Remailer logs

Tim May tcmay at got.net
Sun Aug 5 15:36:56 PDT 2001 

On Sunday, August 5, 2001, at 03:01 PM, Aimee Farr wrote:
> Yes. Unless it is of special relevance. For example:
>
> Dear company:
>
> I just wanted to write you and tell you that the microwave that I bought
> from you exploded. Thought you should know. Nobody was hurt, thank 
> goodness!
> Maybe something is wrong with it?
>
> Thanks,
>
> Mrs. Smith
>
> The above wouldn't just be any old email now would it?

Which is why important letters and notifications which may be relevant 
in some future case are almost always sent via registered mail, served 
in person, and so on. \

There is a big difference between a legal notice like "You are hereby 
notified of a possible defect in your Whackomatic product and copies of 
this letter have been sent to your legal offices and with the Better 
Business Bureau." and "Hey, I hope you kept that e-mail I sent you last 
year."

LIkewise, communications are frequently channeled to specific addresses 
("Send product warranty queries to ....") and are even discarded 
("Unsolicited manuscripts and letters sent to Big Studio, Inc. are 
destroyed").

Now, is there some _specific_ legislation requiring either these kinds 
of "records retention" or "manuscript submission" policies? Maybe in 
some cases, by direct legislation. Certainly not for remailer logs, 
which is the point James and others of us have been making.

Is there a _custom_ for some of these policies? Sure. Lawyers probably 
keep most letters  which come to them...but probably don't worry about 
e-mail too much. (I used to correspond with several lawyers. Should I 
expect that they kept my e-mails? Of course not.)

What about the role of _technology_? With the technology of formal 
letters, printed on formal legal department letterheads, and with filing 
cabinets in offices across the land, the _technology_ fits with the 
_custom_ of filing every letter received. With e-mail, which is 
ephemeral, subject to inadvertent erasure (hit the wrong key and it's 
gone), subject to erasure or misfiling during housecleaning, hard disk 
crashes, reformattings, or just plain switching mailers, there is much 
less expectation of permanence.

(By the way, I am using the "three legs" of LAW, CUSTOM, and TECHNOLOGY, 
as outlined by Larry Lessig several years ago (and presumably recapped 
in his recent book, "Code," which I haven't yet picked up except in 
bookstores. I don't agree with Lessig's conclusions, but I felt his 
analysis was a useful one. I wrote a couple of articles on how his model 
fits with my own models (very similar, though I don't claim Lessig was 
influenced by me, even though we overlapped for a while on Cyberia).)

Getting back to remailer logs for a moment, why is a remailer any more 
responsible for keeping detailed logs than a person like me is for 
keeping logs of what mail I received, whom I bounced it over to, and so 
on? The fact that Robb London might be "very interested" in where I 
bounced Jim Bell's mail to does NOT mean I had any obligation to keep 
detailed records, presumably in a form not subject to erasure or loss 
through routine misadventures of the computer kind.

And as James keeps ragging about, if they haven't gone after Microsoft 
for "spoliating" as MS got rid of old e-mail and limited employee 
planners and notes, they surely can't go after the operator of the 
noisebox remailer, for example, for failing to keep logs of all traffic 
from May 19, 1999 to May 24, 1999. (And, by the way, conventional 
remailer logs, it would seem, would be of incoming traffic and outgoing 
traffic. The guts of the "request-remailing-to" operation, in either 
Cypherpunks Type I or 1 or Mixmaster remailers happens inside another 
program. It would take extra twiddling of the logging software to 
actually add a report saying "Incoming message #71734 was pooled and was 
sent out 23 minutes and 18 seconds later as outgoing message #70219."

Standard Unix or Linux logs should not be very helpful, and keeping them 
is not required by any current statute. (CALEA may have stuff in it 
about logs, but the LEAs have yet to push in this direction. Certainly 
an ex post facto laws penalizing someone for violating CALEA when no 
CALEA standards/precedents are established would be a reach.)

--Tim May

More information about the cypherpunks-legacy mailing list