At 12:02 PM -0700 5/31/97, Marc Rotenberg wrote:
Back to Tim's original point, I wonder if he knows that the P-TRAK data that Lexis/Nexis said was "public information" was actually taken from credit reports collected and sold by TransUnion. TU was able to sell the data because of a loophole in the Fair Credit Reporting Act. Sure, you post to the net that's public, but a lot of data collection is much more sleazy.
In my view, the Fair Credit Reporting Act is an unconstitutional restriction on my right to compile records as I see fit. Under the FCRA, if I take newspaper reports and public filings, for example, of someone's bankruptcy in 1985 and make this part of "Tim's Credit Evaluation" of that person, I have violated the FCRA. (I believe the current "limit" for such "rememberances" is 8 years. Why should the government have any ability to tell me I must "forget" records older than 8 years? In fact, what part of "Congress shall make no law..." do they not understand?) More to the point of the Cypherpunks list--and this is something we talked about at the very first physical meeting, almost 5 years ago--it will become increasingly easy for the FCRA to be bypassed with offshore data havens. Such data havens, discussed in physical form by Sterling in '88 ("Islands in the Net"), and others (some even earlier than Sterling), and in "cyberspace" form by many us (e.g., BlackNet, a working cyberspace data haven), will be completely unaffected by legislation such as the FCRA. (Though what will happen is that legislators will attempt to felonize contacts with such data bases, much as they are doing with Internet gambling. Remailers and Web proxies solve this problem. The usual arms race.)
I'd also appreciate some comment/criticism on the piece I did for Wired. My point was that in countries where there are legal rights to privacy it will be easier for technologies of privacy to flourish. I gave as examples the fact that PRZ was nearly indicted in the US while David Chaum was being applauded by the European Commission for building anonymous payment schemes. The OECD crypto policy drafting experience confirmed my suspicion.
I seldom read "Wired," so I didn't see this one. But the issues of Europe vs. the U.S. are notoriously complex. For every "Europe is better" point, such as not applying pressure to PRZ, there are the obvious counterpoints, such as Compuserve being prosecuted in Germany, the nearly full ban on crypto in France, the extradition of an American neo-Nazi publisher from Belgium to Germany, and so on. And as for Chaum and Digicash, Digicash is now in Silicon Valley. No firm conclusions can be drawn one way or another. Oh, and as for privacy in Europe, I'll remember how much they cherish privacy the next time I'm required to leave my passport with the hotel front desk (Europeans confirm that the police compile lists each night from said deposited passports). They were still doing this in 1983 when I spent 6 weeks travelling through Europe; and it wasn't to ensure I'd pay my bill, as they had my credit card stuff for that.
Let me also try to explain how the simple-minded First Amendment-privacy rights trade-off often misses the point about privacy claims. Consider the article about Judge Bork's video viewing habits back in 1987. Should Congress/the Courts prevent City Paper from publishing the article? Of course not. Could Congress/the Courts require video record stores not to disclose customer records without explict consent? You decide.
The best solution is neither of these options: Video rental stores don't need True Names except to collect on unreturned tapes. (They might _like_ True Names, or at least mailing addresses, for advertising reasons, but they don't _need_ them, and, like Radio Shack, will not make it a requirement for a transaction.) As with other such items, deposits work well here. My localvideo store does not require true names, so long as a sufficient deposit is left for each tape. Most persons use credit cards as the "return guaranty." Note also that credit cards need not be in the true name of anyone, via various options, much discussed on various lists.
For the hardcore free market types, take a look at Posner's *Economics of Justice.* There are good economic reasons for privacy laws, e.g. do you really want to negotiate with the telcos on a case-by-case basis whether they can sell the contents of your phonecalls?
Such negotiations would likely not be on a case by case basis, for transaction cost reasons on both sides. But I have no problem with "allowing" a phone company to offer a cheaper service, for example, which told customers it would sell the contents of the calls, or insert advertisements at random intervals during a call, or whatever. (Or even a phone company which offered to negotiate on a per call basis...as with the cases above, I expect such a venture would flop, but that's a different issue from whether such services should be "allowed." And, in fact, the situation Marc describes is already with us on the Web. Some sites sell lists of those who hit their sites. How is this different from the Bork or phone cases? It isn't.
To be clear, I do believe that there should be laws to protect the right of privacy and that there should be an office within the federal government to advocate on behalf of privacy interests. I also believe that if such an agency had been established in 1991 when it was proposed, it would have been much harder for the government to push subsequently for digital telephony, Clipper, GAK, etc.
I don't believe there should be such laws, obviously. And more importantly, strong crypto provides numerous monkeywrenchings of such laws. Pass a law requiring return addresses on all messages....the effect will be to move the spam sites offshore. Then what do you do? Pass a law like the Fair Credit Reporting Act saying it's a crime for Tim May to "remember" and "tell others" that Suzie Hopkins skipped out on her rent in 1988...the effect will be for the TransUnions and Equifaxes of the near future to locate themselves in the Cayman Islands, beyond the FCRA. Pass a law to make it a crime for a prospective employer or lender to connect to this site in the Cayman Islands...the effect will be to increase use of Web proxies and anonymous remailers. And so on. Crypto anarchy means monkeywrenching these do-gooder laws. (When EPIC and ACLU figure out the real implications of strong crypto, look for them to talk about "compromises" on access to strong crypto....hey, maybe SAFE is an indication they've started to realize what is coming.) --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."