Larry Lessig on ending anonymity through "identity escrow"
See also: http://politechbot.com/pipermail/politech/2003-December/000268.html ---
Date: Fri, 05 Dec 2003 09:12:16 -0500 To: politech@politechbot.com From: Declan McCullagh <declan@well.com> Subject: Larry Lessig replies to Politech over limiting anonymity [fs][priv]
---
[Why do I get the feeling that Larry Lessig doesn't like "absolute" anonymity much at all? Systems for building and defending "absolute" anonymity already exist in the form of anonymous remailers and Freenet, among others. It would be foolish to follow Larry's advice and concede too quickly that such technologies have so few legitimate uses that they cannot be reasonably defended. Even the oft-benighted Eurocrats have recognized this: a 1997 EC directive encourages anonymity, as does a German federal law (http://www.iid.de/rahmen/iukdgebt.html). In the U.S., since the Federalist Papers were published with effectively "absolute" pseudonymity, surely the framers of the U.S. Constitution had them in mind when crafting the Bill of Rights. Justice Thomas lists more contemporaneous examples in his McIntyre concurrence (http://supct.law.cornell.edu/supct/html/93-986.ZC1.html). Saying anonymous technologies are indefensible concedes a crucial point: that the government's power is so sweeping that police have the right to learn our identity in all cases. So much for whistleblowing and anonymous reports of public brutality.
Perhaps more to the point, the twin privacy-encroaching technologies of automated electronic surveillance and efficient large-scale databases did not exist decades or centuries ago. "Absolute" anonymity lets us reclaim some of that lost zone of privacy. Lastly, trying to remove "absolute" anonymity from the Internet (banning strong encryption and computers that can be programmed not to keep logs) would be far more disruptive, destructive, and harmful than proposals like Hollings' CBDTPA that Larry has rightly opposed. --Declan]
---
From: Lawrence Lessig <lessig@pobox.com> Cc: Declan McCullagh <declan@well.com> Subject: Re: [Politech] Economist, Lessig want to preserve freedom by ending anonymity [fs][priv] Date: Fri, 5 Dec 2003 10:16:31 +0900 To: Aaron Swartz <me@aaronsw.com>
It's not an inaccurate quote, but it is taken out of context.
What I said was that the trend in our laws was to destroy any privacy at all -- that the idiocy of Patriot Acts, etc., was effectively eliminating any form of privacy. There are two kinds of responses to this -- one to try to defend and build a system protecting absolute anonymity; the second is to build effective protections for pseudonymous life, which is shorthand for traceable transactions, but where the permission to trace is protected by something like a warrant requirement. I'm not saying the government should build these systems, but that they should be permitted and indeed encouraged.
In my view, we will make no progress following path one, but that we would strongly advance privacy if we could advance path two. A strong ethic and architecture of pseudonymous identity, properly protected, would give us more privacy than we have today.
Of course, it is possible (and probably likely) that such an architecture would not properly protect the link between a transaction and the privacy of a person. Government officials, for example, upon mere suspicion would be able to break the link, etc. That of course is not what I am promoting. I would promote a regime where the gov't required a very strong warrant-like reason before it could break the code that makes the link. But I will not that the baseline from which we're starting is a world where no real showing is necessary for this sort of surveillance.
On Dec 4, 2003, at 9:26 AM, Aaron Swartz wrote:
To preserve freedom further, suggests Mr Lessig, anonymity could be replaced by [warrant-traceable] pseudonymity.
Can you explain this? The Economist article seemed to be total nonsense, but I'm surprised they paraphrase you as saying something like this. In general, for eliminating anonymity to make sense you need to answer three questions:
1. Is anonymity the problem? Between DMCA subpoenas and national security letters, it seems that very few people on the Internet have even limited anonymity.
2. Will the people who are anonymous evade things? The people who _are_ anonymous, of course, are people like crackers. If you outlaw anonymity, crackers will likely find security holes that let them hide their identity and pass their actions off as those of others (e.g. using the WiFi network of some squeaky-clean grandma to launch the attacks).
3. Is it worth the cost? Even if you can answer the above questions, it'll be difficult to do without knocking large groups of people off the Internet. (If the digital divide is bad now, imagine what it'll be like when you need a credit card to get on the Net.)
Were you misquoted? If not, can you answer these questions? Or is this more blind optimism? -- Aaron Swartz: http://www.aaronsw.com/
Lessig Stanford Law School 559 Nathan Abbott Way Stanford, CA 94305-8610 650.736.0999 (vx) 650.723.8440 (fx)
Ass't: <laura.lynch@stanford.edu> <http://lessig.org/blog> <http://creativecommons.org> <http://eldred.cc>
Help reclaim the Public Domain: Please sign this petition: http://eldred.cc/sign
How else can you help? Check out: http://svcs.affero.net/rm.php?r=Lessig
DO NOT FORWARD THIS MESSAGE TO ANY OTHER LISTS. I AM GETTING TIRED OF SEEING CYPHERPUNKS JUST BE THE DUMPING GROUND FOR STUFF FROM OTHER LISTS. In almost all foreseeable cases, a system which allows identity escrow _cost more_ than a system which does not. This is analogous to the increased costs of a identity-based money system over an immediate-clearing, non-identity-based system. As an example, consider the network of CP or Mixmaster sorts of remailers. To package a payload through N remailers is a relatively easy thing for a a sender to do. But to arrange for propagation of "escrowed identity" at each (or most) of these N remailer nodes is costly. Any of these N remailers, in K different countries/jurisdictions, may use the "legal warrant" access method to open the identity escrow. For example, Finland in the Scientology/NOTS case...Finland surely would have used their "legal warrant" method had such an option existed. This is part of a larger issue, a philosophical one, about who controls "legal warrants." The Jew can be killed by using legal warrants, in Third Reich Germany. The libertarian in Soviet Russia. The pornographer in Canada. And nearly anyone who deviates from the official line in these beknighted states of america: smut peddlers, drug legalization advocates, supporters of Russia vs. Chechnya prior to 9/11, supporters of Chechnya vs. Russia after 9/11, liberators of Diebold documents showing the weakness of their voting machines, and so on and on. See my 1995-6 list of our enemies (Catholics, Whigs, Mormons, Communists...) for a very long list of those for whom "identity escrow" would have meant death or imprisonment in these beknighted states. Back to the cost issue. Prof. Lessig argues that voluntary identity escrow systems should be "encouraged." How/ Through nattering to people about how they ought to use a more expensive, less flexible system which exposes them to possible danger and which costs them more to use than the stronger alternative? Ha! Or "encouraged" in the sense of using state power to make stronger systems illegal or artificially taxed at higher rates? Why doesn't the U.S.G. just set up a "Big Brother Remailer" with the kind of identity escrow proposed? Let's then see how many freedom fighters working for the overthrow of the U.S. government use it. Let's see how many critics of the Church of Scientology, threatened with lawsuits and "legal warrants," use it. Let's see how much child porn gets traded on it. --Tim May
On Dec 5, 2003, at 3:53 PM, Tim May wrote:
Back to the cost issue. Prof. Lessig argues that voluntary identity escrow systems should be "encouraged." How/ Through nattering to people about how they ought to use a more expensive, less flexible system which exposes them to possible danger and which costs them more to use than the stronger alternative?
Ha!
Or "encouraged" in the sense of using state power to make stronger systems illegal or artificially taxed at higher rates?
Why doesn't the U.S.G. just set up a "Big Brother Remailer" with the kind of identity escrow proposed?
Let's then see how many freedom fighters working for the overthrow of the U.S. government use it. Let's see how many critics of the Church of Scientology, threatened with lawsuits and "legal warrants," use it. Let's see how much child porn gets traded on it.
And there are so many other points, long discussed here (1992-present), which Lessig's proposal would run into: * what if someone, like me, forwards items sent untraceably to me? (The Lessig Escrow remailer does not even know it is from me, or forwarded by me, unless and until he gets a "legal warrant" to open the contents...too late, then.) (If passing on a comment from another is illegal, on what basis? A remailer is just as easily seen as an "editor" or "re-commenter.") * if government controls remailers, what of those plotting against government? Is Jefferson supposed to use the King's remailers? * if the systems Lessig thinks should be "encouraged" are in fact set up--and no doubt some such systems already exist--how can they know that they are not themselves being used as part of a chain which includes traditionally-untraceable (CP, Mix remailers) upstream? Without looking, using their ostensible "legal warrants," a Big Brother Remailer has no way of knowing that the messages sent through from "Tim" were not just the messages of others. BTW, an argument I heard years ago from a proponent of an identity escrow system, long before Lessig, was that this approach would be blocked by making "Tim" responsible for all words or messages flowing into an IE remailer, even those he could not read (because they had been encrypted). The idea is to stop this chaining attack by making each user responsible for checking all the way back. In other words, for an IE system to work, competitors must be banned. Which is the same conclusion reached via other paths. (And, though IANAL, even I know that making "Tim" legally responsible even for messages he has no way of knowing fails the "scienter" test. Absent a ban on encryption, what "Tim " has done in passing along to "Larry's Remailer" a message which actually arrived from a non-IE remailer is nothing more than passing along something he was given. He has no knowledge of the contents (scienter requirement) and is not breaking any laws, absent a ban on competitors to IE remailers.) Anyway, this was hashed out many times in the early 90s and shortly after the very similar proposal for Clipper and other similar forms of key escrow. I have nothing against Lessig, but it bugs me that he's considered by some to be one of the Great Cyberspace Thinkers when his ideas are so easily dismissed...and were argued on both sides so many years ago. Larry Lessig ought to read, and think deeply about, the first ten years of traffic on the Cypherpunks list. Especially the first five years. --Tim May
participants (2)
-
Declan McCullagh -
Tim May