Date: Fri, 2 Feb 1996 20:02:02 -0800 To: firstname.lastname@example.org From: email@example.com (Timothy C. May) Subject: Imminent Death of Usenet Predicted I can't say that I've always wanted to use this oft-joked about title, but for the first time since I got on some form of the Net in 1973, I think there's some truth to it. (It's not hopeless. In fact, the stuff we talk about, use, work on, etc., is the best hope.) Several pieces of news are coming at the same time: * the Communications Decency Act, as part of the Telecom Act, was passed by Congress yesterday. Clinton is expected to sign it into law early next week. It includes language of great significance for users, for ISPs, and perhaps for remailers. When it takes effect--some number of days after Clinton signs it into law--it could almost immediately have a chilling effect on many newsgroups, on Web accesses, etc. Though civil liberties groups are expected to challenge it in court, and may ultimately win, it could be a long and expensive fight for some ISP who "lets" a 17-year-old access indecent material (or lets abortion articles in, or lets various other banned things in). * Other countries are gaining steam in restricting, or trying to restrict, what happens on the Net, especially what enters. Germany is the most oft-discussed, with actions underway against Compuserve, American Online, and possibly other ISPs with a German presence. And the Deutsche Telekom access block of American sites. France is also contemplating various actions. Even the "liberal" countries have things brewing, according to news items appearing recently. (Look at the list of countries represented by senior law enforcement officials at the Key Escrow meetings in Sept. '94, for example. I don't expect most of these countries to have an active public debate about crypto restrictions, for various obvious reasons. I do expect them to accept with alacrity the "international treaties" when they are offered.) * And don't forget that there is still a campaign to control encryption and to adopt a global regimen for "key escrow." The various international meetings, the Washington meetings, and the noises coming out of foreign capitals strongly suggest a comprehensive scheme--as yet unannounced--to mandate the escrowing of keys with the local authorities. (To be sure, there are many, many problems, and many avenues for attack, but this doesn't mean such an international scheme won't be tried...look to the U.S. lead in controlling drug traffic over the past 60 years.) * The Wiretap Bill still mandates that digital switches be made digitally wire-tappable. (Lots of technical details, and lots of debate about how much of the $500 million mentioned will actually be budgeted, provided, etc.) FBI Director Louis Freeh is still pushing this as critically important. This is part of the larger mosaic. * Various trial balloons about key authentication agencies, about having the government issue keys and even handle e-mail (the Postal Service has been pushing for this for a long time). Some of the "centralized" schemes for signature authorities appear to fit in nicely with a government-mandated certificate hierarchy. There are various scenarios for how a certificate hierarchy could be mandated, ranging from outlawing of "anarchic" variants (unlikely, at first) to the court system refusing to help enforce contracts signed in a non-compliant manner (pretty likely, in my opinion). * Universities are *not* becoming more tolerant and diverse, more acceptant of extreme speech. In fact, more and more of them are adopting "speech codes," especially for the Internet. Sometimes called "stalking" laws, sometimes "respect" laws, they serve to stifle what is noniolently, noncoervively said by some students to others. Even private jokes, as at Cornell, are treated as crimes (the "voluntary" community service the four Cornell students agreed to). And "political" material is ordered off university Web sites (the UMass case of Lewis McCarthy, which just unfolded today). *Universities, corporations, and even ISPs are explicitly adopting policies that allow them to inspect e-mail at will. (If the arrangement is made in advance, it may not violate the ECPA to do this...and I'm not saying there aren't some good reasons why these entities would want the right to inspect e-mail (their liability being a good example), just noting the growing situation. Absent any sort of "common carrier," we may be approaching an age where the relay layers most users must use have explicit policies allowing monitoring and even banning unapproved/unescrowed encryption (I've seen the policies of at least one ISP that state this). (Alice and Bob can still presumably dial each other up directly over the phone lines and do a UUCP-style transfer, but using intermediary ISPs may not allow them to use the crypto of their choice...again, the ISPs, universities, corporations, etc., may be held liable for misdeeds done over their systems, so this is why they would want to control the content or have some way to monitor communications.) * The Four Horsemen of the Infocalypse. Increasing media reports of child porn on the Net, of "digital stalkers" on campuses, of children finding bomb instructions, of nuclear terrorists using Alta Vista to design their bombs.... Even the media lionization of Shimomura, who dismisses concerns about privacy as the ravings of paranoid hackers and libertarians, adds to this public view. Shorter, more sensationalistic, articles are appearing daily. (I don't believe the reporters, notably Markoff, Levy, etc., are "in on" some kind of conspiracy, just noting that the media hype about the Net, and hackers, and the dangers, are adding up to a growing sense that "the government has to something!"). * "Anonymity" in general is under attack. Calls for "responsibility." "What have you got to hide?" is the standard refrain. If the rumors of a kind of "Internet Drivers License" are correct, all posts could be required to be signed by the orginator. Forwarders would be held responsible for checking signatures, or, at least, be held liable for misdeeds. They would not be treated as we treat the carriers of sealed packages, for example. (I can think of many counter-arguments, including the usual one about a forwarder not knowing the contents of what he was forwarding, not being able to tell if a file was noise, data, compressed data, or an encrypted packet...while I find this persuasive, it may take years of expensive court cases to establish this, and still might go against this interpretation.) * Corporations are having their secrets stolen, and are demanding that something be done. (Expect more of these calls to increase as more cases like the RC2 case arise...without supporting RSA in their anger, I can see why remailers scare the hell out of them,) * Groups as disparate as the Church of Scientology and the Simon Wiesenthal Center are screaming to have the Net regulated. What major groups will be next? The Catholic Church? The Junior League? As more groups "threatened" by the anarchic, free speech of the Net decide to cast their lot in with the government (with hopes that if they scratch the government's back, it'll return the favor, or at least help control the marauders), the constituency for clamping down on the Net will grow. * And the tax authorities, the IRS, FinCEN, etc., are well-known to be trying to figure out how to get their cut, how to control the spread of untaxed transactions, and how to make sure that Chaumian untraceable digital cash is never fully deployed. You can bet that they would love to have Visa or Mastercard or one of the "little" systems that allows full traceability be adopted, maybe even mandated. This would in one fell swoop fix several problems for them. Without getting into paranoia about Clinton, Black Helicopters, U.N. troops in American cities, the militia movement, Fostergate, etc., it looks to me like a coordinated move to try to regain "control" of the transnational Internet anarchy is getting started in earnest. I said it is not hopeless. Indeed, the powerful technologies of encryption, digital mixes, and other such tools will make a clamp-down very hard, maybe ultimately impossible. This is my hope. But in the meantime, a lot of hard work. And a lot of obvious targets--such as people who put things on their Web pages, ISPs who let minors on their systems, those who cause abortion information to be brought in from outside the U.S., etc.--will be prosecuted, given huge fines to send a message to others, and maybe even imprisoned. International treaties will be signed, giving these laws the force of treaty. The New World Order, cyberspace-style. I'm not despairing. I just think a lot of work lies ahead of us. The crypto anarchy future is not going to happen if governments have anything to say about it. Therein lies the challenge. --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, firstname.lastname@example.org 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Date: Sun, 4 Feb 1996 17:20:13 -0500 To: email@example.com From: Charles Platt
Subject: Re: Imminent Death of Usenet Predicted >From Tim May: > * And the tax authorities, the IRS, FinCEN, etc., are well-known to be > trying to figure out how to get their cut, how to control the spread of > untaxed transactions, and how to make sure that Chaumian untraceable > digital cash is never fully deployed. According to Chaum (whom I interviewed recently) he toured federal agencies last year and convinced them that his current incarnation of DigiCash actually allows better ability to trace illegal transactions such as extortion and blackmail, since the person who pays the money is able, in effect, to "unseal the record." I think DigiCash will fail simply because it's too difficult to understand; it doesn't seem so subversive anymore. I agree with everything else Tim says, and I have believed for the past year that sooner or later there will be international agreements about net content, just as their are drug-law treaties. In fact I keep seeing strong parallels with the war on drugs, which was also introduced as a vote-getting for conservatives, also works on the "scare the public, pass a law" principle, also is impossible to enforce properly, but puts people in jail nonetheless. Is it too far-fetched to imagine a "war on porn"? And suppose there's some upstart nation that won't toe the line and becomes notorious as a source of porn, bomb recipes, all the stuff that can't originate in the US. Is it totally impossible to imagine a "military solution" to this problem? As in Panama? (I'm a science-fiction writer. I tend to speculate. No harm in considering all the possibilities, though.) One thing Tim didn't mention is the prospect of site licensing. I suggested this to Mike Godwin a while back, and he thought it was totally implausible. But if the FCC gains the right to set standards, won't they also want to issue Internet site licenses, without which one cannot run an ISP? Even if the decency amendment is ruled unconstitutional (as I think is likely), you can bet that our friends in DC will have another try next year. Good editorial in this month's Boardwatch, incidentally, on the technique of intimidation in order to get people to censor themselves. That's my biggest fear. A federal attorney in the Jake Baker case openly admitted that one reason they wanted to jail Baker was to "send a message" and discourage other people from spreading sex stories around the net. In Cincinnati, all it took was half-a-dozen BBS busts to completely change the BBS landscape: many boards chose to close, others removed the sex content, and people online became somewhat cautious in what they would contribute. I fear this on a national scale.