Silver pipes and silver nodes

[Tim May]

On Friday, August 17, 2001, at 10:40 AM, lcs Mixmaster Remailer wrote:

>> Even without the proposed legislation, anonymity is increasingly 
>> fragile on
>> the Net. Corporations have sued for libel to force services to 
>> disclose the
>> identities of those who posted disparaging comments about them online.
>> Individual suits of this type are rarer, but last December, Samuel D.
>> Graham, a former professor of urology at Emory University, won a libel
>> judgment against a Yahoo user whose identity was released under 
>> subpoena.
>
> Actually the tide is turning on this issue.  There have been two
> high-profile cases this year in which suits designed to reveal the
> identities of pseudonymous posters have failed.

Importantly--and glossed over in the Grossman article--there is a huge 
difference between "being forced to reveal something you know" and 
"being required to know."

For example, consider a financial transaction, a purchase of something.

If Gary the Grocer has a record kept of a delivery to Mannie the 
Mobster, and the system learns about it, Gary can be ordered to turn 
over his records.

However, he cannot be compelled to require I.D. from Mannie the Mobster. 
Cash and unrecorded transactions are still fully legal. (And should 
remain so, so long as the Constitution is not fully shreddded.) (For any 
quibblers, there are very, very limited cases where records of purchases 
are required, e.g., guns. There are other limited cases where a proof of 
age credential (but not identity) is supposed to be presented, e.g., 
alcohol and cigarettes.)

A remailer cannot be compelled to keep records by any constitutional 
laws I have heard of.

Furthermore, even if some law is passed requiring an ISP to "retain logs 
for 7 years," this will hardly impinge on properly-designed remailers. 
Easily-designed remailers, in fact.

My ISP can keep all the logs he wants to, including records of encypted 
mail to and from my dial-up account. However, once I have received 
encrypted mail, gotten around to collecting and decrypting them, then 
mailing them back out, the logs at the ISP tell a snoop nothing of 
interest.

(Remember, remailers are _mailers_, operating in prinicple at the POP 
level. That some remailers are acting at the "packet" level 
(loosely-speaking) is not central to their function. Especially given 
the usual (and desireable) delays associated with pooling of N messages.)

So, stopping remailers requires a LOT more than requiring Earthlink to 
keep terabytes of data around for years and years.

Many years ago I referred to their being two critical ingredients:

-- silver pipes

-- silver nodes

Silver nodes are perfectly reflective nodes which no amount of external 
illumination/scrutiny can penetrate. The perfect shield, a la the 
"bobbles" of Vernor Vinge's "Peace War" and "Marooned in Realtime" 
novels. Security of a PC, and local file encryption, approximates this.

Silver pipes are the various links between nodes, with encrypted 
packets. SWAN is one example, SSL another. Sniffers and snoopers can see 
that the pipe exists, but cannot see "inside" it, hence the "silver" 
appelation.

So what happens when a large number of silver nodes are connected with a 
large number of silver pipes?

And so _what_ if some of the nodes (ISPs, but not a hundred million 
end-user machines) are "required by a new world order treaty" to retain 
their logs for 7 years?

And the point about a hundred million end-user machines is an important 
one. Many of you already are running your own servers...you are your own 
ISPs. This trend will increase.

What of machines sitting in large warehouses of machines (like 
www.rackspace.com)? What of LANs and WANs used as remailers? Packets 
enter the building of Digital Datawhack, travel over a plethora of CAT5 
and Firewire and 802.11b links, get mixed around in the usual ways, and 
then eventually exit the Digital Datawhack building...or one down the 
street, across town, etc....and re-enter the "more public" networks. 
What, exactly, would it mean to "require logs of all packets"?

A hopeless task.

The "degrees of freedom" are too large, even now.