----- Original Message -----
From: "Anonymous"
Black Unicorn said:
There are a few cypherpunks probably listening to this who've been smacked with subpoenas for running remailers. I think you'll find that the government is pretty persuasive to third parties like these. The only defense (which one administrator of a remailer I won't name was clever enough to set himself up with) is to say (my paraphrasing) "I don't have access to those logs or any of that data. I don't keep such logs and I never have because it's too much overhead and work."
--
I suspect I'm the remop being referred to here, so I'll comment:
That defense is valid because it is true. It isn't a contrived excuse for not keeping logs that I conveniently pull out of the wings to protect the anonymity of my users. Keeping logs really is too much of a resource drain on my system.
Oh, I didn't mean to suggest that it was artifice in this particular case, apologies if I implied or stated it was.
At some point I will probably begin keeping logs that expire after a period of several hours, so that I can identify and block spammers. I'm interested in your thoughts on this, Uni. Is the defense "I never retain logs longer than 2 hours; they are automatically deleted out of disk space considerations" as string as the first one? (This is how many remailers are configured. But even if the remailers all kept logs, if users are chaining their messages through multiple remailers, anonymity should still be preserved.)
See my (huge) posting on this, but I would suspect that this isn't great. Were I operating one, which I am admittedly not, I'd want there to be no data of evidentiary value ever hitting my memory or media. To some degree that's not possible. In the alternative, actually _disabling_ logging is the best policy, in my view. The evidence never existed in the first place then. It suddenly becomes a challenge to show some kind of conspiracy on your part since the actual spoliation claim is harder to make. Showing conspiracy for anything with respect to either probably starts hard and gets marginally less hard in this order: a) A middle remailer in a multiple chain that knows nothing (little) about original sender, content or recipient. The only evidence of value here would be: Time of message traversing the mailer (only useful if the specific message can be linked to the sender which- if mixmaster works- isn't feasible). Size of message (only useful if the specific message can be linked to the sender and only useful in so far as the message can be constituted and be said to be "at least size X" which- if mixmaster works- isn't feasible b) A back end remailer in a multiple chain that knows nothing (little) about content or original sender. Evidence here in addition to the above: Recipient address. Recipient public key (if content is encrypted before mixmaster). Time of actual delivery to recipients SMTP server. c) A front end remailer in a multiple chain that knows nothing (little) about content or recipient. Evidence here in addition to a) : Sender address. d) A "one hop" remailer. Evidence available: All of the above. Given that even d) doesn't provide much (and less than not much if you're never allowing logs to be written in the first place) you can probably make some guesses about the likelihood of being vulnerable here.
Regardless, I haven't had the time to implement such a system anyway.
My point here is that, if you are going to be using the "off-shore attorney" system of preserving your data, I think it would be helpful if there was a legitimate reason for placing your information in the hands of this other entity (other than protection from the US courts.)
I really suggest that. Remember that you're going to have to convince people, not code, or automated rule sets, that you're a decent and non-criminal person if you do get called to the mat. Specious sounding arguments about "document destruction policies" and the like, while perhaps totally technically correct, aren't necessarily going to help you much- as the mountain of case crap I just typed in earlier should show. Since this has become a loud and argumentative issue perhaps it's time for one of the "what remains to be done" postings I used to do with a long section on what the next set of remailers should be incorporating. Advice that will be ignored or regarded, depending on the moods of the listeners perhaps.