-----BEGIN PGP SIGNED MESSAGE----- The data haven concept as I understood it held data for public access in some form (for sale or for free) which would be illegal in some jurisdiction. This might include credit information that was older than the legal limit, libelous claims, damaging medical records, etc. Frankly, I suspect that most usages would be directed towards reducing, rather than increasing, individual privacy. So this is not an area I am interested in working towards. The idea of offsite storage doesn't seem that helpful since you can just store the data on your own disk in encrypted form. Maybe if encryption gets outlawed it would be useful, but then you can't use encryption to communicate with the haven. As far as remailers requiring encryption, one purpose would be to reduce complaints by making it impossible to send some kinds of messages which people would object to. It would be hard to post to usenet, for example, in a useful way. And mail to private individuals could not contain obvious obscenities or other objectionable material. The problem with this is that if people become able to handle and deal with incoming encrypted mail in a transparent way, this restriction is no longer effective in the latter purpose. Someone could get encrypted hate mail and have it transparently decrypted and displayed just like normal mail. They will be just as upset as people are today when they get objectionable mail from the remailer. As far as usenet posts, if a particular decryption key were widely and customarily used in a particular newsgroup, objectionable material could still be widely read if encrypted with that key. Tim May's example of a fake encrypted post containing inflammatory material is a good example of the heat which could occur, especially when the message is real and not a fake one like he did. So I don't think this restriction would really accomplish the desired goal except perhaps in the short term. If the purpose is to have plausible deniability by the remailer operator, I feel we can still get that by publicizing the remailer software source, which has no provisions for manual filtering. A policy of sending only encrypted mail so that the operator can't filter would be no more acceptable to critics of anonymity than a policy of just not filtering at all. Entropy checking is not adequate to detect encryption, as compressed files have maximal entropy as well. For these purposes, compression may be nearly as good as encryption, except that standard compression formats are already widely used. An entropy checker might well pass a gif, jpeg, or zip file, so this filter would by itself be useless to prevent posting of unencrypted graphics. It would probably have to be augmented at least by some checks for these special file formats. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLxVgSRnMLJtOy9MBAQF66wIA3a01avgc0jBjKXH6IMjO+6wj4tBeSUmM ZeRl+xFZFZ4Cfsrik1ghuHXI31isiHUzrPAIVEZfFIpTw6w9T0QdSQ== =YVRq -----END PGP SIGNATURE-----