Re: Run a remailer, go to jail?
, or reception of any telecommunications, transmissions, signals, or services would seem to prohibit mod'ing of M$ Xboxen. Linux/*BSD users reading DVDs (or just about anything else) are outlaws. This is a breathtakingly broad Act. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
PATRIOT2 affects individuals, citizens authentication
Reading the HTML version: http://www.dailyrotten.com/source-docs/patriot2draft.html ... investigations of lone wolf terrorists or sleeper cells may not be authorized under FISA. ... This provision would expand FISA's definition of foreign power to include all persons, regardless of whether they are affiliated with an international terrorist group ... Requiring the additional showing that the intelligence gathering violates the laws of the United States is both unnecessary and counterproductive, as such activities threaten the national security regardless of whether they are illegal. ... However, there does not appear to be a statutory defense for agents who engage in surveillance or searches pursuant to FISA authorities under which no prior court approval is required ... This provision would clarify that the good faith reliance defense is available, not just when agents are acting pursuant to a FISA Court order, but also when they are acting pursuant to a lawful authorization from the President or the Attorney General. ... Another context in which different types of foreign powers are treated differently is the FISA definition of United States person. United States persons have a more protected status under FISA for certain purposes, such as dissemination of information. ... The amendments in this section will facilitate the investigation of threats to the national security posed by such groups by reassigning them to the less protected status now accorded to foreign powers ... 13.(b) The terms 'encrypt' and 'encryption' refer to the 14.scrambling (and descrambling) of wire communications, electronic 15.communications, or electronically stored information, using 16.mathematical formulas or algorithms in order to preserve the 17.confidentiality, integrity, or authenticity of, and prevent unauthorized 18.recipients from accessing or altering, such communications or 19.information. Even integrity and authenticity would be subject to investigation for Unlawful use of encryption. We often write scenarios where a monkey in the middle (MITM) tampers with communications. Our national security apparatus prefers that it be able to alter our communications and impersonate those under investigation. Remember, I was investigated for treason by the FBI for merely writing the specification for PPP CHAP, an authentication protocol. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
[Moderator's note: I think this is slipping from relevance... --Perry] Faust wrote: Here's a little story: this week I learned that one of our valuable security doctoral candidates doesn't vote, and doesn't want to learn about or discuss politics and the political implications of what she does. Sounds very sensible to me. Leave the voting to those who care. Good thing that you never post complaining about security policy and governments, then Funny, that seems a constant theme on this list! For most of the years I've been involved, the very idea of public, unclassified, non-govermental activity in cryptography and security was actively opposed by our respective governments. That changed through direct activism by many of those on this list. Democracy is not a spectator sport. To be involved in security is to be concerned with policy. Ignorance of policy automatically disqualifies somebody to be a security analyst, since they have no basis for analysis. Security requires more than mere bit twiddling. One of my peeves about Australia is that voting is compulsory here. Quite apart from enforced voting being an infringement of my civil right, the What civil right would that be? Does Australia have some sort of enumerated right to benefit from the work of others without contributing? problem is that most people do not even know who is standing for election from their electorate, far less care what their policies are. And you personally worked to educate them -- how? As a result the great unwashed turn up and tick boxes at random. And you personally worked to educate them -- how? One rightwing politician used this recently to register 30 fake minor parties ( Gay and Lesbian Party, Marihuana party, Save the Forests Party etc ) and then directed the preferences of these parties to himself. This enabled him to get elected to Parliment. Sounds like an excellent hack of the system! Although, with petition signatures from 5% of the electorate for each party to gain a place on the ballot, 30 parties would indicate that he had 150% of the voters sign petitions Either there was an error in the petition validation process, or the party qualifications are unreasonably low (5% to 15% is typical), or you're exaggerating a wee bit (Here, you have to show a minimum of support to gain a place on the ballot. Indeed, incumbent officials have to go out and gather thousands of signatures to be placed on the ballot, even when their party has already qualified for the election. Heck, many places don't require a politician to be a member of any party, as long as they separately qualify to a slightly higher standard.) -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
With all due respect to the commentator and the tremendous amount that he has contributed to the community, I had to go eat a pint of ice cream and cool down, I was so incensed after reading his comments. Here's my attempt at a rational reply: John Young wrote: It will be more expensive to obey an ISP's lawyer and somewhat less expensive to sell tappable service. That's the way of economic intimidation. Cheapest is to ignore the subpoena and never seek legal advice. The ISP world won't collapse despite chicken little warning. And ISPs look like cowardly shits for caving. ... ISPs are using lawyerly advice to cloak betrayal and cowardice. Fire the ISP lawyer, especially if in house. Pay the difference to sysadmins willing to fight. I don't think we caved, or are cowardly shits. We're too small for an in house lawyer. But I won't expect sysadmin employees to go to jail. In the main, we have to work with the system as it exists, while we work to improve it. Those who know me well are aware that I've a few experiences along these lines in my life. - I've been jailed for civil contempt of court. - I've endured FBI investigation (google for it). - I've survived a 7+ year IRS audit, including 2 cases taken all the way to the 6th Circuit, looking to see whether my cryptographic activities were financially supported by foreigners. - I've been party to many other cases (primarily FOIA), setting local and state precedents argued all the way to our highest state court. - I've been involved in electoral politics for 25+ years, and am reasonably familiar with certain elected officials and governments. We got one of the main ACLU attorneys in our state. We sent back the original because it misspelled the name of the company, then challenged the scope, and finally limited the records provided. That is, we resisted every step of the way. Then, we changed our Best Current Practices so that such a subpoena would be more difficult to fulfill in the future. And urged the world to follow our example (well, NANOG and later this list). Here's a little story: this week I learned that one of our valuable security doctoral candidates doesn't vote, and doesn't want to learn about or discuss politics and the political implications of what she does. This was particularly disturbing to me, as she is a naturalized citizen, coming from the old soviet union. In other venues, new citizens are the most active in politics, happy to be somewhere they can participate. Sometimes, engineers have persistent tunnel vision I've always believed there's more to security than bit twiddling, and I've done my best to practice what I preach. As I've written IETF drafts over the past 14 years, I was long an advocate of adding a security considerations section to everything we've done. And I've generally added an operational considerations section, too. We always need to think about the consequences of our work. It needs to enhance security. It needs to protect the powerless from the powerful, even when the users don't think they have anything to hide. It needs to be easy to use (or it won't be used). So, in some respects, you're preaching to the choir. But there is a time and place for civil disobedience. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
Declan McCullagh wrote: At 06:15 PM 1/21/2003 -0500, William Allen Simpson wrote: He's placed the decision here: http://www.politechbot.com/docs/verizon.riaa.decision.012103.pdf All this to learn the identity of a computer at a particular IP address. Presumbly, Verizon will now be smart enough to say: All of our IP addresses are assigned using DHCP, and we have no record of the name of any subscriber associated with an IP address. I was thinking along the same lines. This seems to be a market opportunity for an Internet provider that keeps no IP address-identity records for more than a few minutes or hours. Speaking with my ISP hat on, we had an experience (described on NANOG and such) with legal process several years ago. Since then, we: 1) never back up the mail servers -- if any fail, we would regenerate the account information from billing records, but any unPOPed mail will be lost. 2) regenerate DSL IP addresses every 6 hours (except for those companies paying extra for static IPs). 3) syslog dialup IPs to a separate server, where they would be lost when the power goes away, and in any event should roll over every day. It's not really a sales item. Since we are only local, I'm not sure how many customers would be sold by this feature. Farmers and college students tend to be oblivious. But there is a strong economic rationale. We save untold operational expense, support costs, and legal fees. (The legal cost of complying with that single interstate subpoena cost us an entire month of revenue.) The DMCA provides for standard technical measures that (C) do not impose substantial costs on service providers or substantial burdens on their systems or networks. Thus, we need to specifically ask our ISPs (market demand) to drive the process for these measures that (A) have been developed pursuant to a broad consensus Certainly, we're part of the consensus!?!? Neil Johnson wrote: Which leads me to beleive that most ISP's are going to want to to keep track of IP's. Oh yes, operationally we need to keep IPs around for a short time to track network problems and enforce the AUP. But we've found 6 hours to a day to be entirely adequate. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Verizon must comply with RIAA's DMCA subpoena
Declan McCullagh recently posted an interesting article on a legal opinion: http://news.com.com/2100-1023-981449.html He's placed the decision here: http://www.politechbot.com/docs/verizon.riaa.decision.012103.pdf All this to learn the identity of a computer at a particular IP address. Presumbly, Verizon will now be smart enough to say: All of our IP addresses are assigned using DHCP, and we have no record of the name of any subscriber associated with an IP address. When reading the article and then the opinion, I found a discrepancy. Declan says the Verizon subscriber allegedly was sharing (that is, outgoing traffic to other users), while the opinion explicitly says downloaded (presumably, incoming from other users). This raises the question in my mind, how would the RIAA know? Are they snooping on Verizon's network? Wouldn't this eavesdropping be solved by using encryption? Discussing this with Niels Provos, he mentioned they might have a honeypot, and track the IP addresses of downloads. But then, wouldn't the downloads be authorized by the RIAA, and thus not infringing? Although the opinion itself is clear as far as it goes, unfortunately it doesn't cover the issues that are more important to us. The judge declined to rule, as the Verizon lawyers left it to amici to argue, Without a properly developed record, the court found that the defendant effectively waived the constitutional challenge: 17 Verizon devotes only two sentences and a footnote to the constitutional issues, contending that the subsection (h) subpoena authority, if broadly construed, raises substantial Article III (judicial power) and First Amendment (freedom to engage in anonymous speech) questions. [opinion page 30] Disappointing. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DeCSS, crypto, law, and economics
Eric Rescorla wrote: William Allen Simpson [EMAIL PROTECTED] writes: Therefore, your graphs say to me: market segmentation is indicative of Of course. But the point that you seem to be missing is that there are situations where a monopoly can Pareto-dominate non-monopoly situations. The points I was making here are (1) the terms used were wrong and (2) there were no net benefits (wealth) to society from the monopoly. The problem with this example, as is often the case with economists, is it assumes perfect knowledge and rational behaviour. Of course. Because it's far harder to explain the principle without perfect information. That doesn't make it wrong, however. It is wrong, since it doesn't have any correspondence to the case at hand (DVDs, cryptography). In fact, it is directly contrary: (1) the producers are not omniscient, and (2) the consumers have knowledge about pricing, and (3) neither the producers nor the consumers act rationally. We can speculate forever about universes where we travel faster than the speed of light, but really, I don't see why we should bother with using such universes to model our current discussion. You're implicitly assuming some method of price discrimination (in this case auctions). I'm explicitly stating that the consumers have concurrent knowledge about pricing. The consumers may decide that their values are different. (That may not be rational.) Without the ability to get one consumer to pay more than another, we're back to the situation that we had before, namely that it's unprofitable to produce the commodity. Most consumer goods are not sold at auction and thus more subtle forms of price discrimination are required. What you mean is FORCE the consumers to pay more than one another, even when everyone knows it a priori to be irrational. The question raised was whether the commodity would be produced. The producer knows that in the PAST there was sufficient income from these consumers for the goods to be profitable. The producer is not pre-cognitive. In the case at hand, producers know that some movies/theatricals simply never make a profit, no matter how wonderful. That's risk. Incidentally, it's not clear that an auction will produce the effect you suggest. It's not necessarily your best strategy to bid up to your true value on the first of a series of identical items. Certainly. For example, each consumer could decide not to bid unless the commodity is a bargain -- a behaviour frequently seen in real life at flea markets or garage sales. In that case, the producer will not make his nut. So? Absent FORCE, there's never a guarantee of profit. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DeCSS, crypto, law, and economics
I thought I made a fairly clear and cogent original synopsis, but apparently we're heading off into religious wars. I'm going to invert Eric's argument: Eric Rescorla wrote: William Allen Simpson [EMAIL PROTECTED] writes: The question raised was whether the commodity would be produced. The producer knows that in the PAST there was sufficient income from these consumers for the goods to be profitable. Of course, but the producer uses things like past experience and marketing studies to decide what they expect. There may be errors, but that doesn't invalidate the basic analysis, which is that if the producer doesn't EXPECT to make a profit they won't produce a product. Look, I'm sure we are all in agreement on this point, with two caveats already expressed earlier: 1) producers don't just want any profit, they want the biggest possible profit, and are less likely to produce something when there is something else even more profitable. 2) we have examples where producers' desire for the biggest possible profit stopped development of a product, the public sector stepped in, and the resulting product created wealth far beyond the dreams of the original -- the Internet, Harry Potter. So, in the matter of DVDs, we all agree that the product _has_ been produced. There are only artificial barriers in the market. It is wrong, since it doesn't have any correspondence to the case at hand (DVDs, cryptography). In fact, it is directly contrary: (1) the producers are not omniscient, and (2) the consumers have knowledge about pricing, and (3) neither the producers nor the consumers act rationally. We can speculate forever about universes where we travel faster than the speed of light, but really, I don't see why we should bother with using such universes to model our current discussion. Maybe you live in some alternate universe where companies don't to practice price discrimination, but here on planet Earth, The model (you proposed quoting Varian) required perfect knowledge of the producer, and complete lack of knowledge by the consumer. That's not planet Earth. The model doesn't work on planet Earth. companies routinely offer products at widely variable prices to different consumers. Only when the consumers are unaware of the practice, and/or where the companies have raised a monopolistic legal barrier to *FORCE* the consumers to pay different prices. Note that some vendors are attempting to use the DMCA to prevent consumers learning about pricing differences, as reported Dec 2 on politechbot.com and http://www.law.berkeley.edu/cenpro/samuelson/news/pressrelease.pdf The points I was making here are (1) the terms used were wrong and (2) there were no net benefits (wealth) to society from the monopoly. But that's wrong, because the monopoly allows market segmentation, which allows new products to be introduced that otherwise would not be. There has been no conclusive evidence presented here. The Varian arguments presented are fallacious. And other legal opinion presented here concluded otherwise. Name us a DVD title that would not have been introduced without market segmentation, because it would have been unprofitable!?!? Or is this just a religious belief? Further deponent sayeth not. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DeCSS, crypto, law, and economics
... Have we forgotten that Jackson was turned down by many studios, before he was allowed to make this magnificent (and profitable) film? Then, when it was shown to be profitable, the larger studio BOUGHT the smaller ones! Very like M$. Very like a monopoly (or oligopoly). Birger Toedtmann wrote: David Turner schrieb am Wed, Jan 08, 2003 at 01:29:39PM -0500: On Wed, 2003-01-08 at 05:50, Pete Chown wrote: With DVDs we have a complex situation. Supposedly studios can make more per film, so they can afford to make more marginal films. To make films which will not make money is not an economically rational action even if one is making other films which do make money. This is the point the 17 economists made in their Eldred amicus. It depends. In not-so-simple-scenarios, one may use it on behalf of PR (attracting people to one's product portfolio) or bind a promising new director who will later create a big profit-making film. Studios and publishers use the latter quite frequently I guess. I've seen no evidence that higher profits result in any increase in studio productivity, or production of marginal profit, quality films. Instead, those are usually produced as indies. I've seen several cases where an ALREADY established profitable director will insist on doing a marginal film as part of a continuing contract. If a product is definitely beyond any profit, it won't get produced by market forces, thus resulting in a pure common good. Society may then agree upon whether it wants that good to be produced anyway, paying it with taxes, presumably. You can see this with theatre, arts, opera etc. This is economically rational as well but works outside markets only. Don't mix rationality and market forces. Let us not forget that the most highly paid woman in the UK was given her start just a few years ago by a grant from the Scottish Arts Council, for a book nobody else would fund. (Rowling and Harry Potter) Let us not forget that our beloved Internet (or more accurately its NSFnet predecessor) was funded by grants from the US government and the State of Michigan. The market forces were pushing OSI and monopoly control. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Navajo Code Talkers
H. CON. RES. 174 Authorizing the Rotunda of the Capitol to be used on July 26, 2001, for a ceremony to present Congressional Gold Medals to the original 29 Navajo Code Talkers. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]