remailer abuse

17 Dec 2003

      -----BEGIN PGP SIGNED MESSAGE-----

Remailers exist (at least mine does) to make possible the dissemination of
unpopular views. "Unpopular" depends on context; so does "abuse". The line
between "unpopular" and "abuse" is difficult to draw.

On the one hand, the recent "Mr. Pedophile" message seemed intended to make
the recipient uncomfortable or offended probably because of illegitimate
reasons (purportedly, pedophilia). Other messages which cause complaints seem
to be responses to something that the "victim" has done or said somewhere
else. It's tempting to say that a message which lays out in logical fashion
coherent arguments explaining why the "victim's" original message is wrong is
likely to cause discomfort or embarassment but is legitimate, while a message
which says, to quote from a complaint message I received this weekend, 
"Fuck you asshole. I hope you choke on your son's sperm." isn't legitimate
even though it may also cause discomfort or embarassment. So I guess it's 
not so much a message's effect upon its recipient (or its intended effect)
which is legitimate or illegitimate as it is the message's means of doing so.
And that seems really tough to judge, where a remailer operator doesn't
know the context in which a message is sent.

(I do think it's possible that the "Mr. Pedophile" message was sent by another
child or teenager intending to torment the target, not by an actual 
pedophile. It's possible that the sender was the target himself. It's also
possible that the sender was an actual pedophile or a child-hostile adult, 
but that's not the only plausible explanation. People do strange, strange
stuff.)

In a situation where person A uses system X to send messages to person B who
uses system Y, I'm not sure what B can expect from the system operator of
system X. (I'm thinking about net custom here, not law.) If A wants to send
messages to B, but B doesn't want to receive them, should A be forced to
stop sending? Does X have an obligation to make A stop? Does X have an
obligation to modify his system such that messages from A to B are 
automagically suppressed? Does X have an obligation to refuse service to A
(and forego payment for service from A) if A won't stop sending to B? 
Is the answer different if B doesn't want the messages because they 
(are likely to) contain profanity? or because they are from a person of the
wrong religion? or because they're hostile or argumentative? 

As a first response I'm likely to say that if A knows (or should know, or
can guess and be pretty certain of the result) that B doesn't want to get a
particular message, A shouldn't send it. But then I realize that there are a
number of exceptions - what about if A's message to B is in response to a 
spam or otherwise inappropriate message from B? what about where B owes A
money? or if B has said something ridiculous or stupid and A is writing to
correct B? I think that there wouldn't be many inappropriate posts sent to
the C-punks list, for example, if everyone who thought a post was
inappropriate (not just factually arguable, or uninteresting) sent a message
to that effect; the impact of just a few hundred such messages in reply to
a single message would likely be burdensome enough to make the sender think
twice before sending again. But that inconvenience is anticipated by (and
motivates) the senders of those hundreds of messages. I still don't think
it's wrong to send the messages.

I guess my point is that eliminating "abuse" is pretty much impossible 
because abuse is in the eye of the beholder. I don't think we need to 
rely on the mercy or good graces of the net at large, though - remailers
will likely prove to be as difficult to eliminate as spammers have been.
The net is too big to be centrally policed, and individual providers often
have an incentive to tolerate behavior otherwise frowned upon because
they're being paid to do so. (and if they begin content filtering they
may lose any sort of quasi-common-carrier status they might enjoy now,
viz _Cubby v. Compuserve_, etc.) Even if the United States adopts rules
requiring messages be identified as to the sender, it won't be possible to
eliminate overseas remailers - and I imagine that folks would just start up
pseudonymous remailers. (I've worked on some prototype code and will
deploy a pseudonymous remailer - where people get names like 
"fjones@pseudo.goldenbear.com <Frank Jones>" instead of
"an12345@pseudo.goldenbear.com <Anonymous Sender>", in order to divert or
confuse anti-anonymous policies or programs.)

I think adopting a submissive or apologetic stance with respect to the 
operation of a remailer is a mistake. What we do is protected by the First
amendment, supports a 200+ year tradition of anonymous political speech in
America, provides a valuable service to a worldwide community, and can help
avoid the very abuse they are accused of facilitating. The child who was the
target of the "Mr. Pedophile" message(s) should have been taught how to use
remailers and how to maintain his privacy on the net so that, if he really
is the victim of some sort of random child stalker, it won't happen again.
There's no reason why any child should post to the net under their real name,
or why their messages should be traceable to their physical bodies. If we're
concerned about protecting kids from bad people who might reach them via the
net, we need to teach kids how to send untraceable and unreplyable messages;
how to send messages and do business on the net without allowing hostile
or unscrupulous people to track them down; and how to make good choices 
about revealing personal information only to people who have a good reason
to know it.

People who are the targets of abusive messages or are concerned about
abusive messages are some of the people who need remailers and need 
pro-privacy network tools the most. Giving in to a knee-jerk anti-privacy
reaction only reinforces the erroneous notion that security is created
by an enforced lack of privacy.

Greg Broiles

Ben Holiday

tags

participants (2)