[IP] more on Spam Controls Imperil E-Mail Reliability
Title: more on Spam Controls Imperil E-Mail Reliability
------ Forwarded Message
From: Cindy Cohn <cindy@xxxxxxx>
Date: Mon, 28 Feb 2005 08:35:16 -0800
To: Tony Finch <dot@xxxxxxxx>
Cc: <dave@xxxxxxxxxx>, Annalee Newitz <annalee@xxxxxxx>
Subject: Re: [IP] more on Spam Controls Imperil E-Mail Reliability
You are correct that people can still regain anonymity or pseudonymity if they can find an ISP that will not reveal their identities when asked. But I've handled dozens of cases involving subpoenas seeking identifying information from various ISPs, ranging from big ones to ones that were run by alleged "friends" of the speaker. Nearly all of them will give the identifying information away at the slightest request, and I've yet to find more than a couple willing to refuse in the face of a civil subpoena, much less a request from any sort of law enforcement.
And finding someone who will take "responsibility" for a message is exactly what the Human Rights in China people know can be fatal in repressive societies. I'm not happier in a world where in order to say something that angers the Chinese you have to find and present them with a target even if it's not you.
And looking into the future, it's hard to imagine that in a domain authentication world services like Anonymizer would be allowed to continue for long.
Cindy
On Feb 28, 2005, at 3:52 AM, Tony Finch wrote:
And we probably ought to add into this conversation the next problem down
the road-- the collateral damage that will result from attempts to create
"sender authentication" of one form or another. There's even more baby that
will be lost with that bathwater, including the constitutional right to
anonymous speech.
Sender authentication does not imply loss of anonymity. The goal of
email authentication is to identify the entity who takes responsibility
for a message, which need not be its author or sender. In fact most of
the technologies currently being proposed authenticate to the domain
level, not the user level, so the authenticated entity is the system
provider. It is therefore up to system providers to decide whether
their users' identities are public or not. There is plenty of scope for
providers that offer anonymity or pseudonymity; or if someone cannot get
access to such a provider there exist anonymizing remailers which can
provide equivalent service. Using the latter is much more secure than
just sending "anonymous" email from your usual Internet connection,
since your IP address is not recorded in the message.
Tony.
--
f.a.n.finch <dot@xxxxxxxx> http://dotat.at/
FAEROES SOUTHEAST ICELAND: NORTH OR NORTHEAST 6 TO GALE 8 OCCASIONALLY 5
LATER, BUT WEST 4 OR 5 IN FAEROES AT FIRST. RAIN OR SLEET THEN WINTRY SHOWERS.
MODERATE OR GOOD.
********************************************************
Cindy Cohn Cindy@xxxxxxx
Legal Director www.eff.org
Electronic Frontier Foundation
454 Shotwell Street
San Francisco, CA 94110
(415) 436-9333 x108
(415) 436-9993 (fax)
------ End of Forwarded Message
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting-people/