Re: News: "U.S. May Help Chinese Evade Net Censorship"
At 05:31 PM 8/31/2001 -0400, Faustine wrote:
Sure. But to what extent can you collaborate without a)approaching full- blown collusion or b) getting taken for a ride in spite of your best efforts?
When you talk about "collaborating" and ZKS selling beta software to the NSA, are you saying you've got information that ZKS gave the NSA access to more information than the general public got, and/or that the NSA got their access or information meaningfully earlier than the general public? If that's the case, that's interesting, but that's too serious a claim to let pass by as an unstated implication. If that's not the case - and they had the same access to the Freedom beta code that the rest of us outsiders/Cypherpunks/critics/commentators did - then I don't see an issue here. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
Greg wrote:
At 05:31 PM 8/31/2001 -0400, Faustine wrote:
Sure. But to what extent can you collaborate without a)approaching full- blown collusion or b) getting taken for a ride in spite of your best efforts?
When you talk about "collaborating" and ZKS selling beta software to the NSA, are you saying you've got information that ZKS gave the NSA access to more information than the general public got, and/or that the NSA got their access or information meaningfully earlier than the general public?
If that's the case, that's interesting, but that's too serious a claim to let pass by as an unstated implication.
Actually, it would be far more more informative to get them to explain exactly what happened instead of relying on third-party empty hearsay and hot air from me, since honestly that's all I've got. But I'm sure there are a lot of reasons--some of them contractural--you'll never hear the whole story. Especially given that you'll never get anything more than loose talk from the other side. My personal opinion is that collusion or not, they got taken for a ride. And if it's not worth much, so be it. ~Faustine.
On Fri, Aug 31, 2001 at 06:48:24PM -0700, Greg Broiles wrote:
When you talk about "collaborating" and ZKS selling beta software to the NSA, are you saying you've got information that ZKS gave the NSA access to more information than the general public got, and/or that the NSA got their access or information meaningfully earlier than the general public?
If that's the case, that's interesting, but that's too serious a claim to let pass by as an unstated implication.
If that's not the case - and they had the same access to the Freedom beta code that the rest of us outsiders/Cypherpunks/critics/commentators did - then I don't see an issue here.
Right. Selling the same products to the Feds that are available to the general public is not generally objectionable, and I don't see what the issue is with ZKS here. One might as well complain about the NSA buying symbolic debuggers. -Declan
On Fri, Aug 31, 2001 at 06:48:24PM -0700, Greg Broiles wrote:
When you talk about "collaborating" and ZKS selling beta software to the NSA, are you saying you've got information that ZKS gave the NSA access to more information than the general public got, and/or that the NSA got
On ZKS selling anonymizing products that are publicly available to governmental officials does raise an issue of whether officials should, or should be able to, conceal their official identities when working cyberspace in an official capacity. I think not, though it might be as impossible to get officials to comply as with terrorists so long as the technology is there. Paul Sylverson, at NRL, took me to task recently for outing officials, claiming that one of the primary purposes of onion routing was to allow officials to conceal their actions in cyberspace. I answered that it was my opinion that officials had no right to conceal their identity when on the job, not the military, not the spooks, indeed, they should be obliged to reveal identity in cyberspace when at work, if not of the person then of the agency. Nobody has yet seen an fbi.gov in the logs, or nsa.mil/gov, though a few ucia.gov and nro.gov crop up, and the ubiquitous nscs.mil. That this would not apply to these officials in their private lives, that then they deserved fullest possible privacy protection. But none at all in their official roles. I propose that all anonymizers adopt a code of practice that any sale to officials of anonymizers or their use be disclosed to the public (I suggested this to ZKS early on when first meetings with the feds to explain the technology were being sometimes disclosed). That seems to be a reasonable response to officially-secret prowling and investigating cyberspace. If officials want to do that in secret they should obtain a public license, say to use onion, pipenet, remailers, or ZKS, Safeweb, and so on. That's a public license, not a government one, for a fee to help pay for the public's use without cost. At 12:57 PM 9/4/01 -0400, you wrote: their
access or information meaningfully earlier than the general public?
If that's the case, that's interesting, but that's too serious a claim to let pass by as an unstated implication.
If that's not the case - and they had the same access to the Freedom beta code that the rest of us outsiders/Cypherpunks/critics/commentators did - then I don't see an issue here.
Right. Selling the same products to the Feds that are available to the general public is not generally objectionable, and I don't see what the issue is with ZKS here.
One might as well complain about the NSA buying symbolic debuggers.
-Declan
On Tue, Sep 04, 2001 at 01:42:28PM -0700, John Young wrote: | I propose that all anonymizers adopt a code of practice that | any sale to officials of anonymizers or their use be disclosed | to the public (I suggested this to ZKS early on when first | meetings with the feds to explain the technology were being | sometimes disclosed). That seems to be a reasonable response | to officially-secret prowling and investigating cyberspace. Speaking for myself, I don't really want to know my customers any more than I absolutely must. If y'all are so willing to identify and treat differently one class of customers (spooks), I believe that you have no moral leg to stand on when a different class of customers (say, hispanics) are treated differently. If there's no morality bit in encryption, then there's no morality bit, and the fifth horsey of government can be as anonymous as the rest of us. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
I try to abide the principle that if one gets anonymized all should. However, there is a disparity in who gets to leverage that anonymity -- from the citizen to the empowered official. We have now more privilege of conealment on the official side, and that needs redress, constant redress a rebel might yell. Not much of my proposal is radical: there is a long tradition for officials to own up to what they do in their official roles. The uniformed police, the uniformed military services. That is far less done in the case of the spooks and, increasingly lately, law enforcement and the military as the latter adopt the practices and more importantly the technology of spooks -- and the spooks' lack of public accountability (those oversight committees are a fraud). The culture of secrecy is vastly overweighted in favor of government, and much of that derives from hoary claims of national security. Undercover and covert operations have become far more pervasive in the US government and military than ever, and constitute a privileged elite in mil/gov, and often law enforcement, moving from the federal agencies into state and locals -- and contractors and suppliers for all these. And all are bound by a complicitous and luxurious veil of secrecy. It is fairly common for goodhearts to question government but not when national security, and more recently, domestic security, is bruited. But that is due to a well-crafted educational campaign to raise national security to a theological level, and its rational is itself cloaked in secrecy. A similar theologizing is underway, methinks despite Declan's unreflective demurral, in the campaign for combatting domestic terrorism, the Homeland Defense demonolgy. Having learned much here about the futility of trying to determine who gets privacy technology and who does not, it remains true that for most of us access to this technology is very recent and we know not what lies outside our knowledge. I am not as sanguine about government as I was before being semi-educated by this list about what technology is in covert use. And I am not as sanguine about the wisdom of providing technology to government on the same footing as the citizen. There is more than a bit of marketing opportunism is this view -- and government knows very well what power the purse has to seduce young firms into the world of secrecy. So I say again, that despite it being economic foolhardiness, indeed because it is that, there needs to be a code of practice for anonimyzer developers to state their policy of helping governments snoop on us without us knowing. Agnosticism in this matter is complicity when such a stance cloaks government intrusiveness. Look, I'll accept that we will all succumb to the power of the market, so limit my proposal for full disclosure to those over 30. After that age one should know there is no way to be truly open-minded.
At 04:33 PM 9/4/2001 -0700, John Young wrote:
And I am not as sanguine about the wisdom of providing technology to government on the same footing as the citizen. There is more than a bit of marketing opportunism is this view -- and government knows very well what power the purse has to seduce young firms into the world of secrecy.
So I say again, that despite it being economic foolhardiness, indeed because it is that, there needs to be a code of practice for anonimyzer developers to state their policy of helping governments snoop on us without us knowing. Agnosticism in this matter is complicity when such a stance cloaks government intrusiveness.
Look, I'll accept that we will all succumb to the power of the market, so limit my proposal for full disclosure to those over 30. After that age one should know there is no way to be truly open-minded.
I don't think the problem here is really the power of the market - it's the ease of copying digital media, and the difficulty of keeping a secret. I think a disclosure program like you discuss isn't an awful idea - and it might make sense for crypto companies to include, as part of their sales contracts with government agencies, explicit permission to disclose those purchases for public awareness and marketing purposes. But any such disclosure list is going to be incomplete, because the sellers themselves don't know who they're selling to, or who their customers are passing the goods along to. It's the same old crypto export control problem - but now we're thinking of the US government as the bad guys, instead of the government of Iraq - and all of the practical objections to the export control nonsense still make as much sense as they ever did. And the ease of circumventing the control regime still makes it a laughingstock, or just a marketing exercise. (See, for example, the PROMIS software package - licensed by Inslaw to DoJ, and from there distributed far and wide, depending on who you believe. A Google search on "promis inslaw casolaro" will provide a catalog of real or imagined government abuses of small software sellers.) I agree that we in the US have much more to fear from our government than from the government of Iraq - and perhaps the moral or strategic questions about arms control weigh even more heavily against giving the US government strong privacy or encryption or monitoring tools - but those moral questions are irrelevant given the speed and ease of distribution in the modern world. We can't control the spread of drugs, or guns, or money, or crypto, or surveillance tools - not as a government, and certainly not as individuals or small companies. Given those constraints on our abilities, publishers of crypto/privacy tools must assume that, when they make any significant distribution of their products, some of them will end up in the hands of government agencies, who will use them (if they're useful) and disassemble/analyze them to find exploitable weakness. That's not really different from what others - like hostile foreign governments, or motivated criminals, will do with them. Similarly, citizens must assume that, if tools are available to anyone, that they are available to governments, and to the least honest and least honorable and least humanitarian people within those governments, and plan their affairs accordingly. There's no other realistic path - we can agree that it would be nice if governments didn't perceive a need to mislead and deceive their own citizens, and if governments would follow their own laws - just as it would be nice if other humans would follow laws and act decently, too. But they won't, not all of them. So we've got to make our plans assuming that the worst people are going to get access, sooner or later, to the best tools, and they're going to lie to us about it along the way. And that's what we've got to work with - but we can have the good tools, too, if we choose them. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
At 04:33 PM 9/4/2001 -0700, John Young wrote:
Look, I'll accept that we will all succumb to the power of the market, so limit my proposal for full disclosure to those over 30. After that age one should know there is no way to be truly open-minded.
And, in the spirit of full disclosure, I'll mention that at C2Net we did sell our software to the government/intelligence agencies who wanted it - they paid the same prices as any other customers, signed the same sales contracts (we'd negotiate some on warranty terms for big purchases), and otherwise got what everyone else got - not more, not less. In the book "Peopleware", it's argued that software quality is important not because customers demand it (they don't), but because it makes developers happy to make something they're proud of, and happy developers are more productive and are retained longer. I thought then (96-98) and still think that it might be sensible for small crypto/privacy oriented-companies to refuse to sell to government bodies - not because it would realistically prevent the TLA's from gaining access or information, but because it would be a good marketing trick, especially back when the LEO/intel agencies were 100% behind Clipper and very restrictive export/escrow policies. In terms of customer and employee morale, it might be helpful to be "that company who tells the government to fuck off for moral reasons", which is something that ideological leftists and ideological libertarians can get excited about, and excited customers and employees are good for business. It also might be a sensible posture for a small, fast-moving high-volume company that doesn't want to fuck around with the overhead involved with government sales - they typically took 2x or 3x as long to close as private-sector sales, and had extra mandatory forms to fill out where they wanted to know about the race and gender of the business owner(s), and then paid us on 90 or 120 day or worse terms because what were we going to do, sue them? On the other hand, it also looks like a good opportunity for a captive government reseller subsidiary, which has a couple of really laid-back slow people on staff who don't mind filling out forms, and charge 2x the regular retail price (which is available only to cash/credit card customers) in exchange for waiting 120 days for payment. But we didn't have spare cycles to fuck around with that, though some companies do, and they seem to do pretty well with it. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
Let me try to restate John's proposal, which has some very attractive qualities. There are a few questions, it seems to me: 1. Should we require by law that government employees never act under cover of anonymity? (In practice, what does that mean? Does that mean they can't lie about their truename, or does it mean that they have to affirmatively volunteer their employment status?) 2. Since the people enforcing this hypothetical law are the same people with the greatest incentives to violate it, what makes a disinterested observer believe that it will be effective? If we're not interested in effectiveness, why don't we just pass a law saying "no more police brutality" or "no cop shall violate someone's civil liberties?" 3. Since the people regulated by this hypothetical law who would object to it have innumerable allies in the legislatures of this fair nation, what makes a disinterested observer believe that this proposal could ever be anything more than a thought experiment? 4. Should privacy-providing companies pledge to disclose the identities of their .gov purchasers? Do we think that .govs will follow this rule, or use cutouts? Will it be effective when the tools can be freely downloaded or bought at CompUSA? Me, I tend to think that federal agents shouldn't be infiltrating U.S. political parties, that the extent of undercover police work could be profitably scaled back quite a bit, that the IRS has few if any reasons to send its agents undercover, and that intelligence agencies have no business running operations domestically. Contrary to what John says, I'm happy to look critically at "homeland defense plans" -- what I've said is simply that this HD campaign has not yet eroded our civil libertes to the point where we have none. Be concerned, but not terrified. I think John has a valid point when he says that we should look askance at anonymity firms that help government spy on us. Companies would be well-advised to make their practices (we sell to Feds, we refuse to sell to Feds) public. But the market being what it is, the tools so well-discussed in so many circles, and the switch from .mil or .gov to .org or .com so easy, that I suspect such promises might give us only a false sense of security. -Declan At 04:33 PM 9/4/01 -0700, John Young wrote:
I try to abide the principle that if one gets anonymized all should. However, there is a disparity in who gets to leverage that anonymity -- from the citizen to the empowered official.
We have now more privilege of conealment on the official side, and that needs redress, constant redress a rebel might yell.
Not much of my proposal is radical: there is a long tradition for officials to own up to what they do in their official roles. The uniformed police, the uniformed military services. That is far less done in the case of the spooks and, increasingly lately, law enforcement and the military as the latter adopt the practices and more importantly the technology of spooks -- and the spooks' lack of public accountability (those oversight committees are a fraud).
The culture of secrecy is vastly overweighted in favor of government, and much of that derives from hoary claims of national security. Undercover and covert operations have become far more pervasive in the US government and military than ever, and constitute a privileged elite in mil/gov, and often law enforcement, moving from the federal agencies into state and locals -- and contractors and suppliers for all these. And all are bound by a complicitous and luxurious veil of secrecy.
It is fairly common for goodhearts to question government but not when national security, and more recently, domestic security, is bruited. But that is due to a well-crafted educational campaign to raise national security to a theological level, and its rational is itself cloaked in secrecy. A similar theologizing is underway, methinks despite Declan's unreflective demurral, in the campaign for combatting domestic terrorism, the Homeland Defense demonolgy.
Having learned much here about the futility of trying to determine who gets privacy technology and who does not, it remains true that for most of us access to this technology is very recent and we know not what lies outside our knowledge.
I am not as sanguine about government as I was before being semi-educated by this list about what technology is in covert use.
And I am not as sanguine about the wisdom of providing technology to government on the same footing as the citizen. There is more than a bit of marketing opportunism is this view -- and government knows very well what power the purse has to seduce young firms into the world of secrecy.
So I say again, that despite it being economic foolhardiness, indeed because it is that, there needs to be a code of practice for anonimyzer developers to state their policy of helping governments snoop on us without us knowing. Agnosticism in this matter is complicity when such a stance cloaks government intrusiveness.
Look, I'll accept that we will all succumb to the power of the market, so limit my proposal for full disclosure to those over 30. After that age one should know there is no way to be truly open-minded.
At 07:53 PM 9/4/2001 -0400, Declan McCullagh wrote:
[...] 2. Since the people enforcing this hypothetical law are the same people with the greatest incentives to violate it, what makes a disinterested observer believe that it will be effective? If we're not interested in effectiveness, why don't we just pass a law saying "no more police brutality" or "no cop shall violate someone's civil liberties?"
I think this goes a little too far (though I'm also pretty skeptical about the underlying proposal). True, it's very unlikely that cops will arrest themselves for violating a mandatory disclosure law - expecting any group to reliably self-police is unrealistic. It would not be practically, impossible, to enforce such a provision the same way that parts of the Fourth, Fifth, and Sixth amendments are - by making evidence which has been gathered illegally unavailable in court. That sanction isn't intended to be punitive - it just removes (some of) the motivation to engage in the forbidden activity. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
Thanks for the cites of Gatti. Greg's disclosure of C2Net's sales is appreciated. Perhaps not surprising. What would be surprising, maybe, would be disclosure as ZKS did in its earliest days, of reporting on meetings C2Net was having with law enforcement officials about its technology. Those admirably exceptionable ZKS reports then stopped, at least I didn't see them after the first few. What I got instead was a rush of advertising from ZKS. Fair enough, as far as business development goes. Those singular souls working at ZKS in the cpunk spirit, are what makes me especially interested in the firm's welfare, in the light of its original goal to make available to the public quite strong privacy protection and anonymity tools. A plan pretty close to the exciting, customer-appealing marketing method outlined by Greg. The ZKS original model did indeed have an anti-authoritarian streak. And presumbly the products live up to that promise. And that is all they do. If ZKS has only explained the technology to the LEAs and sold them the same products as the public gets, then great. And has not been persuaded to do a bit of dirty work as well out of sight of the cpunks. End of concern. Buy its products, invest in it, make the hard workers rich. Still, there is the PGP market model to ponder. And no believable disclosure from Phil why he left, what was done to PGP he could not bear to be a part of so took his settlement and skipped his obligation to his supporters to disclose fully. There is food for thought in why some people leave government service and companies rather than continue to participate in deceptive practices, though often still bound by secrecy agreements and NDAs. I believe that a good bit of the earliest public revelations of cryptology came from such people, as did and does most secret technology used for intrusion on private lives. Diffie hints at being nudged or noodled toward PK by thoughtful researchers. Today there are a host of ex-members of intel agencies telling and warning what they can without being jailed. One recurring theme of those who have worked inside the world of secrecy is how that world has been corrupted by excessive secrecy. And historians regularly write of the corrupting influence of secrecy in government. Undercover law enforcement agents are domestic spies, dreaded secret police in other nations, no matter what spin is put on the need for such operations to fight crime, and they pose a greater danger to civil liberties than the spooks and military from whom they have acquired techniques and technologies devised to combat foreign enemies. This is the crux of the homeland defense demonology, as in times past with other internal demons: government officials treating the citizenry as the enemy within and running secret operations as if intelligence and military operations -- indeed utilizing the resources of those powerful institutions by way of inter-agency agreements to avoid violating law. The Defense Science Board concluded in the Summer of 2000, in particular in its legal recommendations (a panel chaired by ex-NSA counsel Stewart Baker) that it was time to change law prohibiting domestic operations by intel and the military, that this change is needed to combat domestic terrorism and for "protecting the homeland." The DSB report in two parts: "Protecting the Homeland" http://cryptome.org/pth.htm "Defensive Information Operations" http://cryptome.org/dio/dio.htm Painfully ironic is that "protecting the homeland" is a siren sung by every government, left, right and center, which sees its citizenry as the enemy and argues the need for secret police, urges citizens informing on each other, runs secret courts, and generally stigmatizes anti-government conduct, yes, and speech. Anybody who continues to argue that AP was not used to convict Jim Bell, and that a crackdown on speech, not merely conduct, is not underway, lives in a bubble of ignorance or privilege. Or, more likely, is peddling deception as successful businesses ever must do after reaching maturity and youthful promises peter out.
On Wed, Sep 05, 2001 at 07:34:37AM -0700, John Young wrote: | Thanks for the cites of Gatti. | | Greg's disclosure of C2Net's sales is appreciated. Perhaps not | surprising. What would be surprising, maybe, would be disclosure | as ZKS did in its earliest days, of reporting on meetings C2Net was | having with law enforcement officials about its technology. Those | admirably exceptionable ZKS reports then stopped, at least I didn't | see them after the first few. What I got instead was a rush of | advertising from ZKS. Fair enough, as far as business | development goes. They'd have gotten rather stale after the first few. After all, we didn't include names, so the only thing you'd have seen changing was the date. As far as I know, there haven't been any in a while. Once we got our message and delivery down, the message seemed to spread that we were not adding any back doors, and hey, this is useful for undercover work and preventing crimes. TLAs have gotten no special delivery packages. I don't really see why they'd want them, except perhaps to shave their budgets. We said when we shipped 1.0 that we wouldn't stand up to a TLA attack. We (Ian, myself, and later Adam Back) have written a 15 page paper on how to attack our system. Which is far more than any other security or privacy provider I'm aware of. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
At 07:34 AM 9/5/2001 -0700, John Young wrote:
Thanks for the cites of Gatti.
Greg's disclosure of C2Net's sales is appreciated. Perhaps not surprising. What would be surprising, maybe, would be disclosure as ZKS did in its earliest days, of reporting on meetings C2Net was having with law enforcement officials about its technology.
Didn't happen - at least not within my knowledge. I don't think we'd have been willing to have one, given our crypto export control stance (and paranoia about law enforcement) at that point. Given the state of the law at that time (lots of this was before Patel's rulings in _Bernstein_, during the ITAR period before BXA took over crypto regs, and way before the export liberalization), we weren't at all sure we weren't going to be arrested and made examples of, cf. Dmitry Sklyarov. Law enforcement never asked for a meeting, probably because of (a) ignorance of or disinterest in the technology, or (b) if they did understand it, they also understood that we were essentially selling Apache-SSL (from a technical standpoint), so if they wanted a copy to beat up on, they could build it themselves - they didn't need an RSA license to legitimize their internal/research copies. We did get a moderate amount of interest in the remailers/anonymizers which ran at C2 in the early days, and later were run somewhere else but whose domain name was held by C2; callers on that topic generally got a nice long explanation of how remailers work, how we didn't know the identity of the person running the remailer nor its physical location, why we supported remailers as free speech tools, and how as a provider of DNS lookups we never had any logs of activity in the first place to disclose, whether or not we had wanted to, court order or not. Complainers pretty much went away after getting the explanation, save for one publisher of avant-garde fonts who never did give up trying to cajole or scare us into giving out the information we didn't have, and/or shutting down DNS to the privacy stuff. I think ZKS' technology is more interesting and more threatening to law enforcement than our web crypto tools were - there's still not a lot of evil or disorder that goes on related to, literally, the web - I get the impression that law enforcement is a lot more interested in IRC, email, and other communications which are either more personal and immediate, or much less personal and immediate (like Usenet). Web sites are still relatively static, which means their providers are pretty easily identified, which means not so much bad stuff happens there. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
On Tue, 4 Sep 2001, Greg Broiles wrote:
I think this goes a little too far (though I'm also pretty skeptical about the underlying proposal). True, it's very unlikely that cops will arrest themselves for violating a mandatory disclosure law - expecting any group to reliably self-police is unrealistic.
Speak for your self. The question isn't self-policing. The question is that one person is making decisions for another. Clearly less than optimal if you have any belief in 'free market' (which is a perfect example of self-policing behaviour; where does the stability come from?). Who'd know? Who'd care? No, the observation is that people are strange. Not some people, not those people, not weird people. People are strange. Any(!!!) time that one party is put in a position of authority over a second party, a third party must be included. That third party must be uninvolved with both parties and the market. That party must operate by socially accepted (eg voting) rules that apply to ALL members of the community equally. That third party MUST(!!!) report to the public at large. The public at large have a right to know how they can expect to be treated, and change it if it doesn't work to their satisfaction (which after all is the 'community' the law is supposed to be respecting in a democracy). Any society that violates this basic theme will be abusive. -- ____________________________________________________________________ natsugusa ya...tsuwamonodomo ga...yume no ato summer grass...those mighty warriors'...dream-tracks Matsuo Basho The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Sorry, I'm not proposing a law, certainly not on this list. Rather a voluntary concordance for reputation building, not only in citizen-world but in government-world. There has been a lot of good discussion about this here in the past and I'm not going against that wisdom. Greg is tracking that in one of his posts, and Declan too if the focus on law is shifted to reputation. How to build reputable products for privacy protection and how to keep them trustworthy. Use of these by officials to invade privacy will surely diminish the products. The capability of the intrusive products should extend to public warnings of likely abuses by whomever, but by officials most so. Nothing unusual about that unless you want government customers. And who doesn't after age 30. So, again, daredeviling products are for those who have nothing to lose. You making profit, handsome profits, you won't give them up for principle, right. That's okay, we are all subject to enlightened self-interest, the same force that leads officials to spy on us and criminalize us doing it to them. I foresee criminalizing anonymizers for us not them. Their laws not ours. Ours is to . . . concord in sweet harmony, as here we do -- until some mean son of a bitch subs up to discord.
On Tue, Sep 04, 2001 at 07:53:12PM -0400, Declan McCullagh wrote: | Let me try to restate John's proposal, which has some very attractive | qualities. There are a few questions, it seems to me: | | 1. Should we require by law that government employees never act under cover | of anonymity? (In practice, what does that mean? Does that mean they can't | lie about their truename, or does it mean that they have to affirmatively | volunteer their employment status?) The mice voted to bell the cat. | I think John has a valid point when he says that we should look askance at | anonymity firms that help government spy on us. Companies would be | well-advised to make their practices (we sell to Feds, we refuse to sell to | Feds) public. But the market being what it is, the tools so well-discussed | in so many circles, and the switch from .mil or .gov to .org or .com so | easy, that I suspect such promises might give us only a false sense of | security. I think much more interesting is the question of government funded anonymity tools. The paranoid might think they're trying to drive others out of business. Is it even legal (in the US) to refuse to sell to the feds? I know that many companies have seperate entities (ie, Sun Federal Systems) to avoid some of the more onerous restrictions, like needing to give your best deal to the feds. Adam | -Declan | | At 04:33 PM 9/4/01 -0700, John Young wrote: | >I try to abide the principle that if one gets anonymized | >all should. However, there is a disparity in who gets | >to leverage that anonymity -- from the citizen to the | >empowered official. | > | >We have now more privilege of conealment on the official | >side, and that needs redress, constant redress a rebel | >might yell. | > | >Not much of my proposal is radical: there is a long tradition | >for officials to own up to what they do in their official | >roles. The uniformed police, the uniformed military | >services. That is far less done in the case of the spooks | >and, increasingly lately, law enforcement and the military | >as the latter adopt the practices and more importantly | >the technology of spooks -- and the spooks' lack of | >public accountability (those oversight committees are | >a fraud). | > | >The culture of secrecy is vastly overweighted in favor of | >government, and much of that derives from hoary claims | >of national security. Undercover and covert operations | >have become far more pervasive in the US government | >and military than ever, and constitute a privileged elite in | >mil/gov, and often law enforcement, moving from the | >federal agencies into state and locals -- and contractors | >and suppliers for all these. And all are bound by a | >complicitous and luxurious veil of secrecy. | > | >It is fairly common for goodhearts to question government | >but not when national security, and more recently, domestic | >security, is bruited. But that is due to a well-crafted educational | >campaign to raise national security to a theological level, and | >its rational is itself cloaked in secrecy. A similar theologizing | >is underway, methinks despite Declan's unreflective demurral, | >in the campaign for combatting domestic terrorism, the | >Homeland Defense demonolgy. | > | >Having learned much here about the futility of trying to determine | >who gets privacy technology and who does not, it remains true | >that for most of us access to this technology is very recent and we | >know not what lies outside our knowledge. | > | >I am not as sanguine about government as I was before being | >semi-educated by this list about what technology is in covert use. | > | >And I am not as sanguine about the wisdom of providing technology | >to government on the same footing as the citizen. There is more | >than a bit of marketing opportunism is this view -- and government | >knows very well what power the purse has to seduce young firms | >into the world of secrecy. | > | >So I say again, that despite it being economic foolhardiness, indeed | >because it is that, there needs to be a code of practice for anonimyzer | >developers to state their policy of helping governments snoop on | >us without us knowing. Agnosticism in this matter is complicity | >when such a stance cloaks government intrusiveness. | > | >Look, I'll accept that we will all succumb to the power of the market, | >so limit my proposal for full disclosure to those over 30. After that | >age one should know there is no way to be truly open-minded. -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Wed, 5 Sep 2001, Adam Shostack wrote:
Is it even legal (in the US) to refuse to sell to the feds? I know
While I am unsure of the _current_ status, as of 1989/90 it was at least OK to place severe restrictions on *how* one did business with them. At that time I worked for a company that separate divisions, of which one was a [consumer] retail outlet (interestingly, the other division was strictly for Fedz contract work- oh, the irony!). During 1987 ('88?) the Fedz (in the person of IRS) made rather a lot of purchases via P.O., and was so "laid back" about [not] paying their bills, that the retail side of the house put in a strict cash-only policy on government purchases, and simultaneously placed a no-sale policy on them until their bills were paid in full (which never happened, and which means there were no further sales to the federales). -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
Hear Hear!! Yours, J.A. Terranson sysadmin@mfn.org On Tue, 4 Sep 2001, Adam Shostack wrote:
Date: Tue, 4 Sep 2001 14:33:21 -0400 From: Adam Shostack <adam@homeport.org> Reply-To: cypherpunks@einstein.ssz.com To: John Young <jya@pipeline.com> Cc: cypherpunks@lne.com Subject: CDR: Re: Official Anonymizing
On Tue, Sep 04, 2001 at 01:42:28PM -0700, John Young wrote: | I propose that all anonymizers adopt a code of practice that | any sale to officials of anonymizers or their use be disclosed | to the public (I suggested this to ZKS early on when first | meetings with the feds to explain the technology were being | sometimes disclosed). That seems to be a reasonable response | to officially-secret prowling and investigating cyberspace.
Speaking for myself, I don't really want to know my customers any more than I absolutely must. If y'all are so willing to identify and treat differently one class of customers (spooks), I believe that you have no moral leg to stand on when a different class of customers (say, hispanics) are treated differently.
If there's no morality bit in encryption, then there's no morality bit, and the fifth horsey of government can be as anonymous as the rest of us.
Adam
-- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
On Tuesday, September 4, 2001, at 03:41 PM, measl@mfn.org wrote:
Hear Hear!!
Yours,
J.A. Terranson sysadmin@mfn.org
Why are you sending me-toos _twice_? (Yeah, I remember your explanation: you send things to two different nodes, with two different sender addresses, to make sure everyone gets your stuff. Rethink your strategy, lest many of us plonk you.) --Tim May
At 01:42 PM 9/4/2001 -0700, John Young wrote:
On ZKS selling anonymizing products that are publicly available to governmental officials does raise an issue of whether officials should, or should be able to, conceal their official identities when working cyberspace in an official capacity. I think not, though it might be as impossible to get officials to comply as with terrorists so long as the technology is there.
I recall reading last week that an Oregon Supreme Court decision makes mandatory that state LE operate only in the clear (no pseudo-anon identities). Prosecutors are wringing their hands. steve
Are you talking about Gatti? ~Aimee
-----Original Message----- From: owner-cypherpunks@lne.com [mailto:owner-cypherpunks@lne.com]On Behalf Of Steve Schear Sent: Tuesday, September 04, 2001 1:33 PM To: cypherpunks@lne.com Subject: Re: Official Anonymizing
At 01:42 PM 9/4/2001 -0700, John Young wrote:
On ZKS selling anonymizing products that are publicly available to governmental officials does raise an issue of whether officials should, or should be able to, conceal their official identities when working cyberspace in an official capacity. I think not, though it might be as impossible to get officials to comply as with terrorists so long as the technology is there.
I recall reading last week that an Oregon Supreme Court decision makes mandatory that state LE operate only in the clear (no pseudo-anon identities). Prosecutors are wringing their hands.
steve
At 03:45 PM 9/4/2001 -0500, you wrote:
Real-To: "Aimee Farr" <aimee.farr@pobox.com>
Are you talking about Gatti?
Sounds like it. The opinion itself is at <http://www.osbar.org/Governance/OSBHouseOfDelegates/2001/101agenda.htm#InReGatti>; media reports at <http://www.opb.org/nwnews/trans01/nixunder.asp> or <http://seattletimes.nwsource.com/html/localnews/134323827_truth30m.html>. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
At 01:42 PM 9/4/01 -0700, John Young wrote:
On ZKS selling anonymizing products that are publicly available to governmental officials does raise an issue of whether officials should, or should be able to, conceal their official identities when working cyberspace in an official capacity. I think not, though it might be as impossible to get officials to comply as with terrorists so long as the technology is there.
It seems to me that John is taking the first steps toward a general argument: That police should not be allowed to do undercover work. His argument, taken to its logical conclusion, would prevent police from infiltrating criminal organizations in meatspace (let's assume, for the moment, that we're talking about serious criminal acts against property and person, not victimless crimes). I propose that all anonymizers adopt a code of practice that
any sale to officials of anonymizers or their use be disclosed to the public (I suggested this to ZKS early on when first meetings with the feds to explain the technology were being sometimes disclosed). That seems to be a reasonable response to officially-secret prowling and investigating cyberspace.
What happens when Anonymous Software Inc. sells its prepaid 300-minutes of anonymous browing kit through CompUSA and PC Warehouse? And, as others have pointed out, the people you most want to catch with this rule would have the strongest incentive to evade it. Anonymous remailers and browsing technology is user- and value-neutral. As a practical matter, it makes sense to assume that the Feds are using it. -Declan
On Tue, 4 Sep 2001, Declan McCullagh wrote:
It seems to me that John is taking the first steps toward a general argument: That police should not be allowed to do undercover work. His argument, taken to its logical conclusion, would prevent police from infiltrating criminal organizations in meatspace (let's assume, for the moment, that we're talking about serious criminal acts against property and person, not victimless crimes).
See Japan. They have some interesting features built into their WWII constitution limiting some police behaviour. Such a view, perhaps to a less extreme degree, is not without precedence or merit. -- ____________________________________________________________________ natsugusa ya...tsuwamonodomo ga...yume no ato summer grass...those mighty warriors'...dream-tracks Matsuo Basho The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
participants (10)
-
Adam Shostack -
Aimee Farr -
Declan McCullagh -
Faustine -
Greg Broiles -
Jim Choate -
John Young -
measl@mfn.org -
Steve Schear -
Tim May