-----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks@toad.com, jmr@shopmiami.com Date: Wed Nov 06 16:38:58 1996 Dear cypherpunks: Judge Alex Kozinski has mercifully (unless you consider _this_ noise, too) given me permission to post the following message. This will be my last posting signed by this key. I will now attempt to implement my new one, hopefully without denying myself access to Pronto at the same time. JMR ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To start with, we should probably thank the people who helped. Black Unicorn, Mike McNally, Declan McCullagh, Loren Rittle, Lynne L. Harrison, Tim May, Lucky Green, Greg Broiles, A. Michael Froomkin, and E. Allen Smith all had good thoughts to share, and I am probably leaving someone out. Oh well. Anyway, Judge Kozinski wrote:

Jim: Thanx for forwarding the various messages which I have found eye-opening in many respects. It's take me a while to review and digest it all and I find there are certainly many aspects of the anonymity problem that I either was not aware of or had not fully appreciated. Although I cannot quite say I'm entirely persuaded on this issue, I think we may be a lot closer. Rather than responding to individual messages (several of which made related points) I will give you my reaction to what I thought were the most important points.

1. I agree entirely that you should be able to post anonymously to a list-serv or discussion group. Anonymity there may encourage people to express unpopular views, and there is no offsetting fear that this will be viewed as an invasion of privacy by anyone. We have a long tradition of anonymous or pseudonymous political tracts (e.g. Federalist Papers) and there is no reason not to continue this in the electronic medium. Indeed, as suggested by one of the messages you forwarded, there may be greater reason because messages posted to discussion groups do get retained and indexed for posterity.

2. I also agree that it should be possible to have mutually agreed-upon anonymity--i.e. I write to you and you write to me and we both know who we are, but nobody else does. No problema--it's nobody else's business.

3. I still have some difficulty with direct mailing of anonymous messages to individual mailboxes.

Actually, having run a remailer and seen some abuse for a while, I do too. Respected cypherpunks are working hard on this right now. I think what we would all like to eventually see is a "default off" situation, with no mail (or at least the warning message I mentioned before as a first message to new recipients) rather than default-on. Unfortunately, e-mail is a default-on situation and so (for now) are anonymous remailer messages for first-time recipients, at this early stage in their evolution. I am confident that this situation will change in the future, as more sophisticated software is written.

The arguments in favor if doing so are good but not airtight. Here are my responses to the ones I thought were most compelling:

a. You have anonymous snail-mail and telephone calls--why not e-mail? The truth is, anonymous snail-mail and telephone calls are also an invasion of privacy, but there is not much we can do about them. Someone asked whether I objected to getting anonymous snail mail if it was not threatening. The answer is YES, just like getting an anonymous phone call is objectionable. When the person who communicates with you insists on retaining anonymity, there is always an implicit threat--they know who you are, but you don't--you feel vulnerable, you doubt their motives, you have difficulty knowing whether to trust their representations. Anonymous complaints against co-workers and supervisors was a standard way to get people into big trouble in Communist Romania when I was growing up.

The thing is, I find many anonymous messages that I see on the list not too valuable initially, and the anonymous or pseudonymous poster, in order to build some "reputation-capital," has to stay around a while and post interesting stuff, like Black Unicorn or Lucky Green. This is, IMO, as it should be. There is an incredibly funny humorist lurking on the list, who posts the "cypherpunk enquirer" anonymously, and I can send you a few of those if you like. [The judge hasn't asked me to, yet. He doesn't know what he's missing. :) ] We certainly don't want the situation you were all-too familiar with growing up, but as a remailer-operator I find that I must take the bitter with the sweet, and I am fully ready to admit that about 1/3 of the messages that go through WinSock are abusive, judging by the stuff I see in the reject bin. That's one of the reasons Joey (the other operator, and the author of the WinSock Remailer software) and I went to PGP-encrypted messages only, we felt that abusers were less likely to learn and use PGP.

Now, the fact that we can't stop anonymous snail-mail and telephone calls doesn't mean we shouldn't stop anonymous e-mail if we think it's a bad thing. The fact that an evil cannot be remedied in its entirety does not mean that we should not remedy the part that we can. Perhaps the answer is that the post office should not accept mail unless there is a clear indication of who the sender is on the upper left hand corner of the envelope. In any event, I find the argument based on analogies to snail-mail and telephone not entirely persuasive.

I feel that the fact that an evil is this hard to remedy through traditional legal means suggests that a very hard look at technological means is in order. I hope that we can both agree that in many cases, technology can adapt to situations and problems faster and cheaper than law can.

b. You can't really ever prevent anonymity because people can get e-mail accounts anonymously--paying for them in cash. Arguments based on futility are always suspect. Sure, some people will circumvent any laws or regulations, but that's not a reason not to have laws. For one thing, most people don't get anonymous accounts and don't know how to do so.

True.

Even if you do get an anonymous account, you can be shut down if you break the rules and then you'll have to go somewhere else.

This point, I believe, is actually in "my" side's favor. There are time costs to this kind of setup stuff that even the abusers may dislike, and abusers' names and methods tend to get put on lists that ISPs look at. I am sure that privacy providing ISPs look at these lists.

And maybe all this suggests is that we ought to require e-mail providers to obtain id from their patrons and require payment by check or credit card. I am not suggesting these measures, mind you, but insofar as futility is used as an argument against regulation, it can equally well serve as an argument for MORE regulation.

I agree that it's not our most powerful argument, but it is a consideration, because with futility comes high cost and disrespect for the law. Witness the failed drugwar and the lack of respect for the law it has engendered, even among government agencies. Often, this disrespect for the law comes with no legal or political cost to perpetrators (unless you count my ranting as a political cost).

c. People can use filters. Well, yes, maybe. But most people don't know how to use filters. I consider myself above-average in my e-mail sophistication, and I don't know how to use filters. I could probably figure it out, but most people who use aol or prodigy probably have no ability to install a filter even if they knew how they worked. In any event, I find it a little troublesome to put the burden on the recipients to adopt a hi-tech solution. And who says there aren't ways around most common filters--or such ways won't be developed--which would put recipients in a technology race with anonymous mailers?

True, and the abusers already _are_ in a technology race with the remailer-operators, as I see just about every day on the remailer-operators list. I have serious doubts that yet-another law would either change or improve the situation. * * *

Anyway, thanx for a stimulating series of messages. I do think we've made some progress. And we'll keep the channels of communication open.

The pleasure has been all mine, Judge Kozinski. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMoEFd21lp8bpvW01AQHR1AQAib06JhpWx06H6Pr25uuMUj6fQVXZIYfc KeUdP/QSSWQHfIwxs2SX1a++SCbnx6Ev//ninb7Q8F5kj56mk0yq0SE/ID91WgwJ iFEr+2V1oTf+JZISh68F/a/fPBrP8GL8rjUce+WYhiY704rlsNyr5L9UhtylkzNg GM5Ml/A7qjc= =tVan -----END PGP SIGNATURE-----