A prime example of why anonymous posting with no "outing" is a bad idea
Steve Pope
ka...@Mcs.Com (Karl Denninger) frivolously gloats:
> What timing... (Gods I hate it when I'm right)
Try pulling in your horns and thinking for a change.
> I found this gem on alt.sex.bondage....
>
>> Single white "older" female (30s) seeks ...
>> [phone numbers deleted]
> Since there is no way to "out" the originator, and Julf won't
> release names under <any> circumstances, this is what happens.
It's my guess that in a case of clearly illegal and antisocial
usage, Julf would respond to a legit search warrant or similar
legal instrument. Julf is not as irresponsible as you
anti-anonimity hypsters would like to believe.
> There is probably
> enough information on Julf's machine to figure out who sent the
> message, but without his cooperation........
Do you have ANY basis for labeling Julf "uncooperative" ??
Have you even discussed this with him? Or are you just
fantasizing here?
I suspect your criticism is presumptive rather than
substantive.
I also suspect the difficulty (if any) in prosecuting this case would
derive more from getting AZ, US, and Finnish authorities to
take it on, rather than the supposed reluctance of any
system admins, including Julf.
> I think its time for Julf to either shut down anon.penet.fi,
I knew you'd get to this.
> or change his
> policy such that it contains a proviso that abuse will cause the
> immediate "outing" of the abuser's real id in both the abused
> newsgroup and news.admin.misc.
That would be an irresponsible policy.
Let me ask you this: should access services such as Netcom and
Digex, who upon request will hold accounts anonymous, feel free to
"out" the true identity of users based merely on the judgement of a
sys admin?
I'll answer the question -- they don't, and they shouldn't. Short
of a court order, no admin should EVER release account information
without the user's permission. It's one of the basic tenets of
computer ethics.
Karl, about the only thing that is clear here is that you
have gotten a hair up your a** about anonymous posting, and therefore
you are capitalizing upon the unfortunate event of the
above-referenced forgery to make a stupid case about anonymous posting
in general.
Steve
Karl Denninger
You consider harassment of this kind to be idiocy?
>> I found this gem on alt.sex.bondage....
>>
>>> Single white "older" female (30s) seeks ...
>>> [phone numbers deleted]
>
>> Since there is no way to "out" the originator, and Julf won't
>> release names under <any> circumstances, this is what happens.
>
>It's my guess that in a case of clearly illegal and antisocial
>usage, Julf would respond to a legit search warrant or similar
>legal instrument. Julf is not as irresponsible as you
>anti-anonimity hypsters would like to believe.
Nope. Ask Julf. Julf has said that he won't, more than once, even in
the face of a warrant.
>> There is probably
>> enough information on Julf's machine to figure out who sent the
>> message, but without his cooperation........
>
>Do you have ANY basis for labeling Julf "uncooperative" ??
>Have you even discussed this with him? Or are you just
>fantasizing here?
Have you? Have you read any of his terms and conditions, or what he claims
he will do if there are problems with his server? His only deference is to
block access (the second time) from the same person. This is trivially
gotten around if you know how to telnet to someone's SMTP port.
>I suspect your criticism is presumptive rather than
>substantive.
Ask him.
>> I think its time for Julf to either shut down anon.penet.fi,
>
>I knew you'd get to this.
>
>> or change his
>> policy such that it contains a proviso that abuse will cause the
>> immediate "outing" of the abuser's real id in both the abused
>> newsgroup and news.admin.misc.
>
>That would be an irresponsible policy.
Really?
>Let me ask you this: should access services such as Netcom and
>Digex, who upon request will hold accounts anonymous, feel free to
>"out" the true identity of users based merely on the judgement of a
>sys admin?
>
>I'll answer the question -- they don't, and they shouldn't. Short
>of a court order, no admin should EVER release account information
>without the user's permission. It's one of the basic tenets of
>computer ethics.
At least you can compel the release of information with a subpoena in the
US. In other countries this is not the case.
--
Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
Modem: [+1 312 248-0900] | Clarinet feed in Chicago. Send email to
Voice/FAX: [+1 312 248-8649] | "in...@mcs.com" for more information.
Steve Pope
|> It's my guess that in a case of clearly illegal and antisocial
|> usage, Julf would respond to a legit search warrant or similar
|> legal instrument. Julf is not as irresponsible as you
|> anti-anonimity hypsters would like to believe.
| Nope. Ask Julf. Julf has said that he won't, more than once, even in
| the face of a warrant.
Hmm.
Julf HAS made strong statements about keeping account information
private. It's still my guess though that if, in this particular
case, he were served with warrant valid _within his jurisdiction_,
he would comply.
But maybe not. I'll ask him.
(The reason I suspect this is the apparent illegal mis-use here
is much more egregious than has been the case with most complaints
about penet.)
Also, if I were the injured party here, and I wanted to pursue it
I would certainly operate on the assumption that if
the Finnish authorities could be convinced that they should
obtain the data from Julf, they will probably be able to do
so. It is very, very premature to presume that Julf
would in fact be a roadblock to the legal process.
|>Let me ask you this: should access services such as Netcom and
|>Digex, who upon request will hold accounts anonymous, feel free to
|>"out" the true identity of users based merely on the judgement of a
|>sys admin?
|>
|>I'll answer the question -- they don't, and they shouldn't. Short
|>of a court order, no admin should EVER release account information
|>without the user's permission. It's one of the basic tenets of
|>computer ethics.
|
| At least you can compel the release of information with a subpoena
| in the
| US. In other countries this is not the case.
I agree that such a court order would be unusual in Finland.
But in that case, your complaint should be with the Republic of
Finland, rather than Julf, since you are in essence implying
that he is operating legally.
Steve
Jonathan David Abbey
> [...]
>
>At least you can compel the release of information with a subpoena in the
>US. In other countries this is not the case.
Really? I would not have thought that there would be many countries that
are more respectful of an invidual's right to withold information than
the United States. Switzerland perhaps..? Details, please.
Follow-ups to comp.org.eff.talk.
--
Jonathan Abbey jona...@cs.utexas.edu
Applied Research Laboratories The University of Texas at Austin
"National Security" is the root password to the constitution. -- the Net
Read: The Shockwave Rider -- John Brunner -- ISBN 0-345-32431-5
Karl Denninger
Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>ka...@Mcs.Com (Karl Denninger) writes:
>
>|> It's my guess that in a case of clearly illegal and antisocial
>|> usage, Julf would respond to a legit search warrant or similar
>|> legal instrument. Julf is not as irresponsible as you
>|> anti-anonimity hypsters would like to believe.
>
>| Nope. Ask Julf. Julf has said that he won't, more than once, even in
>| the face of a warrant.
>
>Hmm.
>
>Julf HAS made strong statements about keeping account information
>private. It's still my guess though that if, in this particular
>case, he were served with warrant valid _within his jurisdiction_,
>he would comply.
>
>But maybe not. I'll ask him.
The last time this came up I believe I remember him saying that he would
<destroy> the database before turning it over to the authorities. This was
before the shutdown/restart of anon.penet.fi, so things may have changed
since that time. My complaint with the server is valid only if that fact
stands today.
If indeed he will turn over the identity of the user in the face of this
posting as evidence (which I believe speaks for itself) then I withdraw
the objection in total.
>Also, if I were the injured party here, and I wanted to pursue it
>I would certainly operate on the assumption that if
>the Finnish authorities could be convinced that they should
>obtain the data from Julf, they will probably be able to do
>so. It is very, very premature to presume that Julf
>would in fact be a roadblock to the legal process.
I'm not presuming: I am working off of what has been said in the past.
This may have changed, but it certainly was current not all that long ago.
Again, if it <has> changed and such information is available in the face of
this kind of violation of the law then I stand corrected and withdraw the
objection to the server. There is then sufficient protection to prevent
this kind of outrage from going unanswered.
>|>Let me ask you this: should access services such as Netcom and
>|>Digex, who upon request will hold accounts anonymous, feel free to
>|>"out" the true identity of users based merely on the judgement of a
>|>sys admin?
>|
>| At least you can compel the release of information with a subpoena
>| in the
>| US. In other countries this is not the case.
>
>I agree that such a court order would be unusual in Finland.
>
>But in that case, your complaint should be with the Republic of
>Finland, rather than Julf, since you are in essence implying
>that he is operating legally.
Not really.
He is providing service to people outside of his country. That makes him
just as responsible for the problem as the authorities if the party in
question can't get relief due to geography. This is particularly true if
the message originated in the US. (I'll grant you the point if the message
originated in some other country, but I doubt this is the case).
Given a communication which originated in and had as its intended target a
person in the US, I believe that US law should apply. Thus, I believe
that Julf should honor a US warrant or court order compelling the release
of the identity.
I allow anon accounts here under specific agreement. That agreement says
that should I be presented with verified evidence that the account was used
to commit a harassing or lawbreaking act (ie: this kind of post, and my
server logs verify that it was indeed posted here) I reserve the right to
turn over your name to the authorities along with the evidence involved
and/or to summarily delete the account -- and you forfeit your fee. I've
never had to invoke this clause on an anon account -- most people who want
them are interested in <protection> from harassment, not harassing others.
As long as that's your intent for the id on MCSNet I have no problem with
"anonymous" logins. The only other way someone gets my records without
permission is through a court order (subpoena, etc).
I fully understand that there are <very> valid reasons for anonymous posting
to the Internet (not the least of which is the group alt.sexual.abuse.recovery).
This particular discussion, however, comes on the tail end of a flamefest I've
been involved in with users on another Chicago area system where one of them
advocates unrestricted, unconditional, no-discovery-process anonymous
accounts, and that people should be able to post (ie: "say") anything
without fearing that they will be identified in any fashion or under
any circumstances.
My point is that this posting is the direct result of that kind of anonymous
access, and that for this reason there should be some "outing" procedure
available that doesn't require raising an international incident for those
who are victims of this kind of attack.
Ken Arromdee
it was a forgery specifically designed to discredit the anonymous server?
There _have_ been recent cases of forgeries which were written this way.
--
Ken Arromdee (email: arro...@jyusenkyou.cs.jhu.edu)
ObYouKnowWho Bait: Stuffed Turkey with Gravy and Mashed Potatoes
"There are no good or evil plants. There are only... plants." --Ficus (Quark)
Karl Denninger
Ken Arromdee <arro...@jyusenkyou.cs.jhu.edu> wrote:
>Is it even known that the supposed "penet anonymous post" is real? What if
>it was a forgery specifically designed to discredit the anonymous server?
>There _have_ been recent cases of forgeries which were written this way.
It looks legit -- I checked the headers, and it appears to have gone through
the normal paths.
Without confirmation from Julf there is no way to be certain, of course.
Steve Pope
> The last time this came up I believe I remember [Julf] saying that he
> would <destroy> the database before turning it over to the
> authorities.
What exactly is meant by "this" in your phrase "this came up" ??
Perhaps the circumstances of the case at hand differ from those
of past complaints against penet -- most of which, I recall,
were very frivolous.
> If indeed he will turn over the identity of the user in the face of
> this posting as evidence (which I believe speaks for itself) then
> I withdraw the objection in total.
Although the content of this particular posting _appears_ to "speak
for itself", I don't consider system admins to be judges of content or
legality. Admins should be neutral functionaries who act on behalf
of their accountholders, within legal limits.
> He is providing service to people outside of his country. That makes
> him just as responsible for the problem as the authorities if the
> party in question can't get relief due to geography. [...]
> Given a communication which originated in and had as its intended
> target a person in the US, I believe that US law should apply.
> Thus, I believe that Julf should honor a US warrant or court order
> compelling the release of the identity.
There is certainly no legal basis for a US warrant to apply to
somebody in Finland, unless of course there is some treaty
to that effect in place; but even in that event, some form of due
process applies.
> I allow anon accounts here under specific agreement. That agreement
> says that should I be presented with verified evidence that the
> account was used to commit a harassing or lawbreaking act (ie: this
> kind of post, and my server logs verify that it was indeed posted
> here) I reserve the right to turn over your name to the authorities
> along with the evidence involved and/or to summarily delete the
> account -- and you forfeit your fee.
I find it distasteful that a system admin should claim such authority.
Police powers should be reserved for the state (which is distasteful
enough).
Perhaps, if this is the way you feel, your service should not allow
anon accounts, given your attitude. Certain other services, whose
managers had similar concerns, have made that decision. For example,
WELL allows no anonymity.
Your policy amounts to, "you can have an anon account, but if *I*
decide you should be outed, then tough luck". That's a little
too nebulous for my tastes.
> The only other way someone gets my records without
> permission is through a court order (subpoena, etc).
IMO, if you want to support anonymity on your service, then you should
follow the lead of your (quite successful) competitors, and limit the
release of account information to court orders, period. Any
premature "outing" along the lines you suggest amounts to taking
sides in an as-yet-unresolved legal matter. Have you inquired of your
legal counsel what the implications of that might be?
> My point is that this posting is the direct result of that kind of
> anonymous access, and that for this reason there should be some
> "outing" procedure available that doesn't require raising an
> international incident for those who are victims of this kind
> of attack.
I disagree with your premise. The apparent offense involved a forgery,
and one does not need an anon server to do that. You are
attributing malice to the system, rather than the perpetrator.
Steve
John Groseclose
: ka...@Mcs.Com (Karl Denninger) writes:
: Hmm.
: Steve
--
To put this whole thing to rest, I'd like to make a statement about that
message: it was posted from my account, but not by me. You see, one of the
systems that I use was hacked, and so I changed the password on it. I did
not, however, change the password on the other account, which was
identical. Now, in hindsight, I have changed ALL of my account passwords
to different ones. . . If one is compromised, the others won't be.
I'm VERY sorry about this whole mess. I've also sent apologies to Julf,
and to the person named in the ad.
John Payson
>he will do if there are problems with his server? His only deference is to
>block access (the second time) from the same person. This is trivially
>gotten around if you know how to telnet to someone's SMTP port.
Suppose he had forged a mail message [by telnet'ing into someone's SMTP
port] and sent it to the utexas gateway? Would there be any more information
about him then there is now? For that matter, how do we know that the
message was sent by the real owner of that account, and not just an SMTP
forge directed TOWARD anon.penet.fi [so everything in the message, incl.
the return-address and path, would appear to be legit.]
Making unaccountable postings is trivial Karl. You of all people should
know this, being an experienced sysadmin. The _ONLY_ function of an
anon-server in this respect is to <1> serve as a visible focus [people
forging posts via other open systems don't have the a.p.f signature block
at the bottom of their posts, etc.] and <2> allows a useable reply path
for those who wish to respond to a post. It seems to me that #2 leads to
an INCREASE in accountability for those who wish to accept it, and there's
at present no way to ensure accountability with or without anon-servers.
In short, while I can understand why you see unaccountable posting as a
threat to the net [given the current political climate where "burning" the
bill of rights seems less objectionable than burning the flag] I fail to
see what the existence of anon-servers does that qualitatively makes the
problem worse.
PS--Was anyone actually STUPID enough to call a number listed in an
anon-posted ad? I guess given the number of people on the net it's
not surprising, but still....
--
-------------------------------------------------------------------------------
supe...@mcs.com | "Je crois que je ne vais jamais voir... | J\_/L
John Payson | Un animal si beau qu'un chat." | ( o o )
Jyrki Kuoppala
>Given a communication which originated in and had as its intended target a
>person in the US, I believe that US law should apply. Thus, I believe
>that Julf should honor a US warrant or court order compelling the release
>of the identity.
This is a popular view in the USA (that U.S. laws apply on all Earth
and half the solar system), but the Finnish government doesn't think
that way. It won't cooperate in the generic case. If something is
against the law _both_ in USA and Finland, I guess then the government
will cooperate - but even then there probably needs to be something
serious going on (a crime for which the minimum sentence is six
months, I think).
Then of course, the U.S. government has bigger muscle than the Finnish
government, so the Finnish government will probably cooperate anyway
if the matter is serious enough, but I don't suppose a typical
net.flame will be enough.
//Jyrki
Jamesy
ka...@Mcs.Com (Karl Denninger) writes:
>In article <2dh29e$s...@agate.berkeley.edu>,
>Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>>ka...@Mcs.Com (Karl Denninger) writes:
>>
truth, justice and the American way must be getting awfully heavy by
now.
Jamesy
--
+--------------------------------------------------------------------+
¦ ¦
¦ KDJ - SUK...@MVS.SAS.COM ¦
¦ 'CIVILISE ENGLAND'S LICENCING LAWS.... ' ¦
¦ ¦
¦ ALL VIEWS EXPRESSED ARE ENTIRELY MY OWN. AND I'M PROUD TO ¦
¦ ADMIT IT TOO. ¦
¦ ¦
+--------------------------------------------------------------------+
Jamesy
truth that makes the world blossom ;-) (Tongue firmly in cheek)
Karl Denninger
Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>ka...@Mcs.Com (Karl Denninger) writes:
>
>> The last time this came up I believe I remember [Julf] saying that he
>> would <destroy> the database before turning it over to the
>> authorities.
>
>What exactly is meant by "this" in your phrase "this came up" ??
>Perhaps the circumstances of the case at hand differ from those
>of past complaints against penet -- most of which, I recall,
>were very frivolous.
Really? A statement that someone is willing to obstruct justice rather than
cooperate is rather blunt, is it not?
>> If indeed he will turn over the identity of the user in the face of
>> this posting as evidence (which I believe speaks for itself) then
>> I withdraw the objection in total.
>
>Although the content of this particular posting _appears_ to "speak
>for itself", I don't consider system admins to be judges of content or
>legality. Admins should be neutral functionaries who act on behalf
>of their accountholders, within legal limits.
Are you prepared to defend that with your own funds when you get sued for
failing to assist in an investigation of what is pretty clearly a criminal
matter?
>> I allow anon accounts here under specific agreement. That agreement
>> says that should I be presented with verified evidence that the
>> account was used to commit a harassing or lawbreaking act (ie: this
>> kind of post, and my server logs verify that it was indeed posted
>> here) I reserve the right to turn over your name to the authorities
>> along with the evidence involved and/or to summarily delete the
>> account -- and you forfeit your fee.
>
>I find it distasteful that a system admin should claim such authority.
>Police powers should be reserved for the state (which is distasteful
>enough).
Police powers? Since when is the right to report lawbreaking to the
authorities exercise of police powers? I thought that reporting suspected
illegal activity is what responsible citizens are supposed to do.
Or are you one of those who advocates "turning away" when you see someone
you know driving by spraying bullets in the window of your neighbor's house?
After all, its the policeman's job to go catch the badguys, right?
>Perhaps, if this is the way you feel, your service should not allow
>anon accounts, given your attitude. Certain other services, whose
>managers had similar concerns, have made that decision. For example,
>WELL allows no anonymity.
NOT true. The WELL does allow it, under certain limited circumstances.
So does MCSNet. There are a few anonymous accounts there, primarily for
celebs who don't want to be harassed (surprise -- close to why I allow them
here).
>Your policy amounts to, "you can have an anon account, but if *I*
>decide you should be outed, then tough luck". That's a little
>too nebulous for my tastes.
Wrong. My policy amounts to "if I believe there is lawbreaking I reserve
the right to give the evidence to the cops and/or cancel your anonymous
account". Where do you get that I would post the name of the account
holder?
>> The only other way someone gets my records without
>> permission is through a court order (subpoena, etc).
>
>IMO, if you want to support anonymity on your service, then you should
>follow the lead of your (quite successful) competitors, and limit the
>release of account information to court orders, period. Any
>premature "outing" along the lines you suggest amounts to taking
>sides in an as-yet-unresolved legal matter. Have you inquired of your
>legal counsel what the implications of that might be?
Yep. You sign the contract, you agree to the terms. Period. You know what
they are going in. This stuff is all quite legal and above-board.
The implications of someone suing me over performing exactly as my contract
says I will are that they may get slapped with a frivilous lawsuit sanction,
which can be extremely expensive.
>> My point is that this posting is the direct result of that kind of
>> anonymous access, and that for this reason there should be some
>> "outing" procedure available that doesn't require raising an
>> international incident for those who are victims of this kind
>> of attack.
>
>I disagree with your premise. The apparent offense involved a forgery,
>and one does not need an anon server to do that. You are
>attributing malice to the system, rather than the perpetrator.
A forgery? There is no evidence of that as of yet.
Karl Denninger
>In article <2dha5g$3...@Mercury.mcs.com>, karl@Mcs (Karl Denninger) writes:
>>Given a communication which originated in and had as its intended target a
>>person in the US, I believe that US law should apply. Thus, I believe
>>that Julf should honor a US warrant or court order compelling the release
>>of the identity.
>
>This is a popular view in the USA (that U.S. laws apply on all Earth
>and half the solar system), but the Finnish government doesn't think
>that way. It won't cooperate in the generic case.
No, I don't think I've been trying to make that case. What I've been trying
to make as a case is that a communication which began and terminated in the
US should fall under US jurisdiction. Do you advocate that a person who
hijacks a plane in the US, flies to Finland, and then back to the US should
somehow escape US prosecution?
>Then of course, the U.S. government has bigger muscle than the Finnish
>government, so the Finnish government will probably cooperate anyway
>if the matter is serious enough, but I don't suppose a typical
>net.flame will be enough.
Which makes the anon.penet.fi server a perfect conduit for the posting of
things like this with zero recourse to the injured party, or credit card
numbers, or cracked passwords, or any one of a number of other illegal acts.
Great.
Karl Denninger
>In article <2dh0vo$v...@mercury.mcs.com>, Karl Denninger <ka...@Mcs.Com> wrote:
>>
>>Have you? Have you read any of his terms and conditions, or what he claims
>>he will do if there are problems with his server? His only deference is to
>>block access (the second time) from the same person. This is trivially
>>gotten around if you know how to telnet to someone's SMTP port.
>
>Suppose he had forged a mail message [by telnet'ing into someone's SMTP
>port] and sent it to the utexas gateway? Would there be any more information
>about him then there is now?
Yes. Many times SMTP mail can be traced, even when someone tries to forge
it. There are no promises, but there is a good chance that you can
determine from where the mail came, and with cooperation of the admins on
the other end you might even be able to figure out who sent it.
>Making unaccountable postings is trivial Karl. You of all people should
>know this, being an experienced sysadmin.
Not completely unaccountable postings. You can try, but you never know when
someone is going to be running an unannounced IDENT or TAP server on their
end and screw you to the wall. Besides, that's not really necessary most
of the time. Given any sort of pattern you can usually figure out who is
doing the screwing around in a rather short period of time.
You'd be surprised at how many times I've been able to track this kind of
thing down and find out who posted the so-called "anonymous" message.
Being an experienced sysadmin, I know how dangerous it is to <assume> you
can make anonymous postings by telnetting to people's SMTP or NNTP ports.
You frequently get "surprised" when you do that by an admin who has some
brains and is logging enough to catch you cold.
> The _ONLY_ function of an
>anon-server in this respect is to <1> serve as a visible focus [people
>forging posts via other open systems don't have the a.p.f signature block
>at the bottom of their posts, etc.] and <2> allows a useable reply path
>for those who wish to respond to a post.
And it gives the poster complete immunity from being "outed", unless Julf
is willing to release the connection records. Without cooperation of the
admins from one of the ends of the link you're completely screwed trying to
figure out who did what.
>In short, while I can understand why you see unaccountable posting as a
>threat to the net [given the current political climate where "burning" the
>bill of rights seems less objectionable than burning the flag] I fail to
>see what the existence of anon-servers does that qualitatively makes the
>problem worse.
I'm not willing to burn the Bill of Rights. In fact, I fully support all
of it, including those parts others find objectionable (like the second
and fourth ammendments). However, Freedom of Speech does not extend to
unaccountable speech. It does not extend, to coin a phrase, to shouting
"Fire" in a crowded theatre without recourse if there is in fact no fire.
This is not a "new" interpretation coined through the WOsD. It is a very
old interpretation, from a time when speech came in the forms of print
and spoken word only.
>PS--Was anyone actually STUPID enough to call a number listed in an
> anon-posted ad? I guess given the number of people on the net it's
> not surprising, but still....
A lot of people were. You now have one very unhappy co-ed who would love to
find the responsible party and screw them to the wall. She has no way to
do that at present, which is a travesty. Her right to redress for a very
egregious violation of her rights has been abrogated by the "anonymous
access at any cost" crowd. This is sad.
Anon servers are fine with me -- as long as they are used responsibly, and
there is a reasonable path to redress these kinds of abuse. This was an
example of flat-out irresponsible abuse.
Mats Bergstrom
On 30 Nov 1993, Karl Denninger wrote:
> Given a communication which originated in and had as its intended target a
> person in the US, I believe that US law should apply.
A US court to order a search of a hard disk in Finland? Possibly through
Interpol but only if Finnish laws are violated of course. US law can not
apply in Finland, never.
Clay Shirky
>It's my guess that in a case of clearly illegal and antisocial
>usage, Julf would respond to a legit search warrant or similar
>legal instrument.
Whose laws? What society? Which jurisdiction's search warrant? There isn't
any legal convention about where the Internet *is* (viz the US Gov't attempts
to suggest that putting PGP on a domestic machine constitutes exportation
under ITAR) much less, god forbid, any agreement about whose culture determines
what constitutes "anti-social usage".
--
Clay Shirky shi...@panix.com
If you don't know where you're going, you will probably end up somewhere else.
-Laurence Peter, _The Peter Principle_
John Payson
>In article <2dhf46$4...@mercury.mcs.com>, John Payson <supe...@Mcs.Com> wrote:
>>
>>Suppose he had forged a mail message [by telnet'ing into someone's SMTP
>>port] and sent it to the utexas gateway? Would there be any more information
>>about him then there is now?
>
>Yes. Many times SMTP mail can be traced, even when someone tries to forge
>it. There are no promises, but there is a good chance that you can
>determine from where the mail came, and with cooperation of the admins on
>the other end you might even be able to figure out who sent it.
>
>>Making unaccountable postings is trivial Karl. You of all people should
>>know this, being an experienced sysadmin.
>
>Not completely unaccountable postings. You can try, but you never know when
>someone is going to be running an unannounced IDENT or TAP server on their
>end and screw you to the wall. Besides, that's not really necessary most
>of the time. Given any sort of pattern you can usually figure out who is
>doing the screwing around in a rather short period of time.
<1> True, one needs to be careful if one is trying to make an unaccountable
posting. But if one telnets from, e.g., a computer in an otherwise
vacant academic lab into an SMTP port, how likely is one to get caught?
Even tracking the post to the originating machine won't help much, and
there are many ways to delay the appearance of a message so that one
even has a good alibi.
<2> There is no pattern here. Just one message. Were there a 'pattern',
one could monitor traffic heading toward the a.p.f server.
>> The _ONLY_ function of an
>>anon-server in this respect is to <1> serve as a visible focus [people
>>forging posts via other open systems don't have the a.p.f signature block
>>at the bottom of their posts, etc.] and <2> allows a useable reply path
>>for those who wish to respond to a post.
>
>And it gives the poster complete immunity from being "outed", unless Julf
>is willing to release the connection records. Without cooperation of the
>admins from one of the ends of the link you're completely screwed trying to
>figure out who did what.
Fact 1: It is not overly difficult to forge an email such that there is a
90% chance it won't get tracked to the originating machine.
Fact 2: It is, in many cases, not overly difficult to use public resources
such that even tracing a message to the originating account won't
identify who sent it.
Fact 3: It is, in many cases, easy to misappropriate someone else's account
with little risk of detection. If one writes a post from THAT account
which is difficult to trace and does nothing else to bring attention to
himself, the chances of him remaining undetected are excellent.
>>In short, while I can understand why you see unaccountable posting as a
>>threat to the net [given the current political climate where "burning" the
>>bill of rights seems less objectionable than burning the flag] I fail to
>>see what the existence of anon-servers does that qualitatively makes the
>>problem worse.
>
>I'm not willing to burn the Bill of Rights. In fact, I fully support all
>of it, including those parts others find objectionable (like the second
>and fourth ammendments). However, Freedom of Speech does not extend to
>unaccountable speech. It does not extend, to coin a phrase, to shouting
>"Fire" in a crowded theatre without recourse if there is in fact no fire.
I didn't mean to imply that YOU would burn the Bill of RIghts, but that
in the current political climate the government seems very willing to do
so, thus forcing you to cover your tusch.
>
>A lot of people were. You now have one very unhappy co-ed who would love to
>find the responsible party and screw them to the wall. She has no way to
>do that at present, which is a travesty. Her right to redress for a very
>egregious violation of her rights has been abrogated by the "anonymous
>access at any cost" crowd. This is sad.
Well, you have a confession now from the guilty account. The owner claims
that the account was hacked. Even WITH julf's FULL cooperation, how would
you propose to prove that the account-owner in fact posted the message?
Clay Shirky
>No, I don't think I've been trying to make that case. What I've been trying
>to make as a case is that a communication which began and terminated in the
>US should fall under US jurisdiction. Do you advocate that a person who
>hijacks a plane in the US, flies to Finland, and then back to the US should
>somehow escape US prosecution?
Karl, you are making that case, because you have no way of knowing if the
original poster was from the US without somehow forcing Julf to reveal
their identity, which means that you believe that US law enforcement should
be have the right to force citizens in other nations to answer to US search
warrants. Without proof that the post origniated in the US, your argument
fails, and the only way to garner that proof is to subjugate Julf to US law.
Clay Shirky
>I'm not willing to burn the Bill of Rights. In fact, I fully support all
>of it, including those parts others find objectionable (like the second
>and fourth ammendments). However, Freedom of Speech does not extend to
>unaccountable speech. It does not extend, to coin a phrase, to shouting
>"Fire" in a crowded theatre without recourse if there is in fact no fire.
This is a specious argument. The "fire in a crowded theater" argument comes
about because shouting fire causes "cler and present danger". If
the First Amendment only protected "accountable" speech, then we could
equally disallow anonymous postings by neo-nazi groups and the KKK.
Furthermore, the 1st Amendment has nothing whatsoever to do with
anon.penet.fi The Bill of Rights expires 12 miles off the coast of
Maine, which is about 2500 miles shy of the beginning of the .fi domain.
Graham Toal
:To put this whole thing to rest, I'd like to make a statement about that
:message: it was posted from my account, but not by me. You see, one of the
:systems that I use was hacked, and so I changed the password on it. I did
:not, however, change the password on the other account, which was
:identical. Now, in hindsight, I have changed ALL of my account passwords
:to different ones. . . If one is compromised, the others won't be.
:
:I'm VERY sorry about this whole mess. I've also sent apologies to Julf,
:and to the person named in the ad.
Of course if people like Karl D had had their way, you'd have been
lynched by now...
By the way, for us folks on comp.org.eff.talk who missed the original
posting, what *was* the contentious post that started all this kerfuffle?
G
Jamesy
ka...@Mcs.Com (Karl Denninger) writes:
>In article <2dhsro$k...@nntp.hut.fi>, Jyrki Kuoppala <j...@cs.HUT.FI> wrote:
>>In article <2dha5g$3...@Mercury.mcs.com>, karl@Mcs (Karl Denninger) writes:
'citizen', your torch will light the way for generations to come.
Karl Denninger
>In <2dif0h$8...@Mercury.mcs.com> ka...@Mcs.Com (Karl Denninger) writes:
>
>>I'm not willing to burn the Bill of Rights. In fact, I fully support all
>>of it, including those parts others find objectionable (like the second
>>and fourth ammendments). However, Freedom of Speech does not extend to
>>unaccountable speech. It does not extend, to coin a phrase, to shouting
>>"Fire" in a crowded theatre without recourse if there is in fact no fire.
>
>This is a specious argument. The "fire in a crowded theater" argument comes
>about because shouting fire causes "cler and present danger". If
>the First Amendment only protected "accountable" speech, then we could
>equally disallow anonymous postings by neo-nazi groups and the KKK.
Note that these groups have been held <liable> when their speech leads
directly to damage to a third party. This kind of civil liability has been
used with significant success against these groups.
>Furthermore, the 1st Amendment has nothing whatsoever to do with
>anon.penet.fi The Bill of Rights expires 12 miles off the coast of
>Maine, which is about 2500 miles shy of the beginning of the .fi domain.
Yep. I know I can't possibly <compel> Julf to release the information.
Karl Denninger
In article <2diid8$h...@panix.com>, Clay Shirky <cl...@panix.com> wrote:
>In <2diecp$8...@Mercury.mcs.com> ka...@Mcs.Com (Karl Denninger) writes:
>
>>No, I don't think I've been trying to make that case. What I've been trying
>>to make as a case is that a communication which began and terminated in the
>>US should fall under US jurisdiction. Do you advocate that a person who
>>hijacks a plane in the US, flies to Finland, and then back to the US should
>>somehow escape US prosecution?
>
>Karl, you are making that case, because you have no way of knowing if the
>original poster was from the US without somehow forcing Julf to reveal
>their identity, which means that you believe that US law enforcement should
>be have the right to force citizens in other nations to answer to US search
>warrants. Without proof that the post origniated in the US, your argument
>fails, and the only way to garner that proof is to subjugate Julf to US law.
I know I can't compel Julf to answer to US law.
I'm <asking> him to comply. I'm well aware of the difference. There is no
way to compel Julf to do anything, other than creating an international
incident.
This is part of the problem I see with anonymous posting services. There is
a serious issue here with regards to the protection of people's rights, and
the ability to obtain redress. I don't have a problem with anonymous
posting services as long as they're not abused. When people are damaged as
a result of these services, and the operators hide behind a "I'm not in the
US so screw off" attitude, there is no recourse.
I have heard that there is under development a multiple-path remailer system
which works with strong encryption that will render this entire argument
moot. This system will prevent any disclosure of the sender, since the
operators of the system will have no way to determine the sender <either>.
If you build a matrix of these you have effectively 100% secure anonymous
posting capability.
That opens Pandora's box in a real way. And it is where we're headed.
There are plenty of folks interested in doing exactly this so they can send
totally secure messages around with no fear of traceback or interception.
Steve Pope
>> What exactly is meant by "this" in your phrase "this came up" ??
>> Perhaps the circumstances of the case at hand differ from those
>> of past complaints against penet -- most of which, I recall,
>> were very frivolous.
>
> Really? A statement that someone is willing to obstruct justice
> rather than cooperate is rather blunt, is it not?
As others have pointed out, Julf has often cooperated in
cases of abuse of his server, apparently including the one
under discussion... since the owner of the account involved
has been identified (the owner was not the perp; the account
was cracked).
So far, Julf has exhibited good judgement on these things.
Better than yours, Karl, in my opinion -- had your "immediate
outing" policy been applied to this case, an innocent person
would have been smeared.
>> Although the content of this particular posting _appears_ to "speak
>> for itself", I don't consider system admins to be judges of content or
>> legality. Admins should be neutral functionaries who act on behalf
>> of their accountholders, within legal limits.
>
> Are you prepared to defend that with your own funds when you get sued
> for failing to assist in an investigation of what is pretty
> clearly a criminal matter?
Note the phrase "within legal limits" in my statement above. I
am not advocating illegally supressing evidence.
>>Perhaps, if this is the way you feel, your service should not allow
>>anon accounts, given your attitude. Certain other services, whose
>>managers had similar concerns, have made that decision. For example,
>>WELL allows no anonymity.
>
>NOT true. The WELL does allow it, under certain limited circumstances.
Okay, I stand corrected. Jerry Garcia could get an anonymous
well account, but that hardly is germane here. The basic policy
there is anonymity is unavailable.
> So does MCSNet. There are a few anonymous accounts there, primarily
> for celebs who don't want to be harassed
Same bogus policy as the WELL, in other words.
>>Your policy amounts to, "you can have an anon account, but if *I*
>>decide you should be outed, then tough luck". That's a little
>>too nebulous for my tastes.
>
>Wrong. My policy amounts to "if I believe there is lawbreaking I reserve
>the right to give the evidence to the cops and/or cancel your anonymous
>account". Where do you get that I would post the name of the account
>holder?
*Where did I get that* ???
In this thread you have been advocating "immediately outing" the
accountholder on both the "abused newsgroup" and an admin group.
That's where I got the idea. Look at the subject line -- you
wrote it!!
But now you're backpedaling and saying you would only use the
information privately, which of course is much more reasonable....
>>Any premature "outing" along the lines you suggest amounts to taking
>>sides in an as-yet-unresolved legal matter. Have you inquired of your
>>legal counsel what the implications of that might be?
> Yep. You sign the contract, you agree to the terms. Period. You
> know what they are going in. This stuff is all quite legal and
> above-board.
I agree it's legal, but my understanding it is legally risky to
run your service in other than a content-neutral fashion...
by moderating content, you become partly responsible for it.
>>I disagree with your premise. The apparent offense involved a forgery,
>>and one does not need an anon server to do that. You are
>>attributing malice to the system, rather than the perpetrator.
>
>A forgery? There is no evidence of that as of yet.
Actually, when I wrote the above, I meant the post was a "forgery"
in the sense that it purpouted to be from a woman in Arizona
when in fact it was not.
Now it has also surfaced (no surprise) that it was a "forgery"
in the sense you intended above -- it came from a cracked account.
Steve
Steve Pope
>
>By the way, for us folks on comp.org.eff.talk who missed the original
>posting, what *was* the contentious post that started all this kerfuffle?
Some dweeb cracked an account, and used it to post through penet
the phone number of an innocent woman to a sex newsgroup,
in a suggestive fashion.
Karl then seized the opportunity to whine about Julf's
supposed lack of responsibility.
Steve
Jyrki Kuoppala
>No, I don't think I've been trying to make that case. What I've been trying
>to make as a case is that a communication which began and terminated in the
>US should fall under US jurisdiction. Do you advocate that a person who
>hijacks a plane in the US, flies to Finland, and then back to the US should
>somehow escape US prosecution?
No - when a person hijacks a plane in the USA, the action happens in
USA. Your straw man fails also in another sense - I was saying
nothing about prosecution, just about law enforcement (getting
evidence). Let's say two U.S. citizens travel to Finland and have
oral sex in Finland, then travel back. Someone hints the authorities
that the persons might have engaged in an illegal act, and the act
should be investigated. Does the U.S. government then have the right
to subpoena Finnish citizens to testify on whether the couple had oral
sex or not? No.
>>Then of course, the U.S. government has bigger muscle than the Finnish
>>government, so the Finnish government will probably cooperate anyway
>>if the matter is serious enough, but I don't suppose a typical
>>net.flame will be enough.
>
>Which makes the anon.penet.fi server a perfect conduit for the posting of
>things like this with zero recourse to the injured party, or credit card
>numbers, or cracked passwords, or any one of a number of other illegal acts.
To my knowledge credit card numbers or cracked password are not
illegal in Finland, so if they are in USA you're probably right.
However if the illegality is something which is illegal also in
Finland, then the Finnish government might well cooperate and fine
Julf for withholding evidence if he doesn't cooperate with the Finnish
government on the investigation.
Despite events like the one in Panama, and numerous other
U.S. government aggressions, the world still has many governments of
which all are not under direct chain of command of the
U.S. government. And not all these countries consider the same things
immoral or worthy of prosecution or persecution as the U.S. government.
//Jyrki
Karl Denninger
Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>ka...@Mcs.Com (Karl Denninger) writes:
>
>>> What exactly is meant by "this" in your phrase "this came up" ??
>>> Perhaps the circumstances of the case at hand differ from those
>>> of past complaints against penet -- most of which, I recall,
>>> were very frivolous.
>>
>> Really? A statement that someone is willing to obstruct justice
>> rather than cooperate is rather blunt, is it not?
>
>As others have pointed out, Julf has often cooperated in
>cases of abuse of his server, apparently including the one
>under discussion... since the owner of the account involved
>has been identified (the owner was not the perp; the account
>was cracked).
>So far, Julf has exhibited good judgement on these things.
>Better than yours, Karl, in my opinion -- had your "immediate
>outing" policy been applied to this case, an innocent person
>would have been smeared.
Is he or she innocent? We really don't know that, do we? Certainly I have
nothing suggest otherwise, but we <do not know>. Only a claim.
My point is that this type of thing (anonymous posting services) make the
abuses of which this is an example easier to have occur, and thus they occur
more often. Also, since they are not only easier to have happen, but there
is little or no recourse available to the person harmed, they create even
more havoc.
If Julf has cooperated in this case then I withdraw my objection to <his>
server.
I don't withdraw my objection to the one which another person here in the US
is setting up that will be <truly> anonymous through the use of multiple
stages of encryption and bounce-buffering -- basically, it will be impossible
to establish who sent what.
I've thought about such a server myself on a few occasions. I was wondering
how long it was going to take before someone implemented one -- now, with it
being nearly imminent, I think we have the answer.
You may not want to believe this, but the thread here was started by another
related thread in which a user claimed that "anonymous, untraceable" posting
was a <right>. I said "balderdash", and used <this posting> as an example
of what happens with what we have now -- which is not <guaranteed> anonymous
service, only anonymous service based on the integrity (or lack thereof) of
the service provider. Julf is known to have high integrity in this regard,
which tends to attract more problems than some of the others.
The "absolutely anonymous" server which will soon appear, if email I receive
is correct, will be an absolute magnet for abuse. There will be <no way> to
possibly stop abusive postings, nor identify who is sending them. Nice.
THIS is what I disagree with -- anonymous posting with no means of control.
>>>Perhaps, if this is the way you feel, your service should not allow
>>>anon accounts, given your attitude. Certain other services, whose
>>>managers had similar concerns, have made that decision. For example,
>>>WELL allows no anonymity.
>>
>>NOT true. The WELL does allow it, under certain limited circumstances.
>
>Okay, I stand corrected. Jerry Garcia could get an anonymous
>well account, but that hardly is germane here. The basic policy
>there is anonymity is unavailable.
Nope. It is available to those who can make a reasonable claim that they
should have anonymous access in order to protect their privacy. Not to
harass others, or post inflamatory material without being responsible for
it. Certain, carefully defined reasons. I see nothing wrong with that.
>> So does MCSNet. There are a few anonymous accounts there, primarily
>> for celebs who don't want to be harassed
>
>Same bogus policy as the WELL, in other words.
Uh, I have no celebs. I have a few people who believe they would be open to
harassment if they were not "anonymous", so I have a policy to deal with
that.
>>>Your policy amounts to, "you can have an anon account, but if *I*
>>>decide you should be outed, then tough luck". That's a little
>>>too nebulous for my tastes.
>>
>>Wrong. My policy amounts to "if I believe there is lawbreaking I reserve
>>the right to give the evidence to the cops and/or cancel your anonymous
>>account". Where do you get that I would post the name of the account
>>holder?
>
>*Where did I get that* ???
>
>In this thread you have been advocating "immediately outing" the
>accountholder on both the "abused newsgroup" and an admin group.
>That's where I got the idea. Look at the subject line -- you
>wrote it!!
No, I advocate that people not be able to post to anonymous servers with
impunity, and that given the choice between completely anonymous service and
outing on abuse I choose the second.
You're the one who added the "immediate" to the line above. The subject
line says nothing about immediate outing, it says that <no> procedure for it
is a bad idea.
>But now you're backpedaling and saying you would only use the
>information privately, which of course is much more reasonable....
Wrong. I'm saying that if there is no procedure to "out" a user who is
abusing such a service it is wrong.
>> Yep. You sign the contract, you agree to the terms. Period. You
>> know what they are going in. This stuff is all quite legal and
>> above-board.
>
>I agree it's legal, but my understanding it is legally risky to
>run your service in other than a content-neutral fashion...
>by moderating content, you become partly responsible for it.
I am not moderating content. To moderate content I would have to approve it
<prior> to transmission, or retroactively cancel articles. I do not do
that. You are welcome to say what you want, but you must be prepared to be
held accountable for your speech if you abuse the privilege of doing so
under a "pen name".
>>A forgery? There is no evidence of that as of yet.
>
>Actually, when I wrote the above, I meant the post was a "forgery"
>in the sense that it purpouted to be from a woman in Arizona
>when in fact it was not.
>
>Now it has also surfaced (no surprise) that it was a "forgery"
>in the sense you intended above -- it came from a cracked account.
>
>Steve
We don't have any substantiation of that, only a claim. Again, I have no
reason to either believe or disbelieve the claim. I would be interested in
finding out how vigorously the owner and sysadmins are (or will) persue the
cracker.
These acts are rarely random. I'm willing to bet that someone has a
reasonably good idea of who did this.
Karl Denninger
>In article <2diecp$8...@Mercury.mcs.com>, karl@Mcs (Karl Denninger) writes:
>>No, I don't think I've been trying to make that case. What I've been trying
>>to make as a case is that a communication which began and terminated in the
>>US should fall under US jurisdiction. Do you advocate that a person who
>>hijacks a plane in the US, flies to Finland, and then back to the US should
>>somehow escape US prosecution?
>
>No - when a person hijacks a plane in the USA, the action happens in
>USA.
When a person transmits a message which is illegal from the USA, the act
which causes the posting is taking place in the USA.
The <obstruction of justice> is happening in another country. The actual
act which caused harm took place <here>.
So all I need to do in order to harass someone is to make sure the message
passes through a country such as Finland and I'm immune to prosecution,
right?
Nice.
>>Which makes the anon.penet.fi server a perfect conduit for the posting of
>>things like this with zero recourse to the injured party, or credit card
>>numbers, or cracked passwords, or any one of a number of other illegal acts.
>
>To my knowledge credit card numbers or cracked password are not
>illegal in Finland, so if they are in USA you're probably right.
Great.
>Despite events like the one in Panama, and numerous other
>U.S. government aggressions, the world still has many governments of
>which all are not under direct chain of command of the
>U.S. government. And not all these countries consider the same things
>immoral or worthy of prosecution or persecution as the U.S. government.
>
>//Jyrki
Yep. You're right. But some people think that harassment of folks should
not be aided and abetted by anyone, laws or lack thereof notwithstanding.
Karl Denninger
Do you know who hacked the account?
I do not support <immediate> outing in all cases -- but I do support it as a
possible outcome of abuse. OF COURSE you contact the person who you think
sent the mail/post first. NOWHERE have I said that <immediate> outing was
the answer. I have said it is <part> of the answer to abuses which invariably
come with these servers.
The entire thing which started this was a separate thread in which a user
stated that he believed that anonymous posting with <NO> means of discovery
or outing was a <right>. I then ran across this posting while reading a.s.b
and said "Gods, I hate it when an example comes and smacks me in the face."
I used this posting, which was basically a fraudulent post claiming
prostitution services for hire, as an example of exactly what we could see
under such a system.
Now, since this whole thing has turned into a flame war, I have received
mail from a pern who claims to be actually <constructing> such a service --
a truly anonymous system which will mutiply-encrypt and bounce-buffer
messages such that there will be <NO> way to ever discover who sent the
original message. That is, the database will not point to real names -- it
will rather point to strongly-encrypted entries in a database, which when
paired with other entries from certain other sites in the "web" of
participants, lead to the correct address. With enough combinatorial
elements this is essentially impenetrable, as there is no way to know if
you're on the right track tracing a message until you get to the last element
in the chain. The user who wrote me claimed that this was already in use
for email traffic, and was being modified to work with Usenet.
Steve Pope
>> So far, Julf has exhibited good judgement on these things.
>> Better than yours, Karl, in my opinion -- had your "immediate
>> outing" policy been applied to this case, an innocent person
>> would have been smeared.
>
> Is he or she innocent? We really don't know that, do we? Certainly
> I have nothing suggest otherwise, but we <do not know>. Only a claim.
Yes, but you've advocated an abusive policy that would possibly
smear an innocent netter. And expose the individual -- even you have
said that anon posting has its place -- you cited asar as
an example; don't the anon posters there have the right not to
be outed on the whim of some admin??
> You may not want to believe this, but the thread here was started by
> another related thread in which a user claimed that "anonymous,
> untraceable" posting was a <right>. I said "balderdash", and used
> <this posting> as an example of what happens with what we have now
Your criticism of Julf and his server was completely unfounded.
I don't see what this other "related thread" has to do with that.
>>The basic policy
>>[at WELL] is anonymity is unavailable.
>
> Nope. It is available to those who can make a reasonable claim
> that they should have anonymous access in order to protect
> their privacy.
That's not the story given to me by the WELL's system
administrators; a friend wanted an anon account there,
for completely reasonable and legitimate reasons, and wasn't
accomodated.
All that is tangential, however.
>>In this thread you have been advocating "immediately outing" the
>>accountholder on both the "abused newsgroup" and an admin group.
>>That's where I got the idea. Look at the subject line -- you
>>wrote it!!
> You're the one who added the "immediate" to the line above.
Nope, it's your stated policy. Earlier in this thread you wrote:
> I think its time for Julf to either shut down anon.penet.fi, or
> change his policy such that it contains a proviso that abuse
> will cause the immediate "outing" of the abuser's real id in
> both the abused newsgroup and news.admin.misc.
That, as I have stated before, is an irresponsible policy
viewpoint on your part, and it is understandable you are
trying to distance yourself from it. But those were your
words.
>>Now it has also surfaced (no surprise) that it was a "forgery"
>>in the sense you intended above -- it came from a cracked account.
> We don't have any substantiation of that, only a claim.
Okay, but it's a very very plausible claim. And since the accountholder
has come out and identified himself, I think it's tacky of
you to cast aspersion on him when there is no evidence
of wrongdoing on his part (asides from negligence, perhaps).
Karl, I think your concepts on network ethics need to be
MUCH more carefully thought out before you persist with deeming
yourself so knowlegable as to tell other admins what their
policies ought to be. Just my personal opinion, of course.
Steve
Jon Jacobs
>This system will prevent any disclosure of the sender, since the
>operators of the system will have no way to determine the sender <either>.
>If you build a matrix of these you have effectively 100% secure anonymous
>posting capability.
>
>That opens Pandora's box in a real way. And it is where we're headed.
>There are plenty of folks interested in doing exactly this so they can send
>totally secure messages around with no fear of traceback or interception.
>
>--
>Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
Karl,
Indeed, that is going on. I'm glad, however, that it is. You're
right in a way that it is a Pandora's box, but that box was actually
opened by the development of technology that allows government and--much
more dangerous--private corporations to keep track of everything we say
and write to one another.
The full-encryption systems threaten their ability to do this, and
as such they're our only protection. I'd prefer it if this sort of
self-defense were unnecessary, but it is absolutely required. As I'm
sure you know, the government is freaked out by truly effective
encryption. I don't blame them, nor their corporate buddies, but the cat
is out of the bag, I'm happy to say.
Jon Jacobs
Steve Pope
> I do not support <immediate> outing in all cases -- but I do
> support it as a possible outcome of abuse. OF COURSE you contact
> the person who you think sent the mail/post first.
Seems reasonable.
I guess though that when you first used the phrase "immediate outing",
it conveyed to me the impression of passing summary judgement without
much checking of facts. Which is why I criticized it, mostly.
I remain unconvinced though that there is ever any value in
"outing" an anonymous poster. The suggestion seems to be
vengeful more than anything else.
> Now, since this whole thing has turned into a flame war, I have
> received mail from a pern who claims to be actually <constructing> such
> a service -- a truly anonymous system which will mutiply-encrypt and
> bounce-buffer messages such that there will be <NO> way to ever
> discover who sent the original message.
No doubt the impetus to build such a mondo server is a reaction
to all the anonymous-bashing going on here on the nets...
One more thing: anon servers such as Julf's are really the "poor man's"
method of posting anonymously -- those with the scratch can
simply sign up at an access service provider (such as Karl). Clearly,
it is to the financial advantage of the service providers that
anon servers be shutdown.
Steve
Karl Denninger
Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>ka...@Mcs.Com (Karl Denninger) writes:
>
>>> So far, Julf has exhibited good judgement on these things.
>>> Better than yours, Karl, in my opinion -- had your "immediate
>>> outing" policy been applied to this case, an innocent person
>>> would have been smeared.
>>
>> Is he or she innocent? We really don't know that, do we? Certainly
>> I have nothing suggest otherwise, but we <do not know>. Only a claim.
>
>Yes, but you've advocated an abusive policy that would possibly
>smear an innocent netter.
Uh, it <was> his account that was used. Therefore, to "expose" the account
which sent the message isn't a "smear" on an "innocent" party; its a statement
of fact. This does <not> mean there isn't a defense to the allegation;
there is (and in this case it is a plausible one).
People have to be aware that account security is <their> business. This is
not to say that the person who fails to secure their ID is the one who did
the posting, or they are some heinous crook -- but it still was his or her
account that was used.
> And expose the individual -- even you have
>said that anon posting has its place -- you cited asar as
>an example; don't the anon posters there have the right not to
>be outed on the whim of some admin??
Whim? I don't call the kind of post which caused this uproar a "whim".
NOWHERE have I advocated that people be exposed on a "whim". I have
advocated (and will continue to do so) that people be exposed for egregious
violations of other netter's rights, and held forth that post as an example.
>> You may not want to believe this, but the thread here was started by
>> another related thread in which a user claimed that "anonymous,
>> untraceable" posting was a <right>. I said "balderdash", and used
>> <this posting> as an example of what happens with what we have now
>
>Your criticism of Julf and his server was completely unfounded.
>I don't see what this other "related thread" has to do with that.
As I said, I have withdrawn my objection to Julf's server given that he
has done something with this problem.
In fact, his geographical location has a lot to do with the problem. The
"above the law" approach is one which anyone outside the US could take
with impunity, and that Julf doesn't in this case means zip. The upcoming
development of a <true> anonymous server, where <nobody> knows the user who
sent the post, is a very real thing.
>>>The basic policy
>>>[at WELL] is anonymity is unavailable.
>>
>> Nope. It is available to those who can make a reasonable claim
>> that they should have anonymous access in order to protect
>> their privacy.
>
>That's not the story given to me by the WELL's system
>administrators; a friend wanted an anon account there,
>for completely reasonable and legitimate reasons, and wasn't
>accomodated.
That doesn't fit with the experience of others I have talked to there. And
it certainly doesn't fit with the experience of users on MCSNet machines.
>>>In this thread you have been advocating "immediately outing" the
>>>accountholder on both the "abused newsgroup" and an admin group.
>>>That's where I got the idea. Look at the subject line -- you
>>>wrote it!!
>
>> You're the one who added the "immediate" to the line above.
I was referring to the <subject> line which is what you quoted above.
>Nope, it's your stated policy. Earlier in this thread you wrote:
>
>> I think its time for Julf to either shut down anon.penet.fi, or
>> change his policy such that it contains a proviso that abuse
>> will cause the immediate "outing" of the abuser's real id in
>> both the abused newsgroup and news.admin.misc.
>That, as I have stated before, is an irresponsible policy
>viewpoint on your part, and it is understandable you are
>trying to distance yourself from it. But those were your
>words.
I don't believe it is irresponsible in the least <in this case>. If you post
things like this from your account, <or allow your account to be used for
such things>, whether by negligence or direct action, I believe you should
be held to account - including being immediately identified as the source
account of the post.
I'm sorry, but the net is not a "nice and happy" place any longer. It
really never was, and with the recent increase in usage and the massive
number of hack attacks which take place daily around the world one cannot
<ass>ume that anyone else will take care of account security for you. If
it is your account then it is your problem. Most university accounts, and
nearly all commercial ones, contain clauses in their user agreements stating
exactly this.
Unix-based security is reasonably strong <if> correctly configured and <if>
the user is not negligent. If neither of those is the case then rail on the
appropriate people. VMS security, as an example, is even stronger. RACF
can be nearly impenetrable. It all depends on the care and feeding the
users and admins give it.
>> We don't have any substantiation of that, only a claim.
>
>Okay, but it's a very very plausible claim. And since the accountholder
>has come out and identified himself, I think it's tacky of
>you to cast aspersion on him when there is no evidence
>of wrongdoing on his part (asides from negligence, perhaps).
I'm not saying that he did anything wrong (other than not keeping his
account secure, which IS his responsibility). The fact is, however, that
<we do not know> what happened or why. I am willing to bet that with some
work the person who posted the article can be identified, or at least a very
good guess can be taken. Can you prosecute from that? Perhaps not. But
you can make a point with the knowledge.
>Karl, I think your concepts on network ethics need to be
>MUCH more carefully thought out before you persist with deeming
>yourself so knowlegable as to tell other admins what their
>policies ought to be. Just my personal opinion, of course.
>
>Steve
I am presenting my viewpoint on anonymous servers, their abuse and possible
remedies -- <including> deterrents. Other admins are free to tell me to
go jump in the lake, take my advice, or do anything else they please --
including flame me. I have a number of asbestos suits, and have gotten
good at getting into and out of them. I've had years of practice.
Steve Pope
I propose that this thread continue on eff.talk and news.admin.misc ...
it's lost its relevance to the other groups.
Steve
Jyrki Kuoppala
>When a person transmits a message which is illegal from the USA, the act
>which causes the posting is taking place in the USA.
Yes.
>The <obstruction of justice> is happening in another country. The actual
>act which caused harm took place <here>.
What do you mean with "obstruction of justice"?
>So all I need to do in order to harass someone is to make sure the message
>passes through a country such as Finland and I'm immune to prosecution,
>right?
From where do you come to that conclusion?
>Yep. You're right. But some people think that harassment of folks should
>not be aided and abetted by anyone, laws or lack thereof notwithstanding.
Yes, and some people think people should be nice to each other, not
use swearwords and wash behind their ears every morning. What's the
point? Would the world be a better place if each landlord would
install cameras in all bathrooms and "out" every person who does not
wash behind their ears?
//Jyrki
John Groseclose
Well, this mess has ended. The site (gcef.maricopa.edu) from which that
message was posted has banned me. They claim it's "policy" to hold the
owner of an account responsible for anything sent from that account.
So, if someone steals my car, and runs over a nun, they'll deport me?
So far, this has been EXTREMELY unfair. First of all, Karl and Company
want to assume that the owner of the account sent the message. Second of
all, the site I *had* an account at wants to place the blame somewhere.
I guess I make a very convenient scapegoat.
Considering that the target of the "ad" has a personal grudge against me,
I wouldn't put it past them to ignore the fact that I didn't do it, and
proceed with penalties anyway.
Hopefully, whoever *is* responsible will read this, somewhere. I just want
them to realize that they've made not only their target's life a living
hell, but mine, too.
Congratulations.
John Payson
>
>The "absolutely anonymous" server which will soon appear, if email I receive
>is correct, will be an absolute magnet for abuse. There will be <no way> to
>possibly stop abusive postings, nor identify who is sending them. Nice.
Karl,
There is no accountability on the net, except that which people believe in
or that ensured via cryptographic protocols. Suppose the offending post in
this example had come from supe...@mcs.com. Would you have the right to
terminate the account? Most likely. Could any other legal action be brought
against me? Probably not. Since I have logged in hundreds of times via an
insecure channel [the Internet] it is hardly implausible that someone knows
my password. Or perhaps I used it on some other system where the admin was
not trustworthy. Or whatever. So even if a message is traced back to the
originating account, that does not necessarily prove convincingly that the
account owner posted it.
The truth is, one is relatively foolish to give too much credence to
articles posted on the net unless one has some external reasons to believe
that they were written by the From: person. Of course, most messages on
the net are either peoples' opinions, or are statements which may be
verified by some outside source, so who posted the message isn't of too
much concern. But for issues where it is a concern [such as posting phone
numbers] a reader would be foolish not to verify the identity of the poster
before acting upon the message [replying to the message and getting an email
back would be an effective minimum measure].
All that will change once multi-bounce cryptographic mailers appear is
that accountability will need to be explicit instead of implicit. If
someone wishes to post anonymously something upon which others are supposed
to act, they will need to provide coroborating information if they wish to
be taken seriously. At least a.p.f makes it clear that articles posted
through it are not traceable to their authors, as opposed to the net as a
whole which implies that the authors listed in "From:" lines are accountable
when this is in fact not so.
Michael Friedman
>ka...@Mcs.Com (Karl Denninger) writes:
>>> What exactly is meant by "this" in your phrase "this came up" ??
>>> Perhaps the circumstances of the case at hand differ from those
>>> of past complaints against penet -- most of which, I recall,
>>> were very frivolous.
>> Really? A statement that someone is willing to obstruct justice
>> rather than cooperate is rather blunt, is it not?
>As others have pointed out, Julf has often cooperated in
>cases of abuse of his server, apparently including the one
>under discussion... since the owner of the account involved
>has been identified (the owner was not the perp; the account
>was cracked).
To the best of my knowlege, this is a total lie. Could you please
inform us of a single case in which Julf has cooperated to identify
someone who misused his service? My understanding is that in this
case, the owner of the account identified himself. Julf did not
identify him.
>So far, Julf has exhibited good judgement on these things.
Please provide even a single example of this good judgment.
Eli Brandt
In article <2dj8al$d...@mercury.mcs.com>, Karl Denninger <ka...@Mcs.Com> wrote:
>If it is your account then it is your problem. Most university
>accounts, and nearly all commercial ones, contain clauses in their
>user agreements stating exactly this.
Such clauses are bogus. As a user, I can maintain account security
by picking good passwords and keeping them secret. I can leave .
out of my path. I can refrain from making my .login world-writable.
I can do a number of common-sense things. But all I can do about
system security is bitch and moan. Am I negligent in getting an
account on a system which runs sendmail? Well, maybe. But many
Unix systems are insecure out of the box, and new security bugs show
up all the time.
You cannot expect every user to anticipate whether somebody will
discover a root hole in their system's floating-point handling.
Even if you *were* to expect the flatly unreasonable, it would avail
nothing against simple forgery from that account to anon.penet.fi.
In the case at hand, it appears that the account used was cracked.
Perhaps the user was at fault, perhaps not. But it is inevitable
that your demanded "immediate `outing' of the abuser's real id..."
policy will result in the smearing of some who were entirely
blameless. I find this irresponsible. At the very least, why not
fall back to advocacy of "outing" only after figuring out what
actually happened? We could even throw in due process or something.
>Karl Denninger (ka...@MCS.COM)
Eli ebr...@jarthur.claremont.edu
PGP 2 key by finger or e-mail
"Your hideous criminal clock, your insidious time
bomb, is tick-tick-ticking." -- L. Detweiler
Jay Maynard
Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>I remain unconvinced though that there is ever any value in
>"outing" an anonymous poster. The suggestion seems to be
>vengeful more than anything else.
There will always be an element of vengeance in any form of accountability. So
what? The only effective way to hold someone accountable for his actions in an
instance like this is to out them - _NOTHING_ else will do.
>One more thing: anon servers such as Julf's are really the "poor man's"
>method of posting anonymously -- those with the scratch can
>simply sign up at an access service provider (such as Karl). Clearly,
>it is to the financial advantage of the service providers that
>anon servers be shutdown.
Two words: horse shit.
There are free systems out there that allow users to withhold their names from
the world...the one I'm logged on to, for example. One can have an anon
account here - but the system admin still requires that users of those
identify themselves to him before he validates the account. There is still
accountability there.
--
Jay Maynard, EMT-P, K5ZC, PP-ASEL | Never ascribe to malice that which can
jmay...@oac.hsc.uth.tmc.edu | adequately be explained by stupidity.
"The road to Usenet is littered with dead horses." -- Jack Hamilton
Steve Pope
>In article <2dj6j4$g...@agate.berkeley.edu>,
>> I remain unconvinced though that there is ever any value in
>> "outing" an anonymous poster. The suggestion seems to be
>> vengeful more than anything else.
> There will always be an element of vengeance in any form of
> accountability.
That's not only highly cynical but patently absurd.
As a counterexample, my employees are accountable to me to
get their work done, and similarly I am accountable to my
boss. None of us are "vengeful".
>>One more thing: anon servers such as Julf's are really the "poor man's"
>>method of posting anonymously -- those with the scratch can
>>simply sign up at an access service provider (such as Karl). Clearly,
>>it is to the financial advantage of the service providers that
>>anon servers be shutdown.
>
> Two words: horse shit.
Really. Actually, my statement above is completely (and obviously)
true.
> There are free systems out there that allow users to withhold their
> names from the world...the one I'm logged on to, for example.
Right; I would classify both Julf's system, and nyx, in the category
of systems which provide "poor man's" access to anonymity, as opposed
to netcom, digex etc. that charge $20/month or so.
What the HELL is your point, Maynard??
Steve
Karl Denninger
>In article <2dj0rk$b...@mercury.mcs.com>, Karl Denninger <ka...@Mcs.Com> wrote:
>>
>>The "absolutely anonymous" server which will soon appear, if email I receive
>>is correct, will be an absolute magnet for abuse. There will be <no way> to
>>possibly stop abusive postings, nor identify who is sending them. Nice.
>
>Karl,
> There is no accountability on the net, except that which people believe in
>or that ensured via cryptographic protocols. Suppose the offending post in
>this example had come from supe...@mcs.com. Would you have the right to
>terminate the account? Most likely. Could any other legal action be brought
>against me? Probably not. Since I have logged in hundreds of times via an
>insecure channel [the Internet] it is hardly implausible that someone knows
>my password. Or perhaps I used it on some other system where the admin was
>not trustworthy. Or whatever. So even if a message is traced back to the
>originating account, that does not necessarily prove convincingly that the
>account owner posted it.
It can be proven that it was posted from here, and from your ID. That I can
trivially do today with the software which exists on the equipment at MCSNet.
Whether or not I can prove <you> posted it is another matter. If someone
wants to subpoena records from the phone company and you used a dial-in it
can probably be ascertained -- IF someone wants to go to the trouble.
This is even true for local calls, as we have the port number you come in
on logged in the accounting data. That port number on a specific terminal
server maps to a line, and that can map to telco logs -- which could
ultimately map to your house or office phone. Trying to deny a post when
that is presented to a judge and/or jury is likely to fail.
Yes, there are ways around that. Again, this presumes intelligence on
the part of the poster and intimite knowledge of what is logged where, and
what can and cannot be subverted. This knowledge is usually absent when
there is malice aforethought. I have had lots of experience with hackers
and crackers trying to break into MCSNet in all its forms over the last ten
years, and only once was the cracker smart enough not to be able to be
tracked down.
This is part of the reason that the details of how I do my security are
not available to the public for inspection. I know that "security through
obscurity" isn't, but I also know that if you <do> get through the security
system being obscure about how I track things might mean the cracker will
miss something I've done to trace what the bad guy is up to -- and get
caught.
Karl Denninger
So how do we balance this need (to be free of government monitoring) with
the right of people to be reasonably safe and secure in their effects?
How do we provide redress to those who are wronged by electronic vandals who
use this ability to pass credit card numbers around, crack PBX systems,
crack passwords, leak sensitive corporate data to competitors, post fake
"Hooker for hire" ads in alt.sex.bondage or just generally cause trouble -
all with zero chance of discovering who they really are?
Is the price of this freedom the right to harass, intimidate, coerce and
even vandalize at whim with absolutely no recourse or chance of being
brought to justice? If so the free highway we all enjoy is in serious
jeopardy -- people will do what they have to do to prevent vandalism, and
that will mean the erection of tollbooths and the requirement for "secure ID"
cards which will be required to be used to access those databases. Oops -
there comes that ugly monitoring capability again, doesn't it?
I am concerned as the next person about the government intruding into our
private communications. I am less concerned about private parties, since I
can control who I do business with, and under what terms -- those terms can
include strong privacy guarantees if I choose to negotiate them, along with
severe legal penalties if the promises are broken. There is a social
solution to the private business problem, assuming people insist on it, and
that can be done through education. There is no such solution to government
intervention in this area.
How do we strike a balance?
--
Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
Karl Denninger
>In article <2dj12v$b...@Mercury.mcs.com>, karl@Mcs (Karl Denninger) writes:
>>When a person transmits a message which is illegal from the USA, the act
>>which causes the posting is taking place in the USA.
>
>Yes.
>
>>The <obstruction of justice> is happening in another country. The actual
>>act which caused harm took place <here>.
>
>What do you mean with "obstruction of justice"?
Obstruction of justice means the refusal to release the information (since
the claim is made that this act isn't illegal under XXX law, but it is under
US law) or otherwise obstructing the investigatory process in a fashion
that wouldn't wash or would bring criminal sanction if tried in the
United States.
>>So all I need to do in order to harass someone is to make sure the message
>>passes through a country such as Finland and I'm immune to prosecution,
>>right?
>
>From where do you come to that conclusion?
From the fact that all I have to do is send a message through anon.penet.fi
and I am absolutely indemnified against being "outed" by Julf. He might
prevent me from sending message #2, but if the first one is sufficiently
damaging then who needs a second transmission?
If you can't ascertain who sent the message, how can you prosecute?
>>Yep. You're right. But some people think that harassment of folks should
>>not be aided and abetted by anyone, laws or lack thereof notwithstanding.
>
>Yes, and some people think people should be nice to each other, not
>use swearwords and wash behind their ears every morning. What's the
>point? Would the world be a better place if each landlord would
>install cameras in all bathrooms and "out" every person who does not
>wash behind their ears?
Do you condone harassment of this type? If not what would you do to give
redress to the person who got a few hundred phone calls wanting phone (or
real) sex, or possibly even the calls or visits from the FBI inquiring
about an illegal prostitution service?
You come into my gunshop, buy a firearm, and then tell me on the way out
the door that you're going to Joe Schmoe's house to visit. Two hours later
Joe is shot dead with the same caliber pistol I just sold you. Do I keep
my mouth shut? After all, I didn't pull the trigger -- I just provided the
means which the attacker used to do the deed, right? I have no duty to
identify you, do I? I mean, I know who the killer probably is, but this
is "Karl's Anonymous Firearm Sales", there are lots of legal and good
uses for firearms, and besides, you might not be the one who killed Joe,
so your anonymous identity should be protected, right? Someone could have
stolen your gun, or it could have been any of the other 100 of these guns
(and owners) that I sold over the past year that did the deed. If I "out"
you to the cops or the press then I might "smear" a totally innocent person,
right?
Let's say that if I don't "out" you I know you'll get away with it if you
are in fact guilty, as I saw an airline ticket to a country which I know
won't extradite in your vest pocket while you were looking at the firearm --
and that ticket is for a flight which departs two hours from now.
What do you do in my shoes?
And how does this differ from a person who runs an anonymous server and
refuses to "out" an abuser under any circumstances, even when there is
a clear case of egregious harassment or lawlessness?
Steve Pope
>> What do you mean with "obstruction of justice"?
>
>Obstruction of justice means the refusal to release the information (since
>the claim is made that this act isn't illegal under XXX law, but it is under
>US law) or otherwise obstructing the investigatory process in a fashion
>that wouldn't wash or would bring criminal sanction if tried in the
>United States.
Amazing. Karl, you are incredible. So any activity, anywhere,
that "wouldn't wash in the United States" is "obstructing
justice".
That's about the most U.S.-centric attitude I've encountered
since the classic "ugly American" behavior fell out of fashion.
Sheeesh.
Steve
Tom O Breton
ka...@Mcs.Com (Karl Denninger) writes:
> Uh, it <was> his account that was used. Therefore, to "expose" the
> account which sent the message isn't a "smear" on an "innocent" party;
> its a statement of fact. This does <not> mean there isn't a defense to
> the allegation; there is (and in this case it is a plausible one).
Sheer nonsense. You know perfectly well that to point a finger at the
account it was (apparently) forged as if it came from would make serious
trouble for the account-holder. Saying "Yeah but it DID look like it
came from there. That's a *FACT*." does nothing to help that.
Strange that your ever-so-sensitive humane concern has suddenly
evaporated, merely because in this context it's inconvenient to your
case.
> If you
> post things like this from your account, <or allow your account to be
> used for such things>, whether by negligence or direct action, I believe
> you should be held to account - including being immediately identified
> as the source account of the post.
So you consider whatever happens to *him* (knowledgable forgery,
password theft, someone exploiting a system bug, negligent sysadmin,
other possibilities including personal stupidity) his own damn fault.
And we should immediately -- your own word -- pillory him in public.
That's what it would amount to, whether you admit it or not. We wouldn't
want to take a minute to think about it.
Funny how your level of sympathy totally reverses when it's inconvenient
to your case. The gal whose phone number you posted is given the most
delicate victimhood -- cause that'll sock anon.penet.fi but good -- but
the fella whose account was broken into is immediately considered an
irresponsible chump.
Tom
--
Having finished it's [sic] evil speech, the Tom spreads it's scaly
wings and soars away... (t...@world.std.com, TomB...@delphi.com)
Tom O Breton
> I do not support <immediate> outing in all cases -- but I do support it
> as a possible outcome of abuse. OF COURSE you contact the person who
> you think sent the mail/post first. NOWHERE have I said that
> <immediate> outing was the answer. I have said it is <part> of the
> answer to abuses which invariably come with these servers.
Well, which is it? Immediately out them or not? And don't say "in some
cases", 'cause that's stupid. If you do it "immediately" you don't have
time to wait for the facts to come in. If you get some facts first, then
you can't do it "immediately", now can you?
Incidentally, if "NOWHERE have I said that <immediate> outing was the
answer." was supposed to mean (as it appears at first glance) that you
have not recommended immediate outing: Oh yes you have. EG message-ID:
<2dj8al$d...@Mercury.mcs.com> "including being immediately identified as
the source account of the post. "
Tom
Dave Hayes
>Is the price of this freedom the right to harass, intimidate, coerce and
>even vandalize at whim with absolutely no recourse or chance of being
>brought to justice?
Yes.
You can look at it like this. Which would you rather have affecting your life?
Random hackers with no accountability? Or an organized government agency with
no (for all practical purposes) accountability?
I'd choose the lesser of these myself.
>How do we strike a balance?
Change your perception of the single harasser from something that bothers you
to something that doesn't. You can't change the harasser...
--
Dave Hayes - Institutional Network & Communications - JPL/NASA - Pasadena CA
da...@elxr.jpl.nasa.gov da...@jato.jpl.nasa.gov ...usc!elroy!dxh
To an ant, a drizzle is torrential rain.
Dave Hayes
>So far, this has been EXTREMELY unfair. First of all, Karl and Company
>want to assume that the owner of the account sent the message. Second of
>all, the site I *had* an account at wants to place the blame somewhere.
>I guess I make a very convenient scapegoat.
Karl and Co are not the entire net.
You have at least one poster who agrees that you have been wronged, assuming
you didn't send the message.
--
Dave Hayes - Institutional Network & Communications - JPL/NASA - Pasadena CA
da...@elxr.jpl.nasa.gov da...@jato.jpl.nasa.gov ...usc!elroy!dxh
Nobody wants constructive criticism. It's all we can do to put up with
constructive praise.
Jyrki Kuoppala
>>>The <obstruction of justice> is happening in another country. The actual
>>>act which caused harm took place <here>.
>>
>>What do you mean with "obstruction of justice"?
>
>Obstruction of justice means the refusal to release the information (since
>the claim is made that this act isn't illegal under XXX law, but it is under
>US law) or otherwise obstructing the investigatory process in a fashion
>that wouldn't wash or would bring criminal sanction if tried in the
>United States.
So, in your book "obstruction of justice" is equivalent to
"obstruction of justice as per U.S. laws". But as has been noted
several times in this threads, U.S. laws do not (at least not yet, at
least not in principle) apply on all countries of the world. Perhaps
Julf is violating an U.S. law in not releasing (for example)
information on anonymous email exhanges about oral sex or child
erotica - if that is so, perhaps the U.S. government will arrest,
charge and convict him when we visits the USA next time. Where is the
problem?
>>>So all I need to do in order to harass someone is to make sure the message
>>>passes through a country such as Finland and I'm immune to prosecution,
>>>right?
>>
>>From where do you come to that conclusion?
>
>From the fact that all I have to do is send a message through anon.penet.fi
>and I am absolutely indemnified against being "outed" by Julf. He might
>prevent me from sending message #2, but if the first one is sufficiently
>damaging then who needs a second transmission?
So what? There are plenty of other ways to conceal the origin of a
message. Should anonymous snail-mail letter be banned because the
post office won't "out" the "offenders"? I don't know, perhaps
anonymous letters are a criminal offence - well, then Finland also is
acting immorally by passing anonymous snail-mail letters to USA.
>>>Yep. You're right. But some people think that harassment of folks should
>>>not be aided and abetted by anyone, laws or lack thereof notwithstanding.
>>
>>Yes, and some people think people should be nice to each other, not
>>use swearwords and wash behind their ears every morning. What's the
>>point? Would the world be a better place if each landlord would
>>install cameras in all bathrooms and "out" every person who does not
>>wash behind their ears?
>
>Do you condone harassment of this type?
Harassment of what type? Installing cameras in bathrooms? You are
not making yourself clear.
>If not what would you do to give
>redress to the person who got a few hundred phone calls wanting phone (or
>real) sex
Unwanted calls, I presume?
I think that phone harassment in Finland is taken care so that the
phone company forwards the information about who called to the police.
The identity of the caller is not "outed", and not forwarded to the
callee by the phone company.
>or possibly even the calls or visits from the FBI inquiring
>about an illegal prostitution service?
Well, it's sad that people have to be that afraid of their "own"
government in USA, but I hardly think it's the fault of an anonymous
service in Finland. Perhaps he or she should do something about the
out-of-control government? Support the constitution or something like
that?
>You come into my gunshop, buy a firearm, and then tell me on the way out
>the door that you're going to Joe Schmoe's house to visit. Two hours later
>Joe is shot dead with the same caliber pistol I just sold you. Do I keep
>my mouth shut? After all, I didn't pull the trigger -- I just provided the
>means which the attacker used to do the deed, right?
First you are talking about sexual proposals and unwanted messages.
Now you talk about homicide or murder. There's a great deal of
difference. Also, there's a big difference between a
telecommunications service and gun purchase. At least in the country
where I live, telecommunications privacy is considered an important
civil liberty, and only last year was a law passed which authorizes
the police to even get traffic information (ie. who called whom, when)
on telecommunications, and they need a court order even for that.
Communications
>I have no duty to
>identify you, do I?
Ethical, moral, legal? You are again being so vague that it's hard to
follow? In Finland you probably would have the legal duty to
identify, ie. you can be punished if you don't. What's the point?
>And how does this differ from a person who runs an anonymous server and
>refuses to "out" an abuser under any circumstances, even when there is
>a clear case of egregious harassment or lawlessness?
"harassment" and "murder" are different. "Harassment" in USA seems
for a big part to just be a buzzword much like "drugs", "child porn",
"terrorism" and so on which is used as a tool to rationalize taking
away basic civil liberties.
//Jyrki
Graham Toal
:Now, since this whole thing has turned into a flame war, I have received
:mail from a pern who claims to be actually <constructing> such a service --
:a truly anonymous system which will mutiply-encrypt and bounce-buffer
:messages such that there will be <NO> way to ever discover who sent the
:in the chain. The user who wrote me claimed that this was already in use
If you're talking about the cypherpunks anonymous remailer chain, it's
no big secret. And it hardly needs modifying to work with news - you
just make the final destination one of the many mail to news gateways.
In fact, it's been operational for the best part of a year and I haven't
seen the net collapse in anarchy yet.
G
Jay Maynard
Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>> There will always be an element of vengeance in any form of
>> accountability.
>That's not only highly cynical but patently absurd.
No, that's the way the real world works, like it or not.
>As a counterexample, my employees are accountable to me to
>get their work done, and similarly I am accountable to my
>boss. None of us are "vengeful".
...unless you were to do (or not do) something that were to harm your
employer. There's quite a lot of truth in the saying that "revenge is the
essence of any hierarchy".
>>>Clearly, it is to the financial advantage of the service providers that
>>>anon servers be shutdown.
>> There are free systems out there that allow users to withhold their
>> names from the world...the one I'm logged on to, for example.
>What the HELL is your point, Maynard??
As long as systems such as nyx exist, your argument is demonstrably false: nyx
is not primarily an anon server. Shutting down Julf's system would have little
effect on service providers that charge money, since there will be service
providers that allow anonymous-to-the-world, but accountable, access.
Mats Bergstrom
On 1 Dec 1993, John Payson wrote:
> Fact 2: It is, in many cases, not overly difficult to use public resources
> such that even tracing a message to the originating account won't
> identify who sent it.
Exactly. An example: You log on (from a public phone if paranoid) to a
Fidonet BBS with an alias and fake credentials and send your totally
untracable message in Fido Netmail over a UUCP gate. I think the latest
count of Fidonet BBSes was 26.000+. There is no way to force even a
fraction of these Sysops to install authentication procedures. There
is no way getting around total online anonymity as long as the whole
world is not united in one totalitarian state (or the Internet is shut
down by the United Nations).
James G Driscoll
<snip>
>That opens Pandora's box in a real way. And it is where we're headed.
>There are plenty of folks interested in doing exactly this so they can send
>totally secure messages around with no fear of traceback or interception.
Oh, how scary - just like the USPostal Service now, huh? Better put a stop
to that too. Lighten up, Karl.
--
"You're _so_ neurotic - that's why I love you." - my girlfriend
jdri...@ic.sunysb.edu -- except at StonyBrook, where the mail is broken.
Ismo Peltonen
:
: Have you? Have you read any of his terms and conditions, or what he claims
: he will do if there are problems with his server? His only deference is to
: block access (the second time) from the same person. This is trivially
: gotten around if you know how to telnet to someone's SMTP port.
In which case one doesn't need anonymous server in the first place.
Forging is trivial, so why should we force anonymous service to close as
in case of service the user CAN be traced while in case of NNTP/SMTP
port forgeries it's a lot harder.
: At least you can compel the release of information with a subpoena in the
: US. In other countries this is not the case.
US centric. If someone in US acted against Finnish laws causing me lots
of troubles, what should I do? If Julf's anonymous server, located in
Finland, would cause me lots of troubles by some illegal activity, I
could file a case.
As internet is global, You can't expect people to act according to US
laws UNLESS they live in US. Then again, I can't expect people to act
according to Finnish laws (other than the Finns, of course).
Disclaimer: I don't know anything about any legal matters. If I feel
like being acted against in some criminal way, I call the cops and they
work it out. Or at least tell me what I can do in the matter.
--
Elandal (aka Ismo Peltonen) # snail Hanuripolku 5B15 #
# mail 00420 Helsinki #
home (UUCP): Ismo.P...@Tower.NullNet.FI # FINLAND #
Univ (inet): Ismo.P...@Helsinki.FI # #
# #
Errare humanum est. # Phone voice +358-0-537515 #
(1.0.1) GCS/O -d+(--?)@ -p+(-) c++(++++) l(+) u(+) e+(*) m(+)@
s+/ n- h f+ g+ w++(+++) t+ r++(++++) y?
Jon Jacobs
>the right of people to be reasonably safe and secure in their effects?
We don't, as far as I can tell. You might just as well ask, as many
of us have over the decades, "How do we keep people safe from fallout
from nuclear tests and from nuclear war in the face of the nuclear arms
race?" We don't. The technology is there, very powerful people insist
on retaining it, and as a result we live in a high level of danger that
did not exist before the technology was developed. As far as I know,
there is no answer.
>How do we provide redress to those who are wronged by electronic vandals who
>use this ability to pass credit card numbers around, crack PBX systems,
>crack passwords, leak sensitive corporate data to competitors, post fake
>"Hooker for hire" ads in alt.sex.bondage or just generally cause trouble -
>all with zero chance of discovering who they really are?
We don't (I hope). Vecause if "we," which should actually be read
"they," can do this, they can find out anything about anyone they like.
There's little doubt that computer technology is making concepts like
private property, expecially intellectual property, problematical. And
that extends to the private-property concepts embodied in concepts like
"security" of credit-card numbers.
>Is the price of this freedom the right to harass, intimidate, coerce and
>even vandalize at whim with absolutely no recourse or chance of being
>brought to justice? If so the free highway we all enjoy is in serious
>jeopardy -- people will do what they have to do to prevent vandalism, and
>that will mean the erection of tollbooths and the requirement for "secure ID"
>cards which will be required to be used to access those databases. Oops -
>there comes that ugly monitoring capability again, doesn't it?
The tollbooths will happen anyway. They already exist, in fact. Even
the chaotic environment we're in now is not free. Either your university
or company pay for it--or you do personally (as do I). And the process
of putting most of the valuable and timely information in pay-only data
bases is already well progressed. All that is because of profit, not
because of security concerns.
But networks like this are only a small part of the issue when it
comes to security. Direct network-to-network links will exist whatever
happens on places like the Internet.
>I am concerned as the next person about the government intruding into our
>private communications. I am less concerned about private parties, since I
>can control who I do business with, and under what terms -- those terms can
>include strong privacy guarantees if I choose to negotiate them, along with
>severe legal penalties if the promises are broken.
I fear that you're fooling yourself. Even now, before the
"superhighway" exists, can you negotiate how you do business with the
credit bureau, the electric company, the company that insures your car?
Not on your life. And they sell information about you, often incorrect
information, entirely without your approval. What's more, unlike the
government, whose interests in you have many motives all of which are not
negative, those companies' only interest in you is profit, whatever
effect that may have on you.
>How do we strike a balance?
We don't. We fight as hard as we can to save any shred of privacy and
safety from huge institutions that we can. That this process, to the
extent it succeeds, exposes us to new sorts of risks is simply
unavoidable.
Jon Jacobs
TJ Wood
>The "absolutely anonymous" server which will soon appear, if email I receive
>is correct, will be an absolute magnet for abuse. There will be <no way> to
>possibly stop abusive postings, nor identify who is sending them. Nice.
>THIS is what I disagree with -- anonymous posting with no means of control.
Of course all owners of USENET sites have the right to determine what they
will and will not carry on their machines. Having a posting carried on
every USENET site is not a God-given right of posters.
So if an "absolutely anonymous" server does show up and causes grief to the
net, it wouldn't surprise me that individual sites start filtering articles
from the "absolutely anonymous" site. Filtering by site is not new, of
course and hardly fool proof as it can become a moving target. But I doubt
that owners of USENET sites will just sit by and watch abuse take place.
I know that I will not.
Terry
--
To submit articles to alt.folklore.info write to: wo...@vms.cis.pitt.edu
To contact the moderator write to: t...@vms.cis.pitt.edu.
STella
This thread had only limited relevance to asb several articles ago,
and has less now. Ever since the first article on digital mixes (was
it Chaim? I know it was JACM, c. 1978), it's been obvious that real,
unbreakable anonymity was on its way.
So it goes. Please remove this thread from alt.sex.bondage!
STe...@netcom.com
1016 E. El Camino Real, #302, Sunnyvale, CA, 94087
In a crisis, we cut away
what we don't need any more,
in the good times, we find our way,
we find our way back home.... --World Entertainment War
Ian G Batten
James G Driscoll <jdri...@ic.sunysb.edu> wrote:
> Oh, how scary - just like the USPostal Service now, huh? Better put a stop
> to that too. Lighten up, Karl.
Mail is person-to-person, however: you can't broadcast with it. In the
UK at least printed and distributed matter has to have an address for
the publisher (and, I think, the printer). This law is not widely
enforced, but it is generally obeyed.
ian
The Friendly Ghost
>In article <2dio05$b...@agate.berkeley.edu>,>Is he or she innocent? We really don't know that, do we? Certainly I have
>nothing suggest otherwise, but we <do not know>. Only a claim.
#@#$! (non-denominational swearing)
It's innocent until proven guilty in the US.
Go back to civics 101
T.N.S. Friendly Ghost
--
=+==+==+==+==+==+==+==+==+==+==+==+==+==+==+==+=
John Groseclose
--
For which I thank you. After doing a wee bit of research (as much as I can
do without access to the original account) I find that this person who
posted the "ad" didn't even *have* to hack the account. It also could have
simply been forged to appear as if it came from my account. Egads, what a
balls-up this is. . .
John Groseclose
--
A message from Julf appeared in my mailbox: that was the first real clue I
had that anything "bad" was going on. Previous to Julf's message, I had
receive two or three messages containing interesting snippets such as
"Write me mail" or "I want you!" and nothing else.
Immediately upon receiving Julf's message, I cranked up TIN, subscribed to
alt.personals, and checked it out. I then sent him a message informing him
that I didn't send the message. After more checking, I came to the
conclusion that there was a good possibility of the account having been
hacked. I sent another message to Julf, one to the "target", and one to
each of the two administrators of that system.
End result, I have no idea what Julf says. I can't get mail from that
account any more, so any replies that he's sent have been lost into
cyberspace. The "target" apparently isn't blaming me, or so she says, and
the two admins (or at least one) have decided that I should be held
accountable anyway, and banned me.
Jym Dyer
> other, not use swearwords and wash behind their ears every
> morning.
=o= Get real. The incident we're talking about is very
different from this preposterous list of minor "offenses."
<_Jym_>
David Koontz
>In article <2diid8$h...@panix.com>, Clay Shirky <cl...@panix.com> wrote:
>>In <2diecp$8...@Mercury.mcs.com> ka...@Mcs.Com (Karl Denninger) writes:
>>
>>>No, I don't think I've been trying to make that case. What I've been
>>>trying
>>>to make as a case is that a communication which began and terminated in the
>>>US should fall under US jurisdiction. Do you advocate that a person who
>>>hijacks a plane in the US, flies to Finland, and then back to the US
>>>should
>>>somehow escape US prosecution?
>>
>>Karl, you are making that case, because you have no way of knowing if the
>>original poster was from the US without somehow forcing Julf to reveal
>>their identity, which means that you believe that US law enforcement should
>>be have the right to force citizens in other nations to answer to US search
>>warrants. Without proof that the post origniated in the US, your argument
>>fails, and the only way to garner that proof is to subjugate Julf to US
>>law.
>I know I can't compel Julf to answer to US law.
>I'm <asking> him to comply. I'm well aware of the difference. There is no
>way to compel Julf to do anything, other than creating an international
>incident.
>This is part of the problem I see with anonymous posting services. There is
>a serious issue here with regards to the protection of people's rights, and
>the ability to obtain redress. I don't have a problem with anonymous
>posting services as long as they're not abused. When people are damaged as
>a result of these services, and the operators hide behind a "I'm not in the
>US so screw off" attitude, there is no recourse.
It seems there is a problem of perspective, similar to that of a car owner
who has found his car vandalized.
A person became the victim of internet graffitti, similar to writing
something derogatory on a bathroom wall. Karl appears to be upset that
it can be done anonymously via email. (Interestingly enough physical
mail shares the property of allowing anonymity.)
What rights have been violated? The victim has been slurred, in the
equivalent manner of bathroom graffitti. There would be almost no
chance of redress in a civil or criminal court for the action (I admit
not having seen the original sin), there is no hard fast evidence of
who did it (the internet having no authentication whatsoever), no evidence
link to a user that can be shown to stand up in court. This was an
anonymous (read unwitnessed) act, similar to graffitti on a building or
roadside sign.
Is it possible karl is indignant on finding the equivalent of urine
smells around his back gate to the alley way? The internet reflects
the real world and its people, calling for legislated morality to
place in on a higher plane is more akin to religion.
The indignation toward the individual in finland is equivalent to
being unhappy with someone who allows public access to their property
(say beach access in southern California, albeit it would be forced
anyway), and doesn't require them to identify themselves and log
crossing times, because you know some of them crossing the property
are going to litter the beach. Hell, eventually one or two of them
will probably commit a violent crime on the beach.
Asking Julf to turn over the equivalent of photographs from a survellience
camera by force of law is injudicious, considering on the internet anyone
is free to wear whatever mask (username, return path) they desire.
You could easily end up with a lineup filled with Richard Nixons, or other
ex-presidents.
Lets face it, in a free society we have to convert or win over the barbarians
instead of dragging everyone down to the same level with the great leavening
of socialism. Removing everyones opportunity for privacy because it may
be abused by some hardly seems consistent with freedom. People aren't born
civilized, it rubs off on them during their lives. They are likewise not
civilized because the law allows no alternatives.
Alexander EICHENER
mfri...@us.oracle.com (Michael Friedman) writes:
>In article <2dio05$b...@agate.berkeley.edu>
>s...@zabriskie.eecs.berkeley.edu (Steve Pope) writes:
>>ka...@Mcs.Com (Karl Denninger) writes:
>>As others have pointed out, Julf has often cooperated in
>>cases of abuse of his server, apparently including the one
>>under discussion... since the owner of the account involved
>>has been identified (the owner was not the perp; the account
>>was cracked).
>
>To the best of my knowlege, this is a total lie. Could you please
>inform us of a single case in which Julf has cooperated to identify
>someone who misused his service? My understanding is that in this
has, in an innumerable amount of cases, banned frivolous posters
from using the server. He has done so swiftly, fairly, yet effectively.
He is furthermore, willing to block access to any group that has
held a straw poll demanding so; and he has done that already.
>>So far, Julf has exhibited good judgement on these things.
>
>Please provide even a single example of this good judgment.
of the history of the anon-server. Then, please go *AT ONCE*
to alt.privacy.anon-server and retrieve the long and very
comprehensive 4-part FAQ thereof. Or get it from alt.answers.
This will help you to learn a lot about the whole story.
Or you are intellectually dishonest...
I prefer to believe in the former alternative.
Sincerely,
Alexander Eichener
c...@vm.urz.uni-heidelberg.de
Alexander EICHENER
t...@world.std.com (Tom O Breton) writes:
>[Apparently random crossposting removed]
:-) Thank you !
>ka...@Mcs.Com (Karl Denninger) writes:
>Strange that your ever-so-sensitive humane concern has suddenly
>evaporated, merely because in this context it's inconvenient to your
>case.
in fact; I just remember too well how vividly he would defend his
*unlimited* right to throw off any customer of his service who - in
his eyes - was behaving badly, yet on the other hand he would rant
like a wounded boar about university admins censoring students
and not giving them fair process - the same fair process that he
sustains is not applicable on msc.com. Smile :-)
>Funny how your level of sympathy totally reverses when it's inconvenient
>to your case. The gal whose phone number you posted is given the most
>delicate victimhood -- cause that'll sock anon.penet.fi but good -- but
>the fella whose account was broken into is immediately considered an
>irresponsible chump.
Alexander Eichener
<c...@vm.urz.uni-heidelberg.de>
Alexander EICHENER
>> <immediate> outing was the answer. I have said it is <part> of the
>> answer to abuses which invariably come with these servers.
>
>answer." was supposed to mean (as it appears at first glance) that you
>have not recommended immediate outing: Oh yes you have. EG message-ID:
><2dj8al$d...@Mercury.mcs.com> "including being immediately identified as
>the source account of the post. "
He could get a hick-up.
Alexander Eichener
c...@vm.urz.uni-heidelberg.de
Bob MacDowell
>=o= Get real. The incident we're talking about is very
>different from this preposterous list of minor "offenses."
What's interesting is that this incident is serious enough to discuss closing
down the anonymous posting service, but not serious enough for ANYONE to
cancel the offending article after most of a week.
Kinda shows where people's motivations lie.
-Bob
--
It's Usenet. Get used to it.
Steve Pope
> What's interesting is that this incident is serious enough
> to discuss closing down the anonymous posting service, but not
> serious enough for ANYONE to
> cancel the offending article after most of a week.
>
> Kinda shows where people's motivations lie.
Actually, most people do not know how to forge a cancellation,
and most of those who do are very reluctant to issue said
forgery. Forged cancellations, if used widely, would just
lead to more anarchy. Not to mention that they are generally
against site policies.
Plus, since the offending post went through penet, the account from
which it was posted cannot issue a legit cancel.
The legitimate procedure probably would be for caradoc
to send a admin request to penet asking it be cancelled.
Steve
Jyrki Kuoppala
I respectfully disagree.
//Jyrki
Bob MacDowell
>Actually, most people do not know how to forge a cancellation,
>and most of those who do are very reluctant to issue said
>forgery.
Oh, sometimes a discreet forged cancel can solve more problems than it
creates. The trick, the almost impossible trick, is having the wisdom
to know when that is. I can understand why people are reluctant. It's
a can of worms I recently opened, and, yup, it's a can of worms all right.
> Forged cancellations, if used widely, would just
>lead to more anarchy. Not to mention that they are generally
>against site policies.
I know :-) My admin told me so :-)
>Plus, since the offending post went through penet, the account from
>which it was posted cannot issue a legit cancel.
No biggie. You make a cancel and in the message body say "The anonymous
poster asked me to cancel this". You don't even have to out yourself.
I've done it and will again, as necessary.
If there's any question, I'm sure the anonymous poster will back you up :-)
>The legitimate procedure probably would be for caradoc
>to send a admin request to penet asking it be cancelled.
The time delay would render the action nearly moot. But that's true of most
cancels anyway, unless they're done quick on a well connected site.
As to the original posting...
I see inappropriate postings piped through anon as just another technique
for forging a message. Since that, or more to the point inappropriate
postings, is the fundamental problem, there's not a way to fix that
without installing enough controls on Usenet to turn it into Prodigy.
People seem unanimous about thinking that to be a bad thing.
Anarchy is part of what makes Usenet special. The question is, should that
anarchy manifest itself with posting harrassing messages, or by cancels
getting issued against it? I guess I'm not prepared to answer that.
It appears to be up to the poster, or the canceler, if any. They ain't me.
They can open that can of worms.
Greg Broiles
>What I've been trying
>to make as a case is that a communication which began and terminated in the
>US should fall under US jurisdiction. Do you advocate that a person who
>hijacks a plane in the US, flies to Finland, and then back to the US should
>somehow escape US prosecution?
Let's turn this around; imagine that some other country forbids the
discussion or quotation of certain forbidden texts, considered morally
or politically distasteful - maybe Adam Smith's _The Wealth of Nations_.
Two citizens of that country use an anonymous messaging service located
in the U.S.A. to discuss that forbidden work. The police catch
one user, but are unable to extract from them the identity of the
other. Should the foreign police be able to use the judicial processes
of the U.S.A. to compel the admin of the messaging service to reveal the
identity of the other user?
--
--
Greg Broiles
gr...@goldenbear.com (preferred)
gbro...@efn.org
Eric Salberta
>In article <2dh29e$s...@agate.berkeley.edu>,
[ Lots of accumulated text about Julf's policies deleted to save space ]
>>|
>>| At least you can compel the release of information with a subpoena
>>| in the
>>| US. In other countries this is not the case.
>>
>>I agree that such a court order would be unusual in Finland.
>>
>>But in that case, your complaint should be with the Republic of
>>Finland, rather than Julf, since you are in essence implying
>>that he is operating legally.
>
>Not really.
>
>He is providing service to people outside of his country. That makes him
>just as responsible for the problem as the authorities if the party in
>question can't get relief due to geography. This is particularly true if
>the message originated in the US. (I'll grant you the point if the message
>originated in some other country, but I doubt this is the case).
>
>Given a communication which originated in and had as its intended target a
>person in the US, I believe that US law should apply. Thus, I believe
>that Julf should honor a US warrant or court order compelling the release
>of the identity.
Are you _sure_ that you mean this the way that it sounds? I may
be mis-interpreting your position here, so let me paraphrase it in my own
words.
A communication which originates in, and "targets" [i.e. has as
its subject] individuals (or groups) in, a certain country, should
be governed by the laws of that country -- _even if_ the person who
actually posted the article is a resident of an entirely different
country. (Note that "originates", in the above, clearly does _not_
mean "was posted from", or the condition cannot occur. I presume
that you mean that the post was based on a non-public communication
from an individual in the first country to the ultimate poster.)
Suppose I were to receive an E-Mail communication from a student in
Beijing during the time of the Tienanmen Square incident telling the story
of how the Chinese government is massacring (sp?) the protesting students.
Further, suppose that I then posted an Internet message repeating this
letter, with the student's name removed to prevent retaliation by the
Chinese government, and that this was a very inflammatory letter harshly
criticizing said government.
By the principle that I have paraphrased above, I would then be
liable to be judged _under Chinese law_ with regard to this incident. The
letter did originate in China, it did "target" the Chinese government, and
(the last I heard) it is illegal under Chinese law to criticize their
government, at least to a sufficiently harsh degree. This would mean that
I would be compelled to release the student's name to the Chinese govern-
ment so that they could "get relief" against him, and my First Amendment
rights as a U.S. citizen would be irrelevant to the case.
Obviously, I consider this an absurd and atrocious outcome. But
I can't see anything in the general principle that you have set forward
above that would prevent this kind of "relief". If I have misunderstood
your position in the above paraphrase, I would appreciate it if you could
clarify what you do mean. If you do indeed support this kind of policy,
then I could not possibly disagree with you more.
>I fully understand that there are <very> valid reasons for anonymous posting
>to the Internet (not the least of which is the group alt.sexual.abuse.recovery).
>This particular discussion, however, comes on the tail end of a flamefest I've
>been involved in with users on another Chicago area system where one of them
>advocates unrestricted, unconditional, no-discovery-process anonymous
>accounts,
As do I.
> and that people should be able to post (ie: "say") anything
>without fearing that they will be identified in any fashion or under
>any circumstances.
As do I. Note that what they post does not have to be taken
seriously unless they identify themselves or provide other reasons for
believing it. If I post an anonymous article in which I accuse President
Clinton of Satan worship, and I provide no evidence to back it up, then
it would be a truly small mind that would actually take this at face value.
Even so, I do _not_ approve of enforced "identification" of people making
such posts, because I believe that any good coming of such a policy would
be completely overwhelmed by the bad. (Note that I'm _not_ actually
accusing Bill Clinton of Satan worship -- it's really Hillary!! :-))
>My point is that this posting is the direct result of that kind of anonymous
>access, and that for this reason there should be some "outing" procedure
>available that doesn't require raising an international incident for those
>who are victims of this kind of attack.
I disagree strongly, as stated above. I don't think that you can
formulate such a policy that won't be _much_ more easily abused that used
correctly.
>--
>Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
>Modem: [+1 312 248-0900] | Clarinet feed in Chicago. Send email to
>Voice/FAX: [+1 312 248-8649] | "in...@mcs.com" for more information.
Eric R. Salberta esal...@scubed.com
As usual, this posting is entirely mine, and does not in any way reflect the
official views of Maxwell Laboratories, if indeed they have any about this
matter.
Jack Mcbryde
> A communication which originates in, and "targets" [i.e. has as
> its subject] individuals (or groups) in, a certain country, should
> be governed by the laws of that country -- _even if_ the person who
> actually posted the article is a resident of an entirely different
> country. (Note that "originates", in the above, clearly does _not_
> mean "was posted from", or the condition cannot occur. I presume
> that you mean that the post was based on a non-public communication
> from an individual in the first country to the ultimate poster.)
>
> Suppose I were to receive an E-Mail communication from a student in
>Beijing during the time of the Tienanmen Square incident telling the story
>of how the Chinese government is massacring (sp?) the protesting students.
>Further, suppose that I then posted an Internet message repeating this
>letter, with the student's name removed to prevent retaliation by the
>Chinese government, and that this was a very inflammatory letter harshly
>criticizing said government.
>
> By the principle that I have paraphrased above, I would then be
>liable to be judged _under Chinese law_ with regard to this incident. The
>letter did originate in China, it did "target" the Chinese government, and
>(the last I heard) it is illegal under Chinese law to criticize their
>government, at least to a sufficiently harsh degree. This would mean that
>I would be compelled to release the student's name to the Chinese govern-
>ment so that they could "get relief" against him, and my First Amendment
>rights as a U.S. citizen would be irrelevant to the case.
Yep. And if you didn't cooperate, the Chinese government would be justified
in surrounding your house with tanks and shooting you. even though your
house is presumably in the US.
jack
--
jack mcb...@math.uh.edu * All I ask of Thee, Lord
* Christ died for our sins. Dare we * Is to be a drinker and fornicator
* make his martyrdom meaningless by * An unbeliever and a sodomite
* not committing them? - Jules Feiffer * And then to die. - Claude de Chauvigny
Ron C Carman
>ka...@Mcs.Com (Karl Denninger) writes:
>>This particular discussion, however, comes on the tail end of a flamefest I've
>>been involved in with users on another Chicago area system where one of them
>>advocates unrestricted, unconditional, no-discovery-process anonymous
>>accounts, and that people should be able to post (ie: "say") anything
>>without fearing that they will be identified in any fashion or under
>>any circumstances.
> As do I. Note that what they post does not have to be taken
>seriously unless they identify themselves or provide other reasons for
>believing it. If I post an anonymous article in which I accuse President
>Clinton of Satan worship, and I provide no evidence to back it up, then
>it would be a truly small mind that would actually take this at face value.
>Even so, I do _not_ approve of enforced "identification" of people making
>such posts, because I believe that any good coming of such a policy would
[...]
And if someone posts an anonymous article threatening Clinton's life
(or perhaps more to the point, yours or mine)? Are you saying the poster's
anonymity should be respected?? There are laws against terroristic
threatening, after all...
Ron Carman
--
| Ron C. Carman || That's the trouble with feeling as if you're |
| rcca...@mik.uky.edu || on top of the world. It's always a sure sign |
| rcca...@ukpr.uky.edu || you and it are about to switch places. |
| U.S. SnailMAIL: P.O. Box 24352 Lexington, KY 40524-4352 |
The Wolfe of the Den
>jmay...@nyx10.cs.du.edu (Jay Maynard) writes:
>
>>In article <2dj6j4$g...@agate.berkeley.edu>,
>
>>> I remain unconvinced though that there is ever any value in
>>> "outing" an anonymous poster. The suggestion seems to be
>>> vengeful more than anything else.
>
>> There will always be an element of vengeance in any form of
>> accountability.
>
>That's not only highly cynical but patently absurd.
>
>get their work done, and similarly I am accountable to my
Steve:
There is *still* the "potential" for vengance (in perhaps a very
mild form) in the requirement of accountability. The need for
accountability implies that there is someone to take the "blame" if
something should happen that requires a "perpetrator" to be located.
I certainly don't feel vengeful towards the programmers I am supervising
at my real job, and I'm pretty sure that my boss isn't vengeful towards
me (most of the time :-), but if one of them makes a mistake and
requires a whole 5 hour program to be run again, there is certainly a
fair amount of "vengance" taken out on the poor sod for messing up.
The whole concept of accountability ultimately depends on the concept of
some sort of force/threat/guilt used to ensure "correct" performance.
(Do we need to break this down into words of one or two syllables for
you?)
Wolfe
--
G. Wolfe Woodbury - Usenet Admin @ Wolves.Durham.NC.US
"The flame war is a specific Usenet art form." --me
[This site is not affiliated with Duke University. They like it that way!]
Steve Pope
>>As a counterexample, my employees are accountable to me to
>>get their work done, and similarly I am accountable to my
>>boss. None of us are "vengeful".
>
>I certainly don't feel vengeful towards the programmers I am
>supervising at my real job ... but if one of them makes a mistake and
>requires a whole 5 hour program to be run again, there is certainly a
>fair amount of "vengance" taken out on the poor sod for messing up.
Man. I'm sure glad I don't work in such an environment. A
5 hour slip results in "vengance"?? Where are you from,
the Ross Perot School of Infighting??
> (Do we need to break this down into words of one or two syllables for
> you?)
No, you've made yourself clear....AAAARGH!!!
Steve
Karl Denninger
Eli Brandt <ebr...@jarthur.cs.hmc.edu> wrote:
>("Distribution: inet" removed)
>In article <2dj8al$d...@mercury.mcs.com>, Karl Denninger <ka...@Mcs.Com> wrote:
>>If it is your account then it is your problem. Most university
>>accounts, and nearly all commercial ones, contain clauses in their
>>user agreements stating exactly this.
>
>Such clauses are bogus. As a user, I can maintain account security
>by picking good passwords and keeping them secret. I can leave .
>out of my path. I can refrain from making my .login world-writable.
>I can do a number of common-sense things. But all I can do about
>system security is bitch and moan. Am I negligent in getting an
>account on a system which runs sendmail? Well, maybe. But many
>Unix systems are insecure out of the box, and new security bugs show
>up all the time.
Yep. This is true. But the primary responsibility still rests with the
user. You can deny that you were the culpable party, and that may well be
the case.
You're still responsible. Nobody <forces> you to use the net.
>Perhaps the user was at fault, perhaps not. But it is inevitable
>that your demanded "immediate `outing' of the abuser's real id..."
>policy will result in the smearing of some who were entirely
>blameless.
He wasn't blameless. He even admitted that he should have secured his
account, and failed to do so. Therefore, he was possibly negligent. That's
not actionable, but it certainly explains what happened.
Is it really a "smear" if someone posts evidence that my account sent a
highly inflamatory message through an anon server? I don't think so;
certainly it is a refutable allegation, and that's fine with me as well. On
the other hand damage control is also important when someone does this kind
of thing.
> I find this irresponsible. At the very least, why not
>fall back to advocacy of "outing" only after figuring out what
>actually happened? We could even throw in due process or something.
How do you define "due process" across six continents in a way that people
will accept?
Karl Denninger
No.
In the case which I cited, and in nearly all cases to date, the originator
and target of the harassing message have both lived in the same country.
This happens to be a reality of geography more than anything else.
The message <originates> at the keyboard of the person who types it.
Regardless of whether you telnet to someone's SMTP port in England, if you
live in the US you're originating the message from the US.
> Suppose I were to receive an E-Mail communication from a student in
>Beijing during the time of the Tienanmen Square incident telling the story
>of how the Chinese government is massacring (sp?) the protesting students.
>Further, suppose that I then posted an Internet message repeating this
>letter, with the student's name removed to prevent retaliation by the
>Chinese government, and that this was a very inflammatory letter harshly
>criticizing said government.
>
> By the principle that I have paraphrased above, I would then be
>liable to be judged _under Chinese law_ with regard to this incident.
Nope. <You> didn't originate the message from China, you did so from the
US. Therefore YOU are not liable under Chinese law. You might be under US
law.
The person who forwarded the message to you from China was breaking the law
of the land <there>. If the Chinese government wants HIS identity for
prosecution, I believe you are morally and ethically obligated to release it.
Do you advocate that I should be able to get away with lawbreaking just by
passing a message which would otherwise bring sanction just by sending it
through a second country? Does this mean that all I have to do is find
a country which doesn't believe the law I want to break is punishable and
I'm home free if I can somehow connect my activity to that foreign land?
If not here, then why there? Who are WE in the USA to judge the standards
by which others must live? Who are WE to judge the laws of another country?
We did exactly this when we kidnapped Noriega and brought him to trial here
in the US. As a result we cannot be outraged when his henchmen kidnap our
President and bring him to trial in Panama for the crime of invading their
country, can we?
Or is this all about "he who has the biggest guns wins"? I believe that in
a civilized world you CANNOT impose your rule of law on another country in
this fashion.
I may not LIKE the laws of another land, but if the people of the US feel
<that> strongly about them then we should stop being hypocrites and just
go invade. Or do we have the stomach only for trifling commentary and
subterfuge, but not to enforce our sentiments? Just how strong ARE those
sentiments anyway?
I thought so.
>> and that people should be able to post (ie: "say") anything
>>without fearing that they will be identified in any fashion or under
>>any circumstances.
>
> As do I. Note that what they post does not have to be taken
>seriously unless they identify themselves or provide other reasons for
>believing it.
Eric Salberta's VISA Number is 42XX-YYY-222-111. Feel free to order
yourself a free computer and charge it to him. I'm sure he'll appreciate
the fact that you helped yourself to his credit line.
Eric Salberta's bank is the First National Bank of Anytown, USA. The
routing number is 071912XYZ, and his account number is X2321-20321. Help
yourself to a free computer; he has $5,203.23 in the account right now.
(Note that in THIS case YOU are the one who might be out the money - Fair
Credit standards don't apply to deposit accounts!)
Do you REALLY advocate that I should be able to do exactly this from an
anonymous server and face ZERO repercussions, and that you (and the
credit card company) should have ZERO ability to track me down for
doing exactly this kind of thing?
Do you volunteer to be the first victim?
>Eric R. Salberta esal...@scubed.com
Karl Denninger
Yes. You can't have it both ways. If you expect others to respect your
laws, you have to respect theirs.
The act in question has taken place wholly within the originating and
terminating country's borders. The use of the anon service is simply a
device to avoid prosecution. If this is not recognized then you have a
situation which is almost exactly analagous to hijacking a plane in the US,
flying to Cuba <and then back> and claiming you can't be arrested because
you did the hijacking in a foreign country. Nonsense. You tried to use
the foreign country to avoid prosecution and nothing more; that was a US
crime.
With a network which reaches across national boundaries some deference has
to be paid to the laws of the countries where the actual act of posting (or
consumption) takes place. At least this is how I see it. We <do> want
international connectivity, yes? If so then we <must> respect the laws of
the lands we connect with, even if we find their laws personally distasteful.
Things get much more complicated if the anonymous poster intends to have
their message consumed (or the "target" to be harmed is) in a country
different than that of the poster. I don't have a real strong opinion on
handling that particular case. Fortunately, at least to date, those
incidents are relatively rare.
Karl Denninger
Only from a legal perspective.
It is actually indeterminate until proven guilty, with the default if such
cannot be proven to be "not guilty". A verdict of "not guilty" doesn't mean
"innocent", it means not proven beyond a reasonable doubt.
There is a significant difference.
In any event, this isn't the issue here. I am not accusing the person in
question of <actually> sending the message. He has admitted that his
account was involved, and that he might have been somewhat negligent in its
maintenance.
Karl Denninger
Jack Mcbryde <mcb...@casc.math.uh.edu> wrote:
>In article <1993Dec7.0...@scubed.com> esal...@scubed.com (Eric Salberta) writes:
>
>> Suppose I were to receive an E-Mail communication from a student in
>>Beijing during the time of the Tienanmen Square incident telling the story
>>of how the Chinese government is massacring (sp?) the protesting students.
>>Further, suppose that I then posted an Internet message repeating this
>>letter, with the student's name removed to prevent retaliation by the
>>Chinese government, and that this was a very inflammatory letter harshly
>>criticizing said government.
>>
>> By the principle that I have paraphrased above, I would then be
>>liable to be judged _under Chinese law_ with regard to this incident.
>Yep. And if you didn't cooperate, the Chinese government would be justified
>in surrounding your house with tanks and shooting you. even though your
>house is presumably in the US.
>--
>jack mcb...@math.uh.edu
Yes, I find that you can exaggerate my position. 'Tis not that hard, is it?
Where do you get that I condone using force?
You can physically refuse to cooperate all you want. But actions
have consequences. If you are in the US I can prosecute or sue. I
can only hope to sway opinion in this matter outside the US unless a
majority of the US residents and/or the correct political figures
become sufficiently outraged to officially sanction the use of
force (ie: go to war, decline to allow the US to talk to country
"X" via the net, etc.).
I have offered no specific sanction for refusing to cooperate as a
"suggested" retaliation, and realize that the practical answer is "none
available". At the present time I am unwilling to kill or die over this
issue, and in international politics that's what it comes down to in
large part between governmental entities.
That doesn't mean I think its right.
Karl Denninger
>>
>>Obstruction of justice means the refusal to release the information (since
>>the claim is made that this act isn't illegal under XXX law, but it is under
>>US law) or otherwise obstructing the investigatory process in a fashion
>>that wouldn't wash or would bring criminal sanction if tried in the
>>United States.
>
>Amazing. Karl, you are incredible. So any activity, anywhere,
>that "wouldn't wash in the United States" is "obstructing
>justice".
>
>That's about the most U.S.-centric attitude I've encountered
>since the classic "ugly American" behavior fell out of fashion.
Again, Steve, I ask you:
Does this mean that I should be able to escape prosecution for an
act committed on <American> soil, against an <American> on <American>
soil, because I travelled (virtually or otherwise) for a brief moment to
some other country and while their changed my appearance?
What will you advocate when or if "Oceania" actually appears, and has no
drug laws. A drug runner sells some coke in the US, and takes a flight
to Oceania, deposits the cash, and then comes back to the US. He claims
that he is immune to bust because he passed through the other country, and
that country has no WOsD. Do you agree or disagree?
US-centric? As long as the source and destination of the act which
violates US law occur both on US soil I think it is properly US centric.
Note that I don't support what the US did with Manuel Noriega, as in his
case the act which he allegedly committed did <not> happen on US soil. The
<effect> might have occurred here, but he did not <commit> it here.
In this particular case, and many others like it, the act <was> committed
here, and it was directed against a person <here>.
Eric Salberta
>esal...@scubed.com (Eric Salberta) writes:
>
>>ka...@Mcs.Com (Karl Denninger) writes:
>
>>>This particular discussion, however, comes on the tail end of a flamefest I've
>>>been involved in with users on another Chicago area system where one of them
>>>advocates unrestricted, unconditional, no-discovery-process anonymous
>>>accounts, and that people should be able to post (ie: "say") anything
>>>without fearing that they will be identified in any fashion or under
>>>any circumstances.
>
>> As do I. Note that what they post does not have to be taken
>>seriously unless they identify themselves or provide other reasons for
>>believing it. If I post an anonymous article in which I accuse President
>>Clinton of Satan worship, and I provide no evidence to back it up, then
>>it would be a truly small mind that would actually take this at face value.
>>Even so, I do _not_ approve of enforced "identification" of people making
>>such posts, because I believe that any good coming of such a policy would
>[...]
>
> And if someone posts an anonymous article threatening Clinton's life
>(or perhaps more to the point, yours or mine)? Are you saying the poster's
>anonymity should be respected?? There are laws against terroristic
>threatening, after all...
>
case the Secret Service does _not_ take such threats lightly from what I've
heard. But do _you_ think that an announced policy of "in case of threats
to the President, we'll release your ID" would really make the President
any safer? Most likely, someone who wants to nail the President would
still attempt to do so, but without making a threat beforehand.
There are two ways to answer your question. With regard to what I
think "should" be the policy: Yes, I still think that a policy of respect
of privacy should be kept. The real threat, in this case, is not the post-
ed article, but the actual _attempt_ to take someone's life. If anything,
knowing that there's a nutcase out there gives the target at least some
chance to arrange a defense for himself. When someone strikes "out of the
blue", then that chance isn't there. The only policy that might help to
defend against an attacker who is really determined to "get" his victim is
in two parts:
[1] Announce that you have an anonymity policy that is "ironclad", in order
to persuade the attacker to post a threat before actually attacking.
[2] Break the promise in order to track the attacker down.
In other words, you must have a policy of lying and promising a
degree of anonymity that you do not intend to deliver in order to actually
catch your culprit. If you openly admit that you will break anonymity
under specified conditions, then people who fall under those conditions
will not use your service.
I do _not_ approve of the policy outlined above. In the first
place, I've been lied to often enough by government, etc. to be thoroughly
sick of it by now. And, in the second place, the deception would not last
past the first time that it was made clear that the policy was, in fact, a
lie. After that, would-be attackers won't use the service, and since no
one now knows what the _true_ limits of your anonymity are, I think that
very few people will trust your service _at all_.
I could, perhaps, live with a policy that says "We will preserve
your anonymity _except_ in the following special cases: [A] ... [B] ...
[C] ... ; in all cases except these, we will preserve your anonymity."
Such a policy is honest (assuming that it is kept), and, depending on
what the conditions are, might still preserve anonymity for those who
truly do need it. However, I doubt that the president, or you and I,
will be any safer -- because the would-be assassin will now simply not
use this service to post threats, but will instead simply attack without
warning.
The second way to answer your question is with regard to: what do
I think "would" actually happen if such a threat were to be posted to the
Usenet anonymously. If it were a threat to the President, then I'm sure
that the Secret Service would do everything in its power to track down
the poster, and I have heard that they have a _lot_ of leeway in cases
like this. I'm not sure what they could do about a poster in Finland,
but if the article came from an anon-server in the US, then I'd bet that
that server would come under _humongous_ pressure to release the name. I
would not like to be in the position of having to withstand such pressure
myself. As for what would happen if the server destroyed the data-base
of names -- have you ever heard of the case of Dr. Mudd? He was the
physician who treated John Wilkes Booth after he escaped, wounded, from
the theater where he had shot President Lincoln. While (as far as I know)
there was no evidence that Mudd had known that Booth was an assassin when
he treated Booth, he was still sentenced (I don't know for how long, or
what the exact charge was) for this act. The point is that ordinary
principles of fair play, etc., do not always apply when a President is
under attack.
Of course, if you or I were threatened, the response would most
likely be much less dramatic. I suspect that not much could be done
about a Finnish anon-server in this case. As for such a server in the
United States, what would happen to it would probably depend upon the
specific circumstances of the threat and upon the judgment of whichever
court heard the case. We made all kinds of threats to each other when
I was back in high school, and nobody ever took them seriously.
My final point remains: that while there are specific circum-
stances in which "breaking" anonymity can do some good, when considered
overall it (in my opinion) has the potential to do considerably more
harm than good. Those who use anonymity are usually those who are, or
believe that they are, exposed to some threat if their real names are
known -- otherwise, why go to the trouble? There are, in my opinion,
sufficiently many people (wives/girlfriends hiding from abusive
husbands/boyfriends, for example) who _do_ need the protection to make
it worthwhile to offer the service. The would-be attacker can use the
long-known technique of making a message from pasted-together newspaper
headline letters if anonymous Internet is not available. There really
is no way to stop this kind of sick mind short of catching and imprison-
ing him. To require that those who do need protection give it up and
just accept the risks in order to have a small chance of catching a few
sick minds is not, IMHO, a good bargain.
About the only alternative that might be better would be to make
anonymity breakable only in special cases, and _only_ by a strongly
trusted authority. This is similar to the proposals made here that
anon-servers should violate confidentiality only when served with a court
order. The problem with this is that the security is only as good as the
trustworthiness _and the internal security_ of the "trusted authority".
This is the same problem as occurs with the "Clipper-chip" proposal to
give the government the ability to listen in on citizen's private tele-
phone conversations, and there have been many examples posted of the
possible problems with that. I'll just mention a couple of them here: the
FBI incidents when Hoover used the Bureau as a weapon to persecute groups
of which he personally disapproved, and the recent incident in which
employees of some government agency (was it police? I forget) were caught
selling the records of individual private citizens in exchange for cash.
Bottom line: I'm not willing to consider compromising the safety
of those who really _need_ to be anonymous for any reason of less than
truly crucial importance. Catching little twerps who post nasty messages
from universities does not, in my opinion, qualify.
>Ron Carman
>
>--
>| Ron C. Carman || That's the trouble with feeling as if you're |
>| rcca...@mik.uky.edu || on top of the world. It's always a sure sign |
>| rcca...@ukpr.uky.edu || you and it are about to switch places. |
>| U.S. SnailMAIL: P.O. Box 24352 Lexington, KY 40524-4352 |
Eric R. Salberta
esal...@scubed.com
As usual, this post is entirely my opinion, and does not reflect any
position held by the management of S-Cubed / Maxwell Laboratories.
Steve Pope
>>Amazing. Karl, you are incredible. So any activity, anywhere,
>>that "wouldn't wash in the United States" is "obstructing
>>justice".
>>
>>That's about the most U.S.-centric attitude I've encountered
>>since the classic "ugly American" behavior fell out of fashion.
>
>Again, Steve, I ask you:
>
> Does this mean that I should be able to escape prosecution for an
> act committed on <American> soil, against an <American> on <American>
> soil, because I travelled (virtually or otherwise) for a brief moment
> to some other country and while their changed my appearance?
If you commit an illegal act in the U.S., you should not be
able to escape prosecution if the prosecutors can *legally*
acquire enough *admissible* evidence to prosecute you.
If they can't get the evidence legally, or if it's
inadmissible, then they shouldn't be able to prosecute you,
even if you're guilty as sin.
If the evidence has to come from a foreign country, then it too
should be obtained legally -- through extradition and due
process.
I do not advocate illegal prosecutions, even of the guilty.
Steve
Karl Denninger
Steve Pope <s...@zabriskie.eecs.berkeley.edu> wrote:
>In article <2dlmlk$n...@Mercury.mcs.com> ka...@MCS.COM (Karl Denninger) writes:
>>>Amazing. Karl, you are incredible. So any activity, anywhere,
>>>that "wouldn't wash in the United States" is "obstructing
>>>justice".
>>>
>>>That's about the most U.S.-centric attitude I've encountered
>>>since the classic "ugly American" behavior fell out of fashion.
I note that you deleted my response to this particular piece, but included
the quote. A little yellow journalism at work?
>>Again, Steve, I ask you:
>>
>> Does this mean that I should be able to escape prosecution for an
>> act committed on <American> soil, against an <American> on <American>
>> soil, because I travelled (virtually or otherwise) for a brief moment
>> to some other country and while their changed my appearance?
>
>If you commit an illegal act in the U.S., you should not be
>able to escape prosecution if the prosecutors can *legally*
>acquire enough *admissible* evidence to prosecute you.
>
>If they can't get the evidence legally, or if it's
>inadmissible, then they shouldn't be able to prosecute you,
>even if you're guilty as sin.
>
>If the evidence has to come from a foreign country, then it too
>should be obtained legally -- through extradition and due
>process.
>
>I do not advocate illegal prosecutions, even of the guilty.
Under US law I can serve a warrant and get the information from
anon.penet.fi - if it is in the US. If this "virtual network" links all
together, then why should I have to do it differently because the target of
the warrant is in another country?
I guess you won't mind then if I subpoena every site in the US to get the
node from which you sent the message to anon.penet.fi, or we can petition
the US Government to put a "mail cover" on all traffic to and from
anon.penet.fi and extract the information that way.
Both of these approachs are LEGAL, and <goddamn> intrusive. I prefer not
to resort to such nonsense.
But if that's the only <legal> way to get the evidence according to your
standards, then perhaps that is what we need to do.
What if I send "Steve's Bank Account is xxxxxyyyyyy at First National
of Podunk, VA, and his SSN is xxx-yyy-zzzz. Wire transfer yourself
a free computer's worth of money; he has $5,223.23 in the account" through
anon.penet.fi? By your very admission it is impossible to (1) prove that
I am the perpetrator, since penet.fi doesn't have to answer to a US warrant,
and (2) impossible for your to get redress for this wrong.
Therefore, you're out the money. Nice "solution".
Jamesy
ka...@MCS.COM (Karl Denninger) writes:
>In article <CHJC...@efn.org>, Greg Broiles <gbro...@efn.org> wrote:
>>In <2diecp$8...@Mercury.mcs.com> ka...@Mcs.Com (Karl Denninger) writes:
>Yes. You can't have it both ways. If you expect others to respect your
>laws, you have to respect theirs.
>
>The act in question has taken place wholly within the originating and
>terminating country's borders. The use of the anon service is simply a
>device to avoid prosecution. If this is not recognized then you have a
>situation which is almost exactly analagous to hijacking a plane in the US,
>flying to Cuba <and then back> and claiming you can't be arrested because
>you did the hijacking in a foreign country. Nonsense. You tried to use
>the foreign country to avoid prosecution and nothing more; that was a US
>crime.
country's soil for the purpose of International Law. Try again.
>
>With a network which reaches across national boundaries some deference has
>to be paid to the laws of the countries where the actual act of posting (or
>consumption) takes place. At least this is how I see it. We <do> want
>international connectivity, yes? If so then we <must> respect the laws of
>the lands we connect with, even if we find their laws personally distasteful.
We KNOW how you see it Karl.
>
>Things get much more complicated if the anonymous poster intends to have
>their message consumed (or the "target" to be harmed is) in a country
>different than that of the poster. I don't have a real strong opinion on
>handling that particular case. Fortunately, at least to date, those
>incidents are relatively rare.
>
>--
>Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
>Modem: [+1 312 248-0900] | Clarinet feed in Chicago. Send email to
>Voice/FAX: [+1 312 248-8649] | "in...@mcs.com" for more information.
+--------------------------------------------------------------------+
¦ ¦
¦ KDJ - SUK...@MVS.SAS.COM ¦
¦ 'CIVILISE ENGLAND'S LICENCING LAWS.... ' ¦
¦ ¦
¦ ALL VIEWS EXPRESSED ARE ENTIRELY MY OWN. AND I'M PROUD TO ¦
¦ ADMIT IT TOO. ¦
¦ ¦
+--------------------------------------------------------------------+
Ken Arromdee
>> Suppose I were to receive an E-Mail communication from a student in
>>Beijing during the time of the Tienanmen Square incident telling the story
>>of how the Chinese government is massacring (sp?) the protesting students.
>>Further, suppose that I then posted an Internet message repeating this
>>letter, with the student's name removed to prevent retaliation by the
>>Chinese government, and that this was a very inflammatory letter harshly
>>criticizing said government.
>> By the principle that I have paraphrased above, I would then be
>>liable to be judged _under Chinese law_ with regard to this incident.
>Nope. <You> didn't originate the message from China, you did so from the
>US. Therefore YOU are not liable under Chinese law. You might be under US
>law.
>The person who forwarded the message to you from China was breaking the law
>of the land <there>. If the Chinese government wants HIS identity for
>prosecution, I believe you are morally and ethically obligated to release it.
If this is really what you believe, your sense of moral and ethical
obligations is not something to be proud of.
--
Ken Arromdee (email: arro...@jyusenkyou.cs.jhu.edu)
ObYouKnowWho Bait: Stuffed Turkey with Gravy and Mashed Potatoes
"There are no good or evil plants. There are only... plants." --Ficus (Quark)
Karl Denninger
(I note you added soc.culture.china to this. Nice flame-bait, eh? Tis ok,
I just got a new asbestos suit and it needs some breaking in.)
Really Ken?
And just who has the right to set the law which a person in a country
must obey?
Us? We, in the US, have the right to dictate the law of a foreign land?
Shall the Islamic countries have the right to dictate that liquor consumption
in the US brings death by stoning? Shall the Chinese have the right to
dictate that speaking out against the government brings 20 years in prison
for people in the US, and that those in the US who do this should be
kidnapped, brought to China, and held to stand trial?
The US did <exactly> this with Manuel Noriega. We held him to our legal
standards, although he was the leader of a soverign country. Should we be
surprised if Panama or some other nation kidnaps Clinton and tries him for
his "crimes" against them, and imprisons him in retribution? I think not.
If you're going to parade around with a "superior moral attitude" the first
thing you must realize is that your opinion, and indeed, the opinion of
those of us who live in a particular country, does not necessarily reflect
on the laws, customs, or proprieties of another sovereign land.
If you ask, natch, demand that others respect <our> laws, then you must, in
due deference to the principles you espouse, respect <their> laws.
Even if you find them personally distasteful.
If you fail to practice what you preach the end result of two cultures who
disagree over these things is <war>. That is how these disputes ultimately
get settled. Are you prepared to escalate your personal preference to
impose your legal and moral standards on a foreign country to the point of
bloodshed? If so, then why not just get right down to it and forget about
the pretty words? After all, we have bigger guns, right?
If not then stop being a hypocrite, for that is exactly what you are if
you would impose your laws on another land yet find it distasteful when
the tables are turned in a direction you personally disagree with.
Tom O Breton
ka...@MCS.COM (Karl Denninger) writes:
> I note that you deleted my response to this particular piece, but
> included the quote. A little yellow journalism at work?
That is incredibly egotistic. Do you think he is your paid spokesperson
or something?
> Under US law I can serve a warrant and get the information from
> anon.penet.fi - if it is in the US.
Karl, Finland is *not* in the U.S. Please try to remember that.
> If this "virtual network" links all together, then why should I have
> to do it differently because the target of the warrant is in another
> country?
Do you *really* need to have the fact that the world is divided into
more than one country explained to you? If you're going to stubbornly
ignore realpolitik, why should anyone listen?
> Both of these approachs are LEGAL, and <goddamn> intrusive. I prefer not
> to resort to such nonsense.
>
> But if that's the only <legal> way to get the evidence according to your
> standards, then perhaps that is what we need to do.
When you contradict yourself, try not to do it in *adjacent* sentences.
Tom
--
Having finished it's [sic] evil speech, the Tom spreads it's scaly
wings and soars away... (t...@world.std.com, TomB...@delphi.com)
Eli Brandt
[somebody way back said]
>>>> Suppose I were to receive an E-Mail communication from a student in
>>>>Beijing during the time of the Tienanmen Square incident telling the story
>>>>of how the Chinese government is massacring (sp?) the protesting students.
>>>The person who forwarded the message to you from China was breaking the law
>>>of the land <there>. If the Chinese government wants HIS identity for
>>>prosecution, I believe you are morally and ethically obligated to release it.
>The US did <exactly> this with Manuel Noriega. We held him to our legal
>standards, although he was the leader of a soverign country. Should we be
>surprised if Panama or some other nation kidnaps Clinton and tries him for
>his "crimes" against them, and imprisons him in retribution? I think not.
I actually would be somewhat surprised, but I wouldn't be shocked.
Our government's repeated kidnappings of foreign nationals are
unconscionable.
However, this example does not make the point that you want it to
make. Our kidnapping of Noriega was outrageous precisely because
Panama is not within the U.S.'s legal jurisdiction. We had no
business grabbing the guy. Similarly, California is not within the
Chinese government's jurisdiction. And they have no business with
the records of any pseudonym server I might run.
What you want is for me to enforce China's laws outside of its
jurisdiction. If I am to turn over the records to let them nail a
Beijing student, where do I stop? If I know a graduate student who
is a Chinese citizen and spoke against the Chinese government, would
you require me to arrest him and ship him back to China? This is
absurd. The Chinese government has no authority over me or my
hypothetical server. This is a matter of jurisdiction.
>If you ask, natch, demand that others respect <our> laws, then you must, in
>due deference to the principles you espouse, respect <their> laws.
I will respect, or at least obey, Chinese law when I am in China.
But I will not and cannot simultaneously obey all the world's legal
systems, some of which are contradictory and some of which are
hopelessly obscure. As a U.S. citizen presently on U.S. soil, I
am subject to U.S. law and U.S. law only.
>If not then stop being a hypocrite, for that is exactly what you are if
>you would impose your laws on another land yet find it distasteful when
>the tables are turned in a direction you personally disagree with.
Only you have been attempting to impose U.S. law upon Finland. I
don't ask that U.S. law be foisted upon Finnish citizens, but ask
that Finns extend me the same courtesy. They seem reasonable about
these things, so I think they'll accept this.
>Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
Eli ebr...@jarthur.claremont.edu
PGP 2 key by finger or e-mail
"Just another repulsive variation on psychopunk depravity and
perversions. Honest people would be repulsed by it." -- L. Detweiler
Karl Denninger
>[Apparently random crossposting removed]
>
>ka...@Mcs.Com (Karl Denninger) writes:
>> Uh, it <was> his account that was used. Therefore, to "expose" the
>> account which sent the message isn't a "smear" on an "innocent" party;
>> its a statement of fact. This does <not> mean there isn't a defense to
>> the allegation; there is (and in this case it is a plausible one).
>
>Sheer nonsense. You know perfectly well that to point a finger at the
>account it was (apparently) forged as if it came from would make serious
>trouble for the account-holder. Saying "Yeah but it DID look like it
>came from there. That's a *FACT*." does nothing to help that.
>
>Strange that your ever-so-sensitive humane concern has suddenly
>evaporated, merely because in this context it's inconvenient to your
>case.
More ad-hominen.
Is reporting the fact that an account was used a "smear". No, its not. It
is a statement of fact. In the mean time, if you don't, then you have
someone who has been hurt <severely> and in fact <continues> to be hurt
while you play your little political games and be "politically correct"
rather than identify the account from which the abuse took place.
If someone cracks my account and posts anonymously in this fashion I might
not like it that my account name was released, but I can go back through the
logs and prove whether or not a message was sent. I can also try to claim
that my account was hacked.
>> If you
>> post things like this from your account, <or allow your account to be
>> used for such things>, whether by negligence or direct action, I believe
>> you should be held to account - including being immediately identified
>> as the source account of the post.
>
>So you consider whatever happens to *him* (knowledgable forgery,
>password theft, someone exploiting a system bug, negligent sysadmin,
>other possibilities including personal stupidity) his own damn fault.
Is Usenet something you <HAVE> to participate in? Do you have <NO> choice
-- not only of what machine to use, but also whether to use it at all?
I'll grant you that in the case of an insecure machine or network the admins
are more at fault than the user -- but still, the user is liable. That's
the way it works. Or is having "Usenet on the brain" some kind of god-given
right now?
>And we should immediately -- your own word -- pillory him in public.
>That's what it would amount to, whether you admit it or not. We wouldn't
>want to take a minute to think about it.
>
>Funny how your level of sympathy totally reverses when it's inconvenient
>to your case. The gal whose phone number you posted is given the most
>delicate victimhood -- cause that'll sock anon.penet.fi but good -- but
>the fella whose account was broken into is immediately considered an
>irresponsible chump.
He has <admitted> to being less than responsible, in that he forgot to
change the password on one of the machines after determining that there was
a problem of some kind. That was the machine which was then used to send
the message under his ID.
And I didn't post the original message, contrary to your accusation above.
Someone else did.
>Having finished it's [sic] evil speech, the Tom spreads it's scaly
>wings and soars away... (t...@world.std.com, TomB...@delphi.com)
At least you got that part right. Maybe they'll fall off at 25,000 feet.
--
Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
Karl Denninger
Alexander EICHENER <C...@vm.urz.uni-heidelberg.de> wrote:
>In article <CHEDv...@world.std.com>
>t...@world.std.com (Tom O Breton) writes:
>
>>[Apparently random crossposting removed]
>
>:-) Thank you !
>
>>ka...@Mcs.Com (Karl Denninger) writes:
>>Strange that your ever-so-sensitive humane concern has suddenly
>>evaporated, merely because in this context it's inconvenient to your
>>case.
>
>in fact; I just remember too well how vividly he would defend his
>*unlimited* right to throw off any customer of his service who - in
>his eyes - was behaving badly, yet on the other hand he would rant
>like a wounded boar about university admins censoring students
>and not giving them fair process - the same fair process that he
>sustains is not applicable on msc.com. Smile :-)
That's libelous and patently false. The terms and conditions of use for
MCSNet are published and <contractually agreed to> by each and every person
who uses the service. I'm the only exception, since I run the thing.
I have <never> terminated service to <anyone> who has stayed within the
boundaries of that contract. If you can find even <ONE> example that
contradicts this, put it up here with first-hand evidence in public.
Or retract your statement.
There are plenty of "offensive" people here. I can think of two offhand
right now who have generated complaints recently from other netters. They
still have accounts. In the seven years I have run this thing in Chicago
I can recall only <two> people that have ever lost their access. One for a
patently illegal and destructive act (deliberate destruction of a message
base on the system which the user was moderating) and the other for refusing
to comply with the terms of the service agreement (he now posts as "Serdar"
from his own machine). In the second case I refunded the user's money. The
first case was some six years ago.
I have stood up for the right of people to speak freely in this forum more
times than I can count. Ask Dan Leeds, or Jack Schmidling, or any of the
countless others who I have defended over the years -- both in public on
the net and in private email. Perhaps some of them will see this and choose
to speak for themselves; that is, of course, their choice as well. I know
you prefer to make scurrilous accusations of what you perceive as misconduct,
since it suits your agenda, but those accusations don't even come close to
fitting the facts.
A <private> site admin is free to set <any> policy he or she wants. Including
one which reads "if I don't like what you say you're gone", or "Christian
values only", or "No cussing" or "No references to drug use". Yes, I have
defended <THAT> right too. That's not how I run <MY> service -- but it might
be how someone else runs <THEIRS>. Again, that is their absolute right,
subject to the laws relating to actionable discrimination if you're running
a business (which don't apply if the service is not sold). I have no more
right to tell someone how to spend their money (or not) than you, nor do I
have the right to tell someone what standards they should (or must) apply
to their users -- as long as the funding for that system comes out of their
own pocket. Just as I don't have to allow you in my private residence, I
also don't have to allow you on my private net.connected.machine, and my
reasons may be completely arbitrary and capricious.
I reserve the right to turn this entire thing off at some point -- which
would cancel people's accounts, wouldn't it? I might choose at some point
to discontinue certain classes of service. So? Show me a business which
doesn't reserve the right to stop selling shoes, or granola bars. Outside
of contractual considerations every businessperson reserves the right to
change the goods and services offered and the terms associated with them.
This is "bad"? I call it free enterprise.
MCSNet is, has been, and will continue to be one of the most stable systems
on which to obtain network access. I've been in Chicago since '86 doing
this, back when a full feed fit on a 40MB fixed disk, and doing networked
conferencing since '81. That's <12 years> of service. Longer than most,
I would guess....
As for my problems with university admins censoring students, those are
GOVERNMENT FUNDED institutions. They run off of my tax money. If a
private university wants to censor students, that is their right as long
as it doesn't violate any contracts they had formed with the student(s) in
question. The US Bill of Rights and Constitution says that a state school,
which receives government funding, does NOT have the right to censor students
and must abide by the US Bill of Rights.
In short, you're a bare-face liar in representing that I "reserve the right
to toss people off my machine on a whim". Nonsense. You likely haven't even
<seen> a copy of my user agreement (I certainly haven't sent you one).
>Everybody here will have made up his own mind. :-)
>
>Alexander Eichener
><c...@vm.urz.uni-heidelberg.de>
Including those who misrepresent that I and MCSNet are about and stand for.
I shouldn't be surprised; misrepresentation and outright falsehood are the
last refuge of the person who can't make their point without them.
Karl Denninger
Bob MacDowell <bob...@netcom.com> wrote:
>Jym Dyer writes
>>=o= Get real. The incident we're talking about is very
>>different from this preposterous list of minor "offenses."
>
>down the anonymous posting service, but not serious enough for ANYONE to
>cancel the offending article after most of a week.
>
>Kinda shows where people's motivations lie.
It certainly shows that some people don't feel that you fix one lawbreaking
act by committing a second offense.
Karl Denninger
>[Random newsgroups removed AGAIN.]
>
>ka...@MCS.COM (Karl Denninger) writes:
>> I note that you deleted my response to this particular piece, but
>> included the quote. A little yellow journalism at work?
>
>That is incredibly egotistic. Do you think he is your paid spokesperson
>or something?
I would hope that you would have the scruples to respond to what I wrote,
and not take it out of context. Of course, I could be wrong.
>> Under US law I can serve a warrant and get the information from
>> anon.penet.fi - if it is in the US.
>
>Karl, Finland is *not* in the U.S. Please try to remember that.
Yep. I remember that. I also remember that the offense took place <here>,
and that Finland's only involvement was as an obstruction in the
identification of the perpetrator.
>> If this "virtual network" links all together, then why should I have
>> to do it differently because the target of the warrant is in another
>> country?
>
>Do you *really* need to have the fact that the world is divided into
>more than one country explained to you? If you're going to stubbornly
>ignore realpolitik, why should anyone listen?
I understand it quite well. Absent the ability to get the political
machinery to move in a way which leads to armed conflict, there is no means
to compel the release of the information.
This is, from my point of view, a serious problem. As I said before -- now
all you have to do in order to avoid being liable for saying something is
pass it through a country where you can't be hit for it. That is not my
idea of respect for the laws of a soverign land, but heh, to each their own.
>> Both of these approachs are LEGAL, and <goddamn> intrusive. I prefer not
>> to resort to such nonsense.
>>
>> But if that's the only <legal> way to get the evidence according to your
>> standards, then perhaps that is what we need to do.
>
>When you contradict yourself, try not to do it in *adjacent* sentences.
>
> Tom
Huh? Where did I contradict myself? I said I do not <prefer> to use
intrusive methods which will manage to expose all kinds of other material in
order to legally prosecute these kinds of postings.
I also said that the refusal to cooperate with US authorities can end up
devolving to this if the US authorities are sufficiently interested in
finding out who sent what.
The advocation of the "absolute right of Julf and others to never disclose
anyone's identity, even when they have perpetrated an offense" ends up with
people taking legal steps in this country to get the information they need.
The results of that could be very ugly indeed.
Karl Denninger
Eli Brandt <ebr...@jarthur.cs.hmc.edu> wrote:
>In article <2e8plq$9...@mercury.mcs.com>, Karl Denninger <ka...@MCS.COM> wrote:
>[somebody way back said]
>>>>> Suppose I were to receive an E-Mail communication from a student in
>>>>>Beijing during the time of the Tienanmen Square incident telling the story
>>>>>of how the Chinese government is massacring (sp?) the protesting students.
>[Karl said]
>>>>The person who forwarded the message to you from China was breaking the law
>>>>of the land <there>. If the Chinese government wants HIS identity for
>>>>prosecution, I believe you are morally and ethically obligated to release it.
>
>>The US did <exactly> this with Manuel Noriega. We held him to our legal
>>standards, although he was the leader of a soverign country. Should we be
>>surprised if Panama or some other nation kidnaps Clinton and tries him for
>>his "crimes" against them, and imprisons him in retribution? I think not.
>
>make. Our kidnapping of Noriega was outrageous precisely because
>Panama is not within the U.S.'s legal jurisdiction. We had no
>business grabbing the guy. Similarly, California is not within the
>Chinese government's jurisdiction. And they have no business with
>the records of any pseudonym server I might run.
>
>What you want is for me to enforce China's laws outside of its
>jurisdiction.
Now wait a second. If that Chinese student were in the US <when he posted
the message> you would have a point.
But assume the student is in Beijing, and is using the US facility to
perpetrate an act which is a crime there. This is the correct analogue to
what happened here. A person in the US perpetrated an offense in the US,
and used Finland to hide themself from discovery. <The offense, which was
the act of sending the message, was undertaken on US soil.>
> If I am to turn over the records to let them nail a
>Beijing student, where do I stop? If I know a graduate student who
>is a Chinese citizen and spoke against the Chinese government, would
>you require me to arrest him and ship him back to China?
No. The student in that case is committing the act here, where it is not
against the law.
However, if that same student committed the act in China, and beamed the
speech out of the country to the US for broadcast to the world, and in the
process asked you to mask their face, then you would, in my opinion, be
ethically obligated to comply with a Chinese warrant for the identity of
the transmitter.
>>If you ask, natch, demand that others respect <our> laws, then you must, in
>>due deference to the principles you espouse, respect <their> laws.
>
>I will respect, or at least obey, Chinese law when I am in China.
>But I will not and cannot simultaneously obey all the world's legal
>systems, some of which are contradictory and some of which are
>hopelessly obscure. As a U.S. citizen presently on U.S. soil, I
>am subject to U.S. law and U.S. law only.
Yep. <YOU> are. However, the person who committed the offense is in fact
subject to the jurisdiction of the country they are in at the time. The
offense did NOT take place in Finland -- IT TOOK PLACE IN THE USA. Finland
was used as a device to hide someone's identity -- much like a ski mask hides
the identity of a bank robber.
>>If not then stop being a hypocrite, for that is exactly what you are if
>>you would impose your laws on another land yet find it distasteful when
>>the tables are turned in a direction you personally disagree with.
>
>Only you have been attempting to impose U.S. law upon Finland. I
>don't ask that U.S. law be foisted upon Finnish citizens, but ask
>that Finns extend me the same courtesy. They seem reasonable about
>these things, so I think they'll accept this.
Nope. I recognize that I cannot <impose> US law upon Finland. At least
not today. However, should Finland refuse to voluntarily recognize that a
US law has been broken <IN THE US> and that they have served as a device
to cover up that lawbreaking activity, then there may be serious
repercussions for Finland. I would expect no less if some other
country's citizens started using the US as a "hiding device" from
their government and the US refused to "out" them in the same circumstance.
The first principle of asking someone to respect your way of life, including
your legal system, is to also respect theirs. Even if you disagree
vehemently with it.
--
Karl Denninger (ka...@MCS.COM) | MCSNet - First Interactive Internet and
John Payson
>
>Nope. I recognize that I cannot <impose> US law upon Finland. At least
>not today. However, should Finland refuse to voluntarily recognize that a
>US law has been broken <IN THE US> and that they have served as a device
>to cover up that lawbreaking activity, then there may be serious
>repercussions for Finland. I would expect no less if some other
>country's citizens started using the US as a "hiding device" from
>their government and the US refused to "out" them in the same circumstance.
Karl--
It is widely known that there are financial institutions in Switzerland
which are used to disguise the ownership and origins of large amounts of
money. Much as the USA might like to know where the money in certain Swiss
bank accounts is originating, there is no way to subpoena the banks in
Switzerland into providing this information. Here, foreign institutions
are clearly being used to disguise crimes amounting to billions of dollars
and the US hasn't done anything to these Swiss banks. Correct me if I'm
wrong, but compared with billion-dollar money-laundering rings, aren't
anonymous posts [which any bozo could see were anonymous] really a pretty
trivial matter?
PS--
In the examples you've cited where anon-posting is bad [e.g. this type of
harassing issue and the posting of stolen credit card numbers] only a BOZO
would respond. In the former case, it's as likely as not that the posting
is a prank; in the latter case, it's likely that the posting could be a
trap posed by the FBI or a financial institution [find out who tries to use
the stolen number]. The only case where anon-posting would really be a
'problem' would be the release of proprietary information and ever here
anon-servers don't do much which one wishing to leak information couldn't
do already [there are so many ways to broadcast information it's not even
funny]
--
-------------------------------------------------------------------------------
supe...@mcs.com | "Je crois que je ne vais jamais voir... | J\_/L
John Payson | Un animal si beau qu'un chat." | ( o o )
Dave Hayes
>I have stood up for the right of people to speak freely in this forum more
>times than I can count.
Gee. _I_ could test this by asking for a posting account from you, then flaming
David Lawrence again.
--
Dave Hayes - Institutional Network & Communications - JPL/NASA - Pasadena CA
da...@elxr.jpl.nasa.gov da...@jato.jpl.nasa.gov ...usc!elroy!dxh
A person was frighteningly ugly. Once he was asked how could he go on
living with such a terrible face. "Why should I be unhappy?", answered
the man. "I never see my own face; let others worry."