At 02:06 PM 9/2/96 -0700, Stanton McCandlish wrote:
You have to have an anonymizing system that crosses a dozen or so national boundaries to make such an attack infeasible for most large organizations. You'd need a system that crossed 50 or more widely disparate jurisdictions to make it infeasible to large intelligence or law enforcement agencies, and even then you'd have to NOT have broad international agreements, such as you'd called for or it would be trivial to force all the remailers in the chain to cough up personally identifiable information.
My assumption is that there will be a wide variety of Net communities with different rules/regulations/attitudes towards anonymity that would apply ex
This is already true.
some kind of international sanctions; I think that's appropriate.
That's what bugs me - if there are some kind of sanctions coming from a governmental body (I may be misinterpreting you here), that's probably enough to kill private and well as public anonymity on the Net.
Incidentally, if something does happen from a governmental direction to kill online anonymity, it will probably be readily broadenable to all other media.
At the risk of sounding like a broken record (a phrase that will get ever more obscure now that we're in the CD era...) that's why I pushing AP (Assassination Politics.) While anonymous remailers and chains are great for security, there ought to be some final bulwark against violations of our security and anonymity that doesn't depend on legal arguments, or even technical refinements of encryption. When organizations such as CoS can seek Penet data with impunity, and when courts in Finland can let them, we're not safe. Remember the saying, "The best defense is a good offense." Playing as we do now, it's like saying, "We'll try our best to maintain our security, but if it fails too bad." I propose changing it to, "We'll try our best to maintain our security, but if you manage to violate it anyway you're dead." As rude as it may sound, one of the best advantages is that this defense is free while it's not needed, and is pretty cheap when called upon. In case anybody has any residual doubts as to whether we should enforce our rights in this way, consider this: if we've decided that we have the right to anonymity and security (through remailers and encryption) EVEN IF some people might misuse those tools to cause crime and potentially even death (which, of course, would be an exceedingly rare outcome) then I suggest we've already accepted the principle that our rights to use these tools daily are more important than the possibility of a rare negative outcome. (in the same sense that occasional fatal car accidents don't justify taking away all cars.) And if that's the case, we should also be willing to DELIVER a rare negative outcome to anyone who acts to take these rights away, particularly if such a person is adequately forewarned of our intentions. Jim Bell jimbell@pacifier.com