Interesting People mailing list archives
more on Spam Controls Imperil E-Mail Reliability
From: David Farber <dave () farber net>
Date: Mon, 28 Feb 2005 11:53:22 -0500
------ Forwarded Message From: Cindy Cohn <cindy () eff org> Date: Mon, 28 Feb 2005 08:35:16 -0800 To: Tony Finch <dot () dotat at> Cc: <dave () farber net>, Annalee Newitz <annalee () eff org> Subject: Re: [IP] more on Spam Controls Imperil E-Mail Reliability You are correct that people can still regain anonymity or pseudonymity if they can find an ISP that will not reveal their identities when asked. But I've handled dozens of cases involving subpoenas seeking identifying information from various ISPs, ranging from big ones to ones that were run by alleged "friends" of the speaker. Nearly all of them will give the identifying information away at the slightest request, and I've yet to find more than a couple willing to refuse in the face of a civil subpoena, much less a request from any sort of law enforcement. And finding someone who will take "responsibility" for a message is exactly what the Human Rights in China people know can be fatal in repressive societies. I'm not happier in a world where in order to say something that angers the Chinese you have to find and present them with a target even if it's not you. And looking into the future, it's hard to imagine that in a domain authentication world services like Anonymizer would be allowed to continue for long. Cindy On Feb 28, 2005, at 3:52 AM, Tony Finch wrote:
And we probably ought to add into this conversation the next problem down the road-- the collateral damage that will result from attempts to create "sender authentication" of one form or another. There's even more baby that will be lost with that bathwater, including the constitutional right to anonymous speech.Sender authentication does not imply loss of anonymity. The goal of email authentication is to identify the entity who takes responsibility for a message, which need not be its author or sender. In fact most of the technologies currently being proposed authenticate to the domain level, not the user level, so the authenticated entity is the system provider. It is therefore up to system providers to decide whether their users' identities are public or not. There is plenty of scope for providers that offer anonymity or pseudonymity; or if someone cannot get access to such a provider there exist anonymizing remailers which can provide equivalent service. Using the latter is much more secure than just sending "anonymous" email from your usual Internet connection, since your IP address is not recorded in the message. Tony. -- f.a.n.finch <dot () dotat at> http://dotat.at/ FAEROES SOUTHEAST ICELAND: NORTH OR NORTHEAST 6 TO GALE 8 OCCASIONALLY 5 LATER, BUT WEST 4 OR 5 IN FAEROES AT FIRST. RAIN OR SLEET THEN WINTRY SHOWERS. MODERATE OR GOOD.
******************************************************** Cindy Cohn Cindy () eff org Legal Director www.eff.org Electronic Frontier Foundation 454 Shotwell Street San Francisco, CA 94110 (415) 436-9333 x108 (415) 436-9993 (fax) ------ End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Spam Controls Imperil E-Mail Reliability David Farber (Feb 28)