[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mixmaster Licensing Offer Explained



(I've trimmed the mailing lists I'm not on...)

At 8:01 AM 9/17/95, Lance Cottrell wrote:

> Permission is granted to distribute this document in any media for any
>purpose as long as the entire document is distributed with the attached
>digital signature intact, or the document is clearly marked as having been
>modified with the locations of deleted text indicated.

So sue me. :-}

(That is, I'll treat this article in the normal way, trimming sections I'm
not responding to and making note of elisions only where I think it
important to.)

...
>The company offering to license Mixmaster is Phoenix DataNet, a Houston
>area ISP. John Perry, a person well known to this list and the remailer
>community in general, is a Senior Systems Administrator at Phoenix.
>
>On Thursday I received a call from John. Some others at Phoenix had just
>noticed a Mixmaster remailer he had been running on one of their machines.
>Phoenix has several large corporate customers who need secure transactions
>for some special applications. The core engine of Mixmaster is well suited
>to that purpose. They offered to license the code from me to use as the
>framework on which to build these other programs. In the process they will
>rewrite many basic functions in Mixmaster that need major overhaul (e.g.,
>key management). We will incorporate those improvements back into
>Mixmaster. This should lead to porting Mixmaster to several other
>platforms, and to fixing most of my worst coding atrocities.

First, I think it generally a Good Thing that remailer software gets
commercialized and cleaned-up, or that at least commercial packages exist.
(I'm not going to get into commercial vs. non-commercial and Microsoft vs.
Gnu issues.) If Lance makes a bunch of money off this, more power to him.

However, this commercialization raises some interesting issues. Others have
dealt with various concerns about the code integrity, about features added,
and even about TLA access. I'll address some liability and legal issues.

* Will Phoenix DataNet be making the mix software available for purchase,
or are they funding _internal development_? (That is, mixes for their
corporate clients, which raises some interesting issues in and of itself,
as discussed below.)

* If Phoenix is planning to resell Mixmaster, or whatever they call it (as
"Mixmaster" may remain a trademark of the appliance company which
originated the name), what will be their liability for the various abuses
which are likely to occur? None of the existing remailers/mixes has had
"corporate" backing, and the "deep pockets" corporations are often presumed
to have, so lawsuits have not gone after corporations.

* On the other hand, if Phoenix is primarily aiming at internal use, for
specified corporate customers, how will they stop others from using the
service?

If chaining is used, and absent any special "untraceable postage tokens"
they might issue (as one way to control access), how will the Nth mix in a
chain of M mixes "know" whether an incoming message can be remailed or not?

(Schemes to sign the packets obviously flunk the anonymity test.)

There are many other interesting issues which crop up when Giant
Corporation begins to deploy and use remailers. What if, for example, the
Justice Department claims that Phoenix and its customers are using
remailers for price fixing and collusion? (Just to be clear on this, I
personally have no problems with such collusion....but the Antitrust people
see things differently.)

(To be sure, telephones can and of course have been used to collude.
Partly, wiretaps help here (until voice encryption happens...). But Justice
has gone after airline reservation computer systems which they believe were
used to "signal" price information. Imagine how overjoyed they'll be to see
Phoenix DataNet deploy their system!)

Again, don't confuse my arguing points here with any kind of advocacy of
the Justice Department/Antitrust Division position. I'm only trying to
think out what some of the legal issues will be that face the first
U.S.-domiciled company to actually start selling remailers or to set up a
remailer network for customers.

Interesting times ahead.

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."