[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Experiments and Toys vs. the Real Thing

The debate about data havens and what they ought to really be, what
they ought to really accept, etc., is similar to debates about what
digital money ought to be, how remailers ought to operate, etc.

It's useful to categorize projects as "experimental" (or "toy," with
no negative connotations implied) or "commercial" (or "real," I

* EXPERIMENTAL, or TOY: Early efforts, meant to help illuminate the
issues, uncover problems, gain knowledge, educate people, etc.

* COMMERCIAL, or REAL: More robust, well-established. Usually "for
pay," and expected to be maintained, available, professionally

Now there's a fuzzy distinction between these, a continuum, really.
For example, PGP began life (esp. as v. 1.0) as an amateur or
experimental thing, with a few hacker experimentalists playing with
it. Version 2.x has been usable as a commercial tools, every bit as
good as "MailSafe," the ostensibly commerical RSADSI tool. The user
community has added enough capability and hooks to clearly put PGP in
the COMMERCIAL category: robust, supported, etc.

Remailers are _almost_ in the second category, especially when taken
as an ecological whole. (That is, any single remailer may be
flaky--though many aren't--but the pinging and reputation tools that
support the ecology make the ensemble more robust and usable.) Many of
us believe that "digital postage" paid remailing will be the final
step needed to move remailers into the commercial/real category.
Until thien, they're not businesses--they're hobbies and experiments.

(Which is fine, as one of the main reasons for Cypherpunks was to take
the academic papers presented at Crypto conferences and reify them in
working code, as experiments.)

Digital cash is more clearly still at the experimental level, as are
anonymous markets (like BlackNet), data havens, and so forth.

Why do I mention these points? Because there's a danger in "premature
professionalization." And a danger in criticizing experimental or toy
efforts for not being "pure enough."

The recent claims that nascent "data havens" _must_ support all files,
including hard-core porn, weapons secrets, etc. seems to be an example
of this. I'm not for censorship, just concerned that the data haven
_experiments_ are not secure enough, not robust enough, to actually
carry high-visibility files.

For example, data havens will clearly someday be used to carry defense
secrets, troop movements, weapons manufacturing details, etc. But I
would not want to carry them on my "experimental data haven," for
obvious reasons. Even if I only carried "non-American" secrets, such
as reports on Russian troop manouvers around Grozny, I could expect
visits from American officials (to stop me, to plant data they want
planted, etc.). 

(And let's not forget "snatch teams" that grab foreign nationals
suspected of crimes...Israel, Iraw, Iran, and the U.S. have grabbed
people in other countries. And more common is simple execution. If a
Swedish data haven carried files related to U.S. operations, and the
data haven location was known--part of what I mean by saying the
enabling technologies do not yet exist--then various measures would be
applied. Diplomatic, equipment sabotoage, even killing the operators.
I'm not being Ludlumesque here...clearly such "threats to national
security" would be seen as justifying various reactions. Especially to
send a message to other potential operators.)

Those advocating a "purist" (= professional/real) approach to data
havens, seen recently in the calls for data havens to never screen
files or accesses, should bear in mind that "data haven technology" is
lacking. Remailer chains leading in and out of data havens are still
non-robust, subject to attacks and compromises. And of course, digital
cash is still being thrashed out.

An experimental data haven that allowed unscreened access or
depositing of information would also become a a magnet for kooks, for
those wishing to sabotage such havens, etc. If truly serious
information was found on the haven, huge efforts would be mounted to
find the source, get the site shut down, etc. Current remailer
technology is just not up to the challenge. (I'm not saying it won't
someday be, just not now.)

Criticizing experimental data havens for "not going all the way" seems
to me to be wrong-headed. First, there's the usual issue of who bears
the risk, with those not at risk urging others to put themselves and
their sites are risk by being "pure." Second, and more important, the
enabling technologies for data havens are just not yet themselves
available and robust.

A data haven that carries "Four Horseman of the Infocalypse" material
will come under strong attack, legal, cryptographic, and physical.

There's a place for experimental or toy implementations, e.g., data
havens that operate in some limited domain. This allows the issues to
get explored before full-scale attacks are mounted. Think of it as a
training exercise, a drill, or an immunization.

--Tim May, who thinks the first real data havens will come under
intense attack and so had better be secure from the start

Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
                       | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay