LIST OF SHAME VOLUNTEERS

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, As promised, below is the list of folks who have asked to be put on Mr/Ms Anonymous' LIST OF SHAME. In addition, I am including one volunteer who supports Mr/Ms Anonymous...sort of. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ LIST OF SHAME VOLUNTEERS Dan Harmon Jim Ray Robby Havasy Perry Metzger (didn't volunteer, exactly, but wrote: "Perry, Who is disappointed that he didn't make the "LIST OF SHAME", but understands that perhaps he hasn't done enough to oppose controls on cryptography. I'll work harder, and hopefully you will denounce me soon." Damaged Justice <frogfarm@yakko.cs.wmich.edu> brianh@u163.wi.vp.com Rich Graves Brad Shantz Kevin L Prigge Jim Gillogly Robert Hettinga David Macfarlane Brad Shantz Mark Aldrich Charles Gimon Jamie Lawrence Doug Hughes David K. Merriman Lucky Green Raph Levien Bill Frantz Paul E Robichaux Glenn Powers Brian D Williams "Vladimir Z. Nuri" !!!!! SUPPORTERS OF MR/MS ANONYMOUS E. Clark, who wrote: Subject: A vote for ANON's position [with reservations] Supporters of the Leahy Bill are, to me, well-intentioned dupes. I've lurked on this list under this and a previous usename since the list was a couple months old. I came here to learn crypto, not debate politics. And, while the urge has often been all but overwhelming, I've for most part kept my silence, prefering back channels to posting on the list. The Politics of the Absurd has in the last year or three found me in agreement with figures on the national scene whose pockets I would decline to piss were their balls on fire. Nor am I quite comfy siding with anonymous in regard to the Leahy Bill, but... I neither like nor trust the bill and, after the Digital Telephony Bill and its manner of passage, my trust in the good senator is zero. I am still a little puzzled why there was so little discussion on the list of what Freeh might have told the congresscritters that long summer when he seems to have visited them all. Sort of makes this leftie wonder if, just maybe, the rightwing conspiracy boys who claim the unusual number of congressional dropouts was the result of FINCIN findings might not have stumbled upon a quarter-grain of truth. While I applaud the efforts of those working for the cause in the political sphere, I have scant faith. Business will be on the side of privacy until it gets what it wants, then walk away from individual concerns for privacy, etc. I've always enjoyed your posts and sense of humor. Apologies for going on at length. e. clark --- Comments, Anonymous?

E. Clark writes:
I neither like nor trust the bill and, after the Digital Telephony Bill and its manner of passage, my trust in the good senator is zero.
I spoke to a couple folks about this at the CDA hearings in Philadelphia last week. Word on the streets from those who would know is that the Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth supporting to raise awareness of crypto. After DT and Clipper, it's our chance to put Clinton and the DoJ on the defensive for a change. -Declan

On Mon, 25 Mar 1996, Declan B. McCullagh wrote:
E. Clark writes:
I neither like nor trust the bill and, after the Digital Telephony Bill and its manner of passage, my trust in the good senator is zero.
I spoke to a couple folks about this at the CDA hearings in Philadelphia last week. Word on the streets from those who would know is that the Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth supporting to raise awareness of crypto.
I did a little weekend poking, I can confirm this. If the Leahy bill passes, it will be a surprise (putting it mildly).
After DT and Clipper, it's our chance to put Clinton and the DoJ on the defensive for a change.
I suggest instead that everyone be nice and quiet. If they get busy enough, this issue might not rear its ugly head for a few terms.
-Declan
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information

Excerpts from internet.cypherpunks: 25-Mar-96 Re: LIST OF SHAME VOLUNTEERS by Black Unicorn@schloss.li
I did a little weekend poking, I can confirm this. If the Leahy bill passes, it will be a surprise (putting it mildly).
Especially since there are only -- how many? -- 40 or 50 days left in this legislative session.
After DT and Clipper, it's our chance to put Clinton and the DoJ on the defensive for a change.
I suggest instead that everyone be nice and quiet. If they get busy enough, this issue might not rear its ugly head for a few terms.
It's too late, I fear. Today's article in the NYT, for instance, doesn't exactly help keep this issue quiet. -Declan

If the Leahy bill is unacceptable, what legistlation is necessary? I can't see how the use of cryptography in the commission of a crime needs to be a separate offence, but I could see how it could be treated as a special circumstance - that doesn't really needed a new law though. I do feel that it should be possible for courts to sub poena crypto keys, but that doesn't really need new law either (4th and 5th ammendments become _really_ important though (hmmm- there advantages to writing down a constitution after all :) Simon --- They say in online country So which side are you on boys There is no middle way Which side are you on You'll either be a Usenet man Which side are you on boys Or a thug for the CDA Which side are you on? National Union of Computer Operatives; Hackers, local 37 APL-CPIO

On Mon, 25 Mar 1996, Simon Spero wrote:
If the Leahy bill is unacceptable, what legistlation is necessary? I can't see how the use of cryptography in the commission of a crime needs to be a separate offence, but I could see how it could be treated as a special circumstance - that doesn't really needed a new law though.
This kind of legislation would be painfully unenforceable. How do you know if crypto was used in the commission of a crime unless you can offer the plaintext to show that the content was criminal or in furtherance of a criminal act or conspiracy, >and< that the content was encrypted? This kind of statute nearly requires escrowed encryption or the old standby, stupid crooks. I'd be happy to see this pass alone because I think it would placate some of the screaming crypto-frady-cats on the hill much the way the cosmetic assualt "looking" weapons ban did, but I think this unlikely. It's like criminalizing the destruction of bodies in furtherance of murder. What's the point? Just use obstruction of justice.
I do feel that it should be possible for courts to sub poena crypto keys, but that doesn't really need new law either (4th and 5th ammendments become _really_ important though (hmmm- there advantages to writing down a constitution after all :)
After doing some work in a somewhat related area (I'm about to release the workproduct to the list), I am more and more dubious as to the protections the 4th and 5th amendments will provide in these instances. I think many people on the list here had the right idea generally. No legislation is good legislation for crypto. Really the ITAR applications are beseiged right now, and will probably fizzle out of their own accord, not to mention the fact that they are de facto moot. In practice it is trivial to subvert ITAR for the purposes of worldwide crypto availability. Someone just needs to get a foreign entity producing strong hardware encryption in Estonia (hardware IDEA would be nice) to capitalize on the markets in the U.S. and non-escrow jurisdictions in Europe and Asia. If we have no-legislation and a foreign producer of strong crypto soft and hardware for the next 3 years, I think we are way ahead of the game. Unfortunately, I think some version of crypto legislation is going to see passage in the next pair of years. Leahy certainly isn't going to give up, and he may have a bit more momentum after an election year runs its course. Whoever wins the election, I think you can expect to see even more aggressive bills from congress on the subject. All it would take is one anti-trust case with encryption as a concealing method and people would be busting down doors at night looking for PGP.
Simon
--- They say in online country So which side are you on boys There is no middle way Which side are you on You'll either be a Usenet man Which side are you on boys Or a thug for the CDA Which side are you on? National Union of Computer Operatives; Hackers, local 37 APL-CPIO
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information

I think many people on the list here had the right idea generally. No legislation is good legislation for crypto. Really the ITAR applications are beseiged right now, and will probably fizzle out of their own accord, not to mention the fact that they are de facto moot.
In practice it is trivial to subvert ITAR for the purposes of worldwide crypto availability.
You've obviously never brought a crypto product to market before. Granted, worldwide *personal* use of crypto availability is trivial, but not corporate. -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org

On Mon, 25 Mar 1996, sameer wrote:
I think many people on the list here had the right idea generally. No legislation is good legislation for crypto. Really the ITAR applications are beseiged right now, and will probably fizzle out of their own accord, not to mention the fact that they are de facto moot.
In practice it is trivial to subvert ITAR for the purposes of worldwide crypto availability.
You've obviously never brought a crypto product to market before.
No, in fact, I have not. What are the impediments to corporate marketing of crypto where the marketing and distrubting entity is foreign? (I honestly don't know) Granted, worldwide *personal* use of crypto availability is
trivial, but not corporate.
Sufficently entrench personal use of crypto, and the personal/corporate use distinction ceases to exist.
-- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information

No, in fact, I have not.
What are the impediments to corporate marketing of crypto where the marketing and distrubting entity is foreign? (I honestly don't know)
As a US entity, Community ConneXion is marketing an SSL-encrypting webserver based on the Apache-SSL developed by the Apache Group (worldwide) and Ben Laurie (in the UK). As both Ben and I would like to maintain a similar product both for domestic and international use, such that international corporations may deploy the application worldwide within their organization without compatibility problems, Ben has to write all the code, because I can't send him anything. (I've written code to incorporate new features, but once Ben writes code to incorporate those features, I will end up using his code, in order to maintain a stable codebase. -- duplicating effort.) As most OS vendors are located within the United States, it requires a significant effort for an OS vendor to include the product worldwide, because they need to contract out an outside US cd-pressing and product build facility in order to build the international version of their OS (or other application.. right now I'm concentrating on getting OS vendors to bunlde the prodcut) which bundles our product. It's doable. It's not trivial though. ITAR does help, in that if Ben decides to commercialize his product, we have a very convenient line which stops us from competing with each other. He can't sell inside the US because of RSA patents. I can't sell outside the US because of ITAR. ;-)
Granted, worldwide *personal* use of crypto availability is
trivial, but not corporate.
Sufficently entrench personal use of crypto, and the personal/corporate use distinction ceases to exist.
Not if some applications don't apply to personal use. -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org

On Mon, 25 Mar 1996, sameer wrote:
No, in fact, I have not.
What are the impediments to corporate marketing of crypto where the marketing and distrubting entity is foreign? (I honestly don't know)
As a US entity, Community ConneXion is marketing an SSL-encrypting webserver based on the Apache-SSL developed by the Apache Group (worldwide) and Ben Laurie (in the UK).
[Legitimate logistical obsticles deleted]
It's doable. It's not trivial though.
Phew. I thought for a moment you meant legal problems. Yes, I concede, there are significant logistical hurdles confronting the multi-jurisdictional crypto project. One assumes, however, that the initial capital investment will be somewhat offset by the first in market advantage of the position. Further, a entirely foreign production, say for chip manufacture, would probably make things easier. I had specifically contemplated hardware applications. Indeed, there are problems with both, but they don't stem from ITAR.
ITAR does help, in that if Ben decides to commercialize his product, we have a very convenient line which stops us from competing with each other. He can't sell inside the US because of RSA patents. I can't sell outside the US because of ITAR. ;-)
Granted, worldwide *personal* use of crypto availability is
trivial, but not corporate.
Sufficently entrench personal use of crypto, and the personal/corporate use distinction ceases to exist.
Not if some applications don't apply to personal use.
Are you talking specific licensing provisions, or implementation. I don't follow. (Though I'm fairly sure I'm missing something obvious).
-- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information

Yes, I concede, there are significant logistical hurdles confronting the multi-jurisdictional crypto project. One assumes, however, that the initial capital investment will be somewhat offset by the first in market advantage of the position.
Yes, I would hope so.
Further, a entirely foreign production, say for chip manufacture, would probably make things easier. I had specifically contemplated hardware applications. Indeed, there are problems with both, but they don't stem from ITAR.
I see, yes.
Are you talking specific licensing provisions, or implementation. I don't follow. (Though I'm fairly sure I'm missing something obvious).
Well there are certain applications which personal users don't really want to use. SSL webservers for example. Most individuals don't have a need for an SSL webserver. RSA-in-hardware is also not needed for most individuals, but high-traffic server applications which do RSA operations really should start using RSA in hardware. Encrypted database applications (something I'm working on with a friend) are another application which personal users don't really care about, but corporate IS finds valuable. (Well, I hope they find it valuable, otherwise our product won't sell.. the database guy says he knows them well enough that they'll buy it though.) -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org

On Mon, 25 Mar 1996, Simon Spero wrote:
If the Leahy bill is unacceptable, what legistlation is necessary? I can't see how the use of cryptography in the commission of a crime needs to be a separate offence, but I could see how it could be treated as a special circumstance - that doesn't really needed a new law though.
[snip] Good question. Along this line -- what are the penalties for withholding other types of possible evidence from investigating officers? It seems that often the penalites for "computer crimes" are more harsh than for the "normal" version of the crime. Is that the case with the penalties in Leahy's bill? ______________________________________________________________________ Rich Burroughs -- richieb@teleport.com -- psu07973@odin.cc.pdx.edu http://www.teleport.com/~richieb --- Opinions are mine, not Teleport's PGP key fingerprint: 1F A1 40 72 92 02 DE 7A 80 D0 5A 57 D3 1C 87 86

On Mon, 25 Mar 1996, Rich Burroughs wrote:
On Mon, 25 Mar 1996, Simon Spero wrote:
If the Leahy bill is unacceptable, what legistlation is necessary? I can't see how the use of cryptography in the commission of a crime needs to be a separate offence, but I could see how it could be treated as a special circumstance - that doesn't really needed a new law though.
[snip]
Good question.
Along this line -- what are the penalties for withholding other types of possible evidence from investigating officers? It seems that often the penalites for "computer crimes" are more harsh than for the "normal" version of the crime. Is that the case with the penalties in Leahy's bill?
I have personally been involved in cases involving fines of $75,000 per day for noncompliance with a grand jury subpoena duces tecum calling for the surrender of banking documents.
______________________________________________________________________ Rich Burroughs -- richieb@teleport.com -- psu07973@odin.cc.pdx.edu http://www.teleport.com/~richieb --- Opinions are mine, not Teleport's PGP key fingerprint: 1F A1 40 72 92 02 DE 7A 80 D0 5A 57 D3 1C 87 86
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information

Excerpts from mail: 25-Mar-96 So, what crypto legislation.. by Simon Spero@tipper.oit.u
If the Leahy bill is unacceptable, what legistlation is necessary? I can't see how the use of cryptography in the commission of a crime needs to be a separate offence, but I could see how it could be treated as a special circumstance - that doesn't really needed a new law though.
Leahy's bill will not pass. Period. However, with the introduction of this legislation comes a chance to get _our side_ heard by the unwired. -Declan

On Mon, 25 Mar 1996, Declan B. McCullagh wrote:
Excerpts from mail: 25-Mar-96 So, what crypto legislation.. by Simon Spero@tipper.oit.u
If the Leahy bill is unacceptable, what legistlation is necessary? I can't see how the use of cryptography in the commission of a crime needs to be a separate offence, but I could see how it could be treated as a special circumstance - that doesn't really needed a new law though.
Leahy's bill will not pass. Period. However, with the introduction of this legislation comes a chance to get _our side_ heard by the unwired.
I know I sound like a FUDer, but I really don't think this is going to make much difference. The key is going to be industry and business. Yell at netscape. No congressperson is going to listen to whinings from the public about the bill of rights in the face of the fanatic anti-crime temper of the United States when such an obscure subjection as encryption is at issue.
-Declan
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information

On Mon, 25 Mar 1996, Declan B. McCullagh wrote:
Leahy's bill will not pass. Period. However, with the introduction of this legislation comes a chance to get _our side_ heard by the unwired.
Hear hear. But I'm afraid that last should have been written in the past tense. There it goes... It would have been nice to have someone in the Congressional Record saying something like, "While I don't agree with the implementation of this specific bill, it is arguably less totalitarian than the current arbitrary and unconstitutional policy." -rich
participants (8)
-
Black Unicorn
-
Declan B. McCullagh
-
Rich Burroughs
-
Rich Graves
-
sameer
-
sameer@c2.org
-
Sandy Sandfort
-
Simon Spero