Re: Put up or shut up
At 06:45 PM 10/6/96 -0700, Steve Schear wrote:
Using, as you say, out-of-the-shower ideas to re-argue settled caselaw are almost always fruitless. Since the intents of the ranters are generally anarchistic, why even involve the law and justice. Even if their ideas have good philosophical basis there is little hope for the broad changes they seek in the political or legal landscape (given the powerful and selfish interests of those inside and outside the beltway) without a great trauma to the system.
Maybe you're missing the point? Even if you accept the idea of wiretapping telephone lines, one of the things that _isn't_ settled is how law is going to start treating ISP's. That, let me point out, IS NOT settled law, and in fact it hasn't really even started, so those lawyers who have a knee-jerk tendency to accept precedent don't have any precedent to accept! (unless, of course, they "pre-accept" the assumption that what the government can do WRT ISP's is somehow identical to what they do with telephones.) I see two broad and conflicting ideas of what the government can do in a search. The first is a classic search warrant, which simply allows the cops to go in and look around, for a comparatively limited amount of time, informing the person searched,taking a few things, and then _leaving_. Period. Generally, they can't sneak in, they can't hide in the closet for weeks or months, etc. Without effective challenge by telephone companies (which have no motivation to challenge it) there has been a very different precedent set, that of the wiretap: No informing the target at the beginning, indefinite time limit, and not necessarily even informing those tapped after it's over. _VERY_ different. The question is, which of these precedents should control ISPs? Police, obviously enough, would probably want to insinuate into the game with the assumption that the latter scenario rules. After all, they're talking about wires and electricity, right? That sure sounds like wiretapping, right? I contend that an ISP should be entitled to enter into a contract with his customers in a way which obligates him to structure his business to minimize his ability to cooperate with police when given a search warrant. One example which occurred to be months ago (which, amazingly, shut up even Black Unicorn!) was that the ISP could agree to encrypt any email received with the user's public key (or another public key whose private key is known only to the user) so that useful information is only ephemerally available in the ISP's computers. A few seconds after it arrives, it's been encrypted and is "gone" from the standpoint of the ISP. Only the user, when he logs in and after he downloads the encrypted files, can decrypt them. But that raises another question. Suppose the government, not liking this situation, decides to not merely do a search, but in fact order the ISP to turn off the encrypt-on-receipt feature? And more particularly, to do so without telling the customer? What if, in fact, they order the ISP to LIE about this? Or what if they order the ISP to change his system's software to store away an unencrypted version of the messages so as to bypass this protection? My answer to all this should be obvious: There is a vast difference between doing a "search" and, in effect, turning an ISP into a slave who has to say "how high?" when the government says "jump." Arguably the ISP has to consent to a search; I don't think he has to change his business practices in order to make those searches more useful. And I think he's entitled to make promises to his customers that he's obligated to keep, even when the government would want him to break them. However, I won't claim that this matter has been settled; in fact, it's probably an issue that never came up before, in any court. That's why I think it's important to ensure that ISP-law does not follow is the bad precedents set by wiretap law. Jim Bell jimbell@pacifier.com
IANAL, and I have been skimmming over most of the Bell v. Unicorn v. Nuri debates about the legality of wiretapping, but something jumped out at me: At 1:37 AM -0400 10/9/96, Black Unicorn wrote:
include ISPs. Constitutional arguments that ISPs are somehow different from phone companies and therefore not required to comply with wiretap orders? Good luck.
I know its fun to make the argument that ISPs and E-mail and NetPhone are all new technologies and so it must be unconstitutional to regulate them but the amusement in these cases stems from a wish that it was so, not fact or reason.
I agree that ISPs look a lot like phone companies for the purposes of regulations and wiretaps. My ISP sells me some connectivity, sends me a bill, etc. Thus, if it is constitutionally OK (a technical term) for courts to order phone logs to be turned over to law enforcement, why not logs of e-mail? Or logs of Web sites visited, for example? I see no basis for a special distinction. Records are records, and businesses routinely have to turn over various records under court order. However, there are certain things my phone company does *not* do. They don't keep _copies_ (recordings) of my phone conversations. This means a court order can't yield copies of past conversations. They also don't track incoming phone calls to me. (I don't believe such records of incoming phone calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming phone numbers is possible....I just don't think local or regional phone companies care about such records, and hence don't bother to accumulate them.) Now, should the phone company keep such records, they would be accessible via court order. My point? ISPs are currently in a position to turn over *far* more information than phone companies are able to turn over. It's as if the phone companies kept audio recordings of all conversations, without even the need for law enforcement to do a wiretap or pen register or whatnot. It would be trivial for law enforcement to say: "Phone Company, here's a subpoena/court order for the last 6 months of phone conversations Tim May has had. Please ship the tapes via FedEx." This makes the ISP case a bit different. Not legally, but technologically. There are some fixes. Something ISPs could do--and may do if there is sufficient customer pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this technical term). That is, to have an explicit policy--implemented in the software--of _really_ deleting the back messages once a customer downloads them to his site. This means that _backups_ must be done in a careful manner, such that even the backup tapes or disks are affected by a removal. (Recall that Ollie North thought he had deleted his incriminating White House PROFS messsages, but that they were faithfully preserved on backup tapes, and could be retrieved.) My Eudora Pro mail programs sucks down messages from my ISP and, as yours probably does, tells the ISPs mail server to delete it upon downloading. An option for users could be something like "Don't make longterm backups of my account, and leave no copies whatsoever once I have downloaded my messages." This would make the job of a law enforcement or TLA a lot more difficult than it is now, where the e-mail and logs are ready to be handed over on a silver platter, all nicely accumulated and human-readable. Back to the legal issue. Perhaps the Digital Telephony Act will be interpreted to require ISPs to make their systems "tappable," possibly by adding message logging. possibly just by offering access to the T1s and T3s only ("OK, Feds, here's where the T3 enters the building...be careful you don't cut the core, OK?"). But if no logs and backup tapes of mail are kept, at least the job of gaining access to communications is made more difficult. And, I'm sure the lawyers will agree, while ISPs may be treated essentially the same as telephone companies, absolutely *nothing* requires either to keep specific kinds of account records (*), to "know their customer" (a la banking laws, supposedly), or to record all traffic. (* Prepaid phone cards, paid for in cash, and payphones, tell us that True Names are not needed with the phone companies. And so on.) We don't have to make it easy for them. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 5:26 PM -0500 10/9/96, Kevin L Prigge wrote:
Timothy C. May said:
Something ISPs could do--and may do if there is sufficient customer pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this technical term). That is, to have an explicit policy--implemented in the software--of _really_ deleting the back messages once a customer downloads them to his site. This means that _backups_ must be done in a careful manner, such that even the backup tapes or disks are affected by a removal.
Interesting thought, but it fails when it gets to my scale. It would be trivial to exclude a file or set of files from normal backup, but it would be problematic to exclude files from filesystem dumps, etc. The scale I deal with (40,000 users, 12gb of /home directory files and about the same in the mail spool) would make it almost impossible to provide this service with accuracy to my users.
Were I implementing this on my present system, with three hard disks (.5, 1.0, and 2.9 GB), I would just move the mail spool for the "no backups" customers to one of the disks and then just not back it up. I realize this could be a headache for ISPs, but the principle seems easy enough to realize: move the mail files to a place that is not backed up. (By the way, the backup utility I have is very easy to configure to back up some files, not others, on all kinds of varying schedules. I would've thought "tar" and other such vaunted Unix tools are at least as configurable.) Again, I think the most straightforward approach is to offer two kinds of service: backups and no backups. And the "no backup" customers know that no backups are kept. (BTW, it's also possible the ISP could offer a "crash recovery" buffer of, say, a few days or a few weeks, to cover crashes of its own system. The crash recovery disk would, ideally, be overwritten, with no permanent copy of it ever made. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Wed, 9 Oct 1996, Timothy C. May wrote:
Back to the legal issue. Perhaps the Digital Telephony Act will be interpreted to require ISPs to make their systems "tappable," possibly by adding message logging. possibly just by offering access to the T1s and T3s only ("OK, Feds, here's where the T3 enters the building...be careful you don't cut the core, OK?").
I think there is a section of DT that explicitly excludes ISP's. Of course, this can, and probably will be, changed. Mark -- finger -l for key PGP encrypted mail prefered. Good signature from user "Mark Miller 2048-bit key <markm@voicenet.com>".
A month or two ago, I searched through the existing DT statute and posted language that could be interpreted as applying to ISPs. If there's an ISP exemption I missed, please post... -Declan On Wed, 9 Oct 1996, Mark M. wrote:
On Wed, 9 Oct 1996, Timothy C. May wrote:
Back to the legal issue. Perhaps the Digital Telephony Act will be interpreted to require ISPs to make their systems "tappable," possibly by adding message logging. possibly just by offering access to the T1s and T3s only ("OK, Feds, here's where the T3 enters the building...be careful you don't cut the core, OK?").
I think there is a section of DT that explicitly excludes ISP's. Of course, this can, and probably will be, changed.
Mark -- finger -l for key PGP encrypted mail prefered.
Good signature from user "Mark Miller 2048-bit key <markm@voicenet.com>".
// declan@eff.org // I do not represent the EFF // declan@well.com //
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 10 Oct 1996, Declan McCullagh wrote:
A month or two ago, I searched through the existing DT statute and posted language that could be interpreted as applying to ISPs. If there's an ISP exemption I missed, please post...
I originally read that ISP's were exempt from a Wired article in the February '96 issue. I did some searching on EFF's web site and found the text of the 1994 draft of DT. The bill says that information services and private networks are exempt from the requirements of subsection (a). I have no idea what subsection a is, but a seperate analysis by the EFF does say that the bill does not apply to Internet Service Providers. Maybe there is some section of the bill that does cover ISP's, but I don't think it is anything relating to facilitating wiretapping. I found this information at http://www.eff.org/pub/Privacy/Digital_Telephony_FBI. Mark - -- finger -l for PGP key PGP encrypted mail prefered. -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMl1aaizIPc7jvyFpAQFQdAgAoiWWFAEAnZY8Wa/b/LjbTGjxpG4C3IIJ n2R7vyE7Xu3w6xLYE8bwv27zuULgo0frw9Cw45fOehelT5x/e8wazNDjJ/zddBUu aE+6Nm1s6bAYVr+eIIaDT+uWz4S/H3HT2QNCmypXC0suecXtKqpSa0Ug4HsxQCYV yHOovHZAmIAMbKHvoZ8FlnXG4YCYD9yoIVL4HMuBW4pNqCfNs1VqzegfoBiOs4E/ AOwTuSSC0W0frh6joDyt0Oymi8dd1rPvI2U5gYQxntKc8sd31XPJoL4Qr/e091q1 1mVOxJbrVH2DHRNR/WE8+iiU2tBCss4H9bk1kVsodnRogyPjUDfyuQ== =RX8E -----END PGP SIGNATURE-----
Thanks for the pointer; I'll check it out... Guess I should have been looking here on eff.org rather than elsewhere. EPIC has some good stuff too at http://www.epic.org/privacy/wiretap/ -Declan On Thu, 10 Oct 1996, Mark M. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 10 Oct 1996, Declan McCullagh wrote:
A month or two ago, I searched through the existing DT statute and posted language that could be interpreted as applying to ISPs. If there's an ISP exemption I missed, please post...
I originally read that ISP's were exempt from a Wired article in the February '96 issue. I did some searching on EFF's web site and found the text of the 1994 draft of DT. The bill says that information services and private networks are exempt from the requirements of subsection (a). I have no idea what subsection a is, but a seperate analysis by the EFF does say that the bill does not apply to Internet Service Providers. Maybe there is some section of the bill that does cover ISP's, but I don't think it is anything relating to facilitating wiretapping.
I found this information at http://www.eff.org/pub/Privacy/Digital_Telephony_FBI.
Mark - -- finger -l for PGP key PGP encrypted mail prefered.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv
iQEVAwUBMl1aaizIPc7jvyFpAQFQdAgAoiWWFAEAnZY8Wa/b/LjbTGjxpG4C3IIJ n2R7vyE7Xu3w6xLYE8bwv27zuULgo0frw9Cw45fOehelT5x/e8wazNDjJ/zddBUu aE+6Nm1s6bAYVr+eIIaDT+uWz4S/H3HT2QNCmypXC0suecXtKqpSa0Ug4HsxQCYV yHOovHZAmIAMbKHvoZ8FlnXG4YCYD9yoIVL4HMuBW4pNqCfNs1VqzegfoBiOs4E/ AOwTuSSC0W0frh6joDyt0Oymi8dd1rPvI2U5gYQxntKc8sd31XPJoL4Qr/e091q1 1mVOxJbrVH2DHRNR/WE8+iiU2tBCss4H9bk1kVsodnRogyPjUDfyuQ== =RX8E -----END PGP SIGNATURE-----
// declan@eff.org // I do not represent the EFF // declan@well.com //
Timothy C. May said:
However, there are certain things my phone company does *not* do. They don't keep _copies_ (recordings) of my phone conversations. This means a court order can't yield copies of past conversations. They also don't track incoming phone calls to me. (I don't believe such records of incoming phone calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming phone numbers is possible....I just don't think local or regional phone companies care about such records, and hence don't bother to accumulate them.)
I had heard through the grapevine about a year ago that US West (the local Phone Monopoly) was required to turn over a list of all phones that called a certain local number. I don't recall what the details, but it implies that records of calls (from, to, possibly duration) are kept at least for a time.
Something ISPs could do--and may do if there is sufficient customer pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this technical term). That is, to have an explicit policy--implemented in the software--of _really_ deleting the back messages once a customer downloads them to his site. This means that _backups_ must be done in a careful manner, such that even the backup tapes or disks are affected by a removal.
Interesting thought, but it fails when it gets to my scale. It would be trivial to exclude a file or set of files from normal backup, but it would be problematic to exclude files from filesystem dumps, etc. The scale I deal with (40,000 users, 12gb of /home directory files and about the same in the mail spool) would make it almost impossible to provide this service with accuracy to my users.
But if no logs and backup tapes of mail are kept, at least the job of gaining access to communications is made more difficult.
I've been concerned about system logging on remailers, and what kind of traffic details they could leave. If a remailer operator doesn't control the machine that the remailer runs on, there can be no guarantee that traffic information is unavailable to someone with a warrant or a gun. It wouldn't be to much of a stretch to imagine a coordinated raid of all remailers, to "capture a terrorist ring" or some other likely excuse. -- Kevin L. Prigge | Some mornings, it's just not worth Systems Software Programmer | chewing through the leather straps. Internet Enterprise - OIT | - Emo Phillips University of Minnesota |
Kevin L Prigge said
Timothy C. May said:
... stuff deleted ...
Something ISPs could do--and may do if there is sufficient customer pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this technical term). That is, to have an explicit policy--implemented in the software--of _really_ deleting the back messages once a customer downloads them to his site. This means that _backups_ must be done in a careful manner, such that even the backup tapes or disks are affected by a removal.
Interesting thought, but it fails when it gets to my scale. It would be trivial to exclude a file or set of files from normal backup, but it would be problematic to exclude files from filesystem dumps, etc. The scale I deal with (40,000 users, 12gb of /home directory files and about the same in the mail spool) would make it almost impossible to provide this service with accuracy to my users.
How hard would this be? (and would it work?) Use an encrypted file system, something like Matt Blazes CFS which allows each user to set up his own encrypted directories. The encryption is file by file so that backups can be made by the system, but the backups are still encrypted. Unlike CFS, this system would allow public key cryptography. The system could write to a directory using the public key, but only the user could read from the directory. As usual, to speed things up, the PK cryptography would just be used to encrypt/decrypt conventional keys which would be used for the encryption/decryption of the data. With this in place, when email comes in, it could be stored in the recipient's directory of the hard drive. I guess I'm assuming that the user has a shell account.
-- Kevin L. Prigge | Some mornings, it's just not worth Systems Software Programmer | chewing through the leather straps. Internet Enterprise - OIT | - Emo Phillips University of Minnesota |
-------------------- Scott V. McGuire <svmcguir@syr.edu> PGP key available at http://web.syr.edu/~svmcguir Key fingerprint = 86 B1 10 3F 4E 48 75 0E 96 9B 1E 52 8B B1 26 05
Timothy C. May said:
However, there are certain things my phone company does *not* do. They don't keep _copies_ (recordings) of my phone conversations. This means a court order can't yield copies of past conversations. They also don't track incoming phone calls to me. (I don't believe such records of incoming phone calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming phone numbers is possible....I just don't think local or regional phone companies care about such records, and hence don't bother to accumulate them.)
"MUDs" are typically kept 24-72 hours. They list OUTGOING calls, hence a big search is needed to translate to incoming. But it is done... -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
In <v03007802ae819385a300@[207.167.93.63]>, on 10/09/96 at 10:13 AM, "Timothy C. May" <tcmay@got.net> said: .However, there are certain things my phone company does *not* do. They don't .keep _copies_ (recordings) of my phone conversations. . true, so far .This means a court .order can't yield copies of past conversations. . true, so far .They also don't track .incoming phone calls to me. (I don't believe such records of incoming phone .calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming .phone numbers is possible....I just don't think local or regional phone .companies care about such records, and hence don't bother to accumulate .them.) . Not true. they *do* track incoming calls, including caller ID, etc even if blocked by the originating customer; even pay phones give out their ID which means if the callee is tapped, they have the caller's location in a flash by reverse reference. Caller ID of blocked senders is available to anyone who wants to read it. the "disable" bit can be programmed out of existence if anti-privacy snooping is your business ( you can modify software and/or firmware in most of the the WinTel hardware platform add-ons for phones to do so). .Now, should the phone company keep such records, they would be accessible via .court order. . Sure are; and they are there. .My point? ISPs are currently in a position to turn over *far* more .information than phone companies are able to turn over. It's as if the phone .companies kept audio recordings of all conversations, without even the need .for law enforcement to do a wiretap or pen register or whatnot. It would be .trivial for law enforcement to say: "Phone Company, here's a subpoena/court .order for the last 6 months of phone conversations Tim May has had. Please .ship the tapes via FedEx." . exactly; recording of calls is not done without a court order --or an LEO operative having a buddy or bribee in the switch room. besides, LEOs do not wiretap suspects without a court order (really) --but they *do* just happen to talk loud enough in certain places about wanting that information (including inbound CallerID), that whatever information is desired is handed over by a snitch for the usual 30 shekals, or more. .This makes the ISP case a bit different. Not legally, but technologically. . Unfortunately, the same "problem" applies here --the ISPs can be ordered to keep logs of mail traffic. So far, the fact this is not current Fed policy is what permits our remailer networks to operate at all. If remailers were required to keep logs --of what value would remailers be? Obviously, this not mean that some brain-dead Fed, Jamie Gorelick for example, will not ask Congress to attach a rider to some other bill which will pass with high numbers --remember the "manager's mark" which added the CDA provisions we object to after the House voted 410-2 for no-CDA? .There are some fixes. . valid only until the Feds order ISPs to log, and to whatever level. . [snip] .(Recall that Ollie North thought he had deleted his incriminating White House .PROFS messsages, but that they were faithfully preserved on backup tapes, and .could be retrieved.) . sure makes a good argument for ZIP drives does it not? --of course, supposing PRZ did not sell out to get off, the messages should have started our with PGP --you can always lose a keyring <g> or, have a second internal file which is non-incriminating which pops up with the dummy key --talks about your kids or whatever. that and pray your recipient gets the decoded message off his disks pronto. would not take much to modify PGP to be two (or split) keyed. of course, we might as well shift over to the newer lattice crypto theories and up the price to play. or, interleaving which is a particularly nasty means of playing the game -it gets their attention real fast; been there and seen the two grey suits at the door at 5 am a few times --unpleasant men. or, as I do with all mail, despite the small fraction I consider sensitive: all inbound mail goes to a ZIP disk --decoding, including tmp files, is on the ZIP --I may even switch to JAZ and keep the archives on optical (which is also a lot faster). .[snip...] .(* Prepaid phone cards, paid for in cash, and payphones, tell us that True .Names are not needed with the phone companies. And so on.) so far, this is one of the few freebies we have, but is it a freebie long? with the new digital wiretap provisions and sophisticated speech reconition, the Feds can scan and monitor active payphones and still have their cake after they have eaten your rights. .We don't have to make it easy for them. . .--Tim May . how? revolution per the Thomas Jefferson rationalization? nor must "they" make it easy for us. <g> -- I'll get a life when it is proven and substantiated to be better than what I am currently experiencing.
On Tue, 8 Oct 1996, jim bell wrote:
At 06:45 PM 10/6/96 -0700, Steve Schear wrote:
Using, as you say, out-of-the-shower ideas to re-argue settled caselaw are almost always fruitless. Since the intents of the ranters are generally anarchistic, why even involve the law and justice. Even if their ideas have good philosophical basis there is little hope for the broad changes they seek in the political or legal landscape (given the powerful and selfish interests of those inside and outside the beltway) without a great trauma to the system.
Maybe you're missing the point? Even if you accept the idea of wiretapping telephone lines, one of the things that _isn't_ settled is how law is going to start treating ISP's. That, let me point out, IS NOT settled law, and in fact it hasn't really even started, so those lawyers who have a knee-jerk tendency to accept precedent don't have any precedent to accept! (unless, of course, they "pre-accept" the assumption that what the government can do WRT ISP's is somehow identical to what they do with telephones.)
I disagree. There is lots of potential precident. The entire concept that data voluntarily turned over to a 3rd party is not entitled to 4th amendment protection (i.e., pen registers) is just the one that happens to jump to mind. The fact that the government has had to deal with the breakup of ma bell and cooperate with several different phone companies now suggests to me that not much of a leap is required to include ISPs. Constitutional arguments that ISPs are somehow different from phone companies and therefore not required to comply with wiretap orders? Good luck. I know its fun to make the argument that ISPs and E-mail and NetPhone are all new technologies and so it must be unconstitutional to regulate them but the amusement in these cases stems from a wish that it was so, not fact or reason. Are there some flexibilities in the developing law? Yes. Are they going to make all e-mail and electronic communications legally untapable and immune from electronic search warrant? Of course not. Don't be stupid. This is what technology is for.
I see two broad and conflicting ideas of what the government can do in a search. The first is a classic search warrant, which simply allows the cops to go in and look around, for a comparatively limited amount of time, informing the person searched,taking a few things, and then _leaving_. Period. Generally, they can't sneak in, they can't hide in the closet for weeks or months, etc.
Without effective challenge by telephone companies (which have no motivation to challenge it) there has been a very different precedent set, that of the wiretap: No informing the target at the beginning, indefinite time limit, and not necessarily even informing those tapped after it's over. _VERY_ different.
The question is, which of these precedents should control ISPs? Police, obviously enough, would probably want to insinuate into the game with the assumption that the latter scenario rules. After all, they're talking about wires and electricity, right? That sure sounds like wiretapping, right?
Why bother with all this trash? Use SSH and end to end encryption. End of discussion. See how much simpler and cheaper that is than trying to get the supreme court to kneecap the police and the feds? Hint: If you don't, you're on the wrong list.
I contend that an ISP should be entitled to enter into a contract with his customers in a way which obligates him to structure his business to minimize his ability to cooperate with police when given a search warrant.
"I content that a phone company should be entitled to enter into a contract with his customers in a way which obligates him to structure his business to minimize his ability to cooperate with police when given a search warrant." Yeah. Good luck. Switch phone comapny with "deli" or with "employer" or with "interstate shipper." Same result. "Good luck." Find me a General Counsel who would let their firm do that and I'll find you a wonderful canidate for a malpractice suit. I would suggest you study the contractual doctrine of "Illegality" and state statutes on "Obstruction of Justice."
One example which occurred to be months ago (which, amazingly, shut up even Black Unicorn!) was that the ISP could agree to encrypt any email received with the user's public key (or another public key whose private key is known only to the user) so that useful information is only ephemerally available in the ISP's computers. A few seconds after it arrives, it's been encrypted and is "gone" from the standpoint of the ISP. Only the user, when he logs in and after he downloads the encrypted files, can decrypt them.
Why even involve the ISP? Why would an ISP want to do this and expose themselves to potential liability when the end user could just do it themselves? I don't remember this point, but if I ignored it it's probably because its just lacking in any remarkable insight. Actually it doesn't even seem to have undergone the scrutiny of 10 minutes consideration. The entire advantage of encryption is that it moves the burden and ability to protect communications to the end user. There is no need to depend on the phone company, an ISP, or anyone else but the person with whom you are communicating. If you want an ISP to encrypt all your mail as it shows up (a strange request to begin with because of the potential for some third party to encrypt with the wrong key or etc. and destroy the data permanently) you are introducing a third party into the equation which you now have to trust and depend on as far as resistence to government coercion goes. (You seem to have identified this problem below, but in a way that suggests it just occured to you or that this is just a stream of consciousness blathering post). I don't understand at all how this leaves anyone better off. I can point out explicitly, however, how it leaves everyone worse off. 1. The government now has another party to squeeze (The ISP, who would have been fairly untouchable if they had done nothing but forward e-mail). 2. The party receiving mail now has to depend on the ISP and some method of contractual enforcement if the ISP breaks its word. (I suppose this is where it will be suggested that we just kill all the ISP employees). 3. The party sending mail now has to rely on the discression of the ISP (From whom he/she has no contractual assurances at all).
But that raises another question. Suppose the government, not liking this situation, decides to not merely do a search, but in fact order the ISP to turn off the encrypt-on-receipt feature? And more particularly, to do so without telling the customer? What if, in fact, they order the ISP to LIE about this? Or what if they order the ISP to change his system's software to store away an unencrypted version of the messages so as to bypass this protection?
What if they just packet sniff at the "In" plug of the ISP and cut the ISP out all together? Why bother telling the ISP anything if it's clearly not being compliant? Duh. Same reason I would send agents to go around an island bank which was not cooperating were I the IRS. Of course, the ISP could easily be charged in a conspiracy and obstruction action after this.
My answer to all this should be obvious: There is a vast difference between doing a "search" and, in effect, turning an ISP into a slave who has to say "how high?" when the government says "jump." Arguably the ISP has to consent to a search;
Where do you get this last part? Arguably in the Jim Bell Court of Invented Appeals perhaps. Of course in that court the death penality applies for parking violations if the complaintant is rich enough.
I don't think he has to change his business practices in order to make those searches more useful. And I think he's entitled to make promises to his customers that he's obligated to keep, even when the government would want him to break them.
I refer you back to the concepts of "obstruction" and "conspiracy."
However, I won't claim that this matter has been settled; in fact, it's probably an issue that never came up before, in any court.
Neither has the argument that cows fly and therefore should be regulated by the FAA. How that lends the argument any merit at all is beyond my comprehension.
That's why I think it's important to ensure that ISP-law does not follow is the bad precedents set by wiretap law.
Suggestion: Start a foundation with this goal. Let me know how far you get. Try calling some law schools and asking them if they might have some students willing to work on the problem for free.
Jim Bell jimbell@pacifier.com
-- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li
after months of patient explanations to Jim Bell and sympathizers, going over the same points in 31 flavours, the same arguments of what I would call "respectable" anarchy (well stated by Tim May) rather than the "world at war" anarchy of Jim Bell -- where are we?!? I read Jim's first "manifesto" at least 18 months ago; and, the "refined manifsto" less than a month ago. I have yet to see an application of civilization which brings AP society up to even the level of Tombstone AZ just prior to the OK Corral. Jim's theories all hinge on betting pools which supposedly can be run like the lottery where the poor can share a ticket (egalitarian, of course), anonyminity (which as an argument is appropriate, but what for in a selfish immoral act?), and a justice is served attitude, even if there are mistakes. the whole concept of AP does not even support the concept of "justice is expeditiously served!" it is a resort to the manners of dogs and monkeys sitting at the same table --a spiteful, arrogant player can move the betting pools to assassinate anyone. In other words, are we planning to use James Caan as the lead runner in "Roller Ball" --except this time we're playing with a "live" society for which we hold in common the utmost contempt? are we trying to return to the bread and circus mentality of Rome on its deathbed and slide to subjecation by Attila the Hun who was actually stopped from sacking Rome after the Pope so impressed him with his regal robes.... deciding tribute from an established dictatorship was more reliable? --and less costly?!? has anyone seen a single social moral fiber in Jim's often passionate arguments for AP, or even in the "results" in a society which will never breed another leader: religious, secular, or even political? does AP permit anything except slaves and drones which can just as easily be replaced by robots? maybe noone will miss news reports (as 'canned' as they are), or movies which entertain or provoke? or ice cream sundaes at the soda fountain? ...and the disappearance of grocers, and doctors, and dentists bringing forth a new age of subsistence farming and hunting for the lucky few who might live to a readjusted live expectancy point of 30 yrs, burning books and computer printouts for cooking and warmth. why have books or knowledge when there is noone willing to accept the responsibility of educating your children, the instructor waiting for the parent of Dumb Suzy to avenge her failing grade? after all, Suzy does not need to read, not even well enough to take the test for a driver's license --there is no infrastructure; no need to learn math well enough to possibly balance a checkbook --after all, there are no banks... well, killing for my country was once my civic duty; I never killed in revenge --there was no need, we never left enough living for them to attempt their revenge. was it desensitizing, yes. killing is just another days work... would I even consider doing it again for our "proud and just" republic? what "proud and just" republic? it has not even had the resemblence of a republic, let alone "proud and just" since Stanton and his crony Cotton arranged the assassination of Lincoln --it only cost Cotton $50,000. sacrificing 55,000 men and frying the brains of another 1.5 million solely to fatten the industrial war machine? using John Foster Dulles' "domino theory" to justify the carnage... to bad I was still of an era which said 'you will serve if called' and so stupid to take almost six years to get out. Would you serve a country today which is rotten to the core? "Assassination Politics" is nothing more than a childish game which 'legalizes' killing anyone you wish. are AP's proponents so naive they believe the bookies will not have any public person assassinated by rigging the pools for their own profit? remember, law enforcement ceased with the return of 'law of the jungle' anarchy. AP has already decided the people are free to return to the savage jungle where the big cats hunt for food, and man hunts for pleasure. Jim Bell has amused us long enough --an average of 10-15 messages a day; every thread being convoluted to included the aspects of Assassination Politics --the all encompassing AP. PURE CRAP! arguing AP in any form is just another case of mental masturbation, and the old story still applies: "if you are arguing with a fool; look in the mirror before you continue!" or as brock says: attila out.... -- What part of 'Congress shall make no law abridging the freedom of speech' do you not [oops... sorry] do you understand?
participants (9)
-
attila -
Black Unicorn -
David Lesher -
Declan McCullagh -
jim bell -
Kevin L Prigge -
Mark M. -
Scott McGuire -
Timothy C. May