Re: On the crime bill and remailers

[Black Unicorn <unicorn@access.digex.net>]

Hal scripsit
> 
> Black Unicorn <unicorn@access.digex.net> writes:
> >I believe anonymous 
> >remailers have some use.  But they are so targeted to prevent GOVERNMENT 
> >observation and intercepts, that they just plain look bad.
> 
> I strongly disagree with this.  Anonymous remailers as presently constructed
> will be almost completely ineffective against any significant government
> attempts to surveil email traffic.  The government does have the resources
> today to defeat most uses of remailers.  Since present-day remailers lack
> padding features, the correspondence between incoming and outgoing messages,
> even with encryption, is relatively easy to establish.  This is made worse
> by the lack of general support for reordering, which renders the task
> almost trivial.

While I believe you are correct that remailers are not currently secure 
against the kind of assets a government would use against them, this was 
not my point.  The benchmark we all seem to use in evaluating the 
security of any of the new crypto/cypherpunk technologies are the 
government abilities.  How strong is a remailer one asks?  Immediately a 
slew of answers as to how the government could penetrate the system 
come out.  (See above)  Then, immediately following, come suggestions to 
defeat these methods.  The key effort is to defeat the worst case 
technology and the best funded attacker.  Is this not a basic axiom of 
cypherpunks, and cryptography in general?  I would argue so.  The fact 
that remailers may or may not be able to withstand government level 
attacks is academic.  The point is they are designed increasingly so.  
The point is not if we are 75% there, or 100% there, but that the 
perception will be that the goal is to make them entirely secure.  Only 
programs like the Clipper program do otherwise.  The entire POINT is to 
have the most secure system possible.

Do cypherpunks intentionally cripple their software now?

How long was I gone?

> 
> Instead, anonymous remailers are clearly targetted against non-government
> traffic analysis, generally local associates, system operators, employers,
> supervisors, and so on.  They allow people to communicate without
> repercussions and retribution at work or at school.  They let people exchange
> email in an insecure environment while hiding both the message address and
> its contents.  They allow whistle blowers to expose malfeasance without
> being punished.  These are the kinds of things the remailers are good for.

Are good for perhaps, but the theory, the practice will always appear to 
be anti-authoritarian.  In my eyes this is a GOOD thing, in the context 
of criminal offense, and how the process is likely to be seen by a court....

> Claims here that remailers are designed to support sedition or to
> prevent government surveillance are both wrong and harmful.  This kind
> of material could show up at some future prosecution of a remailer
> operator.  It is important that we understand clearly what the capabilities
> and limitations of current remailers are.

Apples and oranges.  The current capabilities and the design goal are two 
different things.  You know as well as I that all this will boil down to 
the words: "Defendant attempted to use used a computer remailer to mask 
his transactions from authorities.  Detective Blow was successful in 
defeating the defendants efforts and presents the evidence before us today."

As for this material being used in court for intent purposes, since when 
has censorship been a policy here.  Are we now in the business of 
watching what we say in order not to step on too many toes?

Are there not thousands of messages with the words "But if the NSA can do 
X, shouldn't we try Y" on this list?  How will these look?

> Hal


-uni- (Dark)

-- 
073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est
6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa    -    wichtig!