more on Spam Controls Imperil E-Mail Reliability

[David Farber <dave () farber net>]

------ Forwarded Message
From: Cindy Cohn <cindy () eff org>
Date: Mon, 28 Feb 2005 08:35:16 -0800
To: Tony Finch <dot () dotat at>
Cc: <dave () farber net>, Annalee Newitz <annalee () eff org>
Subject: Re: [IP] more on Spam Controls Imperil E-Mail Reliability

You are correct that people can still regain anonymity or pseudonymity if
they can find an ISP that will not reveal their identities when asked.  But
I've handled dozens of cases involving subpoenas seeking identifying
information from various ISPs, ranging from big ones to ones that were run
by alleged "friends" of the speaker.  Nearly all of them will give the
identifying information away at the slightest request, and I've yet to find
more than a couple willing to refuse in the face of a civil subpoena, much
less a request from any sort of law enforcement.

And finding someone who will take "responsibility" for a message is exactly
what the Human Rights in China people know can be fatal in repressive
societies.  I'm not happier in a world where in order to say something that
angers the Chinese you have to find and present them with a target even if
it's not you. 

And looking into the future, it's hard to imagine that in a domain
authentication world services like Anonymizer would be allowed to continue
for long.   

Cindy 

On Feb 28, 2005, at 3:52 AM, Tony Finch wrote:

> > And we probably ought to add into this conversation the next problem down
> > the road-- the collateral damage that will result from attempts to create
> > "sender authentication" of one form or another.  There's even more baby that
> > will be lost with that bathwater, including the constitutional right to
> > anonymous speech.
>  
> Sender authentication does not imply loss of anonymity. The goal of
> email authentication is to identify the entity who takes responsibility
> for a message, which need not be its author or sender. In fact most of
> the technologies currently being proposed authenticate to the domain
> level, not the user level, so the authenticated entity is the system
> provider. It is therefore up to system providers to decide whether
> their users' identities are public or not. There is plenty of scope for
> providers that offer anonymity or pseudonymity; or if someone cannot get
> access to such a provider there exist anonymizing remailers which can
> provide equivalent service. Using the latter is much more secure than
> just sending "anonymous" email from your usual Internet connection,
> since your IP address is not recorded in the message.
>
> Tony. 
> --  
> f.a.n.finch  <dot () dotat at>  http://dotat.at/
> FAEROES SOUTHEAST ICELAND: NORTH OR NORTHEAST 6 TO GALE 8 OCCASIONALLY 5
> LATER, BUT WEST 4 OR 5 IN FAEROES AT FIRST. RAIN OR SLEET THEN WINTRY SHOWERS.
> MODERATE OR GOOD.
********************************************************
Cindy Cohn Cindy () eff org
Legal Director www.eff.org
Electronic Frontier Foundation
454 Shotwell Street
San Francisco, CA 94110
(415) 436-9333 x108
(415) 436-9993 (fax)


------ End of Forwarded Message

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/