On Friday, August 17, 2001, at 10:40 AM, lcs Mixmaster Remailer wrote:
Even without the proposed legislation, anonymity is increasingly fragile on the Net. Corporations have sued for libel to force services to disclose the identities of those who posted disparaging comments about them online. Individual suits of this type are rarer, but last December, Samuel D. Graham, a former professor of urology at Emory University, won a libel judgment against a Yahoo user whose identity was released under subpoena.
Actually the tide is turning on this issue. There have been two high-profile cases this year in which suits designed to reveal the identities of pseudonymous posters have failed.
Importantly--and glossed over in the Grossman article--there is a huge difference between "being forced to reveal something you know" and "being required to know." For example, consider a financial transaction, a purchase of something. If Gary the Grocer has a record kept of a delivery to Mannie the Mobster, and the system learns about it, Gary can be ordered to turn over his records. However, he cannot be compelled to require I.D. from Mannie the Mobster. Cash and unrecorded transactions are still fully legal. (And should remain so, so long as the Constitution is not fully shreddded.) (For any quibblers, there are very, very limited cases where records of purchases are required, e.g., guns. There are other limited cases where a proof of age credential (but not identity) is supposed to be presented, e.g., alcohol and cigarettes.) A remailer cannot be compelled to keep records by any constitutional laws I have heard of. Furthermore, even if some law is passed requiring an ISP to "retain logs for 7 years," this will hardly impinge on properly-designed remailers. Easily-designed remailers, in fact. My ISP can keep all the logs he wants to, including records of encypted mail to and from my dial-up account. However, once I have received encrypted mail, gotten around to collecting and decrypting them, then mailing them back out, the logs at the ISP tell a snoop nothing of interest. (Remember, remailers are _mailers_, operating in prinicple at the POP level. That some remailers are acting at the "packet" level (loosely-speaking) is not central to their function. Especially given the usual (and desireable) delays associated with pooling of N messages.) So, stopping remailers requires a LOT more than requiring Earthlink to keep terabytes of data around for years and years. Many years ago I referred to their being two critical ingredients: -- silver pipes -- silver nodes Silver nodes are perfectly reflective nodes which no amount of external illumination/scrutiny can penetrate. The perfect shield, a la the "bobbles" of Vernor Vinge's "Peace War" and "Marooned in Realtime" novels. Security of a PC, and local file encryption, approximates this. Silver pipes are the various links between nodes, with encrypted packets. SWAN is one example, SSL another. Sniffers and snoopers can see that the pipe exists, but cannot see "inside" it, hence the "silver" appelation. So what happens when a large number of silver nodes are connected with a large number of silver pipes? And so _what_ if some of the nodes (ISPs, but not a hundred million end-user machines) are "required by a new world order treaty" to retain their logs for 7 years? And the point about a hundred million end-user machines is an important one. Many of you already are running your own servers...you are your own ISPs. This trend will increase. What of machines sitting in large warehouses of machines (like www.rackspace.com)? What of LANs and WANs used as remailers? Packets enter the building of Digital Datawhack, travel over a plethora of CAT5 and Firewire and 802.11b links, get mixed around in the usual ways, and then eventually exit the Digital Datawhack building...or one down the street, across town, etc....and re-enter the "more public" networks. What, exactly, would it mean to "require logs of all packets"? A hopeless task. The "degrees of freedom" are too large, even now.