About lawyers and spoliation

[Tim May]

At 3:30 PM -0500 8/3/01, Aimee Farr wrote:
>Tim May:
>
>>  At 12:54 PM -0500 8/3/01, Aimee Farr wrote:
>>  >Bear wrote, quoting me:
>>
>>  >>  I've got a nice protocol for running a fully-encrypted mailing list
>>  >>  stegoized in images on a web/FTP site, which would be totally
>>  invisible
>>  >>  to non-participants - but such a list can't be announced publicly
>>  >>  so of course nobody could find out about it and join it, without
>>  >>  also letting the law know about it and join it.
>>  >
>>  >Interesting.
>>
>>  Banal, actually.
>
>Maybe to you, Tim, but I was looking at it from a different perspective.
>
>First, in regard to dissident group bulletproofing, so as to provide the
>greatest First Amendment associational protections. (I suspect some of you
>get your legal advice from the government.) And, also in regard to dissident
>group surveillance. This list has been affected by recent events, and
>"subjectively chilled." While it is not the first time for such things, the
>effects on group dynamics are of interest to me.

You need to learn about the severe limitations of "security through 
obscurity." An encrypted list, or a stegoized list, is not secure if 
it is open to various subscribers. Weakest link math, obviously. The 
crypto name is, as I said, "security through obscurity." Kirchoff's 
Principle by another name, essentially.

(The only reason we have sometimes considered having an encrypted 
list is to a) weed out those unwilling to figure out how to do PGP, 
b) make PGP use more widespread. The notion of keeping the contents 
"secret" was not even debated seriously.)

Sociobabble handwaving about "effects on group dynamics" doesn't 
change this. So you think that just throwing in some words about 
"value propositions" and "conversational economics" is the way to put 
forward a real idea or argument? Looks like bullshitting to me. Like 
the output of an Internet rant generator.


>
>Second, I would like to see the conversational economic theories at work in
>a protected list.

Sociobabble. First, an encrypted or stegoized list would not be 
protected. See above. Second, it has nothing to do with 
"conversational economic theories" (?).


>Third, many of your concepts were harbingers of a shift where people take
>costly evasive maneuvers to protect what is legal, and traditionally
>highly-valued speech and association (being critical of the government).
>Your ideas are being implemented, or examined, often by ordinary people with
>less spectacular motives and aims. So, the more "trodden," "banal,"
>.....[insert Tim Mayism here]...something is to you, the more interesting it
>is to me.

You are blithering. I don't think you have the foggiest idea what is 
being talked about. And instead of learning, you just blither.


>>
>>  IP addresses have nothing to do with attacks on remailers and DC-Nets.
>
>Okay.
>
>>  Do some reading.
>
>I read a lot, Tim. My practice areas don't come neatly packaged. I realize
>your frustration with me, and can only beg your understanding and tolerance,
>although I have low expectations in this regard.

You keep apologizing. Is this some kind of chick thang?

Instead of "begging tolerance," do some very _basic_ reading.

Once you grok what remailer networks are all about, you'll (maybe) 
have an epiphany that all the yammer about IP addresses defeating 
remailers is nonsense. And once you grok the idea of how sending 
encrypted mail out to list of N people, where N is 100 or more, and 
where subscription is lightly controlled, is pointless. (In fact, 
cell sizes as small as 3 are infiltrated, but this is an issue I 
don't have the desire to get into here.)


>  (Picking on me is about as
>sporty as shooting turtles in a stock tank.) I could never match the
>technical skillsets or understanding of this list, please forgive me for my
>sins. Yea, I know not what I do..... I am aware of my shortcomings, (!!!)
>and I do appreciate your taking the effort to try to help me with my
>conceptualization. You often do so, and I note your good intentions, even
>when they come with a few well-placed darts.

Stop fucking apologizing you stupid twit.

>>  Start with Chaum's 1981 paper on untraceable e-mail,
>>  read at least the first 5 or 7 pages of his 1988 paper on dining
>>  cryptographers nets, and then move on to the other list-related
>>  sources.
>
>Perhaps I can contribute in other areas, Tim. I will try to do better. I
>mean that sincerely.

Stop apologizing. Instead of blithering about "conversational 
economics" and "value propositions" and "I'm sorry," spend ONE 
FUCKING HOUR reading the most basic of all papers, a paper now 20 
years old. I gave you the subject, year, and author. (Hint: It was 
Webbed as of a few months ago. I just checked: it still is. But 
rather than even expect you to find it, here it is: 
http://world.std.com/~franl/crypto/chaum-acm-1981.html)

If this paper uses terminology too distant from later Cypherpunks 
technology, read any of the 1992-93 articles folks like Eric Hughes, 
Hal Finney, and myself wrote. Or read my Cyphernomicon entries on how 
remailers work.

(I fully expect you to announce that you _do_ understand how they 
work. But clearly you don't, else you wouldn't have commented that 
biometric IP linking will be a problem. A _real_ legal issue, one we 
have discussed many times, is the constitutionality of a law 
requiring accountability for all forwarded messages. A law requiring 
all chunks of text to be traceable to a true name violates the usual 
1st A protections, supported by the Supremes when they have struck 
down laws requiring handbills to have true names attached. Not to 
mention the anonymous authorship of the Federalist Papers. Not to 
mention many related issues. This is a more plausible attack on 
U.S.-based remailers than is something based on IP addresses. Left as 
an exercise for you.)

>You are a the leader of a pack of prize jackasses that pick on cripples in
>here. *REAL* SUBVERSIVES have a gentlemanly demeanor (at least the decency
>of pretense).

Are you calling yourself a cripple? Not even I have called you a cripple.

You've shown no willingness to learn the most basic of things. You 
can't add legal advice that is useful if you don't even understand 
the most basic of things we talk about. In fact, your legal advice is 
almost certainly misleading if you don't even understand how nested 
remailers work, and why IP addresses aren't included in remailed 
messages, and why the robustness and obfuscation of a network of N 
remailers each pooling-and-remailing M messages goes _roughly_ as 
N^M. Thus, a nested hop through 10 remailers around the world, each 
pooling 10 incoming messages (of the same size after padding), would 
give an attacker _roughly_ 10 billion paths to follow.

I keep saying "roughly" because there are numerous things that cut 
this down, not the least of which is that there aren't likely to be 
even tens of thousands of messages per day flowing through the 
world's remailers until there are a lot more of them, etc. And so an 
attacker cannot see a diffusivity of 10^10. But he also certainly 
cannot easily say which exiting message maps to which entering 
message. And there are the methods we so often have discussed: route 
messages through some remailers multiple times, send dummy messages 
at intervals, use your own machine as a remailer, and so on. It 
doesn't take long to see that the diffusivity (untraceability) can be 
very large very quickly and cheaply. And, no, no biometric or IP 
information is attached!

If you have not grokked the idea of anonymous remailers, how can you 
comment on legal issues facing them?

As for your "torching" your work because I hurt your feelings, show 
some fucking backbone. If you are right, you don't need the moral 
support of others.


--Tim May

-- 
Timothy C. May         tcmay at got.net        Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns