Re: Official Anonymizing

[Adam Shostack]

On Tue, Sep 04, 2001 at 01:42:28PM -0700, John Young wrote:
| I propose that all anonymizers adopt a code of practice that
| any sale to officials of anonymizers or their use be disclosed 
| to the public (I suggested this to ZKS early on when first 
| meetings with the feds to explain the technology were being 
| sometimes disclosed). That seems to be a reasonable response 
| to officially-secret prowling and investigating cyberspace.

Speaking for myself, I don't really want to know my customers any more
than I absolutely must.  If y'all are so willing to identify and treat
differently one class of customers  (spooks), I believe that you have
no moral leg to stand on when a different class of customers (say,
hispanics) are treated differently.

If there's no morality bit in encryption, then there's no morality
bit, and the fifth horsey of government can be as anonymous as the
rest of us.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Official Anonymizing

[Steve Schear]

At 01:42 PM 9/4/2001 -0700, John Young wrote:
>On ZKS selling anonymizing products that are publicly available
>to governmental officials does raise an issue of whether officials
>should, or should be able to, conceal their official identities when
>working cyberspace in an official capacity. I think not, though
>it might be as impossible to get officials to comply as with
>terrorists so long as the technology is there.

I recall reading last week that an Oregon Supreme Court decision makes 
mandatory that state LE operate only in the clear (no pseudo-anon 
identities).  Prosecutors are wringing their hands.

steve

Re: Official Anonymizing

[Faustine]

John wrote:

>On ZKS selling anonymizing products that are publicly available 
>to governmental officials does raise an issue of whether officials
>should, or should be able to, conceal their official identities when 
>working cyberspace in an official capacity. I think not, though
>it might be as impossible to get officials to comply as with
>terrorists so long as the technology is there.

>Paul Sylverson, at NRL, took me to task recently for outing
>officials, claiming that one of the primary purposes of onion
>routing was to allow officials to conceal their actions in
>cyberspace. I answered that it was my opinion that officials
>had no right to conceal their identity when on the job, not
>the military, not the spooks, indeed, they should be obliged
>to reveal identity in cyberspace when at work, if not of the
>person then of the agency.


Nice thought, but I'll bet it wouldn't happen in a million years. 

And speaking generally on the subject of various people "concealing 
actions", could I just say that I think any company working in this sector 
would be well-advised to take good, hard second look at their internal 
security practices. "Insider threat mitigation" should be every bit as much 
of a concern to you as it is to the DoD. Maybe more so. Their unholy 
quartet of "maliciousness, disdain for security procedures, carelessness, 
and ignorance" applies to your insiders too. It wouldn't hurt anything to 
run a tighter ship, either: what are you doing to get to know who you're 
really working with? What are you doing to ensure you aren't trusting your 
trade secrets to shitheels who'll sell out crucial elements of your design 
to the first person who waves a few dollar bills under their nose? Not 
making any claims about who's doing the selling, who's doing the buying or 
why. But something seriously reeks in Denmark and as a community you really 
need to think about it a little harder.

~Faustine. 

Re: Official Anonymizing

[Declan McCullagh]

At 01:42 PM 9/4/01 -0700, John Young wrote:
>On ZKS selling anonymizing products that are publicly available
>to governmental officials does raise an issue of whether officials
>should, or should be able to, conceal their official identities when
>working cyberspace in an official capacity. I think not, though
>it might be as impossible to get officials to comply as with
>terrorists so long as the technology is there.

It seems to me that John is taking the first steps toward a general 
argument: That police should not be allowed to do undercover work. His 
argument, taken to its logical conclusion, would prevent police from 
infiltrating criminal organizations in meatspace (let's assume, for the 
moment, that we're talking about serious criminal acts against property and 
person, not victimless crimes).

I propose that all anonymizers adopt a code of practice that
>any sale to officials of anonymizers or their use be disclosed
>to the public (I suggested this to ZKS early on when first
>meetings with the feds to explain the technology were being
>sometimes disclosed). That seems to be a reasonable response
>to officially-secret prowling and investigating cyberspace.

What happens when Anonymous Software Inc. sells its prepaid 300-minutes of 
anonymous browing kit through CompUSA and PC Warehouse? And, as others have 
pointed out, the people you most want to catch with this rule would have 
the strongest incentive to evade it.

Anonymous remailers and browsing technology is user- and value-neutral. As 
a practical matter, it makes sense to assume that the Feds are using it.

-Declan

RE: Official Anonymizing

[Aimee Farr]

Are you talking about Gatti? 

~Aimee

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Steve Schear
> Sent: Tuesday, September 04, 2001 1:33 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Official Anonymizing
> 
> 
> At 01:42 PM 9/4/2001 -0700, John Young wrote:
> >On ZKS selling anonymizing products that are publicly available
> >to governmental officials does raise an issue of whether officials
> >should, or should be able to, conceal their official identities when
> >working cyberspace in an official capacity. I think not, though
> >it might be as impossible to get officials to comply as with
> >terrorists so long as the technology is there.
> 
> I recall reading last week that an Oregon Supreme Court decision makes 
> mandatory that state LE operate only in the clear (no pseudo-anon 
> identities).  Prosecutors are wringing their hands.
> 
> steve

Re: Official Anonymizing

[Greg Broiles]

At 04:33 PM 9/4/2001 -0700, John Young wrote:
>Look, I'll accept that we will all succumb to the power of the market,
>so limit my proposal for full disclosure to those over 30. After that
>age one should know there is no way to be truly open-minded.

And, in the spirit of full disclosure, I'll mention that at C2Net we did 
sell our software to the government/intelligence agencies who wanted it - 
they paid the same prices as any other customers, signed the same sales 
contracts (we'd negotiate some on warranty terms for big purchases), and 
otherwise got what everyone else got - not more, not less.

In the book "Peopleware", it's argued that software quality is important 
not because customers demand it (they don't), but because it makes 
developers happy to make something they're proud of, and happy developers 
are more productive and are retained longer. I thought then (96-98) and 
still think that it might be sensible for small crypto/privacy 
oriented-companies to refuse to sell to government bodies - not because it 
would realistically prevent the TLA's from gaining access or information, 
but because it would be a good marketing trick, especially back when the 
LEO/intel agencies were 100% behind Clipper and very restrictive 
export/escrow policies. In terms of customer and employee morale, it might 
be helpful to be "that company who tells the government to fuck off for 
moral reasons", which is something that ideological leftists and 
ideological libertarians can get excited about, and excited customers and 
employees are good for business.

It also might be a sensible posture for a small, fast-moving high-volume 
company that doesn't want to fuck around with the overhead involved with 
government sales - they typically took 2x or 3x as long to close as 
private-sector sales, and had extra mandatory forms to fill out where they 
wanted to know about the race and gender of the business owner(s), and then 
paid us on 90 or 120 day or worse terms because what were we going to do, 
sue them? On the other hand, it also looks like a good opportunity for a 
captive government reseller subsidiary, which has a couple of really 
laid-back slow people on staff who don't mind filling out forms, and charge 
2x the regular retail price (which is available only to cash/credit card 
customers) in exchange for waiting 120 days for payment. But we didn't have 
spare cycles to fuck around with that, though some companies do, and they 
seem to do pretty well with it.


--
Greg Broiles
[EMAIL PROTECTED]
"We have found and closed the thing you watch us with." -- New Delhi street kids

Re: Official Anonymizing

[Greg Broiles]

At 04:33 PM 9/4/2001 -0700, John Young wrote:
>And I am not as sanguine about the wisdom of providing technology
>to government on the same footing as the citizen. There is more
>than a bit of marketing opportunism is this view -- and government
>knows very well what power the purse has to seduce young firms
>into the world of secrecy.
>
>So I say again, that despite it being economic foolhardiness, indeed
>because it is that, there needs to be a code of practice for anonimyzer
>developers to state their policy of helping governments snoop on
>us without us knowing. Agnosticism in this matter is complicity
>when such a stance cloaks government intrusiveness.
>
>Look, I'll accept that we will all succumb to the power of the market,
>so limit my proposal for full disclosure to those over 30. After that
>age one should know there is no way to be truly open-minded.

I don't think the problem here is really the power of the market - it's the 
ease of copying digital media, and the difficulty of keeping a secret. I 
think a disclosure program like you discuss isn't an awful idea - and it 
might make sense for crypto companies to include, as part of their sales 
contracts with government agencies, explicit permission to disclose those 
purchases for public awareness and marketing purposes.

But any such disclosure list is going to be incomplete, because the sellers 
themselves don't know who they're selling to, or who their customers are 
passing the goods along to.

It's the same old crypto export control problem - but now we're thinking of 
the US government as the bad guys, instead of the government of Iraq - and 
all of the practical objections to the export control nonsense still make 
as much sense as they ever did. And the ease of circumventing the control 
regime still makes it a laughingstock, or just a marketing exercise.

(See, for example, the PROMIS software package - licensed by Inslaw to DoJ, 
and from there distributed far and wide, depending on who you believe. A 
Google search on "promis inslaw casolaro" will provide a catalog of real or 
imagined government abuses of small software sellers.)

I agree that we in the US have much more to fear from our government than 
from the government of Iraq - and perhaps the moral or strategic questions 
about arms control weigh even more heavily against giving the US government 
strong privacy or encryption or monitoring tools - but those moral 
questions are irrelevant given the speed and ease of distribution in the 
modern world. We can't control the spread of drugs, or guns, or money, or 
crypto, or surveillance tools - not as a government, and certainly not as 
individuals or small companies.

Given those constraints on our abilities, publishers of crypto/privacy 
tools must assume that, when they make any significant distribution of 
their products, some of them will end up in the hands of government 
agencies, who will use them (if they're useful) and disassemble/analyze 
them to find exploitable weakness. That's not really different from what 
others - like hostile foreign governments, or motivated criminals, will do 
with them.

Similarly, citizens must assume that, if tools are available to anyone, 
that they are available to governments, and to the least honest and least 
honorable and least humanitarian people within those governments, and plan 
their affairs accordingly.

There's no other realistic path - we can agree that it would be nice if 
governments didn't perceive a need to mislead and deceive their own 
citizens, and if governments would follow their own laws - just as it would 
be nice if other humans would follow laws and act decently, too. But they 
won't, not all of them. So we've got to  make our plans assuming that the 
worst people are going to get access, sooner or later, to the best tools, 
and they're going to lie to us about it along the way.

And that's what we've got to work with - but we can have the good tools, 
too, if we choose them.


--
Greg Broiles
[EMAIL PROTECTED]
"We have found and closed the thing you watch us with." -- New Delhi street kids

Re: Official Anonymizing

[John Young]

I try to abide the principle that if one gets anonymized
all should. However, there is a disparity in who gets
to leverage that anonymity -- from the citizen to the
empowered official.

We have now more privilege of conealment on the official
side, and that needs redress, constant redress a rebel
might yell.

Not much of my proposal is radical: there is a long tradition
for officials to own up to what they do in their official
roles. The uniformed police, the uniformed military
services. That is far less done in the case of the spooks
and, increasingly lately, law enforcement and the military
as the latter adopt the practices and more importantly 
the technology of spooks -- and the spooks' lack of
public accountability (those oversight committees are
a fraud).

The culture of secrecy is vastly overweighted in favor of
government, and much of that derives from hoary claims
of national security. Undercover and covert operations
have become far more pervasive in the US government
and military than ever, and constitute a privileged elite in 
mil/gov, and often law enforcement, moving from the
federal agencies into state and locals -- and contractors
and suppliers for all these. And all are bound by a
complicitous and luxurious veil of secrecy.

It is fairly common for goodhearts to question government
but not when national security, and more recently, domestic
security, is bruited. But that is due to a well-crafted educational
campaign to raise national security to a theological level, and
its rational is itself cloaked in secrecy. A similar theologizing
is underway, methinks despite Declan's unreflective demurral,
in the campaign for combatting domestic terrorism, the
Homeland Defense demonolgy.

Having learned much here about the futility of trying to determine
who gets privacy technology and who does not, it remains true
that for most of us access to this technology is very recent and we
know not what lies outside our knowledge.

I am not as sanguine about government as I was before being
semi-educated by this list about what technology is in covert use.

And I am not as sanguine about the wisdom of providing technology
to government on the same footing as the citizen. There is more
than a bit of marketing opportunism is this view -- and government
knows very well what power the purse has to seduce young firms
into the world of secrecy.

So I say again, that despite it being economic foolhardiness, indeed
because it is that, there needs to be a code of practice for anonimyzer
developers to state their policy of helping governments snoop on
us without us knowing. Agnosticism in this matter is complicity
when such a stance cloaks government intrusiveness.

Look, I'll accept that we will all succumb to the power of the market,
so limit my proposal for full disclosure to those over 30. After that
age one should know there is no way to be truly open-minded.

Re: Official Anonymizing

[Tim May]

On Tuesday, September 4, 2001, at 03:41 PM, [EMAIL PROTECTED] wrote:

> Hear Hear!!
>
> Yours,
>
> J.A. Terranson
> [EMAIL PROTECTED]



Why are you sending me-toos _twice_?

(Yeah, I remember your explanation: you send things to two different 
nodes, with two different sender addresses, to make sure everyone gets 
your stuff. Rethink your strategy, lest many of us plonk you.)


--Tim May

Re: Official Anonymizing

[Greg Broiles]

At 07:53 PM 9/4/2001 -0400, Declan McCullagh wrote:
>[...]
>2. Since the people enforcing this hypothetical law are the same people 
>with the greatest incentives to violate it, what makes a disinterested 
>observer believe that it will be effective? If we're not interested in 
>effectiveness, why don't we just pass a law saying "no more police 
>brutality" or "no cop shall violate someone's civil liberties?"

I think this goes a little too far (though I'm also pretty skeptical about 
the underlying proposal). True, it's very unlikely that cops will arrest 
themselves for violating a mandatory disclosure law - expecting any group 
to reliably self-police is unrealistic.

It would not be practically, impossible, to enforce such a provision the 
same way that parts of the Fourth, Fifth, and Sixth amendments are - by 
making evidence which has been gathered illegally unavailable in court. 
That sanction isn't intended to be punitive - it just removes (some of) the 
motivation to engage in the forbidden activity.


--
Greg Broiles
[EMAIL PROTECTED]
"We have found and closed the thing you watch us with." -- New Delhi street kids

Re: Official Anonymizing

[John Young]

Sorry, I'm not proposing a law, certainly not on this list.
Rather a voluntary concordance for reputation building,
not only in citizen-world but in government-world.

There has been a lot of good discussion about this
here in the past and I'm not going against that wisdom.

Greg is tracking that in one of his posts, and Declan
too if the focus on law is shifted to reputation. How
to build reputable products for privacy protection and
how to keep them trustworthy. Use of these by
officials to invade privacy will surely diminish the 
products. The capability of the intrusive products 
should extend to public warnings of likely abuses 
by whomever, but by officials most so.

Nothing unusual about that unless you want government
customers. And who doesn't after age 30. So, again,
daredeviling products are for those who have nothing 
to lose. You making profit, handsome profits, you won't
give them up for principle, right. That's okay, we are all
subject to enlightened self-interest, the same force
that leads officials to spy on us and criminalize
us doing it to them.

I foresee criminalizing anonymizers for us not them.
Their laws not ours. Ours is to . . . concord in sweet
harmony, as here we do -- until some mean son of
a bitch subs up to discord.

Re: Official Anonymizing

[measl]

Hear Hear!!

Yours,

J.A. Terranson
[EMAIL PROTECTED]


On Tue, 4 Sep 2001, Adam Shostack wrote:

> Date: Tue, 4 Sep 2001 14:33:21 -0400
> From: Adam Shostack <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: John Young <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: CDR: Re: Official Anonymizing
> 
> On Tue, Sep 04, 2001 at 01:42:28PM -0700, John Young wrote:
> | I propose that all anonymizers adopt a code of practice that
> | any sale to officials of anonymizers or their use be disclosed 
> | to the public (I suggested this to ZKS early on when first 
> | meetings with the feds to explain the technology were being 
> | sometimes disclosed). That seems to be a reasonable response 
> | to officially-secret prowling and investigating cyberspace.
> 
> Speaking for myself, I don't really want to know my customers any more
> than I absolutely must.  If y'all are so willing to identify and treat
> differently one class of customers  (spooks), I believe that you have
> no moral leg to stand on when a different class of customers (say,
> hispanics) are treated differently.
> 
> If there's no morality bit in encryption, then there's no morality
> bit, and the fifth horsey of government can be as anonymous as the
> rest of us.
> 
> Adam
> 
> 

-- 
Yours, 
J.A. Terranson
[EMAIL PROTECTED]

If Governments really want us to behave like civilized human beings, they
should give serious consideration towards setting a better example:
Ruling by force, rather than consensus; the unrestrained application of
unjust laws (which the victim-populations were never allowed input on in
the first place); the State policy of justice only for the rich and 
elected; the intentional abuse and occassionally destruction of entire
populations merely to distract an already apathetic and numb electorate...
This type of demogoguery must surely wipe out the fascist United States
as surely as it wiped out the fascist Union of Soviet Socialist Republics.

The views expressed here are mine, and NOT those of my employers,
associates, or others.  Besides, if it *were* the opinion of all of
those people, I doubt there would be a problem to bitch about in the
first place...

RE: Official Anonymizing

[Greg Broiles]

At 03:45 PM 9/4/2001 -0500, you wrote:
>Real-To:  "Aimee Farr" <[EMAIL PROTECTED]>
>
>Are you talking about Gatti?

Sounds like it. The opinion itself is at 
; 
media reports at  or 
.


--
Greg Broiles
[EMAIL PROTECTED]
"We have found and closed the thing you watch us with." -- New Delhi street kids

Re: Official Anonymizing

[Declan McCullagh]

Let me try to restate John's proposal, which has some very attractive 
qualities. There are a few questions, it seems to me:

1. Should we require by law that government employees never act under cover 
of anonymity? (In practice, what does that mean? Does that mean they can't 
lie about their truename, or does it mean that they have to affirmatively 
volunteer their employment status?)

2. Since the people enforcing this hypothetical law are the same people 
with the greatest incentives to violate it, what makes a disinterested 
observer believe that it will be effective? If we're not interested in 
effectiveness, why don't we just pass a law saying "no more police 
brutality" or "no cop shall violate someone's civil liberties?"

3. Since the people regulated by this hypothetical law who would object to 
it have innumerable allies in the legislatures of this fair nation, what 
makes a disinterested observer believe that this proposal could ever be 
anything more than a thought experiment?

4. Should privacy-providing companies pledge to disclose the identities of 
their .gov purchasers? Do we think that .govs will follow this rule, or use 
cutouts? Will it be effective when the tools can be freely downloaded or 
bought at CompUSA?

Me, I tend to think that federal agents shouldn't be infiltrating U.S. 
political parties, that the extent of undercover police work could be 
profitably scaled back quite a bit, that the IRS has few if any reasons to 
send its agents undercover, and that intelligence agencies have no business 
running operations domestically. Contrary to what John says, I'm happy to 
look critically at "homeland defense plans" -- what I've said is simply 
that this HD campaign has not yet eroded our civil libertes to the point 
where we have none. Be concerned, but not terrified.

I think John has a valid point when he says that we should look askance at 
anonymity firms that help government spy on us. Companies would be 
well-advised to make their practices (we sell to Feds, we refuse to sell to 
Feds) public. But the market being what it is, the tools so well-discussed 
in so many circles, and the switch from .mil or .gov to .org or .com so 
easy, that I suspect such promises might give us only a false sense of 
security.

-Declan

At 04:33 PM 9/4/01 -0700, John Young wrote:
>I try to abide the principle that if one gets anonymized
>all should. However, there is a disparity in who gets
>to leverage that anonymity -- from the citizen to the
>empowered official.
>
>We have now more privilege of conealment on the official
>side, and that needs redress, constant redress a rebel
>might yell.
>
>Not much of my proposal is radical: there is a long tradition
>for officials to own up to what they do in their official
>roles. The uniformed police, the uniformed military
>services. That is far less done in the case of the spooks
>and, increasingly lately, law enforcement and the military
>as the latter adopt the practices and more importantly
>the technology of spooks -- and the spooks' lack of
>public accountability (those oversight committees are
>a fraud).
>
>The culture of secrecy is vastly overweighted in favor of
>government, and much of that derives from hoary claims
>of national security. Undercover and covert operations
>have become far more pervasive in the US government
>and military than ever, and constitute a privileged elite in
>mil/gov, and often law enforcement, moving from the
>federal agencies into state and locals -- and contractors
>and suppliers for all these. And all are bound by a
>complicitous and luxurious veil of secrecy.
>
>It is fairly common for goodhearts to question government
>but not when national security, and more recently, domestic
>security, is bruited. But that is due to a well-crafted educational
>campaign to raise national security to a theological level, and
>its rational is itself cloaked in secrecy. A similar theologizing
>is underway, methinks despite Declan's unreflective demurral,
>in the campaign for combatting domestic terrorism, the
>Homeland Defense demonolgy.
>
>Having learned much here about the futility of trying to determine
>who gets privacy technology and who does not, it remains true
>that for most of us access to this technology is very recent and we
>know not what lies outside our knowledge.
>
>I am not as sanguine about government as I was before being
>semi-educated by this list about what technology is in covert use.
>
>And I am not as sanguine about the wisdom of providing technology
>to government on the same footing as the citizen. There is more
>than a bit of marketing opportunism is this view -- and government
>knows very well what power the purse has to seduce young firms
>into the world of secrecy.
>
>So I say again, that despite it being economic foolhardiness, indeed
>because it is that, there needs to be a code of practice for anonimyzer
>developers to state their policy of helping governments snoop on
>us without us knowing. Agno

Re: Official Anonymizing

[Nomen Nescio]

On Tue, 4 Sep 2001, John Young wrote:

> Nobody has yet seen an fbi.gov in the logs, or nsa.mil/gov,
> though a few ucia.gov and nro.gov crop up, and the ubiquitous
> nscs.mil.

fbi.gov = .usdoj.gov, as far as web logs go.

Re: Official Anonymizing

[Greg Broiles]

At 09:40 AM 9/5/2001 -0700, A. Melon wrote:
>Here is an example of the principle put into practice, from the
>anonymous web proxy service at http://proxy.magusnet.com/proxy.html:
>
>: If you are accessing this proxy from a *.mil or *.gov address
>: it will not work. As a taxpaying United States Citizen[TM],
>: Business Owner, and Desert Storm Veteran, I do not want my
>: tax dollars being used by agencies I pay for to gawk(1)
>: at WWW pages and hide your origination point at my expense.
>: Now, get back to work!

Sure, that's an understandable sentiment, but isn't this also isolating the 
good (or teachable) people inside government who might be open-minded about 
freedom or crypto or whatever, such that they can't learn from us, and such 
that (in the case of anonymizing tools) they can't leak information?

I think there's an argument that it's useful to provide pipes into 
secretive organizations which allow insiders to release information with 
reduced fear of internal retaliation - sure, they may be used for 
provocation and disinformation, but they also may be used for and by decent 
people.

(Like, for example, Fred Whitehurst, a supervisory special agent in the 
FBI's crime lab, who revealed systematic dishonesty, incompetence, perjury, 
and contamination in the agency's high-profile analytic & forensic 
operations - see  or 
.)

I don't think this question is as easy as it sounds at first.


--
Greg Broiles
[EMAIL PROTECTED]
"We have found and closed the thing you watch us with." -- New Delhi street kids

RE: Official Anonymizing

[Phillip H. Zakas]

> A. Melon writes:
> John Young takes a courageous stand:
>
> > I propose that all anonymizers adopt a code of practice that
> > any sale to officials of anonymizers or their use be disclosed
> > to the public (I suggested this to ZKS early on when first
> > meetings with the feds to explain the technology were being
> > sometimes disclosed). That seems to be a reasonable response
> > to officially-secret prowling and investigating cyberspace.
>
> Absolutely appropriate, given cypherpunk goals.  It may be difficult
> to apply in every case but the intention is laudable.
>
> Here is an example of the principle put into practice, from the
> anonymous web proxy service at http://proxy.magusnet.com/proxy.html:
>
> : If you are accessing this proxy from a *.mil or *.gov address
> : it will not work.

Given the amount of federal research conducted at the poles you might end up
blocking santa claus (which would piss him and his gang of elves off.)

It's impossible to determine the ultimate end-user.  For example, what if a
university performs secure computing research via a federal grant or
directly for an agency?  Are you going to block *.edu?  What if an
agency/contractor/employee/grantee uses comcast business internet access?
Or speakeasy sdsl service? What about using a qwest cybercenter and peering
with dozens of tier-one providers?  are you going to block the ones that do
business with the government?  What about international carriers?  Will you
block Deutsche Telekom just because the german govt. uses DT?  The world is
too complex for simple rules such as the above regardless of the intent of
the rules.

phillip

Re: Official Anonymizing

[Greg Broiles]

At 07:34 AM 9/5/2001 -0700, John Young wrote:

>Thanks for the cites of Gatti.
>
>Greg's disclosure of C2Net's sales is appreciated. Perhaps not
>surprising. What would be surprising, maybe, would be disclosure
>as ZKS did in its earliest days, of reporting on meetings C2Net was
>having with law enforcement officials about its technology.

Didn't happen - at least not within my knowledge. I don't think we'd have 
been willing to have one, given our crypto export control stance (and 
paranoia about law enforcement) at that point. Given the state of the law 
at that time (lots of this was before Patel's rulings in _Bernstein_, 
during the ITAR period before BXA took over crypto regs, and way before the 
export liberalization), we weren't at all sure we weren't going to be 
arrested and made examples of, cf. Dmitry Sklyarov.

Law enforcement never asked for a meeting, probably because of (a) 
ignorance of or disinterest in the technology, or (b) if they did 
understand it, they also understood that we were essentially selling 
Apache-SSL (from a technical standpoint), so if they wanted a copy to beat 
up on, they could build it themselves - they didn't need an RSA license to 
legitimize their internal/research copies.

We did get a moderate amount of interest in the remailers/anonymizers which 
ran at C2 in the early days, and later were run somewhere else but whose 
domain name was held by C2; callers on that topic generally got a nice long 
explanation of how remailers work, how we didn't know the identity of the 
person running the remailer nor its physical location, why we supported 
remailers as free speech tools, and how as a provider of DNS lookups we 
never had any logs of activity in the first place to disclose, whether or 
not we had wanted to, court order or not. Complainers pretty much went away 
after getting the explanation, save for one publisher of avant-garde fonts 
who never did give up trying to cajole or scare us into giving out the 
information we didn't have, and/or shutting down DNS to the privacy stuff.

I think ZKS' technology is more interesting and more threatening to law 
enforcement than our web crypto tools were - there's still not a lot of 
evil or disorder that goes on related to, literally, the web - I get the 
impression that law enforcement is a lot more interested in IRC, email, and 
other communications which are either more personal and immediate, or much 
less personal and immediate (like Usenet). Web sites are still relatively 
static, which means their providers are pretty easily identified, which 
means not so much bad stuff happens there.


--
Greg Broiles
[EMAIL PROTECTED]
"We have found and closed the thing you watch us with." -- New Delhi street kids

Re: Official Anonymizing

[Adam Shostack]

On Wed, Sep 05, 2001 at 10:12:25AM -0700, Greg Broiles wrote:

| I don't think this question is as easy as it sounds at first.

I do.  Privacy is a good, and should be available to all.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Official Anonymizing

[John Young]

Let me jump in to say that I'm not advocating no access
to anonymizers by officials only that that access be disclosed.
It shouldn't be an embarrassment to reveal that federal agencies
have bought such products.

Disclosure as well of any features of the products sold to 
officials that are different from the standard product would 
be a big help in defending ourselves. 

Parity is all I'm asking for to combat the current disparity in 
features, as shit-marketers brag of their invasive products, 
"available only to law enforcement, letterhead needed."

A pipe dream, maybe, but smart marketers have been known 
to respond to those as well as threats and sweetheart
contracts. 

You ever see a DoD order for 40,000 copies of a program? 
That board of directors/Wall Street ecstacy is resistable 
only by cascading orders from the mass market. Here, I'm 
sympathetic to ZKS on how hard it is to compete with those 
who bear-hug government contracting officers as commanded 
by bankrollers everready to yank the plug.

Nice story in the New York Times today about this, the second
part of a three-parter on privacy issues of the Internet. To
go with congressional hearings on it.

Re: Official Anonymizing

[Faustine]

Greg wrote
At 04:33 PM 9/4/2001 -0700, John Young wrote:
>Look, I'll accept that we will all succumb to the power of the market,
>so limit my proposal for full disclosure to those over 30. After that
>age one should know there is no way to be truly open-minded.

>And, in the spirit of full disclosure, I'll mention that at C2Net we did 
>sell our software to the government/intelligence agencies who wanted it - 
>they paid the same prices as any other customers, signed the same sales 
>contracts (we'd negotiate some on warranty terms for big purchases), and 
>otherwise got what everyone else got - not more, not less.


Your honesty is admirable--and unlike certain other cases, I don't have any 
real reason to doubt what you say. But are you sure you have adequate 
security and counter-economic espionage measures in place? Have you had 
anyone do penetration testing lately? How much do you trust the people you 
work with? 

Wish I had a nickel for every time some young (or not-so-young)turk at a 
security conference or elsewhere started blabbing about things they 
shouldn't have out of nothing more than a desire to seem big and impress 
me. Feds and hackers alike, same old song and dance. I never even try to 
elicit information, either: I don't know, maybe it's some kind of sexist 
thing to assume a sweet-faced polite young woman could ever be a security 
threat.  The sick thing is, if I were really evil I could have made a lot 
more than a nickel... Depressing. Wake up and shut up, dumbasses. 

Back to the insider problem: It's not exclusively a moral issue--whether 
you think you have more to fear from Uncle Sam, China, or the competitor 
down the street, everyone can agree that employees who sell out your 
technology to those out to compromise it are bad news. And frankly, the 
very people who wouldn't deal with China in a million years might be the 
ones most willing to listen to agents peddling the old "in the interests of 
national security" line.  

And whereas government agencies have always had a strong "culture of 
paranoia" that at least gets the issues on the table, private companies are 
at a disadvantage because they never even saw it coming. With a lot of 
young tech companies having spent the last few years feeling fat, happy, 
and oh-so-much smarter than those fusty old feds, you've got a potentially 
massive disaster in the making.

Oh well, here's hoping you never get stung by the insider problem 
personally.

~Faustine.

Re: Official Anonymizing

[Greg Broiles]

At 02:37 PM 9/5/2001 -0400, Faustine wrote:

> >And, in the spirit of full disclosure, I'll mention that at C2Net we did
> >sell our software to the government/intelligence agencies who wanted it -
> >they paid the same prices as any other customers, signed the same sales
> >contracts (we'd negotiate some on warranty terms for big purchases), and
> >otherwise got what everyone else got - not more, not less.
>
>Your honesty is admirable--and unlike certain other cases, I don't have any
>real reason to doubt what you say. But are you sure you have adequate
>security and counter-economic espionage measures in place? Have you had
>anyone do penetration testing lately? How much do you trust the people you
>work with?

Everything I've mentioned about C2Net is now several years old - I left the 
company in the last few months of 1998, and they've since been acquired and 
swallowed-up by Red Hat (RHAT), and (almost?) everyone who worked there 
when I was there has also left. If I weren't confident that I'm talking 
about history, not current events, I wouldn't be saying anything. (.. and 
there are some parts of the C2Net history which I'll likely never be in a 
position to disclose, ethically speaking, because of the nature of my 
relationship (general counsel) with the organization. Caveat emptor.)

We did take an active interest in the security of our systems and codebase 
- I don't think we were perfect, with respect to physical or electronic 
security, but we were pretty paranoid, perhaps at some cost to the personal 
lives of the principals involved.

But your points about insider risks are well taken - especially given that 
most security incidents have an inside, not outside, source. I believe that 
the software we published was free of intentional holes or errors, and was 
built as carefully as we knew how; that belief is based on my familiarity 
with the build environment, and my knowledge over several years of the 
people involved in the development process, and my impressions of their 
competence and integrity.

Still, people's expectations and faith in other people can be misplaced - 
c.f. Aldrich Ames, Robert Hanssen (a personal friend of James [Puzzle 
Palace, Body of Secrets] Bamford, who never suspected), and Brian Regan - I 
don't know of any method or practice which can prevent hidden betrayal, for 
love or money or boredom or personal animus. And Ken Thompson's 
"Reflections on Trusting Trust"  serves 
as a reminder of how subtle a betrayal or compromise can be, yet remain 
active and dangerous.

A big part of our counter-economic-coercion resistance was ideological - if 
people really believe that they're working to protect and defend freedom 
and privacy, it's hard to tempt them with money, at least not just a little 
money. On the other hand, it's easier to tempt them with ideological 
arguments, which are cheaper; or for them to become so entranced with each 
other's political correctness that they lose sight of basic personal 
integrity and decency. (We didn't have trouble with that at C2Net, but it's 
historically been a problem inside ideologically-motivated organizations or 
groups.)

>With a lot of
>young tech companies having spent the last few years feeling fat, happy,
>and oh-so-much smarter than those fusty old feds, you've got a potentially
>massive disaster in the making.

Pride goeth before destruction; and a haughty spirit before a fall.

--
Greg Broiles
[EMAIL PROTECTED]
"We have found and closed the thing you watch us with." -- New Delhi street kids

Re: Official Anonymizing

[Faustine]

Some poor simple soul behind a remailer wrote:

>Here is an example of the principle put into practice, from the
>anonymous web proxy service at http://proxy.magusnet.com/proxy.html:

: If you are accessing this proxy from a *.mil or *.gov address
: it will not work. As a taxpaying United States Citizen[TM],
: Business Owner, and Desert Storm Veteran, I do not want my 
: tax dollars being used by agencies I pay for to gawk(1) 
: at WWW pages and hide your origination point at my expense.
: Now, get back to work!


Patronizing claptrap, you wouldn't be blocking a thing. For example, the 
Google Archives has dozens of listings of a NSA researcher who openly 
participates in technical conferences, giving his full Ft. Meade address, 
office phone number--and AOL e-mail address. Before you dismiss this as 
just something another dumb fed might do, you might find it relevant that 
he's done a lot of work in IDS, GII security, reliable distributed systems, 
and deception. Who would ever expect anything interesting from an AOL user? 
That's precisely the point. 

That ought to be enough keywords: go dig for it yourself, and if you're 
really lucky, you'll find PDFs of his papers and start learning a little 
bit about why you haven't quite got the feds as outsmarted as you think you 
do.

~Faustine.

Re: Official Anonymizing

[Jim Choate]

On Tue, 4 Sep 2001, Declan McCullagh wrote:

> It seems to me that John is taking the first steps toward a general 
> argument: That police should not be allowed to do undercover work. His 
> argument, taken to its logical conclusion, would prevent police from 
> infiltrating criminal organizations in meatspace (let's assume, for the 
> moment, that we're talking about serious criminal acts against property and 
> person, not victimless crimes).

See Japan. They have some interesting features built into their WWII
constitution limiting some police behaviour. Such a view, perhaps to a
less extreme degree, is not without precedence or merit.


 --


natsugusa ya...tsuwamonodomo ga...yume no ato
summer grass...those mighty warriors'...dream-tracks

Matsuo Basho

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: Official Anonymizing

[Jim Choate]

On Tue, 4 Sep 2001, Greg Broiles wrote:

> I think this goes a little too far (though I'm also pretty skeptical about 
> the underlying proposal). True, it's very unlikely that cops will arrest 
> themselves for violating a mandatory disclosure law - expecting any group 
> to reliably self-police is unrealistic.

Speak for your self. The question isn't self-policing. The question is
that one person is making decisions for another. Clearly less than optimal
if you have any belief in 'free market' (which is a perfect example of
self-policing behaviour; where does the stability come from?).

Who'd know? Who'd care?

No, the observation is that people are strange. Not some people, not those
people, not weird people.

People are strange.

Any(!!!) time that one party is put in a position of authority over a
second party, a third party must be included. That third party must be
uninvolved with both parties and the market. That party must operate by
socially accepted (eg voting) rules that apply to ALL members of the
community equally. That third party MUST(!!!) report to the public at
large. The public at large have a right to know how they can expect to be
treated, and change it if it doesn't work to their satisfaction (which
after all is the 'community' the law is supposed to be respecting in a
democracy).

Any society that violates this basic theme will be abusive.


 --


natsugusa ya...tsuwamonodomo ga...yume no ato
summer grass...those mighty warriors'...dream-tracks

Matsuo Basho

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: Official Anonymizing

[A. Melon]

John Young takes a courageous stand:

> I propose that all anonymizers adopt a code of practice that
> any sale to officials of anonymizers or their use be disclosed 
> to the public (I suggested this to ZKS early on when first 
> meetings with the feds to explain the technology were being 
> sometimes disclosed). That seems to be a reasonable response 
> to officially-secret prowling and investigating cyberspace.

Absolutely appropriate, given cypherpunk goals.  It may be difficult
to apply in every case but the intention is laudable.

Here is an example of the principle put into practice, from the
anonymous web proxy service at http://proxy.magusnet.com/proxy.html:

: If you are accessing this proxy from a *.mil or *.gov address
: it will not work. As a taxpaying United States Citizen[TM],
: Business Owner, and Desert Storm Veteran, I do not want my 
: tax dollars being used by agencies I pay for to gawk(1) 
: at WWW pages and hide your origination point at my expense.
: Now, get back to work!