Rotenberg as the Uber Enemy
I suppose I am developing a reputation amongst the Inside the Beltway Cyber Rights Groups (tm) as a pain in the ass, but nearly everytime I see one of their chief spokeswonks giving a policy statement I realize they are "not on my side." The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases..... Incredible. Does he propose investigations of private data gathering? Perhaps search warrants served on those who take public postings and construct data bases? Look, I'm annoyed by getting 5-10 "unwanted" spam messages a day. But I realize the "spammers" are merely taking publicly available (= legally available, as 99.99% of all such information is) information and using legal channels to contact me. I may not "like" it, but their behavior is as legal as someone calling me on the phone. (And ny nearly any measure of hassle factor, dashing to get to the phone only to find it's a salesman selling something I don't want is worse than any 20 unwanted e-mail messages.) So, Marc Rotenberg wants Congress to "look into" (= interfere with) compilation and use of public information. These people are NOT our allies. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
From a libertarian perspective, EPIC is good on everything but privacy. On
Unfortunately, Tim is letting a rant get in the way of reality. A shame, really, for he's capable of better. Let me respond. I may not be very cordial. We lost tonight's soccer game (goddamn wimpy libertarians) and went to some cheezy Crystal City sports bar afterwards. I just got back home, and it's 3:20 am... Anyway, Rotenberg and EPIC are not the Uber Enemy. Rather, they disagree with cypherpunk and libertarian positions on some issues. So we have issue-by-issue alliances with them. Let's break it down: ------------------------------ CRYPTO: EPIC takes a purist civil liberties approach to crypto. They've been the ones criticizing the SAFE "crypto in crime" provisions. Did the latest VTW alert sent out today even mention that portion of the bill, let alone criticize it? ANONYMITY: No other group in DC is such a staunch supporter of online anonymity publicly, though look for something from Cato soon. In fact, I linked to EPIC's copy of the McIntyre decision for my Friday Netly piece. Many business groups don't like anonymity online -- hurts the marketeers. FREE SPEECH: EPIC is co-counsel in ACLU lawsuit against CDA. I believe they've said some of the anti-spam legislation is unconstitutional. FOIA: David Sobel does fabulous work snagging government documents the spooks don't want released. PRIVACY: EPIC wants more Federal involvement to protect privacy and a Federal Privacy Commission (or something similar). Lots of laws, bureaucracies. Though EPIC does realize there's a First Amendment; other privacy groups are even more aggressive. EPIC is of course on the side of libertarians when it comes to government violations of privacy. ------------------------------ that they want Big Government solutions. But that doesn't mean we reject and condemn what they do on other issues. Do we reject Eagle Forum's anti-Clipper endorsement because they're a bunch of ultraconservative wackos? Do we reject the National Organization for Women's position on the CDA as bad because they're a bunch of ultraliberal wackos? How about the National Association of Broadcaster's amicus brief against the CDA? The Christian Coalition rejecting a national ID cards and numbers? Ralph Nader wanting open access to government databases? No. We don't. Instead, we address this issue by issue. EPIC and Rotenberg are not always, but are often, our allies. -Declan On Fri, 30 May 1997, Tim May wrote:
I suppose I am developing a reputation amongst the Inside the Beltway Cyber Rights Groups (tm) as a pain in the ass, but nearly everytime I see one of their chief spokeswonks giving a policy statement I realize they are "not on my side."
The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases.....
Incredible. Does he propose investigations of private data gathering? Perhaps search warrants served on those who take public postings and construct data bases?
Look, I'm annoyed by getting 5-10 "unwanted" spam messages a day. But I realize the "spammers" are merely taking publicly available (= legally available, as 99.99% of all such information is) information and using legal channels to contact me. I may not "like" it, but their behavior is as legal as someone calling me on the phone.
(And ny nearly any measure of hassle factor, dashing to get to the phone only to find it's a salesman selling something I don't want is worse than any 20 unwanted e-mail messages.)
So, Marc Rotenberg wants Congress to "look into" (= interfere with) compilation and use of public information.
These people are NOT our allies.
--Tim May
There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- At 09:59 AM 5/31/97 -0400, Marc Rotenberg wrote:
Btw - Declan's summary of our views on privacy below are just silly. Many of the greatest defenders of First Amendment freedoms have also felt most strongly about the right of privacy. The question is always how you protect rights. Perhaps libertarians would do away with all laws that protect personal freedoms. Bad call.
Of course the beloved Eurocratic method of protecting privacy in the computer age is to require registration of all computers and databases which store discrete information about individuals. Register Communists Not Computers!* DCF *Just kidding. Commies shouldn't have to register either. -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQCVAwUBM5BAHoVO4r4sgSPhAQFJYgP/bnVFsw+gSdbblQ0QEjkcZOV+H1FOUIoZ TJ+hM+3CjtfjBuKqZ3+Y8Y5fb2Bqt06BgYmwhUx60HLhRFFwUPuwDqqaYE+6LGAr qyHkJBQjsbmvatTYAY6LWhijAVsDuHvJXHjWiyTKIwwTk71h+wSl1EGrPMYjr5jk c1yLnYQ6i9U= =zUYB -----END PGP SIGNATURE-----
People who are interested in why I am pro-individual freedom but not anti-government should take a look a my piece in Wired "Eurocrats Do Good Privacy." [4.05] I spent a year working for a good crypto policy at the OECD. During that time I watched European government officials argue for constitutional freedoms and against key escrow, while business representatives quietly backed the US GAK plan. Welcome to the real world. Marc. Btw - Declan's summary of our views on privacy below are just silly. Many of the greatest defenders of First Amendment freedoms have also felt most strongly about the right of privacy. The question is always how you protect rights. Perhaps libertarians would do away with all laws that protect personal freedoms. Bad call. At 3:21 AM -0400 5/31/97, Declan McCullagh wrote:
Unfortunately, Tim is letting a rant get in the way of reality. A shame, really, for he's capable of better. Let me respond. I may not be very cordial. We lost tonight's soccer game (goddamn wimpy libertarians) and went to some cheezy Crystal City sports bar afterwards. I just got back home, and it's 3:20 am...
Anyway, Rotenberg and EPIC are not the Uber Enemy. Rather, they disagree with cypherpunk and libertarian positions on some issues. So we have issue-by-issue alliances with them. Let's break it down:
------------------------------ CRYPTO: EPIC takes a purist civil liberties approach to crypto. They've been the ones criticizing the SAFE "crypto in crime" provisions. Did the latest VTW alert sent out today even mention that portion of the bill, let alone criticize it?
ANONYMITY: No other group in DC is such a staunch supporter of online anonymity publicly, though look for something from Cato soon. In fact, I linked to EPIC's copy of the McIntyre decision for my Friday Netly piece. Many business groups don't like anonymity online -- hurts the marketeers.
FREE SPEECH: EPIC is co-counsel in ACLU lawsuit against CDA. I believe they've said some of the anti-spam legislation is unconstitutional.
FOIA: David Sobel does fabulous work snagging government documents the spooks don't want released.
PRIVACY: EPIC wants more Federal involvement to protect privacy and a Federal Privacy Commission (or something similar). Lots of laws, bureaucracies. Though EPIC does realize there's a First Amendment; other privacy groups are even more aggressive. EPIC is of course on the side of libertarians when it comes to government violations of privacy. ------------------------------
From a libertarian perspective, EPIC is good on everything but privacy. On that they want Big Government solutions.
But that doesn't mean we reject and condemn what they do on other issues. Do we reject Eagle Forum's anti-Clipper endorsement because they're a bunch of ultraconservative wackos? Do we reject the National Organization for Women's position on the CDA as bad because they're a bunch of ultraliberal wackos? How about the National Association of Broadcaster's amicus brief against the CDA? The Christian Coalition rejecting a national ID cards and numbers? Ralph Nader wanting open access to government databases?
No. We don't. Instead, we address this issue by issue. EPIC and Rotenberg are not always, but are often, our allies.
-Declan
On Fri, 30 May 1997, Tim May wrote:
I suppose I am developing a reputation amongst the Inside the Beltway Cyber Rights Groups (tm) as a pain in the ass, but nearly everytime I see one of their chief spokeswonks giving a policy statement I realize they are "not on my side."
The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases.....
Incredible. Does he propose investigations of private data gathering? Perhaps search warrants served on those who take public postings and construct data bases?
Look, I'm annoyed by getting 5-10 "unwanted" spam messages a day. But I realize the "spammers" are merely taking publicly available (= legally available, as 99.99% of all such information is) information and using legal channels to contact me. I may not "like" it, but their behavior is as legal as someone calling me on the phone.
(And ny nearly any measure of hassle factor, dashing to get to the phone only to find it's a salesman selling something I don't want is worse than any 20 unwanted e-mail messages.)
So, Marc Rotenberg wants Congress to "look into" (= interfere with) compilation and use of public information.
These people are NOT our allies.
--Tim May
There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
================================================================== Marc Rotenberg, director * +1 202 544 9240 (tel) Electronic Privacy Information Center * +1 202 547 5482 (fax) 666 Pennsylvania Ave., SE Suite 301 * rotenberg@epic.org Washington, DC 20003 USA + http://www.epic.org ==================================================================
I'm now more awake than I was before, and a little less flippant, so let me try to respond to Marc's statement saying my summary of his "views on privacy below are just silly." The initial question has to be not how you protect rights, but how you define them. For example, we have a right to speak freely; there should be strict limits on government controls on free expression or the press. The state has unique powers of coercion. Similarly, there should be strict limits on government collection of personal data about its citizens. But transactional privacy is a different matter. Sure, we may generally agree that privacy is the famous "right to be left alone," but how does that extend to what happens when I make an affirmative choice to connect to a web site that might record some info about my visit -- as an alternative to charging me? Nobody's forcing me to visit that site. That's why I'm starting to come around to the idea that privacy is not a universal right but a preference. We need a market in privacy, not inflexible FTC rulemaking. Oh, and the much-touted European Privacy Directive has made it near-impossible to exchange employee information between branches of the same firm that are physically in different countries. Bad move, Eurocrats. -Declan On Sat, 31 May 1997, Marc Rotenberg wrote:
People who are interested in why I am pro-individual freedom but not anti-government should take a look a my piece in Wired "Eurocrats Do Good Privacy." [4.05]
I spent a year working for a good crypto policy at the OECD. During that time I watched European government officials argue for constitutional freedoms and against key escrow, while business representatives quietly backed the US GAK plan. Welcome to the real world.
Marc.
Btw - Declan's summary of our views on privacy below are just silly. Many of the greatest defenders of First Amendment freedoms have also felt most strongly about the right of privacy. The question is always how you protect rights. Perhaps libertarians would do away with all laws that protect personal freedoms. Bad call.
At 3:21 AM -0400 5/31/97, Declan McCullagh wrote:
Unfortunately, Tim is letting a rant get in the way of reality. A shame, really, for he's capable of better. Let me respond. I may not be very cordial. We lost tonight's soccer game (goddamn wimpy libertarians) and went to some cheezy Crystal City sports bar afterwards. I just got back home, and it's 3:20 am...
Anyway, Rotenberg and EPIC are not the Uber Enemy. Rather, they disagree with cypherpunk and libertarian positions on some issues. So we have issue-by-issue alliances with them. Let's break it down:
------------------------------ CRYPTO: EPIC takes a purist civil liberties approach to crypto. They've been the ones criticizing the SAFE "crypto in crime" provisions. Did the latest VTW alert sent out today even mention that portion of the bill, let alone criticize it?
ANONYMITY: No other group in DC is such a staunch supporter of online anonymity publicly, though look for something from Cato soon. In fact, I linked to EPIC's copy of the McIntyre decision for my Friday Netly piece. Many business groups don't like anonymity online -- hurts the marketeers.
FREE SPEECH: EPIC is co-counsel in ACLU lawsuit against CDA. I believe they've said some of the anti-spam legislation is unconstitutional.
FOIA: David Sobel does fabulous work snagging government documents the spooks don't want released.
PRIVACY: EPIC wants more Federal involvement to protect privacy and a Federal Privacy Commission (or something similar). Lots of laws, bureaucracies. Though EPIC does realize there's a First Amendment; other privacy groups are even more aggressive. EPIC is of course on the side of libertarians when it comes to government violations of privacy. ------------------------------
From a libertarian perspective, EPIC is good on everything but privacy. On that they want Big Government solutions.
But that doesn't mean we reject and condemn what they do on other issues. Do we reject Eagle Forum's anti-Clipper endorsement because they're a bunch of ultraconservative wackos? Do we reject the National Organization for Women's position on the CDA as bad because they're a bunch of ultraliberal wackos? How about the National Association of Broadcaster's amicus brief against the CDA? The Christian Coalition rejecting a national ID cards and numbers? Ralph Nader wanting open access to government databases?
No. We don't. Instead, we address this issue by issue. EPIC and Rotenberg are not always, but are often, our allies.
-Declan
On Fri, 30 May 1997, Tim May wrote:
I suppose I am developing a reputation amongst the Inside the Beltway Cyber Rights Groups (tm) as a pain in the ass, but nearly everytime I see one of their chief spokeswonks giving a policy statement I realize they are "not on my side."
The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases.....
Incredible. Does he propose investigations of private data gathering? Perhaps search warrants served on those who take public postings and construct data bases?
Look, I'm annoyed by getting 5-10 "unwanted" spam messages a day. But I realize the "spammers" are merely taking publicly available (= legally available, as 99.99% of all such information is) information and using legal channels to contact me. I may not "like" it, but their behavior is as legal as someone calling me on the phone.
(And ny nearly any measure of hassle factor, dashing to get to the phone only to find it's a salesman selling something I don't want is worse than any 20 unwanted e-mail messages.)
So, Marc Rotenberg wants Congress to "look into" (= interfere with) compilation and use of public information.
These people are NOT our allies.
--Tim May
There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
================================================================== Marc Rotenberg, director * +1 202 544 9240 (tel) Electronic Privacy Information Center * +1 202 547 5482 (fax) 666 Pennsylvania Ave., SE Suite 301 * rotenberg@epic.org Washington, DC 20003 USA + http://www.epic.org ==================================================================
At 12:02 PM -0700 5/31/97, Marc Rotenberg wrote:
Back to Tim's original point, I wonder if he knows that the P-TRAK data that Lexis/Nexis said was "public information" was actually taken from credit reports collected and sold by TransUnion. TU was able to sell the data because of a loophole in the Fair Credit Reporting Act. Sure, you post to the net that's public, but a lot of data collection is much more sleazy.
In my view, the Fair Credit Reporting Act is an unconstitutional restriction on my right to compile records as I see fit. Under the FCRA, if I take newspaper reports and public filings, for example, of someone's bankruptcy in 1985 and make this part of "Tim's Credit Evaluation" of that person, I have violated the FCRA. (I believe the current "limit" for such "rememberances" is 8 years. Why should the government have any ability to tell me I must "forget" records older than 8 years? In fact, what part of "Congress shall make no law..." do they not understand?) More to the point of the Cypherpunks list--and this is something we talked about at the very first physical meeting, almost 5 years ago--it will become increasingly easy for the FCRA to be bypassed with offshore data havens. Such data havens, discussed in physical form by Sterling in '88 ("Islands in the Net"), and others (some even earlier than Sterling), and in "cyberspace" form by many us (e.g., BlackNet, a working cyberspace data haven), will be completely unaffected by legislation such as the FCRA. (Though what will happen is that legislators will attempt to felonize contacts with such data bases, much as they are doing with Internet gambling. Remailers and Web proxies solve this problem. The usual arms race.)
I'd also appreciate some comment/criticism on the piece I did for Wired. My point was that in countries where there are legal rights to privacy it will be easier for technologies of privacy to flourish. I gave as examples the fact that PRZ was nearly indicted in the US while David Chaum was being applauded by the European Commission for building anonymous payment schemes. The OECD crypto policy drafting experience confirmed my suspicion.
I seldom read "Wired," so I didn't see this one. But the issues of Europe vs. the U.S. are notoriously complex. For every "Europe is better" point, such as not applying pressure to PRZ, there are the obvious counterpoints, such as Compuserve being prosecuted in Germany, the nearly full ban on crypto in France, the extradition of an American neo-Nazi publisher from Belgium to Germany, and so on. And as for Chaum and Digicash, Digicash is now in Silicon Valley. No firm conclusions can be drawn one way or another. Oh, and as for privacy in Europe, I'll remember how much they cherish privacy the next time I'm required to leave my passport with the hotel front desk (Europeans confirm that the police compile lists each night from said deposited passports). They were still doing this in 1983 when I spent 6 weeks travelling through Europe; and it wasn't to ensure I'd pay my bill, as they had my credit card stuff for that.
Let me also try to explain how the simple-minded First Amendment-privacy rights trade-off often misses the point about privacy claims. Consider the article about Judge Bork's video viewing habits back in 1987. Should Congress/the Courts prevent City Paper from publishing the article? Of course not. Could Congress/the Courts require video record stores not to disclose customer records without explict consent? You decide.
The best solution is neither of these options: Video rental stores don't need True Names except to collect on unreturned tapes. (They might _like_ True Names, or at least mailing addresses, for advertising reasons, but they don't _need_ them, and, like Radio Shack, will not make it a requirement for a transaction.) As with other such items, deposits work well here. My localvideo store does not require true names, so long as a sufficient deposit is left for each tape. Most persons use credit cards as the "return guaranty." Note also that credit cards need not be in the true name of anyone, via various options, much discussed on various lists.
For the hardcore free market types, take a look at Posner's *Economics of Justice.* There are good economic reasons for privacy laws, e.g. do you really want to negotiate with the telcos on a case-by-case basis whether they can sell the contents of your phonecalls?
Such negotiations would likely not be on a case by case basis, for transaction cost reasons on both sides. But I have no problem with "allowing" a phone company to offer a cheaper service, for example, which told customers it would sell the contents of the calls, or insert advertisements at random intervals during a call, or whatever. (Or even a phone company which offered to negotiate on a per call basis...as with the cases above, I expect such a venture would flop, but that's a different issue from whether such services should be "allowed." And, in fact, the situation Marc describes is already with us on the Web. Some sites sell lists of those who hit their sites. How is this different from the Bork or phone cases? It isn't.
To be clear, I do believe that there should be laws to protect the right of privacy and that there should be an office within the federal government to advocate on behalf of privacy interests. I also believe that if such an agency had been established in 1991 when it was proposed, it would have been much harder for the government to push subsequently for digital telephony, Clipper, GAK, etc.
I don't believe there should be such laws, obviously. And more importantly, strong crypto provides numerous monkeywrenchings of such laws. Pass a law requiring return addresses on all messages....the effect will be to move the spam sites offshore. Then what do you do? Pass a law like the Fair Credit Reporting Act saying it's a crime for Tim May to "remember" and "tell others" that Suzie Hopkins skipped out on her rent in 1988...the effect will be for the TransUnions and Equifaxes of the near future to locate themselves in the Cayman Islands, beyond the FCRA. Pass a law to make it a crime for a prospective employer or lender to connect to this site in the Cayman Islands...the effect will be to increase use of Web proxies and anonymous remailers. And so on. Crypto anarchy means monkeywrenching these do-gooder laws. (When EPIC and ACLU figure out the real implications of strong crypto, look for them to talk about "compromises" on access to strong crypto....hey, maybe SAFE is an indication they've started to realize what is coming.) --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 2:33 PM -0700 5/31/97, Marc Rotenberg wrote:
It's an interesting argument. I don't agree, though you can certaintly try it. But more to the point of
Oh, I don't intend to "try it." The Supreme Court is far past ever restoring basic constitutional rights. Instead of "trying it," better to monkeywrench it.
your original post, is the information that TransUnion sold to Lexis/Nexis for P-TRAK "public information"? If yes, what is private information?
It all depends on what was agreed to, tacitly or explicitly, in the process of applying for and accepting a credit card. I seem to recall "agreeing to" multiple pages of fine print about how and to whom information could be disclosed. That most of us ignore such fine print is our problem....I don't think there's been any allegation, even by you, Marc, that what Equifax is doing with credit information is breaking either the contract or any existing laws. You just want a new set of laws to do what contracts are perfectly capable of doing. Those who want protection of information disclosed to others should, of course, make such arrangements. (And such arrangements are made all the time. Examples abound.) That such arrangements for a "privacy card" are not easy to make is not an issue for the law to meddle with. In fact, many of us think there's a market for just such a "privacy card," and, absent meddling by government, expect such a card to appear
I agree that there are real threats to cyber freedom in Europe. I'm not saying otherwise. But my point is that anonymous remailers and the like will have a better future in countries that recognize a right of anonymity as opposed to those that don't.
Despite my dislike of most of what passes for the American system, I'll take the protections of the First, augmented with the 1956 "anonymous leafletting" Supreme case, over the "ad hoc" protections nearly all Europeans have (or don't have).
The question is what are you going to do with companies that won't let you buy a product unless you provide your True Name?
The answer to this is both simple and profound. You have heard the answer many times, but you probably dismiss it as just libertarian rhetoric. In any mutually uncoerced transaction, say between Alice and Bob, whether Alice and Bob are individuals, groups, corporations, or whatever, each may "ask for" various things. You can imagine some things to be asked for. Either is free to decline the terms of the other and call off the transaction. (I'm not a lawyer, but I believe this is covered in Contracts. Not meaning to be snide, but it's essential that people realize _contracts_ are what we are talking about here.) So, were a company to refuse to sell me a product unless I provided my True Name, I would decide just how important this issue is to me. If it were of compelling interest to me, I would walk away from the transaction. (There is no "right" to buy something from someone.) In reality, I cannot remember the last time a store demanded a True Name, except when: a) credit (check or credit card or loan) was involved, or b) the government demanded such a True Name. The first situation is avoided by paying cash, using a deposit, etc. The second situation is not so easily avoided. But I submit that the hypo of a company refusing to sell a product unless a True Name is given is unlikely in the extreme, and is not any kind of justification for a new set of so-called privacy laws which actually interfere with other basic rights.
One of the consequences of legal obligations on companies that collect personal information might be to encourage more payment anonymous, psuedo-anonymous payment schemes. Wouldn't that be a good result?
If privacy is important to an agent, make it part of the contractual arrangement. Again, this is already done in a huge array of cases. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 6:05 PM -0700 5/31/97, Marc Rotenberg wrote:
What examples do you have where privacy is included in a contractual arrangement?
- a lender agrees to transfer the information provided only to specified parties, and not to the newspapers - a stockbroker agrees that as a condition of becoming one's stockbroker he won't release information to third parties without permission - relationships between editors, publishing houses, journalists, etc., where work product is kept confidential unless otherwise agreed to be made public - attorney-client communications (These and similar examples often have state-supported legalisms to "go after" those who break the good faith and/or normative contracts for the industry, but it is accurate to say that these examples are first and foremost based on _contracts_. Indeed, in all of these cases there are papers signed stipulating to a constellation of rights and privacy expectations. And in some cases the rights are subsumed in "general industry practices," including professional organizations. Thus, I expect my stockbroker not to publicize my stock holdings, not because there is a "privacy law" protecting me, but because of either a contract formally specifying this, or because of industry standards....I freely admit I haven't checked, nor do I even know how to (my account was established 22 years ago). Those who might argue that these examples are only made possible because of _laws_ (e.g., SEC rules) are missing the role of contracts, formal or based on self-regulation in an industry. My broker knows just how long he'd remain a broker, let alone remain my broker, if he violated my privacy expectations. Laws are not the point. Nor do laws provide the robust protection private arrangements provide.) - banking privacy, modulo the interference by IRS/FinCEN/etc., - employment relations, where employees have reasonable expectations that personal data will not be released outside the company, and companies have reasonable expectations that corporate secrets will be maintained. (I signed such papers when I joined Intel, of course, and that contract was more important for maintaining Intel's "privacy" than any "privacy laws." Again, quibblers may cite the role of the courts in enforcing such contracts, but the point remains that it was _contract law_ which was involved, not "privacy laws" per se.) And so on. I really don't feel like spending a lot of time making a laundry list of cases where privacy is part of a mutually agreed upon transaction. Idenity is just another credential in a transaction. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 7:27 PM -0700 5/31/97, Marc Rotenberg wrote:
One of the biggest problems with libertarian theories is that they are descriptively flawed as applied in the real world. In practice, perfect markets rarely exist, laws do protect rights, and there are a lot of efficiencies -- economic, technological, and otherwise -- in promoting the highest level of safeguards across similar activities, e.g. you get into a car, you expect that the brakes will work. You don't express a negotiated preference for how much you want your brakes to work.
One of the biggest problems with critics of libertarian theories is that they falsely claim libertarians believe that each and every action during each and every day by each and every agent involves complex contracts. What we are talking about here is whether there's a need for new laws to, using your specific example, stop companies from asking for personal information. What libertarians, and hopefully other freedom-seeking people, would argue is that government should not be interjected into mutual negotiations if at all possible. This applies to Alice and Bob negotiating some transaction, and it applies to Alice and Safeway, and to Safeway and Apple. Citing the straw man that libertarians believe every driver must negotiate a contract about how his brakes are to work has nothing to do with this basic point.
I don't mind the criticism if you think we're saying or doing something that really is bad for privacy, but a bunch of political rhetoric isn't worth much. And if you don't think we're not busting our butt to protect the rights of people to use strong crypto, you have no idea what's going on.
"A bunch of political rhetoric." This has been a waste of everyone's time. As for the "rights of the people to use strong crypto," there are currently no restrictions *whatsoever* on crypto use. SAFE will, of course, add a criminalization angle to crypto use, which is a step in the wrong direction. Once the Legislature gets its hands on crypto use at all, the way is made easier for later extensions and clarifications of the rules. Imagine the equivalent situation with free speech or religion: "No American may be denied access to the religious beliefs of his choosing, but the practice of non-Christian religious acts in connection with another crime will expose the pagan to a mandatory 5-year increase in imprisonment." This is what SAFE's "crypto in a crime" provisions are equivalent to...like making the speaking of Spanish a factor in criminal sentencing. "Congress shall make no law" means just that. A better tack is to take a rejectionist, no compromise stance toward any proposed legislation which would in any way limit or criminalize crypto use. Rely on the First Amendment. This would leave EPIC, VTW, CPSR, EFF, etc. with very little to do, of course, but that is as it should be. But, then, I quit the NRA because they were too namby pamby about the Second Amendment. I place more faith in my assault rifles than I do in the criminals in D.C. McVeigh may have killed too many innocents, looking back on OKC, but he generally had the right idea about hitting the power centers of the police state. (Shocking sentiments to most of the sheeple, but Thomas Jefferson said as much when he said the tree of liberty had to be watered with the blood of tyrants and/or patriots every 20 or so years. It's been about 190 years too long since we had a good watering.) But this will be my last message to you, Marc, as I see no point in continuing any dialog. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 3:03 PM -0700 6/1/97, Robert A. Costner wrote:
Why does the store need my social security number for me to purchase soft drinks and eggs? (40 cents off on eggs this week) I see no reason for it. If I provide a false number, I have probably committed some crime.
Why does the store "need" to sell Yahoo but not RC Cola? Why does the store "need" to place the eggs back in the dairy department instead of in the bacon and sausage department? Why does the store "need" to do the things it does? Because the store is owned by its owners, not the shoppers, not the courts, and not the legislatures. What it does, or what it asks for, are its business, and the business of its shareholders, managers, etc. Pressure from the customers may of course cause policy changes, but this should not be confused with the passage of laws. As should be well known by now, such "consumer clubs" are modern marketing gimmicks to a) encourage repeat business, and b) provide a discount to locals without also providing a discount to "walk-ins" (travellers, tourists, etc.). I have no idea why they want a SS number, except perhaps that they see every government office demanding it and so they think it is part of the ID process. I of course would not give it. One is always free to turn down their offer of a 40 cent discount on eggs. Sounds fair to me.
Yes, I would support a law that forbids private companies to ask for social security numbers except for tax purposes.
To put it as politely as I can manage, you have no conception of what it means to live in a free, uncoerced society. No wonder the EFF is so fucked up. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- In <v03102800afb7ba21be7b@[207.167.93.63]>, on 06/01/97 at 04:54 PM, Tim May <tcmay@got.net> said:
I have no idea why they want a SS number, except perhaps that they see every government office demanding it and so they think it is part of the ID process. I of course would not give it. One is always free to turn down their offer of a 40 cent discount on eggs. Sounds fair to me.
IMHO the request for SS numbers are usally done out of convieniance more than anything else. This is not to justify it just an explanation why so many palces request SS numbers. Anyone that has written database software where unique information is stored on individules a SS number is quite convienat as everyone has a unique one. Most employee, payroll, medical, insurance, credit, databases use SS numbers rather than create individule id #'s. One's SS number has 2 unique qualities that make it perfect for this use: 1 every person has a unique #, and 2 it never changes. This can not be said for any other identifiers one may use, names, addresses, DL #'s, ...ect all have the possiablity to change over time while your SS # is forever. By using SS # as id #'s makes communication of data between diffrent database all that much simpler. From personal experiance I can testify that the entier Medical Insurance system is based on using SS # as identification. I shudder to think trying to track medical records of patients over a period of years between different doctors, hospitals, insurance companies without using them. I will not go into the privacy issues involved in using SS #'s for id #'s as I am sure the members of the list are quite familiar with them. I just wanted to point out that in some industries there is a technical advantage to having 1 universal id #. Now with that being said I personally would not shead any tears seeing SS and SS #'s gone and to never return. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM5IYe49Co1n+aLhhAQGsbgP+IyHuNAupRENc/wxZy8Btq8ufLlncdhwN CfVOmYMzcIPN2WX2psttCNKKHxxxMLtw7ZRtlBWDOV+P06JyictVWr3hae031mDR 7VvZqkS1GY6wik6j/5aABhjH07BVzHFCIM2uYyPX0HAo46JTWqGabcxs6+kSGFoU tlAsPO6J4cs= =l6A4 -----END PGP SIGNATURE-----
At 5:25 PM -0700 6/1/97, William H. Geiger III wrote:
IMHO the request for SS numbers are usally done out of convieniance more than anything else. This is not to justify it just an explanation why so many palces request SS numbers.
Anyone that has written database software where unique information is stored on individules a SS number is quite convienat as everyone has a unique one. Most employee, payroll, medical, insurance, credit, databases use SS numbers rather than create individule id #'s. One's SS number has 2 unique qualities that make it perfect for this use: 1 every person has a unique #, and 2 it never changes. This can not be said for any other identifiers one may use, names, addresses, DL #'s, ...ect all have the possiablity to change over time while your SS # is forever. By using SS # as id #'s makes communication of data between diffrent database all that much simpler. From personal experiance I can testify that the entier ...
This reminds me of a hack I heard about some years back. There's a way to generate a number for any person which is unique. It is not shared by anyone else on the planet. Best of all, this number can be generated without use of a computer, without entry of any allegedly random numbers, and without any hashing of personal data. It's not necessarily a real short number, certainly not as short as an SS number. And best of all, the cost is low. Just a dollar, in fact. I'll explain later. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Sun, 1 Jun 1997, Tim May wrote:
At 5:25 PM -0700 6/1/97, William H. Geiger III wrote:
stored on individules a SS number is quite convienat as everyone has a unique one. Most employee, payroll, medical, insurance, credit, databases
Somebody here is forgetting that the Social Security Adminstration, back in the mid-eighties claimed that at least 10 percent of the numbers in use, were improperly issued. The same number was issued to _two or *more*_ people. The worst case was a number that several thousand people used, thinking it was issued to them, exclusively, when it was in fact never issued. A further complication is that the same individual could have been issued two or _more_ different numbers, either by design, or accident.
unique qualities that make it perfect for this use: 1 every person has a unique #, and 2 it never changes. This can not be said for any other
Both premises are false, and the SSA has said so on several different occasions.
without entry of any allegedly random numbers, and without any hashing of personal data. It's not necessarily a real short number, certainly not as short as an SS number.
One proposal I'm familiar with was: date of birth << year month day >> time of birth << hours, minutes, seconds >> longitude of birth << degrees, minutes, seconds >> lattitude of birth << degrees, minutes, seconds >> sex << one letter >> mother's initials << first, middle, last >> father's initials << first, middle, last >> so you'd end up with something like 19970601185500-0300000.00-300000.00mxyzwvz << A number which would be issued to a male born today somewhere slightly north of Port Shepstone, and slightly west of Pietermaritzburg, RSA. >> However, there are several problems with it, the two most notable being the lack of accurate birth times, and that most people have a very hard time remembering 42 digit numbers. I don't know how solvable those, and other not so apparant problems are, but I suspect that it has been intensively studied by more than a few governments and organizations, since it was first proposed, fifty something years ago. xan jonathon grafolog@netcom.com Monolingualism is a curable disease
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.SUN.3.95.970602014607.25651C-100000@netcom2>, on 06/02/97 at 02:24 AM, jonathon <grafolog@netcom.com> said:
On Sun, 1 Jun 1997, Tim May wrote:
At 5:25 PM -0700 6/1/97, William H. Geiger III wrote:
stored on individules a SS number is quite convienat as everyone has a unique one. Most employee, payroll, medical, insurance, credit, databases
Somebody here is forgetting that the Social Security Adminstration, back in the mid-eighties claimed that at least 10 percent of the numbers in use, were improperly issued.
<sigh> This is really no suprise considering who is issueing the numbers. :=/
The same number was issued to _two or *more*_ people. The worst case was a number that several thousand people used, thinking it was issued to them, exclusively, when it was in fact never issued.
This is rarely a problem from a data managemant posistion as SS # are key fields. Any attempts at adding duplicates produces errors which then have to be resolved usally manually by human intervention. Rarely are SS #'s used exclusivly but in combination with other data (name & DOB is usaully suffecient).
A further complication is that the same individual could have been issued two or _more_ different numbers, either by design, or accident.
I doubt that 2 or more SS# would be issued delibratly. The only reason for multiple SS#'s would either be screw-ups by SSA or by design of the person applying for the SS#. I imagine that new SS# may be issued in some special cases such as witeness relocation, perhaps after adoption, but then the old SS# is not being used so it is not really an issue.
unique qualities that make it perfect for this use: 1 every person has a unique #, and 2 it never changes. This can not be said for any other
Both premises are false, and the SSA has said so on several different occasions.
For all practical purposes it is. with the exception of screw-ups by SSA ones SS # is unique and with the exception of a few rare cases mentioned above it never changes. compare this to other identifiers and it is obviously the most convienient id # available. Atleast 50% of the population has 1 name change durring the cource of their lifes, Addresses change numerious times during an average americans lifetime, and DOB's are not unique enough to be used. While problems do exsist with using SS#'s as id they are quite small when compaired to using other less stable data to generate id #'s.
without entry of any allegedly random numbers, and without any hashing of personal data. It's not necessarily a real short number, certainly not as short as an SS number.
One proposal I'm familiar with was: date of birth << year month day >> time of birth << hours, minutes, seconds >> longitude of birth << degrees, minutes, seconds >> lattitude of birth << degrees, minutes, seconds >> sex << one letter >> mother's initials << first, middle, last >> father's initials << first, middle, last >>
so you'd end up with something like
19970601185500-0300000.00-300000.00mxyzwvz
<< A number which would be issued to a male born today somewhere slightly north of Port Shepstone, and slightly west of Pietermaritzburg, RSA. >>
However, there are several problems with it, the two most notable being the lack of accurate birth times, and that most people have a very hard time remembering 42 digit numbers.
I don't know how solvable those, and other not so apparant problems are, but I suspect that it has been intensively studied by more than a few governments and organizations, since it was first proposed, fifty something years ago.
Really much to complex to be of use not to mention the lack of reliable data to form the id #. The use of DOB + Geographic Identifier + Unique Code would work quite well. 19970601 - DOB. 0123 - Sample Geographic Identifier (say NY City). 0142 - Unique Code added to handle collisions of the above two. I beleive that this is very simmilar to what the SSA uses though I beleive that they only encode the year of birth when calculating SS #'s. Using Hex rather than decimal for encoding would help greatly in redicing the number of digits required. I would imagine that the SSA will have to go to a Hex or complete Alphanumeric codings system as the population increases. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM5JDZ49Co1n+aLhhAQGe8gQAkZk6fySrIz3XF2mui2xzPmquJguy01VG ex8LgvdUqlxsf1on1ap9pt5c9T/k6n1+Ovj8+Hj6C/cVkJo+ql33ZzMxxaZq7lLz N/CO1lcT+JkWtAjLfCsqxflBFin2CuUN3tnAWj/9BHVqhRTLXJ/v1gr2/zwdHtRc mwoGmtaKHUA= =RXle -----END PGP SIGNATURE-----
On Sun, 1 Jun 1997, William H. Geiger III wrote:
In <Pine.SUN.3.95.970602014607.25651C-100000@netcom2>, on 06/02/97 at 02:24 AM, jonathon <grafolog@netcom.com> said:
Really much to complex to be of use not to mention the lack of reliable data to form the id #.
For person's currently living, maybe the data is lacking. However, tagging an ID at birth, for future citizen units, is perfectly feasable. << And do note in passing that hospitals do have SSNs issued to new-borns, regardless of the wishes/request/knowledge/authorization/permission of parent(s). >>
The use of DOB + Geographic Identifier + Unique Code would work quite
Err, the code I listed was of that format --- just a lot more more specific than the following.
19970601 - DOB. 0123 - Sample Geographic Identifier (say NY City). 0142 - Unique Code added to handle collisions of the above two.
I believe that this is very simmilar to what the SSA uses though I believe that they only encode the year of birth when calculating SS #'s.
SSN consists of xxx-yy-zzzz xxx is state of issue. yy _can_ correspond to year(s) of issue, and locale with the state. << Usually just a range of years that it was issued in. >> zzzz is the sequence number. Each issued number just goes up one more. Though certain numbers are deliberatly skipped. There are certain checks that can be done, to figure out if a number _could_ have been issued to an individual.
of digits required. I would imagine that the SSA will have to go to a Hex or complete Alphanumeric codings system as the population increases.
They currently recycle old numbers, though there are still a number of unused sequences that are available. << Roughly the current population of the usa. >> xan jonathon grafolog@netcom.com Monolingualism is a curable disease
Okay. I'll bite. 1. Take a dollar. 2. Write down the serial number. 3. Burn the dollar. Can you say "seignorage"? I knew you could... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
Our Fearless Leader Writes:
This reminds me of a hack I heard about some years back.
There's a way to generate a number for any person which is unique. It is not shared by anyone else on the planet.
Best of all, this number can be generated without use of a computer, without entry of any allegedly random numbers, and without any hashing of personal data. It's not necessarily a real short number, certainly not as short as an SS number.
And best of all, the cost is low. Just a dollar, in fact.
I'll explain later.
Hmmmmm. How about taking a dollar, appropriating its serial number for your personal number, and then burning the dollar to prevent reuse. Cost, one dollar. Is burning a dollar a felony? -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
So I just got back home after a pleasant dinner with Marc and a bunch of other privacy- and crypto-folks on Capitol Hill. That is, it was pleasant until Marc started yelling about libertarians being "Pod People," or at least possessing similar critical thinking skills. :) Ahem. I'd like to say I held my own, but I fear I was outnumbered. Besides, Marc organized the dinner, and "Pod People" is a good line, and even I had to agree that Steve Forbes is a space alien. On Sun, 1 Jun 1997, Tim May wrote in response to Robert:
Yes, I would support a law that forbids private companies to ask for social security numbers except for tax purposes.
To put it as politely as I can manage, you have no conception of what it means to live in a free, uncoerced society.
No wonder the EFF is so fucked up.
To the best of my knowledge, EF-Georgia does not speak for the EFF. I don't know if the EFF would support such a law as Robert describes. Perhaps Stanton can help out here. Rather than focus on private collection of SSNs, I'd rather cut them off at the source. The government shouldn't be issuing them in the first place. -Declan
-----BEGIN PGP SIGNED MESSAGE----- At 08:47 PM 6/1/97 -0700, Declan McCullagh wrote:
On Sun, 1 Jun 1997, Tim May wrote in response to Robert:
Yes, I would support a law that forbids private companies to ask for
social
security numbers except for tax purposes.
No wonder the EFF is so fucked up.
To the best of my knowledge, EF-Georgia does not speak for the EFF. I don't know if the EFF would support such a law as Robert describes. Perhaps Stanton can help out here.
Yes. Declan is correct. For anyone else who is confused, I'm not a beltway person, and I have no association with EFF. I'm not a policy analyst. I'm a software developer. I work for a living and pay my own way. I do have opinions. Beliefs in privacy, free speech, and core belief that technology and the internet is good. I pursue this as a hobby to the best of my ability. I take advice from others, and try to get them to help educate me in matters I do not understand. Once I act on my opinions and beliefs, I tend to win. -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQBVAwUBM5JLcEGpGhRXg5NZAQFvuAH9FxwHRAUukQ0+3iyDX1cOgFmTxRT+0Q8q yTLiHhVI7BJ2Uco/YUmnlwoqsGngkzd2joVTUVAA/wJvztvvgBq3BA== =D8D4 -----END PGP SIGNATURE----- -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
At 11:47 pm -0400 on 6/1/97, Declan McCullagh wrote:
until Marc started yelling about libertarians being "Pod People," or at least possessing similar critical thinking skills. :)
Same as it ever was. It's a common rhetorical device used by totalitarian fellow-travellers everywhere. Call something its opposite and destroy its objective meaning in the process. Orwell's "Freedom is Slavery" line is the best example I can think of. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
At 06:03 PM 6/1/97 -0400, Robert A. Costner wrote:
A new grocery store opened down the street from me. They have lots of special prices, but only available to "club members". Club cards are free, but you have to fill out a form. The form asks for 1.Name >2. Address >3. Phone Number >4. Spouse name 5. Social Security number In exchange for giving this information, the store will give me a 35 cent discount on each package of soft drinks I purchase. This is not a check cashing card, that is a separate form. Why does the store need my social security number ....
They're trading a discount on purchases for marketing information. If you us an obvious pseudonym, they'll know that Johnny Cash always buys Brand X pretzels with Brand Y beer, but the SSN lets them check with TRW/Equifax/Etc. and find that You, William J. Clinton, a married homeowner making $200K/year, also have an American Express card and rent N hotel rooms/year, and already subscribe to Soldier of Fortune and Rent-A-Politician, but don't yet get the Nukes-R-Us or Victoria's Secret catalogs, which is more valuable marketing information than just the groceries. Some places might still be willing to give you a discount for the pseudonym, but others combine their discount card with a check-cashing card so they're probably not only not interested, but won't accept it because [bounced-check-tracking credit bureau] doesn't consider SSN#000-00-0000 unique and doesn't have a record for 999-65-4321.
Yes, I would support a law that forbids private companies to ask for social security numbers except for tax purposes.
I'd categorize you as well-meaning-but-needing-to-think-longer rather than an evil "Uber-Enemy :-) Private companies asking for information are engaged in free speech - you don't have to give them the answer they're hoping for, and you don't have to do business with them if you don't want. Radio Shack keeps asking for my phone number, I keep not giving it, and the only thing that's changed about our business relationship for many years is that they no longer sell real electronic components and don't seem to have their free-battery club scam any more. On the other hand, when the government _requires_ private companies to collect Nationalized TaxPayer ID Numbers to be allowed to deal with you, it's a problem - for instance, requiring SSNs for bank accounts, requiring SSNs for employers to verify with La Migra that you're a Real Tax-payin' American instead of some Job-Stealin' foreigner, requiring documentation on cash transactions over $750, requiring car dealers to collect your SSN for car registration, etc., then there's clearly a privacy problem. Sometimes you can avoid it, by using non-US banks, contracting firms, etc., but it's a hassle. One of the big effects of this is that the SSN _is_ a widely available mostly-unique ID number that's useful for correlating information. An alternative, if the government wanted to promote privacy, would be to replace the Single SSN with a bunch of tax numbers (either on a smartcard or just giving you a list on paper) which would let you give everybody who needs a TaxId a different number. They could still correlate all your tax information, but nobody else would have the information to know that John Smith, bank-user, is John Smith, home-owner, or John Smith, car-buyer. Of course, this number would need to be more than 9 digits, so it would break lots of old software, you wanted that stuff broken anyway, and hey, the year 2000's coming as well :-) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
At 9:05 pm -0400 on 5/31/97, Marc Rotenberg wrote:
Keep me posted. If legislation is threatening a good technical solution, I'll be the first to blow the whistle.
Bunk. The actual contribution of Mr. Rotenberg and his organization to the cause of freedom on the net, in this country, and around the world, can be found precisely in a competant analysis of above bit of semantic nonsense. That is, it is nil, if not negative. Given his past outrageous failures, and his persistant attempts to waste whatever reputation he now has left, remarks like the above finally prove the trust people had for him and the organizations he has run was completely misplaced. A reputation, I might add, literally *donated* to him by thousands of people and companies, who all believed in and trusted him *personally* to keep the Uncle Sam the Inquisitor out of their lives on the net. He has now squandered all of it with the demonstrable cluelessness found in the above bit of self-serving emeticism. First, he led EFF to ignominious defeat with the digital telephony bill, and now, like some kind of political gremlin, emerging unscathed after engineering *that* jumbo-jet plane crash, he starts up EPIC, where he slipstreams no-brainer ACLU court cases like CDA to stay in the beltway pelleton. Now, as if to demonstrate once and for all his utter moral and legislative vacuity on the breakaway, he tries to "legislate" spam out of existance. As if such a Carrolesque tactic like criminalizing internet spam was economically, much less physically possible at all. I'd laugh, if it weren't the kind of low scientific comedy found in totalitarian dictatorships the world over. "Scientists" like Lysenko come to mind, as does Marx, for that matter. Hell, I'm a congenital Republican myself, and I've lived in quite a few yellow-dog Democratic towns, including the one where I now live. I love a good neighborhood political pissing match as much as the next guy. However, Mr. Rotenberg's cynicism, as betrayed by that remark, goes way beyond the fine old tradition of American political gamesmanship, and points straight to the heart of the cesspool that has become public life as we know it today. That's because what we have evolved in this country is the ne plus ultra of legislative sophistry, if not political fraud. (As if *that* phrase wasn't already redundant...) If the ruling elite in this country was ever crazy enough to turn the RICO statute on itself, EPIC would be behind bars, along with Archer Daniels Midland, with the AARP, and all the other beltway piglets, each of them poking their little trotters into the eye of the next one in line, hoping for a governmental sow's teat of their own to suck on. Tim May has said it here before, but it bears repeating. The way a "lobbyist" stays in business is to threaten an otherwise innocent group of people with the power of real or imagined legislative coersion. The "constituents" then pay extortion to the legislature in the form of outright campaign contributions through a political action comittee, or by showing up at "voluntary" fundraisers on behalf of collusionary legislators, or through soft-dollar labor ("research", for instance) that the lobbyist does for "free" on the legislator's behalf. The lobbyist takes a commission on all this cashflow in the form of his salaries and operating expenses. If the "constituent" is lucky, the legislation goes away until more money is required, whereupon the extortion begins anew with more trumped-up legislative excressance. This would be fine, I suppose, business is business, except that the principal measure of *any* legislator's performance (besides, of course, voting his most active supporters as much largesse from the public trough as possible) is the *quantity* of legislation he produces. I mean, you can't have a voting record if there's nothing to vote on. So, the very best any "constituent" caught in this racheting spiral of extortion can hope for is to slow the pace at which the legal noose tightens around his neck. The Digital Telephony/CDA flap is a prime example of this, and Mr. Rotenberg either was charitably an unwitting dupe in this process, or, if one were to take a cynical turn of mind, gleeful at its eventual effect on his bottom line. Eventually, a businessman so afflicted with such parasitism goes out of business unless he can afford to utterly corrupt the legislator into going away permanently, which only works until the legislator retires. More likely, the business simply gives up and begins to operate as a criminal enterprize. Using the legislature to kill his business competition, maybe. Cargill and Archer Daniels Midland do this with agricultural commodity subsidies and hyperregulation, and the largest Florida sugar companies have this down to a science. Remember what Milton Friedman said: increasing government regulation only raises the barriers to market entry and thus only benefits the survivors in the regulated industry -- never the consumer. Rockefeller held on to his monopoly in oil just by paying the government to look the other way when he did something other oil companies were being punished for. Duke did the same thing with tobbacco. I'll say it here so there's no confusion about the matter: "Anti-Trust" is just another legislative shell-game, because *no* business monopoly can exist without government collusion, usually from the legislative branch, though the executive can always be had for a price as well. Bill Gates went to Martha's Vinyard before the last election to talk to Comrade Bill, and, guess what? No more antitrust action. Anyone want to wager on the size of the contribution, legal or otherwise? Again, the threat of "Anti-trust" action is just the way that governments tell the monopolies they've colluded to create that their graft bill is past due. Anyway, I *would* say that this kind of extortion by government and lobbyists would probably fall under the RICO statute if it were ever used, except, of course, the RICO statute itself is, after the constitutional ammendment which permitted the creation of the Internal Revenue Service, probably the single largest attack on freedom this country has ever seen. So, what *can* be done about spam? Easy. Write code, not law. My bet is on some form of digital postage, myself. $MTP, if you will. But, there's no way to solve the problem of spam except by writing code, whatever solution emerges eventually, and that's the crux of even the simplest analysis of Mr. Rotenberg's statement at the top of this message. Certainly any attempt by Mr. Rotenberg and his fellow barnyard residents to impose legislative fantasy on top of the economic and physical reality of the net is at best delusional Lysenkoism, and, at worst, political parasitism in it's purest form. In other words, Mr. Rotenberg, bunk. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
At 10:05 pm -0400 on 6/1/97, Tim May wrote:
If you want Marc R. to read your message, you really should cc: him on it.
Actually, I don't give a squalling fuck whether he reads it or not. :-). Anything said to Piglet won't matter much. That which is said to cypherpunks, on the other hand, is a different matter entirely. Cheers, Bob ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
Likewise, EPIC can and should announce that it will not support SAFE if any form of criminalization language remains.
We would not find it acceptable to have a law which encouraged the placement of microphones and cameras in private homes, "voluntarily," but which then said "Anyone who does not participate in the Voluntary Safe Surveillance Program and who is found to have committed a crime furthered by the failure to volunteer shall be subjected to additional imprisonment of at least 5 years."
This is what the criminalization of crypto is all about. It is not, as is so often suggested, analogous to "use of a gun" in a crime, nor to "use of the public mails." It is much closer to the examples I cite, language and religion, than to use of a publicly-regulated monopoly like the telephones or the mail. The gun situation is presumably related to the threat of bodily harm...I'm not saying I agree with "use a gun, go to prison" sentencing enhancements, but a stronger case can be made than for "use a cipher, go to prison.
I don't need the lecture. I've made the argument better than you have and I've made it longer than you have. I don't recall you protesting the Computer Fraud and Abuse Act (1984), working on the RTM case (a CFAA prosecution in 1988). You weren't involved in the FOIA case for 2600.
So, Marc can immediately prove the honesty of his point by:
a. denouncing any "return address" requirements and refusing to cooperate with any Congressthing who espouses such wrong-headed ideas
Great plan. I'll watch TV and let Congress pass a bill requiring mandatory identification for Internet users. Really clever.
b. denounce SAFE if it has any hint whatsoever of criminalization of crypto
(Or of any of the (apparent) language about technical review panels deciding on exports...this is, to many of us, a code phrase indicating that SAFE will by no means make export of arbitrarily unbreakable ciphers an automatic process.)
This is getting tiring. Who do you think first opposed the proposed amendment to Pro-CODE creating the review board? You are behind the curve, but you act like you're way out in front. I'm probably in a much better position to criticize the failure of Tim May et al to stand up for crypto freedom than the other way around.
Being a rejectionist, I don't see the point of dealing with Congress. The usual view is that "If you don't get involved, things will be even worse." I'm not convinced of this. It's often better to not lend them any support, not lend them any technical expertise, and devote all energies to undermining and challenging their actions later.
And the existence proof of this proposition is . . .
And helping them draft legislation only feeds the process.
I think it was George Carlin who said, "If you think you're part of the solution, you're part of the problem."
Good high school humor for a good high school philosophy. I am underwhelmed. Marc. Marc.
so often suggested, analogous to "use of a gun" in a crime, nor to "use of the public mails." It is much closer to the examples I cite, language and religion, than to use of a publicly-regulated monopoly like the telephones or the mail. The gun situation is presumably related to the threat of bodily harm...I'm not saying I agree with "use a gun, go to prison" sentencing enhancements, but a stronger case can be made than for "use a cipher, go to prison.
I don't need the lecture. I've made the argument better than you have and I've made it longer than you have.
Here we go, you have now given up on even attempting rational argument (not that you ever managed to achieve it in the first place) and turned to throwing insults and derogatory statements. I think more than anything else your comment yesterday about SSNs and private retailers indicates your need for lectures.
I don't recall you protesting the Computer Fraud and Abuse Act (1984), working on the RTM case (a CFAA prosecution in 1988). You weren't involved in the FOIA case for 2600.
Don`t parade your experience of contesting cases within the system to me, I`m not remotely impressed. You, along with EPIC, along with all the other alphabet groups, have sold out to compromise, not because you intended to, but because that is the natural state to which such lobbying groups "evolve" when working with people who do not understand the nature of individual rights. Playing the game with the jackbooted motherfuckers and their masters in DC is the worst possible way to go about protecting our rights.
a. denouncing any "return address" requirements and refusing to cooperate with any Congressthing who espouses such wrong-headed ideas
Great plan. I'll watch TV and let Congress pass a bill requiring mandatory identification for Internet users. Really clever.
This really isn`t the point, if you compromise, as you probably will, and we end up with a SAFE like "crypto in commision of a crime" provision we have gone up one step and down two. There can be no dealing with Washington nor any of the other cancers that have taken over the USA, removal is the only solution.
I'm probably in a much better position to criticize the failure of Tim May et al to stand up for crypto freedom than the other way around.
I don`t think so somehow, the cypherpunks, of whom Tim May was one of the founding memebers, have had effects in the past, not normally in legislative circles but in terms of getting the technology out there and available. The only solution is technical bypassing of the law, this along with other cypherpunkish ideas such as fully anonymous digital cash, chaumian mixes, uncensorable information sources, pseudonymity, DC-Nets etc.. will result in citizens being able to bypass state restrictions and disobey laws, in time it may even result in the downfall of the state.
Being a rejectionist, I don't see the point of dealing with Congress. The usual view is that "If you don't get involved, things will be even worse." I'm not convinced of this. It's often better to not lend them any support, not lend them any technical expertise, and devote all energies to undermining and challenging their actions later.
And the existence proof of this proposition is . . .
You simply cannot reason with criminal poloticians, circumventing their restrictions and undermining the state is the way to go.
And helping them draft legislation only feeds the process.
I think it was George Carlin who said, "If you think you're part of the solution, you're part of the problem."
Good high school humor for a good high school philosophy.
Keep trying.
I am underwhelmed.
I am unsuprised. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
At 1:52 am -0400 on 6/2/97, Lee Tien wrote:
First, he led EFF to ignominious defeat with the digital telephony bill, and now, like some kind of political gremlin, emerging unscathed after engineering *that* jumbo-jet plane crash, he starts up EPIC, where he slipstreams no-brainer ACLU court cases like CDA to stay in the beltway pelleton.
Marc Rotenberg never led EFF; he led CPSR-Washington which became EPIC.
Bob may be thinking of Jerry Berman, who ran EFF for a few years, was involved in its actions re Digital Telephony, and then left to start up CDT.
Woops. Damn. And I was having so much fun with that plasma cannon, too. :-). In my own defense, I have to say that it's easy to get all those net.piglets confused, with them all piled up on top of each other at the Washington sowbelly like that... Nonetheless, even if I, um, revise and extend, the offending acronymous 30 words or so, it doesn't change what I said at all in the rest of my little outburst of vitriol. It certainly doesn't change my opinion about Mr. Rotenberg, or Mr. Berman, or anyone else "fighting" for my "rights" at a rubber-chicken banquet, or at a cocktail party, or on golf junket somewhere... Dr. Froomkin, who I admire and respect very much, may call remarks like those cannibalism (nice Carib indian word, cannibal), but for myself, I prefer to think of it as Texas barbeque. :-). Here, Micheal, have some of those baby back ribs over there. I just made them myself. Just a touch of habanero in the sauce (and Pearl beer, of course) makes all the difference in the world. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
Dr. Froomkin, who I admire and respect very much, may call remarks like those cannibalism (nice Carib indian word, cannibal), but for myself, I prefer to think of it as Texas barbeque. :-).
Here, Micheal, have some of those baby back ribs over there. I just made them myself. Just a touch of habanero in the sauce (and Pearl beer, of course) makes all the difference in the world.
Your semi-flippant comment has actually given me a really good idea: I had thought guns were our best defence against the evil empire, I now realise a log fire and a spit are more appropriate, I look forward to eating Tony Blairs liver with a nice Chianti <draws air through teeth in a silence of lambs type manner>... Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.GSO.3.95.970531090958.6950A-100000@well.com>, on 05/31/97 at 09:12 AM, Declan McCullagh <declan@well.com> said:
Oh, and the much-touted European Privacy Directive has made it near-impossible to exchange employee information between branches of the same firm that are physically in different countries. Bad move, Eurocrats.
I think that looking towards Europe on issues of Civil Liberties is the sillist of notions. The Big 3 players in Europe (UK,Germany,France) wouldn't have a clue how to operate in a free and open society the smaller players are even worse. We have right now in Europe the universal embracement of Socialism/Communisim/Statism at the same time that Eastern Europe & the former Soviet Empire are struggling towards Democracy & Freedom. Anyone who can point towards the actions of the Eurocrats as an example of how we should go does not have the intrest of Freedom & Liberty for the citizens at hart. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM5BTtI9Co1n+aLhhAQGEcQQAn/viPRyGyi73dbE3waBKjp/+2kb73JKG 9yeOUsmSwk39EKh19oxvjrblkQGtHLB3f0NVN7Y5qZNlQZ4ey6ft1gRwpQg/s92K WsOew78w2x97E2DmquYRsF6Jj8bn0hWFDEOk02k4Ky4U240lbOVWYZLhcBQTDgjG XY1+af0uBiA= =ndFN -----END PGP SIGNATURE-----
"William H. Geiger III" <whgiii@amaranth.com> writes:
We have right now in Europe the universal embracement of Socialism/Communisim/Statism at the same time that Eastern Europe & the
Yep.
former Soviet Empire are struggling towards Democracy & Freedom.
Nope. More free market in the economies, but very bad record on political freedoms in most eastern european countries + former soviet republics --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Sat, 31 May 1997, Declan McCullagh wrote:
The initial question has to be not how you protect rights, but how you define them. For example, we have a right to speak freely; there should be strict limits on government controls on free expression or the press. The state has unique powers of coercion. Similarly, there should be strict limits on government collection of personal data about its citizens.
But transactional privacy is a different matter. Sure, we may generally agree that privacy is the famous "right to be left alone," but how does that extend to what happens when I make an affirmative choice to connect to a web site that might record some info about my visit -- as an alternative to charging me? Nobody's forcing me to visit that site. That's why I'm starting to come around to the idea that privacy is not a universal right but a preference. We need a market in privacy, not inflexible FTC rulemaking.
Is one of the questions, whether we have right to take steps to protect our "transactional" privacy? The Brandeis and Warren "right to be left alone" shares a connection with property rights and has more than a nodding acquaintance with Fourth and Fifth Amendment concepts--there's not much utility in a right to be left alone if you have no place to be alone or if others can enter your place/space at will. Off your space ("in public") you can usually be observed; much of the complaining in the past couple of decades is about the increasingly sophisticated, even automated, means of observation and recording, not about the fact that if you enter a premise (say, a website:)) you can be seen and overheard by other people. It seems to me this is a question of degree, and not a threat to some pre-existing right to remain anonymous and "unseen" in public. In other words, is there a right to forbid others from trying to observe you in public, especially in places where those others have an equal (or greater) right to be? So the question may be not whether we can prohibit others from doing so, by right, but whether we have right to attempt peacefully to *prevent* them from doing so? I.e., can the gov't forbid us from trying to protect our privacy by avaliable means, say, crypto? MacN
To be more clear, I should have mentioned in my last missive that I'm thinking of a "liberty" right (to protect transactional confidentiality) as opposed to a "privacy" or, to some extent, "property" right. MacN On Sat, 31 May 1997, Declan McCullagh wrote:
I'm now more awake than I was before, and a little less flippant, so let me try to respond to Marc's statement saying my summary of his "views on privacy below are just silly."
The initial question has to be not how you protect rights, but how you define them. For example, we have a right to speak freely; there should be strict limits on government controls on free expression or the press. The state has unique powers of coercion. Similarly, there should be strict limits on government collection of personal data about its citizens.
But transactional privacy is a different matter. Sure, we may generally agree that privacy is the famous "right to be left alone," but how does that extend to what happens when I make an affirmative choice to connect to a web site that might record some info about my visit -- as an alternative to charging me? Nobody's forcing me to visit that site. That's why I'm starting to come around to the idea that privacy is not a universal right but a preference. We need a market in privacy, not inflexible FTC rulemaking.
Oh, and the much-touted European Privacy Directive has made it near-impossible to exchange employee information between branches of the same firm that are physically in different countries. Bad move, Eurocrats.
-Declan
On Sat, 31 May 1997, Marc Rotenberg wrote:
People who are interested in why I am pro-individual freedom but not anti-government should take a look a my piece in Wired "Eurocrats Do Good Privacy." [4.05]
I spent a year working for a good crypto policy at the OECD. During that time I watched European government officials argue for constitutional freedoms and against key escrow, while business representatives quietly backed the US GAK plan. Welcome to the real world.
Marc.
Btw - Declan's summary of our views on privacy below are just silly. Many of the greatest defenders of First Amendment freedoms have also felt most strongly about the right of privacy. The question is always how you protect rights. Perhaps libertarians would do away with all laws that protect personal freedoms. Bad call.
At 3:21 AM -0400 5/31/97, Declan McCullagh wrote:
Unfortunately, Tim is letting a rant get in the way of reality. A shame, really, for he's capable of better. Let me respond. I may not be very cordial. We lost tonight's soccer game (goddamn wimpy libertarians) and went to some cheezy Crystal City sports bar afterwards. I just got back home, and it's 3:20 am...
Anyway, Rotenberg and EPIC are not the Uber Enemy. Rather, they disagree with cypherpunk and libertarian positions on some issues. So we have issue-by-issue alliances with them. Let's break it down:
------------------------------ CRYPTO: EPIC takes a purist civil liberties approach to crypto. They've been the ones criticizing the SAFE "crypto in crime" provisions. Did the latest VTW alert sent out today even mention that portion of the bill, let alone criticize it?
ANONYMITY: No other group in DC is such a staunch supporter of online anonymity publicly, though look for something from Cato soon. In fact, I linked to EPIC's copy of the McIntyre decision for my Friday Netly piece. Many business groups don't like anonymity online -- hurts the marketeers.
FREE SPEECH: EPIC is co-counsel in ACLU lawsuit against CDA. I believe they've said some of the anti-spam legislation is unconstitutional.
FOIA: David Sobel does fabulous work snagging government documents the spooks don't want released.
PRIVACY: EPIC wants more Federal involvement to protect privacy and a Federal Privacy Commission (or something similar). Lots of laws, bureaucracies. Though EPIC does realize there's a First Amendment; other privacy groups are even more aggressive. EPIC is of course on the side of libertarians when it comes to government violations of privacy. ------------------------------
From a libertarian perspective, EPIC is good on everything but privacy. On that they want Big Government solutions.
But that doesn't mean we reject and condemn what they do on other issues. Do we reject Eagle Forum's anti-Clipper endorsement because they're a bunch of ultraconservative wackos? Do we reject the National Organization for Women's position on the CDA as bad because they're a bunch of ultraliberal wackos? How about the National Association of Broadcaster's amicus brief against the CDA? The Christian Coalition rejecting a national ID cards and numbers? Ralph Nader wanting open access to government databases?
No. We don't. Instead, we address this issue by issue. EPIC and Rotenberg are not always, but are often, our allies.
-Declan
On Fri, 30 May 1997, Tim May wrote:
I suppose I am developing a reputation amongst the Inside the Beltway Cyber Rights Groups (tm) as a pain in the ass, but nearly everytime I see one of their chief spokeswonks giving a policy statement I realize they are "not on my side."
The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases.....
Incredible. Does he propose investigations of private data gathering? Perhaps search warrants served on those who take public postings and construct data bases?
Look, I'm annoyed by getting 5-10 "unwanted" spam messages a day. But I realize the "spammers" are merely taking publicly available (= legally available, as 99.99% of all such information is) information and using legal channels to contact me. I may not "like" it, but their behavior is as legal as someone calling me on the phone.
(And ny nearly any measure of hassle factor, dashing to get to the phone only to find it's a salesman selling something I don't want is worse than any 20 unwanted e-mail messages.)
So, Marc Rotenberg wants Congress to "look into" (= interfere with) compilation and use of public information.
These people are NOT our allies.
--Tim May
There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
================================================================== Marc Rotenberg, director * +1 202 544 9240 (tel) Electronic Privacy Information Center * +1 202 547 5482 (fax) 666 Pennsylvania Ave., SE Suite 301 * rotenberg@epic.org Washington, DC 20003 USA + http://www.epic.org ==================================================================
At 10:58 AM -0700 5/31/97, Mac Norton wrote:
Is one of the questions, whether we have right to take steps to protect our "transactional" privacy? The Brandeis and Warren "right to be left alone" shares a connection with property rights and has more than a nodding acquaintance with Fourth and Fifth Amendment concepts--there's not much utility in a right to be left alone if you have no place to be alone or if others can enter your place/space at will.
Indeed. And the First and Fourth, amongst other provisions, says that government may not interfere with efforts to produce secure and private "zones" or "spaces." The First, in that one can _whisper_ or speak in _strange languages_. Or freely associate with persons of one's choosing. ("assemble peaceably") The Fourth, in that these meetings, or homes, or whatever, are free from unreasonable searches and seizures. (And there's the one about quartering troops...another statement of the "right to create a private zone." Not a generalized right of privacy, in the sense the Rotenberg's and anti-spam legislators speak of, but a right to bar the door, shut the curtains, turn off the phone, disconnect the computer, and refuse to exchange information with others.)
Off your space ("in public") you can usually be observed; much of the complaining in the past couple of decades is about the increasingly sophisticated, even automated, means of observation and recording, not about the fact that if you enter a premise (say, a website:)) you can be seen and overheard by other people.
And while many of us don't always _like_ being observed when we are in public, or having our words catalogged in Deja News data bases, or even having friends remind of things we once did or said, the law should have nothing to say about these "rememberances." (The Founders would snort and gasp were they to hear that the government would be legislating what people could remember, what things they could write down, what gossip they could pass on, and so on. Seems to me that gossip and diaries are pretty clearly protected First Amendment activities. If gossip turns into libel or slander--not that I personally agree with even libel and slander laws, but this is another topic--then the redress should be in civil court for the specific acts of libel or slander, not any kind of general restrictions or licensing on gossip and remembering. This seems to be a slam dunk First Amendment issue. Sadly, the creep of laws has never produced an adequate case to be overturned, I surmise.)
It seems to me this is a question of degree, and not a threat to some pre-existing right to remain anonymous and "unseen" in public. In other words, is there a right to forbid others from trying to observe you in public, especially in places where those others have an equal (or greater) right to be?
There clearly cannot be laws which forbid such observations (or "rememberances," as I have been calling them). To forbid such rememberances, to forbid the keeping of diaries recording the activities and words of others, to legislate whom such rememberances may be relayed to....arghhh! Such laws are a gross violation of the First and other Amendments.
So the question may be not whether we can prohibit others from doing so, by right, but whether we have right to attempt peacefully to *prevent* them from doing so? I.e., can the gov't forbid us from trying to protect our privacy by avaliable means, say, crypto?
I've always felt the strongest argument for complete and total freedom to use any and all cryptography is the First Amendment freedom to speak as one wishes without prior restraint. A cipher or code is just that, a _code_. Like speaking in French amongst other people who don't understand French, or using hand signals, or using a code book. Or whispering. As Ken Dam has said, we have the freedom to whisper in the ear of another; we have the same right to "whisper" over telephone or computer lines. (This great metaphor is usually attributed to Phil Zimmermann, but he told me he heard this from Ken Dam, the Washington area attorney.) As Cypherpunks, we understand that these "rights to privacy" are really about the ability to make private spaces, not some rights conferred by a magnanimous government. The anti-spam legislation now being proposed is profoundly unconstitutional. We haven't been discussing this much, but one of the main provisions of some of the proposed laws is the requirement that all e-mail have a clearly defined return address. This would likely be thrown out by the Supremes, pace the 1956 decision on anonymous political speech. Ditto for "spam" laws in general. And "campaign reform" laws, too. Canada is trying to get Web page political comments banned, and anonymous endorseements or critiques banned. This is the fever swamp one gets into if the First Amendment is finessed in any way. Straight rejection of any laws restrictiing speech or freedom of assembly or protection from search and seizure is the only way to go. Talk of "compromise" is a mistake. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net> writes:
Like speaking in French amongst other people who don't understand French, or using hand signals, or using a code book. Or whispering.
It amuses me to hear this from the ignoramus who preaches that there's no need for Americans to learn foreign languages. It also reminds of a recent case when Spanish-speaking nurses were disciplined for speaking Spanish in the presense of their supervisor who didn't understand it. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
The initial question has to be not how you protect rights, but how you define them. For example, we have a right to speak freely; there should be strict limits on government controls on free expression or the press. The state has unique powers of coercion. Similarly, there should be strict limits on government collection of personal data about its citizens.
This really depends how you look on the concept of government as a whole. I personally, as an anarchist, see this as a redundant argument however I think this point needs adressing. On government collection of data about citizens: If you favour a minarchist system of government and can envisage a government which commited no act of agression against its citizens, I do not see why you would be bothered about the government collecting data on citizens. Certainly government collection of data on citizens can allow restrictive and totalitarian governments such as those currently seen in the US and nearly all of Europe to fuck citizens over at will: Information is power. However, the whole point of cryptography is to protect information using mathematics, laws are not sufficient, nor indeed would they be the right solution. If you do support a system in which there is an entity that can be defined as the government, then it is your duty to keep private data you do not want them to know out of their hands. If information is freely available then you cannot expect to regulate or restrict its use by legislation.
But transactional privacy is a different matter. Sure, we may generally agree that privacy is the famous "right to be left alone,"
There is no such right. No-one forces you to submit your name and address to a company so it can be passed on and put of junk mail lists etc... You personally have to bear the responsibility of keeping information out of the hands of those you do not want to posess it.
Btw - Declan's summary of our views on privacy below are just silly. Many of the greatest defenders of First Amendment freedoms have also felt most strongly about the right of privacy. The question is always how you protect rights. Perhaps libertarians would do away with all laws that protect personal freedoms. Bad call.
This is at best a flawed analysis of the situation, at worst a dangerous manifestation of the "there should be a law" mentality. There is no such thing as a right to privacy, if you make information available you have to expect people to make use of it. As long as no-one forces you to make such information available you have no-one to blame for "misuse" of that information apart from yourself. All true law within anarchist, and indeed much minarchist belief derives from the non agression principle, by making use of freely available information about you I do not initiate violence against you, therefore I am guilty of no crime. Sure it is unpleasant to have your privacy violated, but it is your own choice whether you allow information to become available or not. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
Back to Tim's original point, I wonder if he knows that the P-TRAK data that Lexis/Nexis said was "public information" was actually taken from credit reports collected and sold by TransUnion. TU was able to sell the data because of a loophole in the Fair Credit Reporting Act. Sure, you post to the net that's public, but a lot of data collection is much more sleazy. I'd also appreciate some comment/criticism on the piece I did for Wired. My point was that in countries where there are legal rights to privacy it will be easier for technologies of privacy to flourish. I gave as examples the fact that PRZ was nearly indicted in the US while David Chaum was being applauded by the European Commission for building anonymous payment schemes. The OECD crypto policy drafting experience confirmed my suspicion. Let me also try to explain how the simple-minded First Amendment-privacy rights trade-off often misses the point about privacy claims. Consider the article about Judge Bork's video viewing habits back in 1987. Should Congress/the Courts prevent City Paper from publishing the article? Of course not. Could Congress/the Courts require video record stores not to disclose customer records without explict consent? You decide. For the hardcore free market types, take a look at Posner's *Economics of Justice.* There are good economic reasons for privacy laws, e.g. do you really want to negotiate with the telcos on a case-by-case basis whether they can sell the contents of your phonecalls? To be clear, I do believe that there should be laws to protect the right of privacy and that there should be an office within the federal government to advocate on behalf of privacy interests. I also believe that if such an agency had been established in 1991 when it was proposed, it would have been much harder for the government to push subsequently for digital telephony, Clipper, GAK, etc. Marc. At 12:12 PM -0400 5/31/97, Declan McCullagh wrote:
I'm now more awake than I was before, and a little less flippant, so let me try to respond to Marc's statement saying my summary of his "views on privacy below are just silly."
The initial question has to be not how you protect rights, but how you define them. For example, we have a right to speak freely; there should be strict limits on government controls on free expression or the press. The state has unique powers of coercion. Similarly, there should be strict limits on government collection of personal data about its citizens.
But transactional privacy is a different matter. Sure, we may generally agree that privacy is the famous "right to be left alone," but how does that extend to what happens when I make an affirmative choice to connect to a web site that might record some info about my visit -- as an alternative to charging me? Nobody's forcing me to visit that site. That's why I'm starting to come around to the idea that privacy is not a universal right but a preference. We need a market in privacy, not inflexible FTC rulemaking.
Oh, and the much-touted European Privacy Directive has made it near-impossible to exchange employee information between branches of the same firm that are physically in different countries. Bad move, Eurocrats.
-Declan
On Sat, 31 May 1997, Marc Rotenberg wrote:
People who are interested in why I am pro-individual freedom but not anti-government should take a look a my piece in Wired "Eurocrats Do Good Privacy." [4.05]
I spent a year working for a good crypto policy at the OECD. During that time I watched European government officials argue for constitutional freedoms and against key escrow, while business representatives quietly backed the US GAK plan. Welcome to the real world.
Marc.
Btw - Declan's summary of our views on privacy below are just silly. Many of the greatest defenders of First Amendment freedoms have also felt most strongly about the right of privacy. The question is always how you protect rights. Perhaps libertarians would do away with all laws that protect personal freedoms. Bad call.
At 3:21 AM -0400 5/31/97, Declan McCullagh wrote:
Unfortunately, Tim is letting a rant get in the way of reality. A shame, really, for he's capable of better. Let me respond. I may not be very cordial. We lost tonight's soccer game (goddamn wimpy libertarians) and went to some cheezy Crystal City sports bar afterwards. I just got back home, and it's 3:20 am...
Anyway, Rotenberg and EPIC are not the Uber Enemy. Rather, they disagree with cypherpunk and libertarian positions on some issues. So we have issue-by-issue alliances with them. Let's break it down:
------------------------------ CRYPTO: EPIC takes a purist civil liberties approach to crypto. They've been the ones criticizing the SAFE "crypto in crime" provisions. Did the latest VTW alert sent out today even mention that portion of the bill, let alone criticize it?
ANONYMITY: No other group in DC is such a staunch supporter of online anonymity publicly, though look for something from Cato soon. In fact, I linked to EPIC's copy of the McIntyre decision for my Friday Netly piece. Many business groups don't like anonymity online -- hurts the marketeers.
FREE SPEECH: EPIC is co-counsel in ACLU lawsuit against CDA. I believe they've said some of the anti-spam legislation is unconstitutional.
FOIA: David Sobel does fabulous work snagging government documents the spooks don't want released.
PRIVACY: EPIC wants more Federal involvement to protect privacy and a Federal Privacy Commission (or something similar). Lots of laws, bureaucracies. Though EPIC does realize there's a First Amendment; other privacy groups are even more aggressive. EPIC is of course on the side of libertarians when it comes to government violations of privacy. ------------------------------
From a libertarian perspective, EPIC is good on everything but privacy. On that they want Big Government solutions.
But that doesn't mean we reject and condemn what they do on other issues. Do we reject Eagle Forum's anti-Clipper endorsement because they're a bunch of ultraconservative wackos? Do we reject the National Organization for Women's position on the CDA as bad because they're a bunch of ultraliberal wackos? How about the National Association of Broadcaster's amicus brief against the CDA? The Christian Coalition rejecting a national ID cards and numbers? Ralph Nader wanting open access to government databases?
No. We don't. Instead, we address this issue by issue. EPIC and Rotenberg are not always, but are often, our allies.
-Declan
On Fri, 30 May 1997, Tim May wrote:
I suppose I am developing a reputation amongst the Inside the Beltway
Cyber
Rights Groups (tm) as a pain in the ass, but nearly everytime I see one of their chief spokeswonks giving a policy statement I realize they are "not on my side."
The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases.....
Incredible. Does he propose investigations of private data gathering? Perhaps search warrants served on those who take public postings and construct data bases?
Look, I'm annoyed by getting 5-10 "unwanted" spam messages a day. But I realize the "spammers" are merely taking publicly available (= legally available, as 99.99% of all such information is) information and using legal channels to contact me. I may not "like" it, but their behavior is as legal as someone calling me on the phone.
(And ny nearly any measure of hassle factor, dashing to get to the phone only to find it's a salesman selling something I don't want is worse than any 20 unwanted e-mail messages.)
So, Marc Rotenberg wants Congress to "look into" (= interfere with) compilation and use of public information.
These people are NOT our allies.
--Tim May
There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
================================================================== Marc Rotenberg, director * +1 202 544 9240 (tel) Electronic Privacy Information Center * +1 202 547 5482 (fax) 666 Pennsylvania Ave., SE Suite 301 * rotenberg@epic.org Washington, DC 20003 USA + http://www.epic.org ==================================================================
-----BEGIN PGP SIGNED MESSAGE----- In <v03007801afb61ffec219@[207.172.96.178]>, on 05/31/97 at 03:02 PM, Marc Rotenberg <rotenberg@epic.org> said:
For the hardcore free market types, take a look at Posner's *Economics of Justice.* There are good economic reasons for privacy laws, e.g. do you really want to negotiate with the telcos on a case-by-case basis whether they can sell the contents of your phonecalls?
<sigh> It's really a shame when Socialist/Statest try to use the "free market" to justify big government. Your example is *not* how the free market would address the issue. If the Telco's tried to sell the contents of indivdule's phone calls there would be an increased demand for encrypted phones. This demand would then be met by the electroins/communication industry (granted there would be some lag time between the initial selling of phone contents and the first crypto-phones getting to market but hey nothings perfect). Now if we had a truely free market in the Telco Industry the consumer would have the choice between several telco compaines to deal with. If one decided to start selling recordings of its customers phone conversations it's customers would leave in droves to its competition. This is just simple economics 101. You can't have a free society in a socialist, federally regulated economy. More government agencies, rules & regulations are *NEVER* a solution. It's an intresting side note that the reason why the Cell Phones in this country do not use strong crypto is because of the intervention of the FCC and associated Federal LEA's. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM5CAc49Co1n+aLhhAQGRRwP+M5pdhLEsaGqzkdCf2KJRlTOLAlQ5tpaK GO9E05WETO2HW51jbo4mC7JZW84MYWYnD3buHJctHgCzcE0Axwnt5FxwDUygKhD7 GGILhaXQvL1UQ23sOFYnKNPqPIfyIgdehVl7RJDwa8EuYbqtO8MkdUQc7Do5GnIC cBjK8ysHizo= =lr/x -----END PGP SIGNATURE-----
"William H. Geiger III" <whgiii@amaranth.com> writes: |It's an intresting side note that the reason why the Cell Phones in this |country do not use strong crypto is because of the intervention of the FCC |and associated Federal LEA's. Not that it would have mattered except to scanner owners with too much time on their hands. The LEAs can intercept at the cellular base station where the air segment traffic is decrypted. This is true for GSM, TDMA, and CDMA. True security requires end-to-end encryption. While slightly possible for mobile-to-mobile calls where each phone has the encryption engine, it all breaks down if the base station doesn't preserve a digital pathway all the way through. Most base stations do tandem vocoding for mobile-to-mobile connections as it's the easiest engineering solution. For mobile-to-landline, the landline options are decidely minimal. If you go with STU-III you have the problem of a fixed-rate 4800 baud modulation sucking up bandwidth. That could be put in the base station but then the path is no longer end-to-end. /pbp
Paul Pomes wrote :
"William H. Geiger III" <whgiii@amaranth.com> writes:
|It's an intresting side note that the reason why the Cell Phones in this |country do not use strong crypto is because of the intervention of the FCC |and associated Federal LEA's.
Not that it would have mattered except to scanner owners with too much time on their hands. The LEAs can intercept at the cellular base station where the air segment traffic is decrypted.
While your point about link versus end to end security is certainly most important, LEAs have a long track record of illegal, or at least unofficial, warrentless interceptions. And they have bought lots of high end scanners (ask any ICOM dealer). Interception via the Digital Telephony mandated interfaces is supposed to handled by a telco employee under the Digital Telephony act provisions and as such is logged and on record, whilst nobody is the wiser about radio link interceptions. And it is a lot easier to get a wiretap warrent when you've already got some evidence from a "very reliable confidential informant". I don't doubt that the NSA and CIA and other related agencies have methods of using backdoors in switch and cross connect software to bypass the Telco people who are supposed to be logging the wiretap, but law enforcement in general is much less apt to have access to these highly sensitive and classified entry points which necessarily are closely guarded. And of course nothing in US law does any good for TLAs operating elsewhere, even though the hardware is the same or similar.
For mobile-to-landline, the landline options are decidely minimal. If you go with STU-III you have the problem of a fixed-rate 4800 baud modulation sucking up bandwidth. That could be put in the base station but then the path is no longer end-to-end.
Unfortunately nobody has addressed this little issue. Cellular IP connectivity in its various flavors may help, but then you get into the worst case latency and related queueing issues that makes data type connections unpleasant for high quality voice. And the person using the cellphone has to have an external encryption and vocoding box even though the phone has all this built in. Of course it would have been possible to accomadate this if there had been a market.... In fact it would be technically possible to offer a secure end to end service connecting to existing encrypting digital cellphones based on letting the party at the POTS end, armed with suitable software on a PC, decrypt and demodulate the voice. The carrier would merely pass standard encrypted voice packets back and forth between the cellphone and the PC, persumably over a standard wireline modem to the PC. Might be rather strange, but modern PC hardware should be able to handle this kind of compute load easily. I don't know if there is any provision in current cellphone firmware for negotiating a voice privacy key in such a way that the carrier would not know it, but I suppose that something could be developed. Or alternatively special cellphone firmware could be developed that would complete a special class of data connection to the POTS end and shovel the existing vocoded voice packets back and forth under a DH negotioted key. For the cell carrier this would be a special (low latency, fixed bandwidth, in order delivery) grade of data connection which could be used for all kinds of things, but for the cellphone user it would obviate the need for an external secure telephone and would allow even small hand held digital cellphones to communicate securely end to end. And the POTS end could be either a PC or a secure handset based on cellphone technology that would be also useful for secure calls on wireline connections. But I guess I dream, as there are those who would not appreciate this...
/pbp
On Sat, 31 May 1997, Marc Rotenberg wrote:
Let me also try to explain how the simple-minded First Amendment-privacy rights trade-off often misses the point about privacy claims. Consider the article about Judge Bork's video viewing habits back in 1987. Should Congress/the Courts prevent City Paper from publishing the article? Of course not. Could Congress/the Courts require video record stores not to disclose customer records without explict consent? You decide.
Well, this may merely point up the fact that next to government--or perhaps more than gov't--the greatest threat to privacy is the existence of a free press. That trade-off may be simple, but "simple-minded" seems a little strongly put. As for Posner, who's often good for a laugh, particularly when taken out of context, his point so often reduces to a simple one itself: Which is easier (cheaper, more efficient, etc.), law or the market? Given that perfection in markets, as in golf and most other things, is unattainable, sometimes we shall have to resort to law, as in the "negotiating with the telephone company" example. But I think these are exceptions to Tim's points, not necessarily invaliations of them. MacN
Marc Rotenberg <rotenberg@epic.org> writes:
Let me also try to explain how the simple-minded First Amendment-privacy rights trade-off often misses the point about privacy claims. Consider the article about Judge Bork's video viewing habits back in 1987. Should Congress/the Courts prevent City Paper from publishing the article? Of course not. Could Congress/the Courts require video record stores not to disclose customer records without explict consent? You decide.
This law is unenforceable. If you want to rent porn videos and you have some brains (the two may be mutually exclusive...) you'd pay cash and make the transaction totally anonymous. Should there also be a law against grocers keeping track of who's buying what? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
At 12:02 PM -0700 5/31/97, Marc Rotenberg wrote:
Back to Tim's original point, I wonder if he knows that the P-TRAK data that Lexis/Nexis said was "public information" was actually taken from credit reports collected and sold by TransUnion. TU was able to sell the data because of a loophole in the Fair Credit Reporting Act. Sure, you post to the net that's public, but a lot of data collection is much more sleazy.
In my view, the Fair Credit Reporting Act is an unconstitutional restriction on my right to compile records as I see fit.
Under the FCRA, if I take newspaper reports and public filings, for example, of someone's bankruptcy in 1985 and make this part of "Tim's Credit Evaluation" of that person, I have violated the FCRA.
(I believe the current "limit" for such "rememberances" is 8 years. Why should the government have any ability to tell me I must "forget" records older than 8 years? In fact, what part of "Congress shall make no law..." do they not understand?)
It's an interesting argument. I don't agree, though you can certaintly try it. But more to the point of your original post, is the information that TransUnion sold to Lexis/Nexis for P-TRAK "public information"? If yes, what is private information?
More to the point of the Cypherpunks list--and this is something we talked about at the very first physical meeting, almost 5 years ago--it will become increasingly easy for the FCRA to be bypassed with offshore data havens. . . .
I know all these arguments. Some people said not to worry about passage of the CDA since it couldn't be enforced. Nice thought. Fortunately, ACLU, EPIC, et al challenged it in court.
I'd also appreciate some comment/criticism on the piece I did for Wired. My point was that in countries where there are legal rights to privacy it will be easier for technologies of privacy to flourish. I gave as examples the fact that PRZ was nearly indicted in the US while David Chaum was being applauded by the European Commission for building anonymous payment schemes. The OECD crypto policy drafting experience confirmed my suspicion.
I seldom read "Wired," so I didn't see this one. But the issues of Europe vs. the U.S. are notoriously complex. For every "Europe is better" point, such as not applying pressure to PRZ, there are the obvious counterpoints, such as Compuserve being prosecuted in Germany, the nearly full ban on crypto in France, the extradition of an American neo-Nazi publisher from Belgium to Germany, and so on.
I agree that there are real threats to cyber freedom in Europe. I'm not saying otherwise. But my point is that anonymous remailers and the like will have a better future in countries that recognize a right of anonymity as opposed to those that don't.
And as for Chaum and Digicash, Digicash is now in Silicon Valley. No firm conclusions can be drawn one way or another.
Yeah, right. And the Euro countries are pushing just as hard for key escrow as the US govt.
Oh, and as for privacy in Europe, I'll remember how much they cherish privacy the next time I'm required to leave my passport with the hotel front desk (Europeans confirm that the police compile lists each night from said deposited passports). They were still doing this in 1983 when I spent 6 weeks travelling through Europe; and it wasn't to ensure I'd pay my bill, as they had my credit card stuff for that.
Fine. And I almost got arrested two weeks ago (May 1997) walking out of the Library of Congress cause I didn't want to fill out a form with my name and the serial number of my computer.
Let me also try to explain how the simple-minded First Amendment-privacy rights trade-off often misses the point about privacy claims. Consider the article about Judge Bork's video viewing habits back in 1987. Should Congress/the Courts prevent City Paper from publishing the article? Of course not. Could Congress/the Courts require video record stores not to disclose customer records without explict consent? You decide.
The best solution is neither of these options: Video rental stores don't need True Names except to collect on unreturned tapes. (They might _like_ True Names, or at least mailing addresses, for advertising reasons, but they don't _need_ them, and, like Radio Shack, will not make it a requirement for a transaction.)
As with other such items, deposits work well here. My localvideo store does not require true names, so long as a sufficient deposit is left for each tape. Most persons use credit cards as the "return guaranty." Note also that credit cards need not be in the true name of anyone, via various options, much discussed on various lists.
I agree completely with this. I/EPIC have a strong preference for anonymous transactions. And we've been fighting this one in DC practically alone for a long time. The question is what are you going to do with companies that won't let you buy a product unless you provide your True Name? One of the consequences of legal obligations on companies that collect personal information might be to encourage more payment anonymous, psuedo-anonymous payment schemes. Wouldn't that be a good result?
To be clear, I do believe that there should be laws to protect the right of privacy and that there should be an office within the federal government to advocate on behalf of privacy interests. I also believe that if such an agency had been established in 1991 when it was proposed, it would have been much harder for the government to push subsequently for digital telephony, Clipper, GAK, etc.
I don't believe there should be such laws, obviously.
And more importantly, strong crypto provides numerous monkeywrenchings of such laws.
Pass a law requiring return addresses on all messages....the effect will be to move the spam sites offshore. Then what do you do?
I think I've answered this above. Yeah, you can always break a law, and you don't have to move offshore to do it, but laws still matter.
(When EPIC and ACLU figure out the real implications of strong crypto, look for them to talk about "compromises" on access to strong crypto....hey, maybe SAFE is an indication they've started to realize what is coming.)
I'm not quite sure what this means, but if Tim knows any group in DC that has fought harder for strong crypto, I'd like to know who it is. Marc.
At 2:33 PM -0700 5/31/97, Marc Rotenberg wrote:
It's an interesting argument. I don't agree, though you can certaintly try it. But more to the point of
Oh, I don't intend to "try it." The Supreme Court is far past ever restoring basic constitutional rights. Instead of "trying it," better to monkeywrench it.
Don't give up on the Supremes. There was at least one good decision this year that you should care about, Chandler v. Miller, striking down the Georgia drug testing requirement for public officials. Justice Ginsburg said in an 8-1 opinion that there was no "symbolic value" exception to the Fourth Amendment. It was the first time the Court struck down a drug testing law. And the case was brought by the Libertarian Party in Georgia. Credit where credit is due.
your original post, is the information that TransUnion sold to Lexis/Nexis for P-TRAK "public information"? If yes, what is private information?
It all depends on what was agreed to, tacitly or explicitly, in the process of applying for and accepting a credit card. I seem to recall "agreeing to" multiple pages of fine print about how and to whom information could be disclosed. That most of us ignore such fine print is our problem....I don't think there's been any allegation, even by you, Marc, that what Equifax is doing with credit information is breaking either the contract or any existing laws. You just want a new set of laws to do what contracts are perfectly capable of doing. Those who want protection of information disclosed to others should, of course, make such arrangements.
Sure, and the fine print could say that you waive your right to vote, your first-born male child will be sold into slavery, etc. Fortunately, the law doesn't permit this. Btw, I didn't say Lexis/Nexis was breaking a law. I said they were exploiting a loophole in a law, which is exactly right.
(And such arrangements are made all the time. Examples abound.)
That such arrangements for a "privacy card" are not easy to make is not an issue for the law to meddle with. In fact, many of us think there's a market for just such a "privacy card," and, absent meddling by government, expect such a card to appear
Keep me posted. If legislation is threatening a good technical solution, I'll be the first to blow the whistle.
I agree that there are real threats to cyber freedom in Europe. I'm not saying otherwise. But my point is that anonymous remailers and the like will have a better future in countries that recognize a right of anonymity as opposed to those that don't.
Despite my dislike of most of what passes for the American system, I'll take the protections of the First, augmented with the 1956 "anonymous leafletting" Supreme case, over the "ad hoc" protections nearly all Europeans have (or don't have).
The case is MacIntyre v. Ohio (1995), affirming Talley v. California (1960). I agree that MacIntyre is very important. We keep citing it in our arguments in support of techniques for anonymity. That's another example of why law matters.
The question is what are you going to do with companies that won't let you buy a product unless you provide your True Name?
The answer to this is both simple and profound. You have heard the answer many times, but you probably dismiss it as just libertarian rhetoric. . . . But I submit that the hypo of a company refusing to sell a product unless a True Name is given is unlikely in the extreme, and is not any kind of justification for a new set of so-called privacy laws which actually interfere with other basic rights.
What about web sites denying access without registration? I'm not going to argue the adequacy of contract for resolving privacy issues with you. I know you have a deep belief that uncoerced market relations are the norm. I'll respect that. But I have a different view. I don't want people exercising privacy rights to be discriminated against. I don't want them to have pay extortionate rates to protect their identity.
One of the consequences of legal obligations on companies that collect personal information might be to encourage more payment anonymous, psuedo-anonymous payment schemes. Wouldn't that be a good result?
If privacy is important to an agent, make it part of the contractual arrangement. Again, this is already done in a huge array of cases.
It's an interesting view. I could say, with probably more support: "If privacy is important to an agent, make it part of the statutory arrangement. Again, this is already done in a huge array of cases." (Credit reports, bank records, video rental records, cable subscriber records, telephone calls, etc) What examples do you have where privacy is included in a contractual arrangement? Marc.
At 5:01 PM -0700 6/1/97, Robert Hettinga wrote:
At 9:05 pm -0400 on 5/31/97, Marc Rotenberg wrote:
Keep me posted. If legislation is threatening a good technical solution, I'll be the first to blow the whistle.
Bunk.
If you want Marc R. to read your message, you really should cc: him on it. I don't think he's subscribed to the Cypherpunks list (though I could be wrong). I am adding him back on as a cc: to this message (I would've cc:ed him on my original "Rotenberg as the Uber Enemy" message a few days ago, had I known he would join in the discussion later).
The actual contribution of Mr. Rotenberg and his organization to the cause of freedom on the net, in this country, and around the world, can be found precisely in a competant analysis of above bit of semantic nonsense. That is, it is nil, if not negative.
Actually, I plan to take Marc at his word if such a situation comes up and EPIC is still involved in such lobbying. For starters, the "all e-mail must have a valid return address" legislation already being proposed (I know of bills by Barbara Murkowski of Alaska, and Denny Smith of Oregon; there may be others) is not only "anti-liberty," in the libertarian sense, and in the Supreme Court sense (McIntyre), it is also a *disincentive* to various digital technologies. It would put remailers in the U.S. out of business (we think, though it depends on the precise language of what a "return address" really means...employment for entire floors of lawyers at the Internet Regulatory Commission, no doubt). Likewise, EPIC can and should announce that it will not support SAFE if any form of criminalization language remains. We would not find it acceptable to have a law which encouraged the placement of microphones and cameras in private homes, "voluntarily," but which then said "Anyone who does not participate in the Voluntary Safe Surveillance Program and who is found to have committed a crime furthered by the failure to volunteer shall be subjected to additional imprisonment of at least 5 years." This is what the criminalization of crypto is all about. It is not, as is so often suggested, analogous to "use of a gun" in a crime, nor to "use of the public mails." It is much closer to the examples I cite, language and religion, than to use of a publicly-regulated monopoly like the telephones or the mail. The gun situation is presumably related to the threat of bodily harm...I'm not saying I agree with "use a gun, go to prison" sentencing enhancements, but a stronger case can be made than for "use a cipher, go to prison. So, Marc can immediately prove the honesty of his point by: a. denouncing any "return address" requirements and refusing to cooperate with any Congressthing who espouses such wrong-headed ideas b. denounce SAFE if it has any hint whatsoever of criminalization of crypto (Or of any of the (apparent) language about technical review panels deciding on exports...this is, to many of us, a code phrase indicating that SAFE will by no means make export of arbitrarily unbreakable ciphers an automatic process.) As I've said in other essays on SAFE, all that is needed to accomplish the goals of SAFE--the PR goals of SAFE, not the current language!--is this statement: "Computer software shall have the same status as any other written material: it shall not be subject to any laws regarding possession, sale, or export." Come to think of it, the First Amendment already states that Congress shall make no law. As for exports, the First has been applied to show that Congress cannot decide which books, magazines, movies, etc., may be exported. (And the Bernstein and Junger cases may soon consolidate the status of this interpretation for software.) So what do we even need SAFE for? Why give them any hooks, any "use of crypto in furtherance of a crime" language?
Given his past outrageous failures, and his persistant attempts to waste whatever reputation he now has left, remarks like the above finally prove the trust people had for him and the organizations he has run was completely misplaced. A reputation, I might add, literally *donated* to him by thousands of people and companies, who all believed in and trusted him *personally* to keep the Uncle Sam the Inquisitor out of their lives on the net. He has now squandered all of it with the demonstrable cluelessness found in the above bit of self-serving emeticism.
Bob actually makes me appear charitable toward Marc! I agree with Bob that EPIC, CDT, VTW, EFF, CPSR, and the other alphabet soup players are just plain old lobbyists, pure and simple. Who they are lobbying _for_ has never been clear to me, despite their public statements and charters. Being a rejectionist, I don't see the point of dealing with Congress. The usual view is that "If you don't get involved, things will be even worse." I'm not convinced of this. It's often better to not lend them any support, not lend them any technical expertise, and devote all energies to undermining and challenging their actions later. And helping them draft legislation only feeds the process. I think it was George Carlin who said, "If you think you're part of the solution, you're part of the problem."
Tim May has said it here before, but it bears repeating. The way a "lobbyist" stays in business is to threaten an otherwise innocent group of people with the power of real or imagined legislative coersion. The "constituents" then pay extortion to the legislature in the form of outright campaign contributions through a political action comittee, or by showing up at "voluntary" fundraisers on behalf of collusionary legislators, or through soft-dollar labor ("research", for instance) that ....
(good explanation of D.C. politics elided) Every one of the 535+ Congresscritters has a large staff (dozens? multiple dozens?), whose purpose is to feed the machine. As Bob notes, when funds gets low the legislators can threaten legislation. They may even convince themselves its a good idea. And they have various other contributors and pressure groups jockeying for laws and favors. It's all very nearly hopeless. And the cancer has spread nationwide. Just in my local community there are half a dozen jurisdictions, several "City Halls," multiple police forces (overlapping in territory covered), hundreds of new and byzantine rules every month, more fees, more inspectors, etc. As but one example, we're drilling a new well to replace our old well....the County wants $1000 to send a guy out to nod his head and initial our request--and with no guarantee they'll approve the well. More fees are needed for that. This is just plain robbery, though pro-government folks would likely say it is some kind of "pay as you go" reform (as in "We have a 6-story County Administration Building and 753 people on the payroll to pay for...so why shouldn't we extort a grand from you to help pay for it?"). There are so many laws it's impossible to know which laws I'm breaking. I carry a Benchmade AFCK folding knife clipped to my pants pocket. In Santa Cruz proper the law says that such a knife is considered "concealed" if clipped so that only the clip shows, whereas in Santa Cruz County, outside the city limits (though maybe the laws just cancel out inside?) the interpretation allows knives to be carried in pockets. And in some other local areas, the clip doesn't have to be visible. (And in some places, a knife worn "openly" is considered "brandishment.") Further, violations of these confusing and often contradictory knife laws are _felonies_, not misdemeanors (the felony status of knife law violations, where gun violations are often misdemeanors, is said by experts in rec.knives and in my gun magazines to come from the time when "niggers and spics" carried switchblades, concealed knives, dirks, buckle knives, etc., while "gentlemen" carried derringers and small revolvers for protection...so the law came down hard on the knife-carrying spics and niggers and the heritage is with us today. It's getting to where I need a CD-ROM and GPS mounted in my truck telling me: "You are about to cross into the jurisdiction of Burgville, California. The following items are illegal and must be disposed of or moved to a locked container: ..." This explosion of rules, statutes, licenses, laws, regulations, and limitations is being fed by the multiple City Councils, Boards of Supervisors, County Commissioners, City Managers, and hordes of burrowcrats (sic, and sick, too) infesting the multi-story "government" buildings in every small town and county. Not to mention entire cities devoted to lawmaking, like Sacramento, Albany, Washington, etc. The simple question to ask is this: Why do we need several thousand rule-generating and lobbyist-seeking governments? Why do we need governments at the neighborhood level, the township level, the city level, the county level, the state level, and the national level? (And the meta-national level, with the U.N, World Court, OECD, etc.) I could comment more on Bob's other points, but I think you all get the picture. Things are way out of control. Not because of any intrinsic evilness on the part of the bureaucrats, but just for purely systemic reasons. This has to change, and it can't be changed from within....the rules won't allow it. The change has to come from outside, probably from some severe jolts applied to the system. No, I don't mean blowing up Washington, or even a few buildings. Much as I might like to see D.C. vaporized, such jolts are not what I am thinking of. Undermining the institutions of government with strong crypto is one of the jolts. There are others. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 12:31 AM 6/2/97 -0400, Marc Rotenberg wrote:
Great plan. I'll watch TV and let Congress pass a bill requiring mandatory identification for Internet users. Really clever.
First of all, such a bill will be passed regardless of what you or anyone else does. The only question is when. You may be able to delay passing of this bill for a few years, perhaps even a few decades, but pass it will. So let us turn to the more relevant question: is it better for such bill to pass now or ten years from now? It may seem obvious that the answer is "ten years from now", but I feel that it not nearly as obvious as it seems and in fact may even not be correct. Ten years and a few Sarin attacks on American subways and other Reichstag Fires later, such a bill will pass with the full backing of Joe Sixpack and Jill Soccer Mom. The passing will be a formality. If, however, Congress was to pass such a bill now or in the very near future, the population would recognize the law for what it is: yet another fascist powergrab. Which in turn might trigger the exercise of certain recall provisions available to the citizens of the US thanks to the Bill of Right. It is up to each of us to decide which of these two possible futures is "better". --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. Put a stake through the heart of DES! Join the quest at http://www.frii.com/~rcv/deschall.htm
Lucky Green writes:
At 12:31 AM 6/2/97 -0400, Marc Rotenberg wrote:
Great plan. I'll watch TV and let Congress pass a bill requiring mandatory identification for Internet users. Really clever.
First of all, such a bill will be passed regardless of what you or anyone else does. The only question is when. You may be able to delay passing of this bill for a few years, perhaps even a few decades, but pass it will.
So let us turn to the more relevant question: is it better for such bill to pass now or ten years from now? It may seem obvious that the answer is "ten years from now", but I feel that it not nearly as obvious as it seems and in fact may even not be correct.
Ten years and a few Sarin attacks on American subways and other Reichstag Fires later, such a bill will pass with the full backing of Joe Sixpack and Jill Soccer Mom. The passing will be a formality.
If, however, Congress was to pass such a bill now or in the very near future, the population would recognize the law for what it is: yet another fascist powergrab. Which in turn might trigger the exercise of certain recall provisions available to the citizens of the US thanks to the Bill of Right.
It is up to each of us to decide which of these two possible futures is "better".
If those were the only two futures, you'd be right. However it's more likely that if an 'Internet drivers license' bill passed next week, Joe and Jill wouldn't care. They're not on the Net anyhow, and they already know (by reading _Time_ and watching TV) that the Net is full of hackers and porn. An Internet Drivers License would help authorities crack down on hackers, or so the tv would tell Jack and Jill (and they'd beleive it). In addition, few people care about anonymity. Jack and Jill certainly dont. Try explaining why net users should be allowed to be anonymous to someone who barely understands the net. Like your parents for example. If an 'Internet drivers license' bill passed next week, it'd take at least a year to get it repealed (probably much longer). During that time, if the government wished to do so, it could stage any number of provocative acts, blame them on 'Internet Terrorists', then get James Kallstron on tv to announce that the 'Terrorists' have been caught via their Internet Drivers Licenses. -- Eric Murray ericm@lne.com Privacy through technology! Network security and encryption consulting. PGP keyid:E03F65E5
-----BEGIN PGP SIGNED MESSAGE-----
If an 'Internet drivers license' bill passed next week, it'd take at least a year to get it repealed (probably much longer). During that time, if the government wished to do so, it could stage any number of provocative acts, blame them on 'Internet Terrorists', then get James Kallstron on tv to announce that the 'Terrorists' have been caught via their Internet Drivers Licenses.
We've had telephones for more than 100 years with no "telephone driver's license". We've had letter mail for several hundred years with no "mail driver's license." We've had television for more than 60 years with no "television driver's license" (except in your commie countries like the UK. There is little chance that such a law would pass and no chance that it would be effective if it did. The Feds can't even effectively prevent the anonymous holding of driver's licenses, cars, bank accounts, credit cards, and cellular telephone accounts in America. And all of those are much easier to mandate than an Internet Driver's License. For one thing, an Internet Drivers License would require the drafting, writing, and running of encrypted authentication protocols (to deny service to non license holders) but those who control the Nets (us) couple piggyback on those same protocols to dodge licensure. Think about it. An Internet Driver's License could only license a connection not communication itself (1st Amendment) and a single Net connection can connect to a network that is big on the other side as the rest of the Net itself. Cheating is way too easy. DCF -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQCVAwUBM5MbNIVO4r4sgSPhAQFn1QQAhqE21GSZBjOt/1yeDRdLNo4i06INK62B bvHyxKVHdJqJkasWNJ2qrPA8uVliBx5Q/sQqrxK7w2usq0eaaZm7NEHQpaurIa8n 2mTdbS4LCIc1KKGjc+jBYYbGS41khvOaEwza6EZgCUJl5zZCzMd3OYr47FSP7u4i G47pefLJSI0= =e23e -----END PGP SIGNATURE-----
Duncan Frissell writes:
If an 'Internet drivers license' bill passed next week, it'd take at least a year to get it repealed (probably much longer). During that time, if the government wished to do so, it could stage any number of provocative acts, blame them on 'Internet Terrorists', then get James Kallstron on tv to announce that the 'Terrorists' have been caught via their Internet Drivers Licenses.
[...]
Think about it. An Internet Driver's License could only license a connection not communication itself (1st Amendment) and a single Net connection can connect to a network that is big on the other side as the rest of the Net itself. Cheating is way too easy.
From a government standpoint it's ok if it's basically unenforceable, because it makes a nice "dual-use" tool: if someone the government doesn't
Oh, I'll agree with that. I think that governments will do it anyhow. like is using a forged IDL, they can be busted for that. Remember, wiretaps to gather evidence are now legal if they're "in good faith". All it takes is one mention of your forged IDL, or a slip in your code, and the secret's out. If they do use a valid IDL, then they're traceable and can be traffic-analyzed into revealing their "co-consiprators", then busted. Of course these techniques will only be used against terrorists, never against freedom fighters. -- Eric Murray ericm@lne.com Privacy through technology! Network security and encryption consulting. PGP keyid:E03F65E5
At 6:05 PM -0700 5/31/97, Marc Rotenberg wrote:
What examples do you have where privacy is included in a contractual arrangement?
- a lender agrees to transfer the information provided only to specified parties, and not to the newspapers . . .
Good examples. Many are codified in statue, created by common law, industry practice, or professional obligation. Virtually none are tied to specific, negotiated contracts. One of the biggest problems with libertarian theories is that they are descriptively flawed as applied in the real world. In practice, perfect markets rarely exist, laws do protect rights, and there are a lot of efficiencies -- economic, technological, and otherwise -- in promoting the highest level of safeguards across similar activities, e.g. you get into a car, you expect that the brakes will work. You don't express a negotiated preference for how much you want your brakes to work. I don't mind the criticism if you think we're saying or doing something that really is bad for privacy, but a bunch of political rhetoric isn't worth much. And if you don't think we're not busting our butt to protect the rights of people to use strong crypto, you have no idea what's going on. Marc.
At 11:27 PM -0400 5/31/97, Tim May wrote:
At 7:27 PM -0700 5/31/97, Marc Rotenberg wrote: One of the biggest problems with critics of libertarian theories is that they falsely claim libertarians believe that each and every action during each and every day by each and every agent involves complex contracts.
What we are talking about here is whether there's a need for new laws to, using your specific example, stop companies from asking for personal information.
You argued that such safeguards were routiney found in freely negotiated contracts. I responded that such safeguards were more likely found in legal arrangements, industry standards, and professional obligations.
What libertarians, and hopefully other freedom-seeking people, would argue is that government should not be interjected into mutual negotiations if at all possible. This applies to Alice and Bob negotiating some transaction, and it applies to Alice and Safeway, and to Safeway and Apple.
Again, I don't disagree with the aspiration. We simply disagree on how well it works on practice.
Citing the straw man that libertarians believe every driver must negotiate a contract about how his brakes are to work has nothing to do with this basic point.
It has a lot to do with privacy standards on the net, the role of markets, and the way safeguards will develop.
As for the "rights of the people to use strong crypto," there are currently no restrictions *whatsoever* on crypto use. SAFE will, of course, add a criminalization angle to crypto use, which is a step in the wrong direction. Once the Legislature gets its hands on crypto use at all, the way is made easier for later extensions and clarifications of the rules. Imagine the equivalent situation with free speech or religion: "No American may be denied access to the religious beliefs of his choosing, but the practice of non-Christian religious acts in connection with another crime will expose the pagan to a mandatory 5-year increase in imprisonment."
That's a fair criticism. EPIC and ACLU are still prepared to oppose SAFE. For the record, EPIC was the group that opposed the criminaliation provision, and organized (with the ACLU) the effort to change it. We had a big problem with other DC groups who (a) didn't want to even publicize the issue and (b) discouraged companies and individuals from supporting our effort. But I'm not thrilled about it, and I won't bullshit you that it was some brilliant compromise. We did as much as we could. We'll try to do more.
A better tack is to take a rejectionist, no compromise stance toward any proposed legislation which would in any way limit or criminalize crypto use. Rely on the First Amendment.
We may still do this. And it's exactly what we did during the debate on Digital Telephony.
This would leave EPIC, VTW, CPSR, EFF, etc. with very little to do, of course, but that is as it should be.
IF NSA, FBI etc are going to being around, we'll be around. And who, btw, do you think is going to bring those First Amendment cases to protect Constitutional rights?
But, then, I quit the NRA because they were too namby pamby about the Second Amendment. I place more faith in my assault rifles than I do in the criminals in D.C. McVeigh may have killed too many innocents, looking back on OKC, but he generally had the right idea about hitting the power centers of the police state.
You lost me on that one. I've lived in one of the highest crime districts in the country. I've had handguns waved in my face. I've seen children lying dead in the street from gunfine. I have no sympathy at all for the turret-hole view of the world. But I accept your right to express your views and will defend that right against any government that seeks to limit your rights. That is my view of what the First Amendment is about. Marc Rotenberg. ================================================================== Marc Rotenberg, director * +1 202 544 9240 (tel) Electronic Privacy Information Center * +1 202 547 5482 (fax) 666 Pennsylvania Ave., SE Suite 301 * rotenberg@epic.org Washington, DC 20003 USA + http://www.epic.org ==================================================================
I don't mind the criticism if you think we're saying or doing something that really is bad for privacy, but a bunch of political rhetoric isn't worth much. And if you don't think we're not busting our butt to protect the rights of people to use strong crypto, you have no idea what's going on.
Then I guess, to the extent you support the criminal crypto provision--and you do--then I don't know what's going on. I mean, man, I don't know what's going on. MacN
-----BEGIN PGP SIGNED MESSAGE----- In <v03007800afb68a25627d@[205.177.146.237]>, on 05/31/97 at 10:27 PM, Marc Rotenberg <rotenberg@epic.org> said:
At 6:05 PM -0700 5/31/97, Marc Rotenberg wrote:
What examples do you have where privacy is included in a contractual arrangement?
- a lender agrees to transfer the information provided only to specified parties, and not to the newspapers . . .
Good examples. Many are codified in statue, created by common law, industry practice, or professional obligation. Virtually none are tied to specific, negotiated contracts.
One of the biggest problems with libertarian theories is that they are descriptively flawed as applied in the real world. In practice, perfect markets rarely exist, laws do protect rights, and there are a lot of efficiencies -- economic, technological, and otherwise -- in promoting the highest level of safeguards across similar activities, e.g. you get into a car, you expect that the brakes will work. You don't express a negotiated preference for how much you want your brakes to work.
Marc you really need to pick better examples for making your point. :) Not only is government regulation unnecesary to insure passenger safty in automobiles I can site what happend with Tucker as a prime example of how government power was used to prevent the free market from bringing safty inovations to the general public. The biggest problem with libertarian ideals is that the never get implemented before some statest jumps in with their own power grab "solution" to the problem. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM5EDpI9Co1n+aLhhAQHJ/AQAlGXirFFE/Cp+ZrXh7dREGrKBz7ftROq1 4VKhATlNHxWSOhX9sgyd3+QazW1ojhG6He/xCjJ9JOuhuNaWA292/BOynkweDf4I ltdKNHyqV9fk2ZZpeAXCSvYyK1TSuMobL7MSvLcmfFz8DL1hNkFKBl0R546ZNJFq GopDQzlUmzE= =6+NB -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- At 08:27 PM 5/31/97 -0700, Tim May wrote, concerning Marc Rotenberg:
What we are talking about here is whether there's a need for new laws to, using your specific example, stop companies from asking for personal information.
A new grocery store opened down the street from me. They have lots of special prices, but only available to "club members". Club cards are free, but you have to fill out a form. The form asks for: 1. Name 2. Address 3. Phone Number 4. Spouse name 5. Social Security number In exchange for giving this information, the store will give me a 35 cent discount on each package of soft drinks I purchase. This is not a check cashing card, that is a separate form. This is a cash transaction. Why does the store need my social security number for me to purchase soft drinks and eggs? (40 cents off on eggs this week) I see no reason for it. If I provide a false number, I have probably committed some crime. Yes, I would support a law that forbids private companies to ask for social security numbers except for tax purposes. -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQBVAwUBM5HxwEGpGhRXg5NZAQFJKgH/TMzbzv5+3BriMraVUcRwMknP/uY5LQLE Z/3JIAjrDVKJuZv54e0pbLRdNtU5RtnmZZwHQCcdxQW2YxNuxgOVIg== =S/a9 -----END PGP SIGNATURE----- -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
5. Social Security number
Why does the store need my social security number for me to purchase soft drinks and eggs? (40 cents off on eggs this week) I see no reason for it. If I provide a false number, I have probably committed some crime. Yes, I would support a law that forbids private companies to ask for social security numbers except for tax purposes.
The store is someones property. Whether it is part of a large Plc, a limited company, a sole trader etc. there is someone who owns that store. They decide what the fuck happens on their own property. If customers stop shopping there most stores, through the simple need for economic survival, will change their practices to attract customers. It is no business of yours if the store asks for your sexual orientation before they sell you a pack of butts, if you don`t like it, walk out. For fucks sake, do you understand nothing of basic theory? I have long been slandering and bemoaning the current state of the various EFFs/ACLU/PI/CSPR type organisations as they have clearly sold out, and, as is obvious from the post quoted above, most don`t even have a clue what they are talking about. Marc, you are doing more harm than good, go and read some basic books and get an understanding of the notion of private property and non-agression, then I will bother to respond properly to any well stated point. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 5:01 PM -0700 6/1/97, Robert Hettinga wrote: [snip]
First, he led EFF to ignominious defeat with the digital telephony bill, and now, like some kind of political gremlin, emerging unscathed after engineering *that* jumbo-jet plane crash, he starts up EPIC, where he slipstreams no-brainer ACLU court cases like CDA to stay in the beltway pelleton.
Marc Rotenberg never led EFF; he led CPSR-Washington which became EPIC. Bob may be thinking of Jerry Berman, who ran EFF for a few years, was involved in its actions re Digital Telephony, and then left to start up CDT. Lee -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQA/AwUBM5Le07k2KqHYSFEtEQKdDgCfRCfj9gpGTwhkRC+jlF0uJpUP4ZkAnjmh bokDWXhLutiIPQTTzeYhe600 =KJm9 -----END PGP SIGNATURE-----
This is a crucial point. Rotenberg != Berman. As much as I like individuals at CDT, I disagree fairly often with the organization's position. CDT supported the so-called "compromise" that would have replaced the CDA's indecency provision with a ban on material that's "harmful to minors." They've done the wrong thing on Digital Telephony in many cases -- helping phone companies suck in $$$ to make their systems wiretappable more than helping civil liberties -- and continue to do so. They're now silent (read the latest CDT post) on the many problems with SAFE. Then again, CDT may not be good on individual rights in the examples above but they don't support Rotenbergesque privacy regulations either. Again: issue-by-issue alliances. -Declan On Sun, 1 Jun 1997, Lee Tien wrote:
Marc Rotenberg never led EFF; he led CPSR-Washington which became EPIC.
Bob may be thinking of Jerry Berman, who ran EFF for a few years, was involved in its actions re Digital Telephony, and then left to start up CDT.
At 5:54 AM -0700 6/3/97, Declan McCullagh wrote:
This is a crucial point. Rotenberg != Berman.
As much as I like individuals at CDT, I disagree fairly often with the organization's position. CDT supported the so-called "compromise" that would have replaced the CDA's indecency provision with a ban on material that's "harmful to minors." They've done the wrong thing on Digital Telephony in many cases -- helping phone companies suck in $$$ to make their systems wiretappable more than helping civil liberties -- and continue to do so. They're now silent (read the latest CDT post) on the many problems with SAFE.
Then again, CDT may not be good on individual rights in the examples above but they don't support Rotenbergesque privacy regulations either. Again: issue-by-issue alliances.
It seems to me that an accounting of the *funding* of these organizations is in order. What fraction of CDT's budget comes from the telecom industry? What fraction from the software companies? What about the established crypto companies? "Follow the money." In their defense (!), it may be hard indeed for any group like them to viably exist on small contributions from citizens and indivuals at the bottom of the privacy food chain. The EFF made an attempt to get a lot of such members, but my sources tell me the membership base never exceeed 2500. I don't know what the current membership figures are. (2500 x $30 a year (on average) = $75,000, or hardly enough to pay for one computer technician or for one small bribe to a Congressional staffer.) (I was a member for a couple of years. I refused to sign up again after the Wiretap Bill fiasco, but then signed up again later when an Executive Director said they'd learned to mend their ways. No more, as it no longer seems a member-oriented group. To defend them, it probably would cost a lot more than $75K to have a staff to increase memmbership, to put out a newspaper or magazine, etc.) The National Rifle Association, NRA, is a good example to compare EFF, EPIC, CDT, etc. to. The NRA is largely member-driven, though membership has been declining. (The Charlton Heston faction says its because members were put off by the "militia" rhetoric, i.e., the strong pro-Second stance. Others of us say we've quit because NRA became too namby pamby about basic rights, e.g., its support of gun registration.) When the NRA took a greater fraction of its funding from "industry," it molded its views to those of industry. One manufacturer, Ruger (Sturm, Ruger, and Co.) decided that limits on "assault rifles" were not so bad, and the NRA followed suit. (This may be the reason today why NRA is mostly silent on the new bans on import of low-cost Chinese, Russian, and East Bloc rifles: such imports hurt Ruger, and Colt, and other American companies.) NRA is still a mostly member-driven organization (lots of dues flowing in), and yet it bends to industry wishes. I shudder to think what the NRA would be supporting if it were mainly _industry_-driven. Which is what I'm sure CDT and EPIC are. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- In <v03102803afba0104af92@[207.167.93.63]>, on 06/03/97 at 10:31 AM, Tim May <tcmay@got.net> said:
NRA is still a mostly member-driven organization (lots of dues flowing in), and yet it bends to industry wishes. I shudder to think what the NRA would be supporting if it were mainly _industry_-driven.
It would depend on how jucy of a govenment contract could be offered.
Which is what I'm sure CDT and EPIC are.
I wounder how much it cost the Feds to buy the support of IBM,DEC,HP,et al. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM5RxXI9Co1n+aLhhAQFEvQP+ORuU/orTBq7IqL7VT/CBC/bk/8diCZSZ iOcXCB0GXhn9bHWwKOn/sJd51LPpOHSZxObNKPkkEGZ+r6MvQYJXf/FN2KbYFaZo IWdmAmtQuMbxbGlsD/sJYb8BxpYKqtaXjxIDaEb6aDI199ZG0VqUohnKpzV0PeY4 B0cAbA4uUyA= =shrE -----END PGP SIGNATURE-----
At 8:54 am -0400 on 6/3/97, Declan McCullagh wrote:
This is a crucial point. Rotenberg != Berman.
To quote that great Tory, the late Francis Uquhart: "You may say that. I couldn't *possibly* comment." ;-). Of course dear old FU usually used that phrase in false denial. I have no such intention here... Cheers, Bob ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
At 12:02 PM -0700 5/31/97, Marc Rotenberg wrote:
To be clear, I do believe that there should be laws to protect the right of privacy and that there should be an office within the federal government to advocate on behalf of privacy interests. I also believe that if such an agency had been established in 1991 when it was proposed, it would have been much harder for the government to push subsequently for digital telephony, Clipper, GAK, etc.
I am somewhat surprised that you would make this claim, given that you must have researched the situation in Europe for your article. European style Privacy Commissioners solely limit the ability of _private_ entities to keep databases. They do not limit the ability of public entities to keep databases. Sure, when a European government wants to bring a new Big Brother database online, the Privacy Commissioner has to sign off on the plan. This is typically a rubber stamp approval. Even worse, the Privacy Commissioner rubber stamping the plan usually ends discussion, since the government now can claim that their database is harmless because the Privacy Commissioner has approved it. German "dragnet investigations" and "pattern investigations" come to mind. The German BKA (the equivalent of the FBI) keeps a giant database that correlates "suspicious" behavior. Paying your utilities bills in cash (unusual in GIRO-happy Germany) gets you points. If the person on the bill isn't registered with the police at the address on the bill you get more points. Paying your rent in cash gets you points. If they don't have a social security record for you, more points yet. There are many other criteria that will get you points. If you collect enough points, the feds come by to interrogate you. Yes, the Privacy Commissioner approved this "pattern investigation". In the interest of space, I will spare the list what "dragnet investigation" entails. It appears naive to claim that GAK could not happen under a Privacy Commissioner. It could and it will. --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. Put a stake through the heart of DES! Join the quest at http://www.frii.com/~rcv/deschall.htm
German "dragnet investigations" and "pattern investigations" come to mind. The German BKA (the equivalent of the FBI) keeps a giant database that correlates "suspicious" behavior. [...]
If you collect enough points, the feds come by to interrogate you.
This is a gross exaggeration. "Pattern investigation" can be used to investigate certain severe crimes that cannot be solved otherwise. It must be warranted by a judge, naming the patterns that the respective committer is believed to match. There have been three "pattern investigations" ever, since the law was passed in 1991 (none of them successful).
It appears naive to claim that GAK could not happen under a Privacy Commissioner. It could and it will.
At least one German law professor argues that GAK is no problem if the escrow agents are regularly inspected by the Privacy Commissioner. The Privacy Commissioners on the other hand say that a crypto regulation would be unconstitutional. I agree that the existence of privacy officials will not prevent GAK. But the constitutional protection of privacy should. The German privacy regulation is based on a decision of the Constitutional Court which states that the citizen must be protected from an omniscient state, and from omniscient business. This decision clearly makes the scenario you described above illegal. The government draft of the Information and Communication Services Law specifies that service providers "shall make it possible for the user to use teleservices and to pay for them either anonymously or using a pseudonym, insofar as this is technically possible and can be reasonably expected". The Bundesrat (Upper House) disagrees: "Users [...] can also be information providers that e.g. post information to the Internet. If these have a legal claim to use the service anonymously, they will in future be able to commit crimes without having to fear to be identified." Others warn that failing to let the market decide will lead to misinvestments, and that anonymous services will quickly be deployed on a voluntary basis if there is a demand. It's probably obvious which of these are right. Nevertheless, I think it is encouraging that the government accepts that anonymity has a value. (They will never learn that sometimes it is better not to make a law.)
At 12:52 AM 6/4/97 GMT+0200, Ulf Möller wrote:
This is a gross exaggeration. "Pattern investigation" can be used to investigate certain severe crimes that cannot be solved otherwise. It must be warranted by a judge, naming the patterns that the respective committer is believed to match. There have been three "pattern investigations" ever, since the law was passed in 1991 (none of them successful).
The German authorities conducted pattern investigations long before 1991. The early 80's kidnapping of the industrialist comes to mind. [The kidnapping that ultimately caused the suspected co-conspirators to be sucided in their solitary confinement maximum security cells. Cells that were under 24h audio surveilance. Unfortunatly, the tapes for that fateful night mysteriously disappeared...] But note the requirement you mention: "severe crimes...warranted by a judge". Where have we heard this one before? Right. The four horsemen of the infocalypse. --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. Put a stake through the heart of DES! Join the quest at http://www.frii.com/~rcv/deschall.htm
On Sat, May 31, 1997 at 04:20:55PM -0500, Dr.Dimitri Vulis KOTM wrote:
This law is unenforceable. If you want to rent porn videos and you have some brains (the two may be mutually exclusive...) you'd pay cash and make the transaction totally anonymous.
Should there also be a law against grocers keeping track of who's buying what?
Brain fade, Dimitri. Anybody who allowed anonymous rental of videos would be out of business shortly as their stock would never be returned. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
Kent Crispin wrote:
On Sat, May 31, 1997 at 04:20:55PM -0500, Dr.Dimitri Vulis KOTM wrote:
This law is unenforceable. If you want to rent porn videos and you have some brains (the two may be mutually exclusive...) you'd pay cash and make the transaction totally anonymous.
Should there also be a law against grocers keeping track of who's buying what?
Brain fade, Dimitri. Anybody who allowed anonymous rental of videos would be out of business shortly as their stock would never be returned.
Kent, the rental shops may ask for a collateral that is returned when the renter brings the videos back. - Igor.
-----BEGIN PGP SIGNED MESSAGE----- In <199706011918.OAA10829@manifold.algebra.com>, on 06/01/97 at 02:18 PM, ichudov@algebra.com (Igor Chudov @ home) said:
Kent Crispin wrote:
On Sat, May 31, 1997 at 04:20:55PM -0500, Dr.Dimitri Vulis KOTM wrote:
This law is unenforceable. If you want to rent porn videos and you have some brains (the two may be mutually exclusive...) you'd pay cash and make the transaction totally anonymous.
Should there also be a law against grocers keeping track of who's buying what?
Brain fade, Dimitri. Anybody who allowed anonymous rental of videos would be out of business shortly as their stock would never be returned.
Kent, the rental shops may ask for a collateral that is returned when the renter brings the videos back.
Have pitty on poor Kent Igor, After lifelong support of Socialism and worship of the STATE has left him incapable of rational thought on such matters. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCUAwUBM5HWRY9Co1n+aLhhAQGGYwP3YwjkVfg3p7T2IwmFVMZnGOuIqOjufG3Q JoMpzpcD+YgUKDtoAIWul1/sKoPDN1SbCXPcvzsWXCdVSDwCkSs8IR1Eb31iuD5h h+E9AoJXavQvfNHzeE01AGn0wgMUe1GeIOrnCJOOdQzMfM3yfTRVFLIVNUZ5mspD uOcPgCguJA== =kmdJ -----END PGP SIGNATURE-----
Kent Crispin <kent@songbird.com> writes:
On Sat, May 31, 1997 at 04:20:55PM -0500, Dr.Dimitri Vulis KOTM wrote:
This law is unenforceable. If you want to rent porn videos and you have some brains (the two may be mutually exclusive...) you'd pay cash and make the transaction totally anonymous.
Should there also be a law against grocers keeping track of who's buying wh
Brain fade, Dimitri. Anybody who allowed anonymous rental of videos would be out of business shortly as their stock would never be returned.
Kent, you're a lying asshole. It's been a while since I rented any videos (got better uses for my time), but one used to be able to plonk down $50 cash, rent a video, bring it back w/ bearer receipt, and get one's $50 back (minus the $1-2 for the rental) If someone decides keep the used video, the cash deposit more than covers the replacement. I believe this mode of operation is still very common in NYC, where lots of folks don't have credit cards, don't have permanent addresses, or don't want their viewing habits known. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
I'd also appreciate some comment/criticism on the piece I did for Wired.
Could you post the URL, please, in case it is available on the web?
Thanks,
UM
http://wwww.wired.com/wired/4.05/idees.fortes/eurocrats.html Eurocrats Do Good Privacy Marc Rotenberg Late last November, David Chaum received the Information Technology European Award for 1995. The prize, given for DigiCash's ecash technology, consisted of a trophy plus 200,000 ecu (approximately US$250,000). Chaum is best known for the development of anonymous payment schemes that are becoming increasingly popular in Europe for everything from online commerce to highway toll systems. At about the same time that Chaum received the prestigious award, Phil Zimmermann, inventor of the popular Pretty Good Privacy encryption program, sat in his Boulder, Colorado, home wondering whether the US government would make good on its threat to prosecute him for trafficking in munitions. Although federal prosecutors announced recently that they will drop the case against Zimmermann, the prospects that he will get a big cash award from the US government anytime soon are less than slim. The contrast between a decorated cryptographer in Europe and one trying to avoid prosecution in the United States is more than curious. It shows that governments, at least some governments, can be a force for progress in the crypto world. Reread that sentence. It is not conventional wisdom in the United States. Cyberlibertarians have been unrelenting in their opposition to any federal role in crypto policy. Free marketers argue simply that there is no place for government in the development of high-tech products. Cyberanarchists seem to doubt whether there is any role at all for government. Of course, the Clipper debacle provides plenty of ammunition for these arguments. Clipper combined in equal measure government arrogance, technological incompetence, and profound disregard for the rights of citizens. As an exercise in public policy, it ranks somewhere between the Bay of Pigs and the CIA's experiments with psychics. But the recent European experience should give pause to these allies in the battle for online privacy. Not only are European officials at the highest levels prepared to embrace technologies of privacy, they have almost uniformly opposed US-inspired surveillance schemes such as Clipper. Two recent reports are indicative. In "Privacy-Enhancing Technologies: The Path to Anonymity," the Netherlands and the Canadian province of Ontario call for an exploration of new technologies to promote privacy. Similarly, Anitha Bondestam, director general of the Data Inspection Board of Sweden, writes in a recent report, "It is more important than ever to bring back anonymity and make more room for personal space." She urges her colleagues to sharply limit the collection of personal data. This is bold stuff coming from government officials. Put on the privacy spectrum in the United States, these statements are far closer to the position of many cypherpunks than to that of any officials currently developing privacy policy. In the United States, to the extent that the federal government has said anything about anonymity, the script is written by the Treasury Department's Financial Crimes Enforcement Network, which is charged with investigating money laundering. Not surprisingly, FinCEN warns that electronic cash will usher in a new era of criminal activity. It doesn't have to be this way. The reality of modern society is that government officials make decisions every day about the rights of citizens. The question is whether they favor proposals that respect privacy and personal dignity or not. Compared with governments that lack privacy officials, governments that have privacy officials have repeatedly weighed in favor of privacy interests. Viewed against this background, many of the European privacy regulations, often criticized by libertarians, should be seen for what they are - sensible responses of governments that value their citizens' privacy rights. In such societies, technical means to protect privacy will be adopted - not viewed with skepticism. Is the European system perfect? Of course not. Are the Europeans doing a better job than Americans of promoting the technologies of privacy? Just ask David Chaum and Phil Zimmermann. -Marc Rotenberg is director of the Electronic Privacy Information Center (www.epic.org/).
Marc Rotenberg wrote:
Similarly, Anitha Bondestam, director general of the Data Inspection Board of Sweden, writes in a recent report, "It is more important than ever to bring back anonymity and make more room for personal space." She urges her colleagues to sharply limit the collection of personal data.
A Swedish free-lance journalist and author of well researched books on the information society, Anders Olsson, have some interesting things to say on the likes of Anita Bondestam, from sort of a 'leftish' democratic viewpoint. He sees the achievements of the 'establishment privacy mafia' as mainly preventing 'the people' from keeping track of the wheelings and dealings of the nomenclatura for it's own benifit, and he doesn't think that this is unintentional. Data privacy laws are certainly an obstacle for sociologic research, among other things, and research results can be threatening to bureaucrats, plutocrats and monopolists. Laws against matching various 'public' registers for multiple entries are also making life easier for tax evaders (who might be libertarian heroes of course, but remember that for most salary-dependent people of lesser income it works like this: the more the entrepreneurs evade taxes, the more they have to pay to support the nomenclatura) but also for welfare cheaters and the like (not libertarian heroes!). Asgaard
-----BEGIN PGP SIGNED MESSAGE----- I have not heard Rotenberg's statements on private collection of public data and spam, but I can make my own. At 10:13 PM 5/30/97 -0700, Tim May wrote:
The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases..... ... Incredible. Does he propose investigations of private data gathering?
I'd agree here. Rather than have Congress blindly pass a law, some investigation of the matter should be done first. While I am not supporting a law, any such law should have three parts: a) Codification b) Rulemaking c) Further Investigation Codification is actual law, and takes a lot of agreement and about two years to change. Rules are created by an agency and take about 120 to change. Investigation allows the clueless and unknowing to study the impact of the law and whether or not the law, and less or stronger provisions are appropriate. Take one simple provision as an example, tagging of commercial spam. One less enlightened bill proposes that the subject line always begin with the word "Advertisement". A better solution would be to a) codify the principle, not the method. "All spam must be tagged." b) Allow rules to be created that describe the tagging process (for example an X-header or subject line. The use of "Ad:" instead of the full word) c) Allow the agency involved to perform a study to see if the rulemaking worked, if not then change the rule. As for investigations into data gathering, I've been doing that for some time. It has educated me, and would no doubt educate congress. Two years ago, I spoke with the president of Pro-CD, a popular CD-phonebook company. I asked him why unlisted numbers are not on the CD's, and why so few fax numbers are on the CD's. This information is readily available. He said that only previous published collections are republished by him. What spammers are doing is invasive in that they are collecting the information for the first time.
I may not "like" it, but their behavior is as legal as someone calling me on the phone.
I'll agree with you to some degree. After all, it *IS* ILLEGAL for someone to call you on the phone for the equivalent of spam, many people would like email spam to be just as illegal. However there are loopholes in the law that allow email to be sent under the same circumstances. State laws, and the federal law have provisions such as time ranges calls can be made (daytime hours only), prohibitions on the use of automated equipment, removal lists, and call destinations absolutely prohibited (hospitals, emergency numbers). For good or for bad, the current movement in lawmaking is to plug these loopholes that exist for email.
Look, I'm annoyed by getting 5-10 "unwanted" spam messages a day.
Then you miss the point. For all practical purposes, the spam industry does not exist in the US. There are one or two, perhaps a dozen companies doing this as a full time endevour. We are not close to spam companies matching the number of radio stations, or even newspapers. We do not even envision the concept of the number of spammers equaling the number of lawyers. The current spam bills are meant to address the actions of about five people in the entire United States. Pick up any metropolitan newspaper. Count the number of classified ads on any given day. Spam is cheaper and reaches more people. Would you like to see this number of spams in you mail box? Will you honestly say that 500-1000 spams in your mailbox is simply annoying? Multiply this by the number of newspapers in the US. The manner in which the information is collected is invasive. People feel their privacy is being violated. The right to be left alone is a fundamental right. While some spammers may feel they have a right to speak, they have no right to be heard. They do not have a right to force me to listen. The cost shifting problem also needs to be addressed. Current spam bills are based on CONTENT of the spam message. Another way to address the problem is to look at the data collection issue. A third method is to address the headers. Data collection is currently being done on an opt-out basis. Opt-in is thought by many to be preferable. -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQBVAwUBM5Axa0GpGhRXg5NZAQEJEgIAoKPhLODYtbmqrSTZ2bUd43gKvpt1XLxs TwzpRAb/yZWvmeurXpJ9YAKjFfGxvpkxQ6iX1ButM1NcrULYnmVSdw== =RSAd -----END PGP SIGNATURE----- -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
-----BEGIN PGP SIGNED MESSAGE----- Myself, and EFGA supports no anti-spam law at this time, nor have we suggested the world needs one. Over the last year we have repeatedly said that existing laws may prove to be sufficent. What is clear is that there has been little attempt at using today's laws against spam and failing. If EFGA has a position, it is that first the current laws should be tested against spam. No new laws should be proposed until today's laws can be shown to be useless against the problem. To the contrary, Cyberpromotions has been to court five times, and has lost five times. These are not internet issues as much as they are fraud, consumer protection, and commerce issues. Education of applicability of existing laws may be more effective than new laws. New laws are being proposed. And I feel comfortable commenting on the faults of a law, or of it's languge. I can suggest what is wrong with a law, or what it lacks without supporting a flawed bill. DATA GATHERING The original issue is one of data collection. For many, this is the opt-in, opt-out argument. For others it is adherence to a convention such as the robots.txt file found on web pages. While there is nothing wrong with data harvesting in it's self, what one does with the info may be called into question. The currently proposed bills look at various areas. 1. Identification 2. Content 3. Data Collection procedures 4. Tonnage/automated processing Data Collection procedures may be less restrictive than identification requirements, or content bans. There is a law precedent in the Telephone Consumer Protection Act (TCPA) of 1991 to handle each of these issues. For data collection, the TCPA requires a removal database be maintained and an opt-out strategy be employed. One of the largest problems with "spam" is that the data collection strategies employed today are deceptive, fraudulent, and do not come close to fitting the model carefully considered in the TCPA. The reason the TCPA is carefully considered is that once the law allowed for the promulgation of rules, the FCC had a series of public comment periods and promoted rules that highly favored privacy while trying to balance the fair practices of telemarketers. Unfortunately, with spam, most spammers do not have "fair practices". If is highly likely that the spam question could be quickly addressed and more clearly defined without new laws simply by a comment period and the promulgation of new rules. Additional comments after Tim's quote.... At 09:28 AM 5/31/97 -0700, Tim May wrote:
If it is "ILLEGAL" (your emphasis) for someone to call me on the phone for spamming, why then do I get so many such calls? Why aren't the prisons full?
(Answer: Because it is NOT illegal for people to call me, or for me to call others, or for me to even call thousands of others. True, it is possible for me (I disagree with these laws, though, and cite the First again) for me to _ask_ that they not call me. Maybe even jump through hoops and get an injunction. )
There are laws on the books which prohibit fully automated calls with no humans in the loop, but these are easily bypassed. (E.g., the boiler-room minimum wage employees in Detroit and Chicago who pick up the phone several seconds after I have picked up and then start a barely understandable spiel...I've prettty much taken to hanging up if no human voice appears within the first couple of seconds, as I know I am being handed off to the next available "human.")
Well, prisons *are* full. Many of the inmates are telemarketers. But this is not because of telemarketing laws. You are confusing "illegal" with "criminal". The laws we refer to are civil law, not criminal law. 47 USC 227 is a federal civil law. It also allows for state Attorney Generals to file civil suits on behalf of it's citizens. This, if not taken to extreme, is a proper function of gov't. To protect citizens from that which they cannot protect themselves. Why do you get such calls? The existing laws not only apply to fully automatic calls, but predictive dialing systems such as you mention and pure manual voice calls. I cannot answer why you get the calls. Perhaps you have not requested to be in the national "don't call me database". Perhaps your callers just use illegal data collection procedures. I'll summarize some of the law to you. The Telephone Consumer Protection Act (TCPA) of 1991 made effective December 1992 the following: 1. Calls only allowed 8am to 9pm 2. Lists must be maintained of "do not want to be called" 3. Telemarketers must identify themselves - address & phone number 4. Employees must know rules & know how to use remove list. Additional info can be found at http://www.fcc.gov/Bureaus/Common_Carrier/Orders/1995/fcc95310.txt Quote from the Act: Because unrestricted telemarketing can be an invasion of consumer privacy, and even a risk to public safety, Congress found that a federal law is necessary to control telemarketing practices. SPAM vs TELEMARKETING A telemarketing operation has a high level of entry. Not that high, but phone lines, desks, office space, employees. etc must all be provisioned and paid for. The level of entry for being a spammer is much, much lower. For some it may be a dedicated connection, but millions of spams can still be sent with a dial-up account. Accordingly, EFGA sees that the number of spammers could grow to be far more than the number of telemarketers. Easily a figure could be reached that ten times more spammers could start a business than the number of telemarketers. In 1990, more than 30,000 telemarketing operations employed over 18 million Americans. Easily we could see over 300K spam operators in business, employing less than one million people. Each of these individual spammers could be sending out daily spams. Many of them would be able to reach a significant portion of the internet users on a daily basis. At 09:28 AM 5/31/97 -0700, Tim May wrote:
Your point being?
Any laws forbidding spam generation in the U.S. will simply (or already) move the spam-originating sites offshore. Then what happens?
As long as the companies who are advertising have US offices, the offshore factor will not matter. Existing fax precedent makes the advertiser the one ultimately responsible for the ad. -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQBVAwUBM5Ht90GpGhRXg5NZAQH4RQIAnm4mbPbsF3JVCK2mFwzZ0frOa6CJBcA3 CHv7lvhxndUT+wPlV40BjCohL9kknuOkLbeZeAoMCGlZkZ9ThIXVYQ== =srDk -----END PGP SIGNATURE----- -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
At 7:10 AM -0700 5/31/97, Robert A. Costner wrote:
I have not heard Rotenberg's statements on private collection of public data and spam, but I can make my own.
At 10:13 PM 5/30/97 -0700, Tim May wrote:
The latest quote is from Marc Rotenberg, on a CNN piece on spam and anti-spam legislation, saying that what the legislators in Congress really need to look into is how the spammers develop their data bases..... ... Incredible. Does he propose investigations of private data gathering?
I'd agree here. Rather than have Congress blindly pass a law, some investigation of the matter should be done first. While I am not supporting a law, any such law should have three parts:
Even better: "Congress shall make no law..." Not _some_ law, but *no* law. The compilation of records, files, dossiers, gossip, etc., is a clearly protected First Amendment (and probably Fourth, against search and seizure) activity. (Now if I break into your house to Xerox your papers to add to my dossiers, this is not permitted, unless I am with one of the government's secret police agencies.)
As for investigations into data gathering, I've been doing that for some time. It has educated me, and would no doubt educate congress. Two years ago, I spoke with the president of Pro-CD, a popular CD-phonebook company. I asked him why unlisted numbers are not on the CD's, and why so few fax numbers are on the CD's. This information is readily available. He said that only previous published collections are republished by him. What spammers are doing is invasive in that they are collecting the information for the first time.
"Invasive"? We have to be careful here. There are two main senses of "invasive": "invasive - something I don't like." "invasive - an illegal violation of my rights." I may find it invasive when a bum asks me for spare change, but it is not illegal (anti-begging laws are unconstitutional, obviously).
I may not "like" it, but their behavior is as legal as someone calling me on the phone.
I'll agree with you to some degree. After all, it *IS* ILLEGAL for someone to call you on the phone for the equivalent of spam, many people would like email spam to be just as illegal. However there are loopholes in the law that allow
If it is "ILLEGAL" (your emphasis) for someone to call me on the phone for spamming, why then do I get so many such calls? Why aren't the prisons full? (Answer: Because it is NOT illegal for people to call me, or for me to call others, or for me to even call thousands of others. True, it is possible for me (I disagree with these laws, though, and cite the First again) for me to _ask_ that they not call me. Maybe even jump through hoops and get an injunction. ) There are laws on the books which prohibit fully automated calls with no humans in the loop, but these are easily bypassed. (E.g., the boiler-room minimum wage employees in Detroit and Chicago who pick up the phone several seconds after I have picked up and then start a barely understandable spiel...I've prettty much taken to hanging up if no human voice appears within the first couple of seconds, as I know I am being handed off to the next available "human.")
email to be sent under the same circumstances. State laws, and the federal law have provisions such as time ranges calls can be made (daytime hours only), prohibitions on the use of automated equipment, removal lists, and call destinations absolutely prohibited (hospitals, emergency numbers).
And I disagree with most of these laws, as being state intrusion into communication. There are other solutions besides more laws.
Pick up any metropolitan newspaper. Count the number of classified ads on any given day. Spam is cheaper and reaches more people. Would you like to see this number of spams in you mail box? Will you honestly say that 500-1000 spams in your mailbox is simply annoying? Multiply this by the number of newspapers in the US.
Your point being? Any laws forbidding spam generation in the U.S. will simply (or already) move the spam-originating sites offshore. Then what happens? Is my ISP supposed to screen international messages for me? Do we get the U.N./OECD/Interpol/Illuminati to "regularize" anti-spam laws in all 197 recognized nations? The "500 messages a day" problem will be solved through other means. It has to be. Laws are insufficient, and wrong-headed, solutions for speech issues.
The manner in which the information is collected is invasive. People feel their privacy is being violated. The right to be left alone is a fundamental
I don't give a goddamned shit what "people feel" one way or another. People "feel" there ought to be a _lot_ of laws, especially for other people. So? It's sad to see a leader of Electronic Frontiers-Georgia making these lame arguments about why more laws are needed. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net> writes:
Any laws forbidding spam generation in the U.S. will simply (or already) move the spam-originating sites offshore. Then what happens? Is my ISP supposed to screen international messages for me? Do we get the U.N./OECD/Interpol/Illuminati to "regularize" anti-spam laws in all 197 recognized nations?
Of course, the "anti-spamming" laws will also be used to suppress the "politically incorrect" speech. Recall that Jim Bell has already been accused of "spamming", in addition to other crimes. Those who follow the Usenet newsgroup alt.conspiracy may have observed a recent trend: someone posts an anti-Clinton rant. An unknown "rogue retromoderator" forges a cancel for it. (Given how quickly forged "spam" gets tracked down, it's amazing how no one ever catches these pesky "rogue cancellers".) The author reposts the original rant. This repeats a few times, after which Chris Lewis of BNA/Nortel kicks in and starts issuing cancels for the rant, and any articler quoting the rant, because it's been reposted too many times already, making it "spam". Compare this with the CBS 60 minutes story about a month ago, about how bad people are allowed to tell lies about the U.S. government on the Internet, and how there ought to be a law against it.
The "500 messages a day" problem will be solved through other means. It has to be. Laws are insufficient, and wrong-headed, solutions for speech issues.
A promiscous e-mail box that assumes that strangers have something interesting to say is quickly becoming obsolete. A possible solution is to set up a procmail recipet that would dump all incoming e-mail from unrecognized correspondents into a separate folder, which one could examine at leasure once a week. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Sat, 31 May 1997, Dr.Dimitri Vulis KOTM wrote:
Of course, the "anti-spamming" laws will also be used to suppress the "politically incorrect" speech. Recall that Jim Bell has already been accused of "spamming", in addition to other crimes.
Uh, no. Bell was charged with violating: 26 U.S.C. Section 7212(a) 42 U.S.C. Section 408(a) Which are, generally, attempts to interfere with administration of internal revenue laws and fraudulent use of a false SSN. Besides, spamming isn't a criminal offense, last time I checked. In the interests of completeness, I should note that I just finished a rather long article about Bell's arrest and related events for Internet Underground magazine. The government hinted that they might have additional charges to file against Bell by the time the grand jury convenes in probably two weeks. He is currently being held without bail, a situation more common in Federal than state courts. -Declan
Declan McCullagh <declan@pathfinder.com> writes:
On Sat, 31 May 1997, Dr.Dimitri Vulis KOTM wrote:
Of course, the "anti-spamming" laws will also be used to suppress the "politically incorrect" speech. Recall that Jim Bell has already been accused of "spamming", in addition to other crimes.
Uh, no. Bell was charged with violating:
26 U.S.C. Section 7212(a) 42 U.S.C. Section 408(a)
Which are, generally, attempts to interfere with administration of internal revenue laws and fraudulent use of a false SSN.
Besides, spamming isn't a criminal offense, last time I checked.
In the interests of completeness, I should note that I just finished a rather long article about Bell's arrest and related events for Internet Underground magazine. The government hinted that they might have additional charges to file against Bell by the time the grand jury convenes in probably two weeks. He is currently being held without bail, a situation more common in Federal than state courts.
We're talking about different things, Declan. Learn to read. I reposted someone's Usenet article whose author accused Jim of "spamming the net" with his AP essay. That's separate from his criminal charges. If "spamming" were a crime, he'd probably be charged with that too. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
At 02:16 PM 5/31/97 -0400, Declan McCullagh wrote:
Uh, no. Bell was charged with violating:
26 U.S.C. Section 7212(a) 42 U.S.C. Section 408(a)
Which are, generally, attempts to interfere with administration of internal revenue laws and fraudulent use of a false SSN.
If that was the extend of the story, Bell wouldn't still be in jail. The USC violations above may be the official charge, but they hardly justify keeping somebody locked up without bail. Bell is still in jail because he wrote a politically incorrect essay and made the mistake of publishing it. Come to think of it, that makes him a political prisoner. What is the penalty for using a fake SSN? Does using a fake SSN warrant keeping the suspect locked up without bail? I would think not. --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. Put a stake through the heart of DES! Join the quest at http://www.frii.com/~rcv/deschall.htm
On Sat, 31 May 1997, Lucky Green wrote:
If that was the extend of the story, Bell wouldn't still be in jail. The USC violations above may be the official charge, but they hardly justify keeping somebody locked up without bail. Bell is still in jail because he
The government is trying to persuade the judge that Bell is about to blow up a Federal building, or poison water supplies, or something. So far the judge has agreed and refused to consent to even bail conditions like house arrest and radio bracelet. Bell could very well stay in jail for the entirety of his trial. -Declan
Lucky Green <shamrock@netcom.com> writes:
If that was the extend of the story, Bell wouldn't still be in jail. The USC violations above may be the official charge, but they hardly justify keeping somebody locked up without bail. Bell is still in jail because he wrote a politically incorrect essay and made the mistake of publishing it. Come to think of it, that makes him a political prisoner.
The only "political prisoners" are in the USSR and the like. To imply that there can be "political prisoners" in the enlightened United States of America constitutes Seditious Spam, a felony. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
-----BEGIN PGP SIGNED MESSAGE----- At 10:20 AM 6/1/97 -0400, Declan McCullagh wrote:
The government is trying to persuade the judge that Bell is about to blow up a Federal building, or poison water supplies, or something. So far the judge has agreed and refused to consent to even bail conditions like house arrest and radio bracelet. Bell could very well stay in jail for the entirety of his trial.
But since the Feds won't be able to move to trial on those charges, they'll have to let him out on bail eventually. "General dangerousness" bullshit only works during the preliminary proceedings. Remember the Jake Baker case. Thirty days in stir and then dismissal. Probably no dismissal for Bell but no major charges either. DCF -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQCVAwUBM5IjLoVO4r4sgSPhAQFA1wQAs5aQScxXb38HOIvxycrC/ledhDWO4zKK SWozSb2Rv3YR/EF5AuabmPpSIBC/cKfhijQQhwBzD4rVVLZAU97xob/AGcGoaicX ue9fxJwkAWI4+TZyMP+JngwYYG6pEBWD8fkV9JjHxBIAWsSktvdIMD0qjzkyKnB3 H9v6Hb+vabI= =xxCl -----END PGP SIGNATURE-----
participants (24)
-
3umoelle@informatik.uni-hamburg.de -
Asgaard -
Bill Stewart -
Dave Emery -
Declan McCullagh -
Declan McCullagh -
dlv@bwalk.dm.com -
Duncan Frissell -
Eric Murray -
frissell@panix.com
-
ichudov@algebra.com -
jonathon -
Kent Crispin -
Lee Tien -
Lucky Green -
Mac Norton -
Marc Rotenberg -
mpd@netcom.com -
Paul Bradley -
Paul Pomes -
Robert A. Costner -
Robert Hettinga -
Tim May -
William H. Geiger III