deception and sophistry are time honored tactics of those who want to
build a more intrusive authoritarian state. The people who have
promoted the kind of "2 + 2 = 5" reasoning that's been used to
rationalize things like "good faith" exceptions to the Fourth
Amendment, or the contemptible mockery of due process represented by
government's abuse of civil forfeiture, are of essentially the same
ilk as those who now expect citizens to accept assurances about
"lawful authorization" and due process when it comes to their
promotion of CALEA and GAK.
The fearmongering exaggerations and misrepresentations that are
spread by GAK proponents are part of a larger pattern as well. David
Burnam's excellent 1996 book on the Justice Department _Above The Law_
does a good job of documenting some of this with respect to the
flagrantly misleading representations of national crime statistics by
the FBI and others early in the Clinton administration and before, and
provides some useful perspective on their more recent claims
concerning the need for new electronic surveillance infrastructures
and encryption controls.
It isn't simply the talent for facile deceit that characterizes
the effective surveillance state advocate, but also the ability to
maintain a pious pretense (and rarely perhaps even the self-delusion)
of support for privacy and civil liberties while pushing the policies
that undermine these very things. Senator Kerry's remarks on his
Orwellianly titled "The Secure Public Networks Act" come to mind.
A particularly telling and ironic example of this appears in a
transcript from the FBI website of a speech given by Director Freeh in
Krakow Poland during June 1994:
"The Nazi terror began not by breaking the law but by using
the law. The morning after the Reichstag fire in February,
1933, President Von Hindenburg was persuaded by Hitler to
invoke Article 48 of the Weimar Constitution. This emergency
provision of the national law was the key to its
elimination. It enabled Hitler to suspend individual and
civil liberties, freedom of speech, press and assembly; it
allowed warrantless searches of homes and the seizure of
property without due process of law.
[...] SS and SA members then started a wave of political violence
which culminated in a March, 1933, Enabling Act granting dictatorial
powers to Hitler.
Hitler's brutal usurpation and exercise of power was in part
carried out by clever use of the police and the corruptly
controlled enactment of new laws."
One wonders how Mr. Freeh went about reconciling this knowledge of
history with his role as point man for the Clinton Administration's
attempts to stampede legislation for new "anti-terrorism" powers
following Oklahoma and last summers TWA explosion/Olympic bombing
episodes.
As Freeh's remarks reveal, the role terrorism has played in
promoting the agendas of authoritarian statists has been quite
notable. Terrorism's major consequences in history appear
largely to have been to serve the expansion of the domestic powers of
the states targeted, not the furtherance of the agendas of the
terrorists responsible (or allegedly responsible). In fact, some
states have found terrorism so valuable in this regard that when
terrorists did not exist, it was necessary to invent them (or
facilitate them, or exaggerate their threat).
The state's concerted cultivation and fanning of fear and hysteria in
relation to acts of terrorism (with the aid of the major mass media)
is a increasingly refined art form. It's role has become so
significant that it deserves a name. I call it State Sponsored
Hysterrorism. While acts or threats of terrorism are the the most
valuable adjunct to the exploitation of hysterrorism; fear mongering
concerning other major bogeymen, most notably the specter of drugs,
pornography and pedophilia, can occasionally be used to achieve the
requisite level of alarmed herd psychology, and the extra
marginalization of reasoned deliberation necessary to serve the ends
of the hysterrorists.
I think the U.S. Government's campaign of hysterrorism following the
TWA explosion/Olympic-Park bombing is a case study for what we can
expect in the future. The political exploitation of this event was a
contingency plan in waiting for the right bomb to go off somewhere.
Next time, they will be even more prepared.
There might be a few in the anti-GAK camp who are still inclined to
entertain the notion that the Clinton administration's actions with
regard to GAK and CALEA have been largely due to them being misguided,
or benighted, or gullibly enthralled with apocalyptic scenarios drawn
by secret intelligence reports, and crime threats painted by
latter-day Hoovers. Perhaps they believe that if the Clintonites
could only be made to understand the futility of attaining their
"professed" objectives, they would be reasonable. But the fact (from
my vantage) is that following the Oklahoma bombing, and even more
egregiously, following the the TWA/Olympic events last summer, this
administration dishonestly promoted and endeavored to exploit public
fear and the political intimidation that could be derived from that
fear in a cynical attempt to stampede the ill-considered passage of
legislation granting sweeping new surveillance powers to the
government. These attempts to subvert and hot-wire the legislative
process in this regard, as well as the disingenuous shell games they
have played with their succession of Clipper and key escrow/recovery
proposals and initiatives, have cast serious doubt in my mind on the
quality of their principles, misguided or otherwise.
I view the government's exploitation of occurances of terrorism and
hysterrorism to be the most potent potential threat to privacy and
civil liberties we face. The stage is now being set by an increasing
drumbeat of warnings, news specials, and so forth about the threat of
more exotic forms of Nuclear, Chemical or Biological attack. I recall
a melodramatic news piece a while back where a reporter sensationally
demonstrated how easy it was to get a shoebox-sized container filled
with test-tubes on a subway train, and a host of "experts" were
interviewed about the potential pandora's box of nasty possibilities
awaiting us in the years to come. A few weeks ago, a forum on
terrorism in Atlanta, organized by Former Senator Nunn and attended by
Defense Secretary Cohen and others, brought lurid speculation on
things like the future development of custom engineered viral
pathogens, and warnings about "the Internet transmitting knowledge to
people all over the globe in how to make weapons of mass destruction."
One gets the impression like they can't wait until their menacing
forecasts are validated. The message is that uncontrolled Information
is Threat, and that we're going to need protection from many new forms
of Data Crime in our Fearful New World. Sadly, considering the public
at-large's current suseptibility to the politics of fear, it probably
wouldn't take much to sell this message. Major acts of terrorism
aren't the worry of those who most want the institution of intrusive
state powers, it's their secret wish.
The Friend's of Big Brother are holding some strong cards, but many of
them rely on appeals to fear and ignorance. Their ability to deceive,
mislead, distract, ensnare, market fictions, manage perceptions, and
structure the terms of debates to their advantage can be quite
formidable at times. It was fortunate that they miscalculated early
on concerning the political repercussions from the persecution of Phil
Zimmermann and the ham-handed Clipper_I proposal. While they continue
to make tactical errors which can be exploited, they are refining
their approach as time goes on, and their more successful tactics can
be considerably less obvious than their blunders. Perhaps having
discovered the drawbacks of frontal assaults, one of their new guiding
principles might be "when using our forces, we must seem inactive;
when we are near, we must make the enemy believe we are far away".
Insidious machinations (stego-politics?) are more challenging to
counter, but like other forms of legerdemain, knowing what to look for
makes the artifice easier to discern and derail, however deftly done.
- From the surveillance statist's perspective on the public, it is
indeed true that "Ignorance is Strength". While the "Knowledge is
Power" forces may be outgunned in certain respects, they do have the
advantage of not being hampered by the need to conceal duplicity.
The ultimate solutions to preserving privacy may turn out to be
technical, but whether one is an avowed cryptoanarchist, or a
libertarian (!'L') type with mixed minarchist inclinations
(sort of like me), or whatever, in the near term, developments in the
political arena are far from irrelevant. The state's most serious
opponents to privacy well understand the value of swaying public
perceptions and attitudes. Their best hope is to find a way to shape
public and congressional opinion in a way that will allow them to get
restrictions on unconditionally secure encryption passed into law, the
sooner the better. The longer they can be delayed and stymied, the
less likely they are to succeed. In any case, we should be careful
not to play into their hands, or provide them with material to
facilitate their efforts to foster fears. In the words of Sun Tzu,
"the highest form of generalship is to balk the enemy's plans" -- not
to serve them.
In the struggle to defend our privacy, personal sovereignty, and
liberty in general, there will be disagreements over where the enemy
lies, and how to best take aim against it. Whatever the
disagreements, I hope we can at least manage to avoid standing in a
circle as we fire.
-Michael
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBM5atg9GJlWF+GPx9AQGbDAP/eTXxm6GXvDRlEltMI7HYH95qO45NxME2
L8J/q0FKDwPlH9gIWHUoKQO/5SxzQfJf9kmnyY4qgo7dxpB7W8IAg9bHMWCiv8G7
kTI4rEFhfBQj+rnXS3hTSgR95CRL6vbjgz4k/ojvRTKMucAVehiymhj5TBaw1FRl
F/OKkaPFjAM=
=IKeA
-----END PGP SIGNATURE-----
1
0