my remailer taking some (mild) heat [LONG]
For your edification: I run a remailer. Someone used it to post copyrighted material. I was contacted to help resolve the issue. The person who contacted me, Brad Templeton, was neither abusive nor unreasonable, but he did express some interesting attitudes. I am reposting the dialogue here. My added comments begin with '#'. I must emphasize that I sympathize with Mr. Templeton and bear him no ill will. I am interested in his views---and your reaction to his views---of remailers, their legality, and future. ##### Brad Templeton wrote: ##### Somebody posted an AP Wire story to comp.org.eff.talk using your remailer. We'll need to know who it was or have you contact them so we can get them to make amends for the copyright violation. Thanks. ##### I responded:: ##### Brad, # I included his initial message here This is distressing to me. I don't run a remailer to abet infringers of copy (or other) rights. I certainly do not condone this action. Unfortunately, there is little I can do after the fact. My remailer is not the sort that requires a priori relationships. If a message has the right sort of header, the remailer sends it on its way ... no questions asked. I never see any mail that passes through my remailer. I keep no logs, the efficacy of which would be compromised in any case by remailer chaining or encryption. I can block remailing to or from any particular address, but my remailer is incapable of taking action based on content. I am sorry that I can neither tell you who it was, nor contact them ... not because I don't wish to, but because I am unable to. I will happily assist you in any way that I am able. What follows is my public policy with respect to the remailer. It details my capabilities and attitude. # I included my remailer policy here, which most of you have seen. # E-mail me privately for copies. I hope this is of some assistance to you. ##### Brad Templeton wrote:: ##### I understand your policy, and I suspect that down the road that while anon remailers will continue to exist and serve a purpose, those that allow people to break laws behind them (defamation and copyright, and possibly kiddie-porn in particular) will have to shut down. The law is clear on this. If a newspaper publishes libel, the newspaper is liable with the writer, and fully liable if they hide the writer's name. You'll be in that boat, and shutting down or logging after the fact won't do you much good. I think the right answer is a remailer that logs, allows replies (like the finet one) and which opens up in the case of illegal postings, or any other postings that don't follow its rules. It might say that it demands a warrant, for example. What you're doing is of little value. Anybody can post anon to USENET anyway, if they don't care about replies. I am surprised you would take the risk to add no functionality. ##### I responded: ##### Brad, My immediate advice to you is to send mail to the same distribution that the illegal material followed, requesting contact from the sender. This would have the same enforcability of reply as Julf's remailer. People rarely mail things to lists they don't themselves read, so it is likely to be read by the intended. As I said before, I will help you in any way that I can. I understand that, lacking a perpetrator, I am the next visible target for your ire ... so I am taking your comments as predictions about society (as I'm sure you intended) rather than personal comments (as so many people are wont to read into e-mail these days). # I included his first two paragraphs here. My remailer is not a newspaper; rather it resembles the post-office, a phone switch, or the hole in the tree trunk in "To Kill a Mockingbird". All of these allow communication with some amount of anonymity selected by the sender (up to and including `no return address`). Newspapers have editors. There is a presumption of knowledge over their content. _Of course_ one sues such a publication for libel or error---they have advertised their control over their publication so that readers may trust in its verity and appropriateness. One _must_ sue when such a trusted publication causes damages. Angry people can 'cement over the hole', but it won't be because my remailer broke either faith or law.
I think the right answer is a remailer that logs,
Any phrase that starts with 'the right answer is' is questionable. If there were a 'right answer' for communication we would only need one of: newspapers, phones, tv's, postcards, conversations in the hall, pounding a broom handle on the ceiling, short-wave radio, ad infinitum. The right media depends on the situation and the people involved.
allows replies (like the finet one)
My remailer allows replies; the sender need only include a return address (possibly encrypted) exactly like the US Post Office. My service is completely different from the finet one. Julf's system requires its own machine and huge space resources for mapping tables. Such a system is beyond my resources.
and which opens up in the case of illegal postings, or any other postings that don't follow its rules.
My service conforms to this statement. I was---and am now---happy to help you resolve this issue to the best of my ability. I won't support, condone, or abet illegal activity; however, I can't and won't spy on law abiding users on the slim chance that I could detect illegal activity a priori. I will enact restrictions that prevent illegal activity whenever I can do so without impacting citizens (e.g., I can block addresses, etc.).
What you're doing is of little value.
It is unfortunate that your only contact with my remailer was of little (in fact negative) value to you. In in another situation you---as other people certainly do---might value it highly.
Anybody can post anon to USENET anyway, if they don't care about replies.
My remailer makes no provisions for posting to usenet. It is simply a remailer; it can do nothing that sendmail cannot do.
I am surprised you would take the risk to add no functionality.
One if by land; two if by the information super-highway. We're all together in this, ##### Brad Templeton wrote: ##### I thought it was for netnews, that is what I saw. Actually, anybody can do anon E-mail as well, but fewer know how. You are not a newspaper, but I truly believe you are taking on all the liability for bad things in the material remailed. ##### The End? ##### Scott Collins | "That's not fair!" -- Sarah | "You say that so often. I wonder what your basis 408.862.0540 | for comparison is." -- Goblin King ................|.................................................... BUSINESS. fax:974.6094 R254(IL5-2N) collins@newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2D Cupertino, CA 95014 ..................................................................... PERSONAL. 408.257.1746 1024:669687 catalyst@netcom.com
-----BEGIN PGP SIGNED MESSAGE----- Hello, all! The recent posting by Scott Collins about his remailer and the copyright incident illustrates several problems with the remailer system as I see it. I'll keep this brief, but I have a basic, low-level problem with all the remailers I have seen so far - until this issue is resolved, I will never have any faith in any remailer system whatsoever. Every one of the remailers I have seen in operation so far provides a 'real' address to the target system. That is, when (not if) someone is irritated by an anonymous posting, they have only to look in the message header to get an address for their hate mail, legal action, mailbombs, etc. This essentially co-opts the remailer operator along with the anonymous poster with regard to content. (Yes, yes, I *know* that the remailers are supposed to be 'anonymous Post Offices.') As Scott Collins' message explained, *he* (the remailer operator) is taking the heat for the alleged copyright violation, and his correspondent is not terribly impressed with Scott's protestations of innocence. Since Scott indicated that he keeps no logs, he is the sole target; this is grossly unfair to an individual who is trying to provide a service. (Yes, yes, 'Life ain't fair,' but sooner or later you're going to run out of martyrs who are willing to take the fall for abuses of their remailers...) Converseley, there may exist a set of remailer operators that *do* keep logs for the express purpose of dodging the bullet in cases like Scott's; if a message went through that generated enough heat, that sort of remailer operator would waste no time in compromising the poster's identity to get out of the hot seat. In my mind, then, the solution to these problems requires remailers that leave *no trace* of message origins, including the address of the remailer itself. If this is not possible, then I for one will employ other means for anonymous communication. This is not intended to present any specific remailer operator or group of operators in a bad light; in fact, I was particularly impressed by Scott's indication that he did not keep logs. I throw out these thoughts in the hope that they will be considered by the authors of remailer software. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn@dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbQJTgvlW1K2YdE1AQHcjwP6A/tU0zqYq49uh737+BsPMru+YKzWdri5 hgZHxi7r8+yLJKrntqRXUyKGCB2W6dBQ+n6jeOzb6/yXxbYTZ+8nLBpCi2f4ruVb 8j+wbiASs2XTwQv/Vdqfgflpjc28xKRudmZMDOhrf5k8Mh4VLQqAr9vZ6jOyIZRY mZCnJt6BW/U= =lnKI -----END PGP SIGNATURE-----
On Tue, 19 Apr 1994, Philippe Nave wrote:
Every one of the remailers I have seen in operation so far provides a 'real' address to the target system. That is, when (not if) someone is irritated by an anonymous posting, they have only to look in the message header to get an address for their hate mail, legal action, mailbombs, etc. This essentially co-opts the remailer operator along with the anonymous poster with regard to content. (Yes, yes, I *know* that the remailers are supposed to be 'anonymous Post Offices.') As Scott Collins' message explained, *he* (the remailer operator) is taking the heat for the alleged copyright violation, and his correspondent is not terribly impressed with Scott's protestations of innocence. Since Scott indicated that he keeps no logs, he is the sole target; this is grossly unfair to an individual who is trying to provide a service. (Yes, yes, 'Life ain't fair,' but sooner or later you're going to run out of martyrs who are willing to take the fall for abuses of their remailers...)
I disagree with Brad's interpretation. For example, if I photocopy a book and anonymously snail mail it to people, do you think the postal service is going to take the fall? Nope - they are just a carrier, and are not responsible for content. Like the common carriers - they just receive a message and pass it along. They aren't responsible for message content. If Brad Templeton's view of the world was the prevailing (or correct) one, then every common carrier in the country, including Ma Bell and the US Postal Service, would not exist, because they would've been sued out of existence long ago. Of course, this situation illustrates yet another interesting twist on the old "denial of service" attacks... I understand Brad's interest in making money from Clarinet's product (and I don't have a problem with him making money), but I think that this "scare tactic" is going a bit too far in protecting corporate revenue. -- Ed Carp, N7EKG/VE3 ecarp@netcom.com 519/824-3307 an88744@anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"
-----BEGIN PGP SIGNED MESSAGE----- Ed Carp writes :
On Tue, 19 Apr 1994, Philippe Nave wrote:
[concern about traceability of messages sent through remailers, and involvement of remailer operators in investigations]
I disagree with Brad's interpretation. For example, if I photocopy a book and anonymously snail mail it to people, do you think the postal service is going to take the fall? Nope - they are just a carrier, and are not responsible for content. Like the common carriers - they just receive a message and pass it along. They aren't responsible for message content. If Brad Templeton's view of the world was the prevailing (or correct) one, then every common carrier in the country, including Ma Bell and the US Postal Service, would not exist, because they would've been sued out of existence long ago.
The analogy comparing an anonymous remailer to the Postal Service breaks down at a key point, I think. The USPS is not held liable if I Xerox a book and mail it to someone, but the Postal Inspectors *are* expected to cooperate fully with law enforcement interests when such behavior is investigated. If we limit the discussion to content alone, there is not really any difference between an anonymous remailer and Netcom - if I send something I shouldn't through both systems, neither would logically be held responsible for the content. [This distinction was muddled in my original posting; the following is an attempt to clarify my position. A thousand pardons...] The anonymous remailer is supposed to be (as its name implies) a method for transferring data from one point to another with no identifying labels as to the origin of the data. Removing the original poster's ID and (essentially) replacing it with the remailer operator's ID does not accomplish a whole lot, in my view. When questions are raised about objectionable postings, the Internet community actually follows the 'Post Office' analogy closely, expecting the 'postmaster' to assist in the investigation. *This* is where the remailer operator becomes a martyr; the very nature of the remailer paradigm precludes the collection of data that would aid the investigation. We can debate whether it is reasonable for the Internet community to expect this sort of help, but we ourselves saw nothing wrong with asking (for example) Detweiler's postmaster to get his ravings off the Net. So, then, the remailer operator must walk an ethical tightrope - since the remailer is not truly anonymous (in the sense that messages simply *cannot* be traced), the operator must balance the ideal of anonymous communication against the realities of Internet connectivity. If I want to communicate anonymously without worrying about attacks on the remailer operator, it would seem that *complete* anonymity is required. Then, messages could be encrypted and bounced among remailers without exposure to the 'Achilles' Heel' address of the last remailer in the chain. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn@dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLbRHagvlW1K2YdE1AQEy6QQAxNuAdN9BYfiB8C7KmeNl3UeTUP2lE5K/ HQE+2AQzY7VdHGYSmPEevqneUqYhyKTu8QfM+M9hcIaNH4VyU1Y54ylqs+zKU+E5 WXYkJPH6/6a648ZAmM3jRi+mX1tNr4qIZGAiHMN7Nm0eNkYNkEuxEh05uYqkjKa3 67cddDb/NOM= =IgsE -----END PGP SIGNATURE-----
I understand your objections, but think about it this way: nothing in the world says that you have to put a return address on the envelope. Nothing in the world says that you have to present any form of ID in order to drop a letter into a postal box. Sure, the postal inspectors have to "cooperate", but if you drop a letter with no return address into a box, how could they trace it back to you? Are people going to say to the US postal folks, "hey, it's *your* fault that they didn't put a return address on their envelope!" I think not. Similarly, I think that anonymous remailers, like the post office, ma bell, etc., are common carriers. You can't have it both ways - either you are a common carrier and exercise no editorial control over what goes through your remailer, or you are a publisher, and are held to a certain degree of legal responsibility. Ed Carp, N7EKG/VE3 ecarp@netcom.com 519/824-3307 an88744@anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"
participants (3)
-
collins@newton.apple.com -
Ed Carp -
Philippe Nave