The debate about data havens and what they ought to really be, what they ought to really accept, etc., is similar to debates about what digital money ought to be, how remailers ought to operate, etc. It's useful to categorize projects as "experimental" (or "toy," with no negative connotations implied) or "commercial" (or "real," I suppose): * EXPERIMENTAL, or TOY: Early efforts, meant to help illuminate the issues, uncover problems, gain knowledge, educate people, etc. * COMMERCIAL, or REAL: More robust, well-established. Usually "for pay," and expected to be maintained, available, professionally operated. Now there's a fuzzy distinction between these, a continuum, really. For example, PGP began life (esp. as v. 1.0) as an amateur or experimental thing, with a few hacker experimentalists playing with it. Version 2.x has been usable as a commercial tools, every bit as good as "MailSafe," the ostensibly commerical RSADSI tool. The user community has added enough capability and hooks to clearly put PGP in the COMMERCIAL category: robust, supported, etc. Remailers are _almost_ in the second category, especially when taken as an ecological whole. (That is, any single remailer may be flaky--though many aren't--but the pinging and reputation tools that support the ecology make the ensemble more robust and usable.) Many of us believe that "digital postage" paid remailing will be the final step needed to move remailers into the commercial/real category. Until thien, they're not businesses--they're hobbies and experiments. (Which is fine, as one of the main reasons for Cypherpunks was to take the academic papers presented at Crypto conferences and reify them in working code, as experiments.) Digital cash is more clearly still at the experimental level, as are anonymous markets (like BlackNet), data havens, and so forth. Why do I mention these points? Because there's a danger in "premature professionalization." And a danger in criticizing experimental or toy efforts for not being "pure enough." The recent claims that nascent "data havens" _must_ support all files, including hard-core porn, weapons secrets, etc. seems to be an example of this. I'm not for censorship, just concerned that the data haven _experiments_ are not secure enough, not robust enough, to actually carry high-visibility files. For example, data havens will clearly someday be used to carry defense secrets, troop movements, weapons manufacturing details, etc. But I would not want to carry them on my "experimental data haven," for obvious reasons. Even if I only carried "non-American" secrets, such as reports on Russian troop manouvers around Grozny, I could expect visits from American officials (to stop me, to plant data they want planted, etc.). (And let's not forget "snatch teams" that grab foreign nationals suspected of crimes...Israel, Iraw, Iran, and the U.S. have grabbed people in other countries. And more common is simple execution. If a Swedish data haven carried files related to U.S. operations, and the data haven location was known--part of what I mean by saying the enabling technologies do not yet exist--then various measures would be applied. Diplomatic, equipment sabotoage, even killing the operators. I'm not being Ludlumesque here...clearly such "threats to national security" would be seen as justifying various reactions. Especially to send a message to other potential operators.) Those advocating a "purist" (= professional/real) approach to data havens, seen recently in the calls for data havens to never screen files or accesses, should bear in mind that "data haven technology" is lacking. Remailer chains leading in and out of data havens are still non-robust, subject to attacks and compromises. And of course, digital cash is still being thrashed out. An experimental data haven that allowed unscreened access or depositing of information would also become a a magnet for kooks, for those wishing to sabotage such havens, etc. If truly serious information was found on the haven, huge efforts would be mounted to find the source, get the site shut down, etc. Current remailer technology is just not up to the challenge. (I'm not saying it won't someday be, just not now.) Criticizing experimental data havens for "not going all the way" seems to me to be wrong-headed. First, there's the usual issue of who bears the risk, with those not at risk urging others to put themselves and their sites are risk by being "pure." Second, and more important, the enabling technologies for data havens are just not yet themselves available and robust. A data haven that carries "Four Horseman of the Infocalypse" material will come under strong attack, legal, cryptographic, and physical. There's a place for experimental or toy implementations, e.g., data havens that operate in some limited domain. This allows the issues to get explored before full-scale attacks are mounted. Think of it as a training exercise, a drill, or an immunization. --Tim May, who thinks the first real data havens will come under intense attack and so had better be secure from the start -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay