Date: Fri, 2 Feb 1996 20:02:02 -0800
To: cypherpunks@toad.com
From: tcmay@got.net (Timothy C. May)
Subject: Imminent Death of Usenet Predicted
I can't say that I've always wanted to use this oft-joked about title, but
for the first time since I got on some form of the Net in 1973, I think
there's some truth to it.
(It's not hopeless. In fact, the stuff we talk about, use, work on, etc.,
is the best hope.)
Several pieces of news are coming at the same time:
* the Communications Decency Act, as part of the Telecom Act, was passed by
Congress yesterday. Clinton is expected to sign it into law early next
week. It includes language of great significance for users, for ISPs, and
perhaps for remailers. When it takes effect--some number of days after
Clinton signs it into law--it could almost immediately have a chilling
effect on many newsgroups, on Web accesses, etc. Though civil liberties
groups are expected to challenge it in court, and may ultimately win, it
could be a long and expensive fight for some ISP who "lets" a 17-year-old
access indecent material (or lets abortion articles in, or lets various
other banned things in).
* Other countries are gaining steam in restricting, or trying to restrict,
what happens on the Net, especially what enters. Germany is the most
oft-discussed, with actions underway against Compuserve, American Online,
and possibly other ISPs with a German presence. And the Deutsche Telekom
access block of American sites. France is also contemplating various
actions. Even the "liberal" countries have things brewing, according to
news items appearing recently. (Look at the list of countries represented
by senior law enforcement officials at the Key Escrow meetings in Sept.
'94, for example. I don't expect most of these countries to have an active
public debate about crypto restrictions, for various obvious reasons. I do
expect them to accept with alacrity the "international treaties" when they
are offered.)
* And don't forget that there is still a campaign to control encryption and
to adopt a global regimen for "key escrow." The various international
meetings, the Washington meetings, and the noises coming out of foreign
capitals strongly suggest a comprehensive scheme--as yet unannounced--to
mandate the escrowing of keys with the local authorities. (To be sure,
there are many, many problems, and many avenues for attack, but this
doesn't mean such an international scheme won't be tried...look to the U.S.
lead in controlling drug traffic over the past 60 years.)
* The Wiretap Bill still mandates that digital switches be made digitally
wire-tappable. (Lots of technical details, and lots of debate about how
much of the $500 million mentioned will actually be budgeted, provided,
etc.) FBI Director Louis Freeh is still pushing this as critically
important. This is part of the larger mosaic.
* Various trial balloons about key authentication agencies, about having
the government issue keys and even handle e-mail (the Postal Service has
been pushing for this for a long time). Some of the "centralized" schemes
for signature authorities appear to fit in nicely with a
government-mandated certificate hierarchy. There are various scenarios for
how a certificate hierarchy could be mandated, ranging from outlawing of
"anarchic" variants (unlikely, at first) to the court system refusing to
help enforce contracts signed in a non-compliant manner (pretty likely, in
my opinion).
* Universities are *not* becoming more tolerant and diverse, more acceptant
of extreme speech. In fact, more and more of them are adopting "speech
codes," especially for the Internet. Sometimes called "stalking" laws,
sometimes "respect" laws, they serve to stifle what is noniolently,
noncoervively said by some students to others. Even private jokes, as at
Cornell, are treated as crimes (the "voluntary" community service the four
Cornell students agreed to). And "political" material is ordered off
university Web sites (the UMass case of Lewis McCarthy, which just unfolded
today).
*Universities, corporations, and even ISPs are explicitly adopting policies
that allow them to inspect e-mail at will. (If the arrangement is made in
advance, it may not violate the ECPA to do this...and I'm not saying there
aren't some good reasons why these entities would want the right to inspect
e-mail (their liability being a good example), just noting the growing
situation. Absent any sort of "common carrier," we may be approaching an
age where the relay layers most users must use have explicit policies
allowing monitoring and even banning unapproved/unescrowed encryption (I've
seen the policies of at least one ISP that state this). (Alice and Bob can
still presumably dial each other up directly over the phone lines and do a
UUCP-style transfer, but using intermediary ISPs may not allow them to use
the crypto of their choice...again, the ISPs, universities, corporations,
etc., may be held liable for misdeeds done over their systems, so this is
why they would want to control the content or have some way to monitor
communications.)
* The Four Horsemen of the Infocalypse. Increasing media reports of child
porn on the Net, of "digital stalkers" on campuses, of children finding
bomb instructions, of nuclear terrorists using Alta Vista to design their
bombs.... Even the media lionization of Shimomura, who dismisses concerns
about privacy as the ravings of paranoid hackers and libertarians, adds to
this public view. Shorter, more sensationalistic, articles are appearing
daily. (I don't believe the reporters, notably Markoff, Levy, etc., are "in
on" some kind of conspiracy, just noting that the media hype about the Net,
and hackers, and the dangers, are adding up to a growing sense that "the
government has to something!").
* "Anonymity" in general is under attack. Calls for "responsibility." "What
have you got to hide?" is the standard refrain. If the rumors of a kind of
"Internet Drivers License" are correct, all posts could be required to be
signed by the orginator. Forwarders would be held responsible for checking
signatures, or, at least, be held liable for misdeeds. They would not be
treated as we treat the carriers of sealed packages, for example. (I can
think of many counter-arguments, including the usual one about a forwarder
not knowing the contents of what he was forwarding, not being able to tell
if a file was noise, data, compressed data, or an encrypted packet...while
I find this persuasive, it may take years of expensive court cases to
establish this, and still might go against this interpretation.)
* Corporations are having their secrets stolen, and are demanding that
something be done. (Expect more of these calls to increase as more cases
like the RC2 case arise...without supporting RSA in their anger, I can see
why remailers scare the hell out of them,)
* Groups as disparate as the Church of Scientology and the Simon Wiesenthal
Center are screaming to have the Net regulated. What major groups will be
next? The Catholic Church? The Junior League? As more groups "threatened"
by the anarchic, free speech of the Net decide to cast their lot in with
the government (with hopes that if they scratch the government's back,
it'll return the favor, or at least help control the marauders), the
constituency for clamping down on the Net will grow.
* And the tax authorities, the IRS, FinCEN, etc., are well-known to be
trying to figure out how to get their cut, how to control the spread of
untaxed transactions, and how to make sure that Chaumian untraceable
digital cash is never fully deployed. You can bet that they would love to
have Visa or Mastercard or one of the "little" systems that allows full
traceability be adopted, maybe even mandated. This would in one fell swoop
fix several problems for them.
Without getting into paranoia about Clinton, Black Helicopters, U.N. troops
in American cities, the militia movement, Fostergate, etc., it looks to me
like a coordinated move to try to regain "control" of the transnational
Internet anarchy is getting started in earnest.
I said it is not hopeless. Indeed, the powerful technologies of encryption,
digital mixes, and other such tools will make a clamp-down very hard, maybe
ultimately impossible. This is my hope.
But in the meantime, a lot of hard work. And a lot of obvious targets--such
as people who put things on their Web pages, ISPs who let minors on their
systems, those who cause abortion information to be brought in from outside
the U.S., etc.--will be prosecuted, given huge fines to send a message to
others, and maybe even imprisoned. International treaties will be signed,
giving these laws the force of treaty. The New World Order,
cyberspace-style.
I'm not despairing. I just think a lot of work lies ahead of us. The crypto
anarchy future is not going to happen if governments have anything to say
about it. Therein lies the challenge.
--Tim May
Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
Date: Sun, 4 Feb 1996 17:20:13 -0500
To: fight-censorship+@andrew.cmu.edu
From: Charles Platt
Subject: Re: Imminent Death of Usenet Predicted
>From Tim May:
> * And the tax authorities, the IRS, FinCEN, etc., are well-known to be
> trying to figure out how to get their cut, how to control the spread of
> untaxed transactions, and how to make sure that Chaumian untraceable
> digital cash is never fully deployed.
According to Chaum (whom I interviewed recently) he toured federal
agencies last year and convinced them that his current incarnation of
DigiCash actually allows better ability to trace illegal transactions such
as extortion and blackmail, since the person who pays the money is able,
in effect, to "unseal the record." I think DigiCash will fail simply
because it's too difficult to understand; it doesn't seem so subversive
anymore.
I agree with everything else Tim says, and I have believed for the past
year that sooner or later there will be international agreements about net
content, just as their are drug-law treaties. In fact I keep seeing strong
parallels with the war on drugs, which was also introduced as a
vote-getting for conservatives, also works on the "scare the public, pass
a law" principle, also is impossible to enforce properly, but puts people
in jail nonetheless. Is it too far-fetched to imagine a "war on porn"? And
suppose there's some upstart nation that won't toe the line and becomes
notorious as a source of porn, bomb recipes, all the stuff that can't
originate in the US. Is it totally impossible to imagine a "military
solution" to this problem? As in Panama? (I'm a science-fiction writer. I
tend to speculate. No harm in considering all the possibilities, though.)
One thing Tim didn't mention is the prospect of site licensing. I
suggested this to Mike Godwin a while back, and he thought it was totally
implausible. But if the FCC gains the right to set standards, won't they
also want to issue Internet site licenses, without which one cannot run
an ISP?
Even if the decency amendment is ruled unconstitutional (as I think is
likely), you can bet that our friends in DC will have another try next
year.
Good editorial in this month's Boardwatch, incidentally, on the technique
of intimidation in order to get people to censor themselves. That's my
biggest fear. A federal attorney in the Jake Baker case openly admitted
that one reason they wanted to jail Baker was to "send a message" and
discourage other people from spreading sex stories around the net. In
Cincinnati, all it took was half-a-dozen BBS busts to completely change
the BBS landscape: many boards chose to close, others removed the sex
content, and people online became somewhat cautious in what they would
contribute. I fear this on a national scale.