John Young takes a courageous stand:
I propose that all anonymizers adopt a code of practice that any sale to officials of anonymizers or their use be disclosed to the public (I suggested this to ZKS early on when first meetings with the feds to explain the technology were being sometimes disclosed). That seems to be a reasonable response to officially-secret prowling and investigating cyberspace.
Absolutely appropriate, given cypherpunk goals. It may be difficult to apply in every case but the intention is laudable. Here is an example of the principle put into practice, from the anonymous web proxy service at http://proxy.magusnet.com/proxy.html: : If you are accessing this proxy from a *.mil or *.gov address : it will not work. As a taxpaying United States Citizen[TM], : Business Owner, and Desert Storm Veteran, I do not want my : tax dollars being used by agencies I pay for to gawk(1) : at WWW pages and hide your origination point at my expense. : Now, get back to work!
At 09:40 AM 9/5/2001 -0700, A. Melon wrote:
Here is an example of the principle put into practice, from the anonymous web proxy service at http://proxy.magusnet.com/proxy.html:
: If you are accessing this proxy from a *.mil or *.gov address : it will not work. As a taxpaying United States Citizen[TM], : Business Owner, and Desert Storm Veteran, I do not want my : tax dollars being used by agencies I pay for to gawk(1) : at WWW pages and hide your origination point at my expense. : Now, get back to work!
Sure, that's an understandable sentiment, but isn't this also isolating the good (or teachable) people inside government who might be open-minded about freedom or crypto or whatever, such that they can't learn from us, and such that (in the case of anonymizing tools) they can't leak information? I think there's an argument that it's useful to provide pipes into secretive organizations which allow insiders to release information with reduced fear of internal retaliation - sure, they may be used for provocation and disinformation, but they also may be used for and by decent people. (Like, for example, Fred Whitehurst, a supervisory special agent in the FBI's crime lab, who revealed systematic dishonesty, incompetence, perjury, and contamination in the agency's high-profile analytic & forensic operations - see <http://www.cnn.com/US/9703/22/okc.fbi.report/> or <http://www.usdoj.gov/oig/fbilab1/fbil1toc.htm>.) I don't think this question is as easy as it sounds at first. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
A. Melon writes: John Young takes a courageous stand:
I propose that all anonymizers adopt a code of practice that any sale to officials of anonymizers or their use be disclosed to the public (I suggested this to ZKS early on when first meetings with the feds to explain the technology were being sometimes disclosed). That seems to be a reasonable response to officially-secret prowling and investigating cyberspace.
Absolutely appropriate, given cypherpunk goals. It may be difficult to apply in every case but the intention is laudable.
Here is an example of the principle put into practice, from the anonymous web proxy service at http://proxy.magusnet.com/proxy.html:
: If you are accessing this proxy from a *.mil or *.gov address : it will not work.
Given the amount of federal research conducted at the poles you might end up blocking santa claus (which would piss him and his gang of elves off.) It's impossible to determine the ultimate end-user. For example, what if a university performs secure computing research via a federal grant or directly for an agency? Are you going to block *.edu? What if an agency/contractor/employee/grantee uses comcast business internet access? Or speakeasy sdsl service? What about using a qwest cybercenter and peering with dozens of tier-one providers? are you going to block the ones that do business with the government? What about international carriers? Will you block Deutsche Telekom just because the german govt. uses DT? The world is too complex for simple rules such as the above regardless of the intent of the rules. phillip
Let me jump in to say that I'm not advocating no access to anonymizers by officials only that that access be disclosed. It shouldn't be an embarrassment to reveal that federal agencies have bought such products. Disclosure as well of any features of the products sold to officials that are different from the standard product would be a big help in defending ourselves. Parity is all I'm asking for to combat the current disparity in features, as shit-marketers brag of their invasive products, "available only to law enforcement, letterhead needed." A pipe dream, maybe, but smart marketers have been known to respond to those as well as threats and sweetheart contracts. You ever see a DoD order for 40,000 copies of a program? That board of directors/Wall Street ecstacy is resistable only by cascading orders from the mass market. Here, I'm sympathetic to ZKS on how hard it is to compete with those who bear-hug government contracting officers as commanded by bankrollers everready to yank the plug. Nice story in the New York Times today about this, the second part of a three-parter on privacy issues of the Internet. To go with congressional hearings on it.
On Wed, Sep 05, 2001 at 10:12:25AM -0700, Greg Broiles wrote: | I don't think this question is as easy as it sounds at first. I do. Privacy is a good, and should be available to all. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (5)
-
A. Melon
-
Adam Shostack
-
Greg Broiles
-
John Young
-
Phillip H. Zakas