On Dec 5, 2003, at 5:53 PM, Jamie Lawrence wrote:
I have nothing against Lessig, but it bugs me that he's considered by some to be one of the Great Cyberspace Thinkers when his ideas are so easily dismissed...and were argued on both sides so many years ago.
Larry Lessig ought to read, and think deeply about, the first ten years of traffic on the Cypherpunks list. Especially the first five years.
Lessig is a very smart man, in the framework he's very smart at dealing with. And probably more beyond that.
Unfortunately, I don't think copyright is an appropriate framework from which to launch a discussion about wider modes of human communication.
Correcting him early and often is absolutely in order - hopefully he'll rethink a thing or two.
This actually fits in with something Lessig is widely known for, his "technology-custom-law" trichotomy (*). (* He may call it something different...I haven't checked in a while. And I recall he may have a fourth component. I was talking in similar terms many years ago, too. Not that I am saying Lessig borrowed from my ideas, as I am sure many of us independently realized this. Cf. via Google some of the things I wrote about VCRs and how they changed the ground truth of what was legally copyable. Or how Gutenberg created a technology which made existing custom (e.g., the Church) and law (e.g., the Guilds) effectively moot.) Those who make Grand Plans about such things as "pseudonymity with legal warrant access" need to take systems and computer science (and hence math) into account. This usually comes through thinking about possible attacks, weaknesses, and design flaws. For example, I have cited the obvious case of someone, call him "Tim," using "Larry's LEO-Friendly Remailer." But Tim is _not_ a LEO-friendly remailer, and Tim has taken in articles from other such non-LEO-friendly remailers. The only way Larry knows that Tim is doing this is if Larry "peeks" (examines the content to see what it is, to see that it does not contain seditious or pornographic or non-LEO-friendly packets). Or Larry can wait for the eventual "legal warrant" and then find that Tim was remailing packets which could not be traced. Oops. Larry can then cancel Tim's account. More generally, I think Lessig has failed to understand the very fundamental, underlying structure of true Cypherpunks-style remailers: ::request-remailing-to: foo@anotherremailer.org This can be any arbitrary text, and all that is passed on to the next remailer or recipient. And this text block is not tagged in any way with sender ID. And this text can be encrypted, readable only by the specified "nextremailer." And this text block can included further requests for remailing, and so on and so forth. Tim again. With this structure, nested and packaged as a payload, for Lessig's scheme to actually give "warrant-only traceability," it must ban such nested remailings. Which means, ban on crypto. (For if crypto is allowed, then even a warrant cannot crack it. "Oh, then we'll have key escrow...") And so on. A little bit of thought reveals numerous such attacks on a "LEO-friendly remailer." And the "fixes" are all in the direction of, in the final analysis, banning strong encryption. Of course, Lessig may say that he is only advocating an ultra-weak system of remailers that only dummies will use. He may say he does not propose to actually ban "strong remailers." Some argue that weak systems--remailers or crypto--will thrive "because most crooks are lazy" has been dealt with many times. Sure, some people doing things use weak systems, out of ignorance, out of laziness, out of a sense that they are immortal and cannot be caught. But others doing illegal or marginal things are amongst the earliest adopters of relatively robust systems: offshore banks, encrypted disks, and, ironically, secure anonymous remailers. (When the Finnish police finally forced Julf Helsingius to reveal the pseudonym attached to the Church of Scientology "NOTS" documents, they found that inside was a packet from a true Cypherpunks remailer, whose last node was at C2Net, the company Sameer Parekh founded. End of trail. This showed that even as early as 1995 someone was thinking ahead to the day when the Finnish police would force a "weak pseudonymity" system like PENET (Julf's system, based on earlier code written by another hacker) to give "warranted access" a la Lessig. So much for people being too dumb to use a strong system!) If Lessig is truly _only_ proposing that some idiots be encouraged to use weak remailers and weak crypto, then, fine, no harm done. However, the goals Lessig is avowedly seeking, of access to identities through "legal warrants," then his system will rapidly become unused after the first few "legal warrant" convictions. So long as strong systems cost little more than weak systems, strong systems prevail. (And, for various reasons, strong systems are in most cases cheaper to use than weak systems.) In a kind of reverse of Gresham's Law ("weak money drives out good money"), strong crypto drives out weak crypto. (Actually, this is not so much a reverse of Gresham's Law as its manifestation in terms of what money is: people seek to get rid of (= spend) weak money and hold on to (= hoard, save) strong money. So they spend their "debased" currency and hold on to their gold double eagles. This actually confirms the above point.) Bottom Line: In the ecology of encryption, remailers, and digital money, weak systems that are LEO-friendly will ultimately lose out to strong systems. Unless the strong systems are outlawed, and maybe not even then. --Tim May "I'm sorry that Tim is being a bother again. He has a long history of being obnoxious and threatening. So far, he has not broken any laws. We have talked to the authorities about him on numerous occasions. They have chosen to watch but not act. Please feel free to notify me if he does anything that is beyond rude and actually violates any laws and I will immediately inform the authorities." Thank You Don Frederickson (co-owner and CEO of got.net, Santa Cruz)