Even without the proposed legislation, anonymity is increasingly fragile on the Net. Corporations have sued for libel to force services to disclose the identities of those who posted disparaging comments about them online. Individual suits of this type are rarer, but last December, Samuel D. Graham, a former professor of urology at Emory University, won a libel judgment against a Yahoo user whose identity was released under subpoena.
Actually the tide is turning on this issue. There have been two high-profile cases this year in which suits designed to reveal the identities of pseudonymous posters have failed. In May, Medinex dropped its lawsuit attempting to learn the identities of its online critics. http://www.eff.org/Legal/Cases/Medinex_v._Awe2bad4mdnx/20010522_eff_dismiss_... Wonder why they were concerned? Take a look at http://quote.yahoo.com/q?s=MDNX.OB&d=c&k=c1&t=2y&l=on&z=m&q=l. The stock has fallen from almost 10 to about 0.2 in the past 18 months. Ouch. A month earlier, the EFF and ACLU were successful in quashing a subpoena by foundering auctioneer 2TheMart.com attempting to identify pseudonymous participants in an online bulletin board. http://www.eff.org/Legal/Cases/2TheMart_case/20010420_eff_2themart_pr.html The company is currently defending itself against charges of securities fraud. It seems that the same kind of people who run a company into the ground are the ones who want to muzzle their critics and who are least tolerant of anonymity. These two recent successes by the EFF will hopefully set precedents for better protection of identity. Of course, the real problem is the use of utterly inadequate technology for pseudonymous activities. People don't realize how risky it is to participate in an online financial discussion without adequate technological protection. When things go wrong, litigants will lash out at anyone who is a target. Financial chat without layered protection is like sex without a condom. The list posted earlier (thanks, Seth) provides a good starting point for online protection: http://sethf.com/anticensorware/bess/loophole.php. The gold standard for this technology is the Freedom software from Zero Knowledge Systems. But if you're not willing to pay, at least go through another site before trusting your identity to an online chat service. Practice Safe Chat!
On Friday, August 17, 2001, at 10:40 AM, lcs Mixmaster Remailer wrote:
Even without the proposed legislation, anonymity is increasingly fragile on the Net. Corporations have sued for libel to force services to disclose the identities of those who posted disparaging comments about them online. Individual suits of this type are rarer, but last December, Samuel D. Graham, a former professor of urology at Emory University, won a libel judgment against a Yahoo user whose identity was released under subpoena.
Actually the tide is turning on this issue. There have been two high-profile cases this year in which suits designed to reveal the identities of pseudonymous posters have failed.
Importantly--and glossed over in the Grossman article--there is a huge difference between "being forced to reveal something you know" and "being required to know." For example, consider a financial transaction, a purchase of something. If Gary the Grocer has a record kept of a delivery to Mannie the Mobster, and the system learns about it, Gary can be ordered to turn over his records. However, he cannot be compelled to require I.D. from Mannie the Mobster. Cash and unrecorded transactions are still fully legal. (And should remain so, so long as the Constitution is not fully shreddded.) (For any quibblers, there are very, very limited cases where records of purchases are required, e.g., guns. There are other limited cases where a proof of age credential (but not identity) is supposed to be presented, e.g., alcohol and cigarettes.) A remailer cannot be compelled to keep records by any constitutional laws I have heard of. Furthermore, even if some law is passed requiring an ISP to "retain logs for 7 years," this will hardly impinge on properly-designed remailers. Easily-designed remailers, in fact. My ISP can keep all the logs he wants to, including records of encypted mail to and from my dial-up account. However, once I have received encrypted mail, gotten around to collecting and decrypting them, then mailing them back out, the logs at the ISP tell a snoop nothing of interest. (Remember, remailers are _mailers_, operating in prinicple at the POP level. That some remailers are acting at the "packet" level (loosely-speaking) is not central to their function. Especially given the usual (and desireable) delays associated with pooling of N messages.) So, stopping remailers requires a LOT more than requiring Earthlink to keep terabytes of data around for years and years. Many years ago I referred to their being two critical ingredients: -- silver pipes -- silver nodes Silver nodes are perfectly reflective nodes which no amount of external illumination/scrutiny can penetrate. The perfect shield, a la the "bobbles" of Vernor Vinge's "Peace War" and "Marooned in Realtime" novels. Security of a PC, and local file encryption, approximates this. Silver pipes are the various links between nodes, with encrypted packets. SWAN is one example, SSL another. Sniffers and snoopers can see that the pipe exists, but cannot see "inside" it, hence the "silver" appelation. So what happens when a large number of silver nodes are connected with a large number of silver pipes? And so _what_ if some of the nodes (ISPs, but not a hundred million end-user machines) are "required by a new world order treaty" to retain their logs for 7 years? And the point about a hundred million end-user machines is an important one. Many of you already are running your own servers...you are your own ISPs. This trend will increase. What of machines sitting in large warehouses of machines (like www.rackspace.com)? What of LANs and WANs used as remailers? Packets enter the building of Digital Datawhack, travel over a plethora of CAT5 and Firewire and 802.11b links, get mixed around in the usual ways, and then eventually exit the Digital Datawhack building...or one down the street, across town, etc....and re-enter the "more public" networks. What, exactly, would it mean to "require logs of all packets"? A hopeless task. The "degrees of freedom" are too large, even now.
participants (2)
-
lcs Mixmaster Remailer -
Tim May