Jim Hart wrote:
A post-hoc attack of examing logs, like what the FBI is probably doing now for the RC4 incident, is much more likely... I'll lay even odds that the leaker is never found... if the leaker used a well constructed message... I set the odds at 1000:1 that we'll ever find him via remailer tracing.
Intellectual property rights, export status and all that aside, as a once (and hopefully future) remailer operator, I am curious and concerned for the remailer operator in this case. I see that RSADSI contacted Mr. Perry's employer (jpunix consultants here in Houston?) and the remailer is "temporarily" shut down. This investigation could go a long ways into answering (maybe unfavorably) several legal matters, such as the seizure of sendmail logs, from multiple machines if chained. Will the FBI get cooperation from a foreign law enforcement if a foriegn remailer was used? If the mail was chained through several remailers, will legal action be taken against each one? Then there's the liability of the remailer operator, the company who owned the machine, etc. Will RSA pursue action against these people? Can they? I'm not advocating illegal remailer usage, but I certainly don't want to see John Perry become the focus of lawsuits as the most visible target. John Perry mentioned he was almost fired, except the CEO of JPUnix is open minded. Thankfully, I can imagine other organizations wouldn't have hesitated in firing him. -- Karl L. Barrus: klbarrus@owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper