The Coming Police State
An alarmist title? Perhaps. But likely accurate. Since the theme of the upcoming Cypherpunks meeting on March 12th, with sites around the world tied together, is "politics" and since Eric Hughes has encouraged "rants," I'm making these comments now. The war is upon us. All _three_ of the major U.S. weekly news magazines have articles on cops in cyberspace, the threat of Clipper, and the fast computerization of the surveillance society. Books are being written on crypto issues (beyond the excellent Schneier book, I mean), and the issues have resonance amongst a skeptical public. Strange bedfellows, ranging from Pat Robertson and Phyllis Schlafly to civil libertarians on the other side have come out against Clipper. (I suspect had Bush won, Robertson and Schlaffly would be much quieter about Clipper, just as many Democrats are being somewhat circumspect in their criticisms of Clipper today. People need to realize this issue cuts across all party lines. Ditto for non-U.S. people as well, despite the U.S.-centric focus of these comments.) The Cypherpunks fill an important niche that none of the other major groups wants to--or are able to--fill. The EFF, CPSR, and ACLU have different skills than we have, have more money (we have _none_, of course, as an organization), and are mostly "centralized lobbying" groups (all are headquartered in Washington, D.C.). Cypherpunks are scattered around the world, with only this mailing list and the physical meetings creating any real nexus. By default, of course, the Bay Area has tended to dominate, in raw numbers, in physical meetings, and in the early history of the list, but hopefully this will change as the Cypherpunks continue to grow and as other sites become more active in their chose areas of expertise. And the Cypherpunks mailing list has an interactive mailing list filled with some of the world's best cryptographers and security experts (you know who you are), and several hundred creative folks, many of whom actually write code! Plenty of problems face us, but we have plenty of talent, too. And of course we have justice and the inevitability of technology on our side. IS A POLICE STATE REALLY COMING? "Not if we can help it," of course. But right now things look pretty grim. George Orwell got it mostly right, even in choosing a corporatist model of Britain as the setting instead of the more-expected Stalinist models of the time. (I'm an anarcho-capitalist, personally, so I have nothing against corporations _per se_. But I despise the situation of "state socialism," which is what fascism really is, in which corporations are given special rights and responsibilities in exchange for being supported or selectively rewarded by the State.) In the U.S. at least (and more on Europe and Asia later), the cyberspatial police state is no longer associated with just one political party. The Clipper program and Digital Telephony were started under the Reagan (probably_ and Bush (for sure) administrations, and now the Clinton and Gore folks have shown themselves to be enthusiastic supporters of Big Brother. The National Health Care program, perhaps temporarily stalled on a side street by the current Whitewater/Hillary circus, may have implications for this police state that are unclear....national ID cards, FinCEN-type monitoring of alcohol and tobacco purchases, even biometric identity systems. And the National Information Infrastructure, the NII, has the potential for further concentrating and regulating the presently anarchic networks. Driver's licenses for the information highway? Learner's permits? Revoked licenses for "hurtful speech" and other thoughtcrimes? WHAT ARE WE FACING? -- Digital Telephony II for easy access to _all_ communications channels. If this becomes law, expect all equipment makers to add wiretapping capabilities. All operating system makers may have to add tap points to allow government access (so much for "secure operating systems," such as Norm Hardy and others are working on). -- Clipper and its Big Brethren for easy access to the contents of files. The State will use its power to enforce standards, control exports, and punish corporations so as to ensure competitors do not arise. -- The likely criminalization (via civil forfeiture, a la the Drug War) of unapproved crypto alternatives. (As Whit Diffie has noted, this will not completely stop unapproved use, but will force it underground and marginalize it, causing most folks to so fear prosecution and forfeiture of their homes and companies that they'll avoid unapproved crypto and will help narc out others.) -- Expansion of these tools to other "New World Order" nations, including rapidly-developing systems in Germany, France, Britain, Japan, and other countries. (Reports of "family keys" being prepared for these countries, of restrictions on private use of crypto already in place in some of these countries, and of positive reaction to the American Clipper system.) -- The State getting involved in the "Digital Superhighway" increases the potential for licensing, control, speech codes, etc. For example, one can imagine "fair access" laws which ostensibly make getting on the Net easier and cheaper (not really, of course) but which come with strings attached. Limitations on pseudonyms, restrictions to only RSA-approved public keys (cf. a frightening proposal by Carl Malamud to "nationalize" public-key technology and then give every citizen his own public key...such a system would destroy most of the exciting possibilities some of us foresee and would create a complete surveillance market--this is just one possible future being bandied about by the technocrats and "policy wonks"). (I know some List members, especially those connected with the EFF, have a more charitable view of the NII. But even Mike Godwin has quipped about the "Digital Snooperhighway.") So, is it all hopeless? WHAT COULD DERAIL THE CYBERSPACE POLICE STATE? 1. Defeat of the Digital Telephony Bill. Groups like the EFF and CPSR effetively stopped the first attempt, but a new one was recently unveiled. In many ways, much worse than the first one. This one has to be stopped as well! (In general, all readers of this List should be signing the various petitions that come along, including the "I oppose Clipper" and "I support the Cantwell Bill" ones. You should make your own decisions, of course, but it is hard to imagine that any of you would be opposed to these sentiments. The key is to to make sure a significant fraction of you 700-800 readers sign these petitions! That's a hefty voting bloc, and would give Cypherpunks some additional respect or influence amongst the petition circulators.) 2. Work closely with EFF, CPSR, and other groups (ACLU?) in their efforts to stop these developments. Being that many of us know a fair amount about crypto, security, and computers, we could provide technical assistance to these organizations. (The Washington, D.C. group could, as we have often discussed, have an especially beneficial effect on the debate, as Congressional staffers could be brought up to speed by Cypherpunks in the area. Be sure to concentrate equally on Republicans and right wingers as on Democrats and left wingers!) (In my opinion, our "outlaw" image continues to serve us well. While the "suits" talk to Congresscritters, there's still a role to be played for more guerilla-oriented folks such as ourselves. Sure, there's a downside, and not all are comfortable being portrayed as "anarchists" or "cypher criminals," but that's how we got started--not that we are all either anarchists or criminals!--and there's been little pressure to change. For now, it lets us play a kind of "good cop-bad cop" game....or, "hybrid vigor," with the Cypherpunks filling a different niche than the suits of EFF and CPSR fill.) 3. Widespread repudiation of the Clipper program and its evil Big Brethren, the Capstone, Skipjack, Tessera, "iPower," and related technologies. We talk about Clipper a lot here, and about ways to defeat it, so I won't go into this here. 4. Active sabotage, to include: - Boycotts of AT&T for building Clipperphones, of VLSI Tech for building the Mykotronx chips, of National Semiconductor for building the "iPower" PCMCIA card, and of others who are becoming known for being involved (more on this later, when I am liberty to say more). (My old company, Intel, is a 20% owner of VLSI Tech, actual manufacturer of the Clipper chip--draw your own conclusions.) - "Big Brother Inside" stickers. Thanks to the several of you who actually got these stickers _made_....it was at the special meeting last April that I drew this logo on the whiteboard and then did a posting of the ASCII design. While I will not encourage you to surreptitiously place these stickers on boxes containing the products of the aforementioned companies, let your conscience be your guide. Wink. - Ridicule and "psychological warfare." I upset a few people when I called this "disinformation" a while back. I don't mean actual lies, but, rather, *creative speculation* and the sowing of doubts in people's minds. For example, most of us (safe to say, I think) understand that the real danger, the real threat, of Clipper is the imminent outlawing of alternatives to Clipper. We understand this even though the "facts" on Clipper are nominally that Clipper will be "voluntary." We "know" this is not so, both in terms of reasonable historical projections and in terms of the already-developing policies on exports which will make non-Clipper schemes much harder to export than Clipper. Hence, we need to "fill in the gaps" for people and point out to them that crypto alternatives to Clipper are likely to be banned or otherwise made nearly impossible to use. This banning may happen in various ways, ranging from outright bans on non-escrow crypto methods (yes, enforcement difficulties abound) to use of RICO and conspiracy laws to effectively make alternatives to Clipper too difficult to use--how'd you like to face subpoena of your bank records or IRS visits everytime a non-Clipper crypto scheme was detected? (IRS is understaffed, so this won't be trivial, but other things may be possible.) - Help to convince companies _not_ to use Clipjacked phones. Ideally, create a mood in which the use of Clipper marks one as a stooge of Big Brother and as not having a good work environment. (This can begin to work as potential hires ask pointedly, for example, about the Clipper policy of the company.) - Talks with journalists. We can reach far more people this way than by nearly anything else we do. Steven Levy will be at the Saturday meeting, preparing both an article on these issues, and a book for future publication (being an optimist, even I don't believe he'll be barred from publishing such a book). Other journalists are similarly interested. And the coverage by the major news magazines and newspapers is increasing, as noted above. WHAT ELSE CAN WE DO? - Increase deployment of crypto tools. Get the genie _all of the way_ out of the bottle. Make outlawing crypto too painful. Integrate PGP with standard mailers (a project that's been stalled for more than a year now). - Voice PGP or similar. A half-dozen projects are reportedly in various stages of completion. 486 PC prices are dropping into the noise, so that even dedicated Mac users (like me) can consider buying a 50 MHz or better 486 box and using it with a SoundBlaster-type processor card. But when will these systems actually appear? Time is of the essence. - New systems. I've said it before: we had some early wins with the Cypherpunks remailers, but follow-ons have been slow in coming. We often see a spate of good ideas--such as on digital money, or steganography, or the like--but then these ideas don't become "standards." This could be for a variety of reasons, so I'm not casting stones here. But it's a phenomenon we should think about and try to resolve. Let's find a way to get more "outposts" in cypherspace built, deployed, and maintained. Voice PGP, as mentioned above, would be a natural one. - Remailer sites in non-U.S. countries. This needs to be a higher priority. Get a robust remailer, using PGP or ViaCrypt PGP (for bulletproof legality reasons), in at least a dozen countries. Digital postage will help incentivize remailer operators to get into the business, to maintain the systems in a less-lackadaisical way (no offense, but seeing remailers drop like flies as student accounts expire or vanish mysteriously is not confidence-building). The "second generation remailer" stuff needs to be incorporated at least partly. - Private networks, like Little Garden, offer greater robustness against intrusions by regulatory authorities. The more of these ad hoc, anarchic nets, the less chance the State will have of (somehow) nationalizing or otherwise taking control of them. Especially if nodes are outside the U.S. - Several of us have expressed some serious interest in leaving the U.S., for various reasons. I am one of these folks. Many issues here, but creating more offshore locales for Cyperpunks activity, with good connections to other Nets, lots of encryption, etc., will be helpful. (Compiling a kind of "Cyberspace Retirement Places Rated" database is one project I am thinking of taking on after I finish the Cypherpunks FAQ. Lists of various places, their local laws and policies, tax situation, extradition treaties with the main police states, Net connections, etc. Maybe even some R&D trips down to the Caymans, Turks and Caicos Islands, Belize, etc. Contact me if interested.) - "Active Measures." More covert efforts to disrupt Clipper-type activities. Use your own imagination here. - Research the deep and disturbing links between various government programs. FinCEN and the siphoning-off of S&L funds by CIA proprietaries, the NSA's economic intelligence units and the surveillance of business dealings, the infiltration of Silicon Valley companies by government "sheep-dipped" agents, the links between the NSA and the German Bundesnachrichtendienst, the links between the Witness Protection Program and the three main credit reporting agencies (to falsify credit records, to hide assets, etc.). Granted, some of this stuff borders on "conspiracy theory" (a hobby of mine, perhaps unsurprisingly). But a lot of it is substantiated, if one knows where and how to look. James Bamford has been quoted as saying that he could fill an entire new book with the machination of the Surveillance State. And a lot more.... CONCLUSIONS We are at one of those important cusp points in history. The technologies of networks and of encryption make it very easy for exciting new structures to develop (cryptoanarchy, privacy, transnational entities, persistent organizations, anonymous systems, digital banks). But the same technologies make it possible for a cyberspatial police state to develop. The race is on. Some on this list (sometimes me, too) say "We've already won." Duncan Frissell and Sandy Sandfort often point out just how unenforceable the existing laws are, how few people comply with the tax laws, and how the internationalization of commerce has made national borders into permeable membranes. As I like to say, in my .sig, "National borders are just speed bumps on the information highway." But there are dangers of a repressive crackdown brought on by these new technologies, or as a _result_ of them. National ID cards like the "baby blue" cards the French are preparing, could allow checkpoints at all points-of-sale terminals (gotta collect sales tax, you know), monitoring of health status, and all sorts of other "security state" (both sense of the word) accouterments. The long-rumored "ban on cash" could occur, with draconian penalties for illicit cash (tax-avoiding!) transactions...confiscation of property works well here. (Some of the very same things that the crypto enthusiasts advocate, like ATMs tied to offshore bank havens, could actually be the reason cash is banned. That is, maybe they can't stop you from accessing your Bank of Caicos account, but they sure can try to make it hard for you to spend you CaicosCredits!) Who will win? I hope we will. But even the optimists--in whose camp I place myself--must surely concede the victory will not come without effort. We Cypherpunks may be remembered by generations hence as the MinuteMen of this revolution. --Tim May, who hopes to see many of you, physically or virtually, at the Saturday meeting. .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
Mr. May's rant was very inspiring I must say. Got me thinking on a few ideas here. Myself bieng a rather unorganized person, I'll just present these ideas in a spontaneous order. The idea of cheap, anarchist, free, toasternets, which are under the control of those supporting anonimity, encryptian services etc. is something that interests me a great bit. A system that can provide truly secure anon-remailers, because even the sysop deletes records and doesnt read them, is promising. I myself am trying to start such a system with some of my freinds throughout the net. Here are some ideas we are kicking around. First, we would need a IP connection, preferably one that is from a rather free, or non-questioning source. We may have one set up in the future from a fellow ex-hacker(as if you can ever be a ex-hacker) turned businessman. A connection that would bewilling to stand up to some pressure from authorities is desirable, otherwise as soon as you cause a stir, you may just find that your feed is costing a bit too much, or that you just cant seem to get the feed working properly etc...use your paranoia here. So really a symp[athetic source is really desirable in this case, since we most likely will be playing in the realm of the grey-legal areas. My personal opinion is to operate such a crypto-net with a double-blind, so that we running it cannot know the true addres of the users, only enuff to bill them if so desired. This way no records could be seized, and noone can be forced to reveal user names etc.. It would protect both the usrs, and suppliers. If billing is needed, then someone would need to help set up a accounting system that relies simply on anon-numbers, and such. Also, perhaps providing very secure, well-encrypted, and veryvery private space on a system would be helpful. maybe charging for a ten meg box that is fully encrypted with the users key, that only he can acces. Not even the system operators could read the contents. Once agin this protects both parties. And if somehow the telephony bill goes thru, lets pray it doesnt, than tap-proof storage would be a hot commodity for many people, but it would raise some serious legal questions for the suppliers. Now after a few of these nets are established, we could provide various other services. I think perhaps encrypted telnets between them, or automated chaining of remailers, etc.. Perhaps a large group of such crypto-nets could have a greater impact on the surveilance, s they could provide support for one another, as well as spreading the noise around a bit more. I also think that once they are spr4ead we could work together to allow more and more people acces to local dial-ups that allow anonimity. Meaning perhaps with much work we could coat the globe with the ability for people to have a completely anon account, still billed if desired, from any site. This would be a great feat IMO, as I myself find it difficult at times to find dial-ups in places I visit, and a anon dial-up would be a greeat boon. My personal philosophy that guides my actions is that as a service provider I do not need to know the name etc.. of the user, as long as I can bill him if needed. There is no need for me to know wht he is doing, o where he is telnetting to etc. With this in mind, I hope to be able to set-up a crypto-net, or as us romantic Sci-Fi fans call them, Data-haven 8) You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary----
Grand Epopt Feotus writes:
Mr. May's rant was very inspiring I must say. Got me thinking on a few ideas here. Myself bieng a rather unorganized person, I'll just present these ideas in a spontaneous order.
Thanks. As longtime readers of Cypherpunks will know, I used to write more such articles. It's hard to keep saying the same things, though, so many of the early members don't write as much as they used to. The upcoming special meeting was enough of a motivation to inspire a longer essay than usual these days.
The idea of cheap, anarchist, free, toasternets, which are under the control of those supporting anonimity, encryptian services etc. is something that interests me a great bit. A system that can provide truly secure anon-remailers, because even the sysop deletes records and doesnt read them, is promising. I myself am trying to start such a system with some of my freinds throughout the net. Here are some ideas we are kicking around.
Anyone contemplating a "Mom and Pop remailer" should also think about implementing the basic features of an "ideal mix," the remailer mix scheme described by David Chaum in his 1981 "Communications of the ACM" paper. It's been discussed here many times, particularly by Hal Finney and myself, and others, in exchanges about the properties remailers (mixes) should have. I recently wrote a long article on "Remailers: The Next Generation," which you may want to reread. Of course, truly good remailers open up the operators for interesting liability issues, lacking the ability to log users and isolate problem users or recipients. Just so you're ready for this.
My personal opinion is to operate such a crypto-net with a double-blind, so that we running it cannot know the true addres of the users, only enuff to bill them if so desired. This way no records could
Not as secure as a real mix needs to be. If you can bill them, you can trace them. Unless a form of digital postage is used, so that no billing is needed (and hence no logging, tracing).
protect both the usrs, and suppliers. If billing is needed, then someone would need to help set up a accounting system that relies simply on anon-numbers, and such.
Well, there's the rub, isn't it?
Also, perhaps providing very secure, well-encrypted, and veryvery private space on a system would be helpful. maybe charging for a ten meg box that is fully encrypted with the users key, that only he can acces.
The obvious question: why would Joe User want storage space on someone else's system when he could encrypt on his own system? Unless you plan to locate the storage space outside the U.S. legal jurisdiction, which is where things get interesting of course. (I know some folks who've been talking about doing this for years now.)
Not even the system operators could read the contents. Once agin this protects both parties. And if somehow the telephony bill goes thru, lets pray it doesnt, than tap-proof storage would be a hot commodity for many people, but it would raise some serious legal questions for the suppliers.
Which is the rationale for multi-jurisdictional sites, to preclude legal actions from succeeding. Then it's between the user and the authorities alone as to what he's doing making a connection and sending encrypted stuff (or not encrypted, if code books and/or zero knowledge approaches are used).
Now after a few of these nets are established, we could provide various other services. I think perhaps encrypted telnets between them, or automated chaining of remailers, etc.. Perhaps a large group of such
Yes, this is the whole idea, the whole motivation for the existing web or Cyperpunks remailers. Strenght in numbers, really _big_ numbers.
My personal philosophy that guides my actions is that as a service provider I do not need to know the name etc.. of the user, as long as I can bill him if needed. There is no need for me to know wht he is doing, o where he is telnetting to etc. With this in mind, I hope to be able to set-up a crypto-net, or as us romantic Sci-Fi fans call them, Data-haven 8)
I wish you well. Some fortunes will someday be made by people who actually do provide such services. Many have talked about it, some are playing around with remailers (no insult intended--play is good), but no "commercial services" have yet appeared. Data havens, a la Sterling, or even a la BlackNet, are indeed one such market. Probably not the first, though. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
On Thu, 10 Mar 1994, Timothy C. May wrote:
Anyone contemplating a "Mom and Pop remailer" should also think about implementing the basic features of an "ideal mix," the remailer mix scheme described by David Chaum in his 1981 "Communications of the ACM" paper. It's been discussed here many times, particularly by Hal Finney and myself, and others, in exchanges about the properties remailers (mixes) should have. I recently wrote a long article on "Remailers: The Next Generation," which you may want to reread.
I myself am very new to the net, and also to crypto, soI have not seen these papers before. Is ther an archive where I could find them? Or could you possibly mail me a copy of your "Remailers: The Next Generation" if it is not already archived someplace I could find it. I do have a fw questions about remailers myself actually. Would I still be able to recieve mail at my account? Just how much attention does it bring? Is it feasible for a student on a conservative system(read fascist) to get away with a low profile one? I know low profile is not the goal, but I do want to help if possbile.
Of course, truly good remailers open up the operators for interesting liability issues, lacking the ability to log users and isolate problem users or recipients. Just so you're ready for this.
this is a concern of mine actually. I am really more worried about what would happen to fellow cypherpunks interested in this if the prototypes were quickly attacked by the law, than wether I would get in trouble or not. I myself am rooted in the U.S. as far as the forseeable future goes, so I definetly need to consider these things. What would be the legal implications of me operating a site with a physical location outside the U.S. from a site in the U.S. By telnetting to it or something? Would that system be subject to the laws of my nation, or would the be subject to the nation of there physical location. hehe, actually this may be a good idea, just to add to legal confusion for the lawyers to shovel thru if they want to get to me or the system. This way we could have a foreign IP addres, a US operator and perhaps users from various nations, rendering us a nice thick soup of legalities.
The obvious question: why would Joe User want storage space on someone else's system when he could encrypt on his own system? Unless you plan to locate the storage space outside the U.S. legal jurisdiction, which is where things get interesting of course. (I know some folks who've been talking about doing this for years now.)
Yeah it would be hairy at the least. Well one reason to allow storage space is for those who do not have a system at home, students using labs, those who only acces is on a company machine, which could easily be watched, or if encryptian becomes illegal, or heavily restricted, it would take pressure off of some people to let someone else hold the evidence so to speak. I never thought of putting it outside US jurisdiction myself, but it's a good idea, hmmm.
Yes, this is the whole idea, the whole motivation for the existing web or Cyperpunks remailers. Strenght in numbers, really _big_ numbers.
This reminds me of something, what is the policy towardsreposting letters here to various boards on BBSs where there may be interested people? Like would you mind if I posted your rant there? I have posted a few things from cypherpunks already, like anon-remailerinfo and how to use and set-up one, in the Undergroud Forum on ISCA, which is a very big system. I would think it is welcomed but thought I should check it out. I think that the more people you touch the more people you'll eventually have involved more deeply.
Data havens, a la Sterling, or even a la BlackNet, are indeed one such market. Probably not the first, though.
gee, can you tell I just finished Islands In The Net 8) hehe. Amazing the power of a meme huh? You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary----
Grand Epopt Feotus wrote:
I myself am very new to the net, and also to crypto, soI have not seen these papers before. Is ther an archive where I could find them? Or could you possibly mail me a copy of your "Remailers: The Next Generation" if it is not already archived someplace I could find it. I do have a fw questions about remailers myself actually. Would I still be able to recieve mail at my account? Just how much attention does it bring? Is it feasible for a student on a conservative system(read fascist) to get away with a low profile one? I know low profile is not the goal, but I do want to help if possbile.
Briefly: 1. Many articles and papers are available at the soda.berkeley.edu site, in pub/cypherpunks. Look around there. The 1981 Chaum paper is not (too many equations for easy scanning), but the 1988 paper on Dining Cryptographers Nets is. 2. The "online gneration" tends to want all material online, I know, but most of the good stuff is to be found in paper form, in journals and books. This is likely to be the case for many years to come, given the limitation of ASCII, the lack of widespread standards (yes, I know about LaTex, etc.), and the academic prestige associated with bound journals and books. Fortunately, you can _all_ find university libraries within driving range. Take my advice: if you do not spend at least an entire Saturday immmersing yourself in the crypto literature in the math section of a large library, perusing the "Proceeedings of the Crypto Conference" volumes, scanning the textbooks, then you have a poor foundation for doing any crypto work. (Epopt is in Delaware, he has said, and his email address confirms. U. of Delaware will surely have CACM, and probably the main crypto books. If not, Princeton is not too far away.) 3. Schneier's book is another essential place to look (though he spends little space on DC Nets). Brassard's little book is also nice. 4. I will forward to Epopt (is this a name or an Illuminati title?) a copy of my article on Second Gen. remailers. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
The obvious question: why would Joe User want storage space on someone else's system when he could encrypt on his own system?
Reliability in case of disk failure. Disk failure includes disk seizure. My private keys ought well to exist somewhere other than in their usual place of residence and around that physical environs. Likewise, they ought to be stored somewhere other than publically known storage locations like safe deposit boxes. And private keys are ony the first sort of sensitive data whose loss has extremely large consequences. And, as Tim points out, if the data site if offshore, so much the better. Eric
- New systems. I've said it before: we had some early wins with the Cypherpunks remailers, but follow-ons have been slow in coming. We often see a spate of good ideas--such as on digital money, or steganography, or the like--but then these ideas don't become "standards." This could be for a variety of reasons, so I'm not casting stones here. But it's a phenomenon we should think about and try to resolve. Let's find a way to get more "outposts" in cypherspace built, deployed, and maintained. Voice PGP, as mentioned above, would be a natural one.
- Remailer sites in non-U.S. countries. This needs to be a higher priority. Get a robust remailer, using PGP or ViaCrypt PGP (for bulletproof legality reasons), in at least a dozen countries. Digital postage will help incentivize remailer operators to get into the business, to maintain the systems in a less-lackadaisical way (no offense, but seeing remailers drop like flies as student accounts expire or vanish mysteriously is not confidence-building). The "second generation remailer" stuff needs to be incorporated at least partly.
Just to throw some statistics into the works here. I've been keeping logs of usage of my remailer and my remailer list server... (which I know is horribly uncypherpunkish- unfortunantly I've found it to be necessary. (Originally, I had no logs.) Every few days, someone will toss a screwball message into my mail filter that doesn't have the proper headers and it'll foul things up. For example, today I got a message from "xxx@cosmos". His mailer did not use the FQDN... I get a lot of other crap like that too.) But the logs provide some relevant statistics... In the last two weeks, I've had requests for the remailer list requests from: Unknown country (ie .com .org .edu), probably mostly US, but not necessarily: 77 (breakdown: .com 25 .edu 43 .org 3 .net 6) .gov: 1 (nasa, btw) .ca 9 .uk 6 .de 6 .au 3 .it 1 .se 1 .ch 1 .nl 1 .no 1 ---- Total requests: 107 The problem is not lack of interest, but lack of usage. These stats are just for the last two weeks (2/24-3/10); my software has been operational for more than a month. Probably close to 200 people have requested the info. I think it would be a fair assumption to say that most never used a remailer or just experimented with it once or twice. Probably only a small fraction actually used one of the remailers. I suppose the learning curve is just too steep for most people, or the remailers are just too much trouble, or they're just not useful enuf. Of these 107, only 16 got an anon address from my remailer. Even fewer tried using it. And although I mention where to get the software, exactly zero of my 100+ interested people have actually set up a remailer themselves. And the hacktic.nl never seems to have gotten off the ground either. (And the caltech remailer seems to be gone. :( And I'm using too many ands.:) I agree, we need more remailers outside of the US. But I think we need more than just remailers. We have remailers. We have software. We need a PLAN.
participants (4)
-
Grand Epopt Feotus -
hughes@ah.com -
Matthew J Ghio -
tcmay@netcom.com