Re: Larry Lessig on ending anonymity through "identity escrow"
On Dec 5, 2003, at 5:53 PM, Jamie Lawrence wrote:
I have nothing against Lessig, but it bugs me that he's considered by some to be one of the Great Cyberspace Thinkers when his ideas are so easily dismissed...and were argued on both sides so many years ago.
Larry Lessig ought to read, and think deeply about, the first ten years of traffic on the Cypherpunks list. Especially the first five years.
Lessig is a very smart man, in the framework he's very smart at dealing with. And probably more beyond that.
Unfortunately, I don't think copyright is an appropriate framework from which to launch a discussion about wider modes of human communication.
Correcting him early and often is absolutely in order - hopefully he'll rethink a thing or two.
This actually fits in with something Lessig is widely known for, his "technology-custom-law" trichotomy (*). (* He may call it something different...I haven't checked in a while. And I recall he may have a fourth component. I was talking in similar terms many years ago, too. Not that I am saying Lessig borrowed from my ideas, as I am sure many of us independently realized this. Cf. via Google some of the things I wrote about VCRs and how they changed the ground truth of what was legally copyable. Or how Gutenberg created a technology which made existing custom (e.g., the Church) and law (e.g., the Guilds) effectively moot.) Those who make Grand Plans about such things as "pseudonymity with legal warrant access" need to take systems and computer science (and hence math) into account. This usually comes through thinking about possible attacks, weaknesses, and design flaws. For example, I have cited the obvious case of someone, call him "Tim," using "Larry's LEO-Friendly Remailer." But Tim is _not_ a LEO-friendly remailer, and Tim has taken in articles from other such non-LEO-friendly remailers. The only way Larry knows that Tim is doing this is if Larry "peeks" (examines the content to see what it is, to see that it does not contain seditious or pornographic or non-LEO-friendly packets). Or Larry can wait for the eventual "legal warrant" and then find that Tim was remailing packets which could not be traced. Oops. Larry can then cancel Tim's account. More generally, I think Lessig has failed to understand the very fundamental, underlying structure of true Cypherpunks-style remailers: ::request-remailing-to: foo@anotherremailer.org This can be any arbitrary text, and all that is passed on to the next remailer or recipient. And this text block is not tagged in any way with sender ID. And this text can be encrypted, readable only by the specified "nextremailer." And this text block can included further requests for remailing, and so on and so forth. Tim again. With this structure, nested and packaged as a payload, for Lessig's scheme to actually give "warrant-only traceability," it must ban such nested remailings. Which means, ban on crypto. (For if crypto is allowed, then even a warrant cannot crack it. "Oh, then we'll have key escrow...") And so on. A little bit of thought reveals numerous such attacks on a "LEO-friendly remailer." And the "fixes" are all in the direction of, in the final analysis, banning strong encryption. Of course, Lessig may say that he is only advocating an ultra-weak system of remailers that only dummies will use. He may say he does not propose to actually ban "strong remailers." Some argue that weak systems--remailers or crypto--will thrive "because most crooks are lazy" has been dealt with many times. Sure, some people doing things use weak systems, out of ignorance, out of laziness, out of a sense that they are immortal and cannot be caught. But others doing illegal or marginal things are amongst the earliest adopters of relatively robust systems: offshore banks, encrypted disks, and, ironically, secure anonymous remailers. (When the Finnish police finally forced Julf Helsingius to reveal the pseudonym attached to the Church of Scientology "NOTS" documents, they found that inside was a packet from a true Cypherpunks remailer, whose last node was at C2Net, the company Sameer Parekh founded. End of trail. This showed that even as early as 1995 someone was thinking ahead to the day when the Finnish police would force a "weak pseudonymity" system like PENET (Julf's system, based on earlier code written by another hacker) to give "warranted access" a la Lessig. So much for people being too dumb to use a strong system!) If Lessig is truly _only_ proposing that some idiots be encouraged to use weak remailers and weak crypto, then, fine, no harm done. However, the goals Lessig is avowedly seeking, of access to identities through "legal warrants," then his system will rapidly become unused after the first few "legal warrant" convictions. So long as strong systems cost little more than weak systems, strong systems prevail. (And, for various reasons, strong systems are in most cases cheaper to use than weak systems.) In a kind of reverse of Gresham's Law ("weak money drives out good money"), strong crypto drives out weak crypto. (Actually, this is not so much a reverse of Gresham's Law as its manifestation in terms of what money is: people seek to get rid of (= spend) weak money and hold on to (= hoard, save) strong money. So they spend their "debased" currency and hold on to their gold double eagles. This actually confirms the above point.) Bottom Line: In the ecology of encryption, remailers, and digital money, weak systems that are LEO-friendly will ultimately lose out to strong systems. Unless the strong systems are outlawed, and maybe not even then. --Tim May "I'm sorry that Tim is being a bother again. He has a long history of being obnoxious and threatening. So far, he has not broken any laws. We have talked to the authorities about him on numerous occasions. They have chosen to watch but not act. Please feel free to notify me if he does anything that is beyond rude and actually violates any laws and I will immediately inform the authorities." Thank You Don Frederickson (co-owner and CEO of got.net, Santa Cruz)
I think Declan's got the title wrong - Lessig's discussions that he references aren't about ending anonymity through escrowed pseudonymity - they're about replacing some True-Name-based or linkable applications with pseudonymous ones. For instance, one-use credit card numbers instead of regular numbers, which not only makes it harder for the merchant to do credit card fraud, but also makes it harder for marketers to trace your activities, even though they can go back to the credit card company and get that information. A similar application, which we'll unfortunately probably never see, is to replace the SSN with a pile of one-use tax ID numbers. That way, instead of giving everybody who needs to collect taxes on your account the same SSN, which they can then use to link lots of records together, you'd be giving each one a single number that only you and the IRS can coordinate. An application that people use all the time is disposable email addresses. Sure, you can use declan@well.com every time you give some web site your address or send email to somebody you haven't talked to before, but eventually spammers get that and it's too annoying; an alternative is to use free email accounts when you think you might get spammed. Hotmail was the canonical source, though yahoo's easier to use these days. One of Declan's fellow columnists, Annalee Newitz, uses a different username at her domain on each of her newspaper columns; presumably some of them become spam targets and get trashed eventually.
On Sat, Dec 06, 2003 at 01:59:26PM -0800, Tim May wrote:
This actually fits in with something Lessig is widely known for, his "technology-custom-law" trichotomy (*).
(* He may call it something different...I haven't checked in a while.
I was reading some of David Friedman's articles over the weekend and noticed that he also used the same trichotomy, predating Lessig.
"I'm sorry that Tim is being a bother again. He has a long history of being obnoxious and threatening. So far, he has not broken any laws. We have talked to the authorities about him on numerous occasions. They have chosen to watch but not act. Please feel free to notify me if he does anything that is beyond rude and actually violates any laws and I will immediately inform the authorities."
Thank You Don Frederickson (co-owner and CEO of got.net, Santa Cruz)
When did Don Fredderickson write this? -Declan
On Dec 8, 2003, at 1:15 PM, Declan McCullagh wrote:
On Sat, Dec 06, 2003 at 01:59:26PM -0800, Tim May wrote:
This actually fits in with something Lessig is widely known for, his "technology-custom-law" trichotomy (*).
(* He may call it something different...I haven't checked in a while.
I was reading some of David Friedman's articles over the weekend and noticed that he also used the same trichotomy, predating Lessig.
"I'm sorry that Tim is being a bother again. He has a long history of being obnoxious and threatening. So far, he has not broken any laws. We have talked to the authorities about him on numerous occasions. They have chosen to watch but not act. Please feel free to notify me if he does anything that is beyond rude and actually violates any laws and I will immediately inform the authorities."
Thank You Don Frederickson (co-owner and CEO of got.net, Santa Cruz)
When did Don Fredderickson write this?
-Declan
You can Google Groups for any of the unique text to find it, and the context. Or, here's the thread (search on my name for the exact spot, or go to August 22nd): <http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF -8&safe=off&threadm=220820032357238678%25timcmay%40removethis.got.net&rn um=1&prev=/ groups%3Fq%3Dfrederickson%2Bgot%2Btim%26hl%3Den%26lr%3Dlang_en%26ie%3DUT F-8%26oe%3DUTF -8%26safe%3Doff%26selm%3D220820032357238678%2525timcmay%2540removethis.g ot.net%26rnum%3D1> Searching GG on "don frederickson got tim" is maybe more reliable than pasting this URL. (If you are asking did Don write this on or about the 22nd?, I assume so, of course, as this is when this "Kal" nym was foaming and threatening to get my account yanked and have the cops raid my house.) It happened in one of the "movies" groups (rec.arts.current-movies), when the thread was on DVD copy protection and the (claimed) illegality of making DVDs of movies. I explained how I was cheerfully making an average of a DVD a day of my favorite current movies. A couple of "nyms" went ballistic and foamed that they had forwarded my "admissions" to the RIAA and how I would face civil penalties and jail time, oh my! Then one of them claimed he had arranged to have my account yanked, for "violation of the DMCA." He claimed he had sent copies of my "criminal" admissions to Got.net, to the RIAA, to "law enforcement" (shudder!), and so on. The owner of Got.net replied to him and the above got posted (not by me). I consider Don Frederickson despicable, and stupid. To not bother before understanding the context of the thread and say, basically, "Yes, we have narced out this customer to law enforcement, but they are just watching" is reprehensible. The earlier owners/operators of Got.net took the stance that what people said on Usenet or on mailing lists was of no interest to them, save for a few carefully-spelled-out TOS issues (like spam). The new owner apparently thinks it's his job to narc out his customers to law enforcement and then to tell others who are not even his customers that he has done so. Were I the litigious sort, I might contemplate suing. (I haven't quit Got.net yet mainly because I am evaluating options for broadband in my rural location. Currently, DSL is about half a mile away, so may arrive soon--when it does I expect I will get it. Cablemodem is available to the top of my hill, but not down my long driveway, and the cable company will not allow me to either string my own lines or mount a WiFi or IR or similar atop the telephone pole. (My utilities are underground, but were laid when the house was built, circa 1976. No cable lines. Which is one reason I got a satellite dish, DirecTV, shortly after moving in. And, yes, I have looked at satellite broadband options like DirectLink...not impressive at all.) And the "Pringles can" approach is not something I want to spend my time engineering or debugging.) My hunch is that Frederickson and Got.net have been forwarding copies of some of my e-mail to "law enforcement," which would have put them in violation of the ECPA, except that after 9/11 and the Patriot Act and all these actions are now considered just good corporate citizenship. --Tim May
On 8 Dec 2003 at 13:17, Tim May wrote:
http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF -8&safe=off&threadm=220820032357238678%25timcmay%40removethis.got.net& rn um=1&prev=/ groups%3Fq%3Dfrederickson%2Bgot%2Btim%26hl%3Den%26lr%3Dlang_en%26ie%3D UT F-8%26oe%3DUTF -8%26safe%3Doff%26selm%3D220820032357238678%2525timcmay%2540removethis .g ot.net%26rnum%3D1>
Searching GG on "don frederickson got tim" is maybe more reliable than pasting this URL.
For long urls, compress with tinuyurl.com http://tinyurl.com/yc3s
In message <3FD4B5B0.27070.A564625@localhost>, "James A. Donald" <jamesd@echeque.com> wrote:
Searching GG on "don frederickson got tim" is maybe more reliable than pasting this URL.
For long urls, compress with tinuyurl.com
If you do that, you have to rely on both the Google URL not changing and on tinyurl not going away. -- Shields.
On Tue, Dec 09, 2003 at 04:37:44AM +0000, Michael Shields wrote:
In message <3FD4B5B0.27070.A564625@localhost>, "James A. Donald" <jamesd@echeque.com> wrote:
Searching GG on "don frederickson got tim" is maybe more reliable than pasting this URL.
For long urls, compress with tinuyurl.com
If you do that, you have to rely on both the Google URL not changing and on tinyurl not going away.
I usually convert a Google Groups URL to a query using only the Message-ID: before posting it publicly. E.g. in the case of the message Tim May referred to, that'd be http://groups.google.com/groups?oe=UTF-8&as_umsgid=%3C220820032357238678%25timcmay%40removethis.got.net%3E Then the URL won't be _too_ long, and if Google changes the URL scheme or is replaced by some other archve, you've got the original Message-ID, the best identifier you could hope for. -- http://www.livejournal.com/users/avva/
On Mon, 8 Dec 2003, Tim May wrote:
It happened in one of the "movies" groups (rec.arts.current-movies), when the thread was on DVD copy protection and the (claimed) illegality of making DVDs of movies.
I explained how I was cheerfully making an average of a DVD a day of my favorite current movies.
A couple of "nyms" went ballistic and foamed that they had forwarded my "admissions" to the RIAA and how I would face civil penalties and jail time, oh my!
Then one of them claimed he had arranged to have my account yanked, for "violation of the DMCA." He claimed he had sent copies of my "criminal" admissions to Got.net, to the RIAA, to "law enforcement" (shudder!), and so on.
I gather that the denizens of alt.video.dvd have yet to read the Betamax case. Perhaps they should expand their reading before they opine on the state of IP law. This is one of several times that the readers of Tim's posts have reported him to the authorities. I recall the Santa Cruz sherrif's office call of the early '90s occaisioned by a simple admission that Tim legally posessed weapons at home. I'm constantly amazed by the things that people think are illegal that aren't. Reporting people to the authorities is such an impolite thing to do. In a less enlightened era it would have led to an unfortunate breach of the peace. If you have a problem with someone's behavior speak to him nicely, first. And make damned sure that he's doing something wrong before you complain. Remember -- "Since Sodomy is a Virtue, can anything be a Vice?" DCF
On Tue, Dec 09, 2003 at 01:57:00PM -0500, Duncan Frissell wrote:
Then one of them claimed he had arranged to have my account yanked, for "violation of the DMCA." He claimed he had sent copies of my "criminal" admissions to Got.net, to the RIAA, to "law enforcement" (shudder!), and so on.
I gather that the denizens of alt.video.dvd have yet to read the Betamax case. Perhaps they should expand their reading before they opine on the state of IP law.
He was just trolling, being intentionally vague so that they'd assume he was copying from one DVD to another. Which they did, and which they raved about. There isn't any profound insight to be derived from a tired old picture of a newsgroup being provoked by trolling. -- avva
On Dec 9, 2003, at 12:07 PM, Anatoly Vorobey wrote:
On Tue, Dec 09, 2003 at 01:57:00PM -0500, Duncan Frissell wrote:
Then one of them claimed he had arranged to have my account yanked, for "violation of the DMCA." He claimed he had sent copies of my "criminal" admissions to Got.net, to the RIAA, to "law enforcement" (shudder!), and so on.
I gather that the denizens of alt.video.dvd have yet to read the Betamax case. Perhaps they should expand their reading before they opine on the state of IP law.
He was just trolling, being intentionally vague so that they'd assume he was copying from one DVD to another. Which they did, and which they raved about.
There isn't any profound insight to be derived from a tired old picture of a newsgroup being provoked by trolling.
No, not a conventional troll. Disinformation was being spread about how "making a copy of something" is the "same as stealing." Some of the apologists for DMCA were saying that anyone who copies a CD is the same as a shoplifter. I casually volunteered that I made an average of one DVD of a Hollywood movie per day. The kneejerks by the apologists for DMCA were illuminating, including the claim that the RIAA would be "investigating" this as a case of piracy. Frankly, I had hope for one of the several hundred lawsuits the RIAA has been tossing out like confetti (including to people who have never owned a computer...sounds like some due diligence malpractice cases are in order). Even better would be a process server trespassing on my property...no point in having a pig farm if you have nothing to throw to the pigs. The revelation that Don Frederickson is one of those who needs to be dealt with eventually was rewarding. --Tim May "You don't expect governments to obey the law because of some higher moral development. You expect them to obey the law because they know that if they don't, those who aren't shot will be hanged." - -Michael Shirley
At 10:07 PM 12/9/2003 +0200, Anatoly Vorobey wrote:
He was just trolling, being intentionally vague so that they'd assume he was copying from one DVD to another. Which they did, and which they raved about.
Tim? Trolling? No, they'd yank his Ontology license if he did that (and yes, someone already threatened to try that.... Santa Cruz liberals seem to have as bad a problem with jerking knees as the police state folks do.)
participants (7)
-
Anatoly Vorobey -
Bill Stewart -
Declan McCullagh -
Duncan Frissell -
James A. Donald -
Michael Shields -
Tim May