8.9.1. What's the legal status of remailers?
- There are no laws against it at this time.
- No laws saying people have to put return addresses on
messages, on phone calls (pay phones are still legal), etc.
- And the laws pertaining to not having to produce identity
(the "flier" case, where leaflet distributors did not have
to produce ID) would seem to apply to this form of
communication.
+ However, remailers may come under fire:
+ Sysops, MIT case
- potentially serious for remailers if the case is
decided such that the sysop's creation of group that
was conducive to criminal pirating was itself a
crime...that could make all involved in remailers
culpable
8.9.2. "Can remailer logs be subpoenaed?"
- Count on it happening, perhaps very soon. The FBI has been
subpoenaing e-mail archives for a Netcom customer (Lewis De
Payne), probably because they think the e-mail will lead
them to the location of uber-hacker Kevin Mitnick. Had the
parties used remailers, I'm fairly sure we'd be seeing
similar subpoenas for the remailer logs.
- There's no exemption for remailers that I know of!
+ The solutions are obvious, though:
- use many remailers, to make subpoenaing back through the
chain very laborious, very expensive, and likely to fail
(if even one party won't cooperate, or is outside the
court's jurisdiction, etc.)
- offshore, multi-jurisdictional remailers (seleted by the
user)
- no remailer logs kept...destroy them (no law currently
says anybody has to keep e-mail records! This may
change....)
- "forward secrecy," a la Diffie-Hellman forward secrecy
8.9.3. How will remailers be harassed, attacked, and challenged?
8.9.4. "Can pressure be put on remailer operators to reveal traffic
logs and thereby allow tracing of messages?"
+ For human-operated systems which have logs, sure. This is
why we want several things in remailers:
- no logs of messages
- many remailers
- multiple legal jurisdictions, e.g., offshore remailers
(the more the better)
- hardware implementations which execute instructions
flawlessly (Chaum's digital mix)
8.9.5. Calls for limits on anonymity
+ Kids and the net will cause many to call for limits on
nets, on anonymity, etc.
- "But there's a dark side to this exciting phenomenon, one
that's too rarely understood by computer novices.
Because they
offer instant access to others, and considerable
anonymity to
participants, the services make it possible for people -
especially computer-literate kids - to find themselves in
unpleasant, sexually explicit social situations.... And
I've gradually
come to adopt the view, which will be controversial among
many online
users, that the use of nicknames and other forms of
anonymity
must be eliminated or severly curbed to force people
online into
at least as much accountability for their words and
actions as
exists in real social encounters." [Walter S. Mossberg,
Wall Street Journal, 6/30/94, provided by Brad Dolan]
- Eli Brandt came up with a good response to this: "The
sound-bite response to this: do you want your child's
name, home address, and phone number available to all
those lurking pedophiles worldwide? Responsible parents
encourage their children to use remailers."
- Supreme Court said that identity of handbill distributors
need not be disclosed, and pseudonyms in general has a long
and noble tradition
- BBS operators have First Amendment protections (e.g..
registration requirements would be tossed out, exactly as
if registration of newspapers were to be attempted)
8.9.6. Remailers and Choice of Jurisdictions
- The intended target of a remailed message, and the subject
material, may well influence the set of remailers used,
especially for the very important "last remailer' (Note: it
should never be necessary to tell remailers if they are
first, last, or others, but the last remailer may in fact
be able to tell he's the last...if the message is in
plaintext to the recipient, with no additional remailer
commands embedded, for example.)
- A message involving child pornography might have a remailer
site located in a state like Denmark, where child porn laws
are less restrictive. And a message critical of Islam might
not be best sent through a final remailer in Teheran. Eric
Hughes has dubbed this "regulatory arbitrage," and to
various extents it is already common practice.
- Of course, the sender picks the remailer chain, so these
common sense notions may not be followed. Nothing is
perfect, and customs will evolve. I can imagine schemes
developing for choosing customers--a remailer might not
accept as a customer certain abusers, based on digital
pseudonyms < hairy).
8.9.7. Possible legal steps to limit the use of remailers and
anonymous systems
- hold the remailer liable for content, i.e., no common
carrier status
- insert provisions into the various "anti-hacking" laws to
criminalize anonymous posts
8.9.8. Crypto and remailers can be used to protect groups from "deep
pockets" lawsuits
- products (esp. software) can be sold "as is," or with
contracts backed up by escrow services (code kept in an
escrow repository, or money kept there to back up
committments)
+ jurisdictions, legal and tax, cannot do "reach backs" which
expose the groups to more than they agreed to
- as is so often the case with corporations in the real
world, which are taxed and fined for various purposes
(asbestos, etc.)
- (For those who panic at the thought of this, the remedy for
the cautious will be to arrange contracts with the right
entities...probably paying more for less product.)
8.9.9. Could anonymous remailers be used to entrap people, or to
gather information for investigations?
- First, there are so few current remailers that this is
unlikely. Julf seems a non-narc type, and he is located in
Finland. The Cypherpunks remailers are mostly run by folks
like us, for now.
- However, such stings and set-ups have been used in the past
by narcs and "red squads." Expect the worse from Mr.
Policeman. Now that evil hackers are identified as hazards,
expect moves in this direction. "Cryps" are obviously
"crack" dealers.
- But use of encryption, which CP remailers support (Julf's
does not), makes this essentially moot.
By Tim May, see README
HTML by Jonathan Rochkind