Do not taunt happy-fun-court.
Black Unicorn
unicorn at schloss.li
Wed Aug 1 17:03:37 PDT 2001
----- Original Message -----
From: "Anonymous" <nobody at mix.winterorbit.com>
To: <cypherpunks at einstein.ssz.com>
Sent: Tuesday, July 31, 2001 8:28 PM
Subject: re: Do not taunt happy-fun-court.
> Black Unicorn said:
>
> There are a few cypherpunks probably listening to this who've been smacked
> with subpoenas for running remailers. I think you'll find that the
> government is pretty persuasive to third parties like these. The only
> defense (which one administrator of a remailer I won't name was clever
> enough to set himself up with) is to say (my paraphrasing) "I don't have
> access to those logs or any of that data. I don't keep such logs and I
> never have because it's too much overhead and work."
>
> --
>
> I suspect I'm the remop being referred to here, so I'll comment:
>
> That defense is valid because it is true. It isn't a contrived excuse for
> not keeping logs that I conveniently pull out of the wings to protect the
> anonymity of my users. Keeping logs really is too much of a resource drain
> on my system.
Oh, I didn't mean to suggest that it was artifice in this particular case,
apologies if I implied or stated it was.
> At some point I will probably begin keeping logs that expire after a
> period of several hours, so that I can identify and block spammers. I'm
> interested in your thoughts on this, Uni. Is the defense "I never retain
> logs longer than 2 hours; they are automatically deleted out of disk space
> considerations" as string as the first one? (This is how many remailers
> are configured. But even if the remailers all kept logs, if users are
> chaining their messages through multiple remailers, anonymity should still
> be preserved.)
See my (huge) posting on this, but I would suspect that this isn't great.
Were I operating one, which I am admittedly not, I'd want there to be no data
of evidentiary value ever hitting my memory or media. To some degree that's
not possible. In the alternative, actually _disabling_ logging is the best
policy, in my view. The evidence never existed in the first place then. It
suddenly becomes a challenge to show some kind of conspiracy on your part
since the actual spoliation claim is harder to make. Showing conspiracy for
anything with respect to either probably starts hard and gets marginally less
hard in this order:
a) A middle remailer in a multiple chain that knows nothing (little) about
original sender, content or recipient.
The only evidence of value here would be:
Time of message traversing the mailer (only useful if the specific message can
be linked to the sender which- if mixmaster works- isn't feasible).
Size of message (only useful if the specific message can be linked to the
sender and only useful in so far as the message can be constituted and be said
to be "at least size X" which- if mixmaster works- isn't feasible
b) A back end remailer in a multiple chain that knows nothing (little) about
content or original sender.
Evidence here in addition to the above:
Recipient address.
Recipient public key (if content is encrypted before mixmaster).
Time of actual delivery to recipients SMTP server.
c) A front end remailer in a multiple chain that knows nothing (little)
about content or recipient.
Evidence here in addition to a) :
Sender address.
d) A "one hop" remailer.
Evidence available:
All of the above.
Given that even d) doesn't provide much (and less than not much if you're
never allowing logs to be written in the first place) you can probably make
some guesses about the likelihood of being vulnerable here.
> Regardless, I haven't had the time to implement such a system anyway.
>
> My point here is that, if you are going to be using the "off-shore
> attorney" system of preserving your data, I think it would be helpful if
> there was a legitimate reason for placing your information in the hands of
> this other entity (other than protection from the US courts.)
I really suggest that. Remember that you're going to have to convince people,
not code, or automated rule sets, that you're a decent and non-criminal person
if you do get called to the mat. Specious sounding arguments about "document
destruction policies" and the like, while perhaps totally technically correct,
aren't necessarily going to help you much- as the mountain of case crap I just
typed in earlier should show.
Since this has become a loud and argumentative issue perhaps it's time for one
of the "what remains to be done" postings I used to do with a long section on
what the next set of remailers should be incorporating.
Advice that will be ignored or regarded, depending on the moods of the
listeners perhaps.
More information about the cypherpunks-legacy
mailing list