8.9.1. What's the legal status of remailers? - There are no laws against it at this time. - No laws saying people have to put return addresses on messages, on phone calls (pay phones are still legal), etc. - And the laws pertaining to not having to produce identity (the "flier" case, where leaflet distributors did not have to produce ID) would seem to apply to this form of communication. + However, remailers may come under fire: + Sysops, MIT case - potentially serious for remailers if the case is decided such that the sysop's creation of group that was conducive to criminal pirating was itself a crime...that could make all involved in remailers culpable 8.9.2. "Can remailer logs be subpoenaed?" - Count on it happening, perhaps very soon. The FBI has been subpoenaing e-mail archives for a Netcom customer (Lewis De Payne), probably because they think the e-mail will lead them to the location of uber-hacker Kevin Mitnick. Had the parties used remailers, I'm fairly sure we'd be seeing similar subpoenas for the remailer logs. - There's no exemption for remailers that I know of! + The solutions are obvious, though: - use many remailers, to make subpoenaing back through the chain very laborious, very expensive, and likely to fail (if even one party won't cooperate, or is outside the court's jurisdiction, etc.) - offshore, multi-jurisdictional remailers (seleted by the user) - no remailer logs kept...destroy them (no law currently says anybody has to keep e-mail records! This may change....) - "forward secrecy," a la Diffie-Hellman forward secrecy 8.9.3. How will remailers be harassed, attacked, and challenged? 8.9.4. "Can pressure be put on remailer operators to reveal traffic logs and thereby allow tracing of messages?" + For human-operated systems which have logs, sure. This is why we want several things in remailers: - no logs of messages - many remailers - multiple legal jurisdictions, e.g., offshore remailers (the more the better) - hardware implementations which execute instructions flawlessly (Chaum's digital mix) 8.9.5. Calls for limits on anonymity + Kids and the net will cause many to call for limits on nets, on anonymity, etc. - "But there's a dark side to this exciting phenomenon, one that's too rarely understood by computer novices. Because they offer instant access to others, and considerable anonymity to participants, the services make it possible for people - especially computer-literate kids - to find themselves in unpleasant, sexually explicit social situations.... And I've gradually come to adopt the view, which will be controversial among many online users, that the use of nicknames and other forms of anonymity must be eliminated or severly curbed to force people online into at least as much accountability for their words and actions as exists in real social encounters." [Walter S. Mossberg, Wall Street Journal, 6/30/94, provided by Brad Dolan] - Eli Brandt came up with a good response to this: "The sound-bite response to this: do you want your child's name, home address, and phone number available to all those lurking pedophiles worldwide? Responsible parents encourage their children to use remailers." - Supreme Court said that identity of handbill distributors need not be disclosed, and pseudonyms in general has a long and noble tradition - BBS operators have First Amendment protections (e.g.. registration requirements would be tossed out, exactly as if registration of newspapers were to be attempted) 8.9.6. Remailers and Choice of Jurisdictions - The intended target of a remailed message, and the subject material, may well influence the set of remailers used, especially for the very important "last remailer' (Note: it should never be necessary to tell remailers if they are first, last, or others, but the last remailer may in fact be able to tell he's the last...if the message is in plaintext to the recipient, with no additional remailer commands embedded, for example.) - A message involving child pornography might have a remailer site located in a state like Denmark, where child porn laws are less restrictive. And a message critical of Islam might not be best sent through a final remailer in Teheran. Eric Hughes has dubbed this "regulatory arbitrage," and to various extents it is already common practice. - Of course, the sender picks the remailer chain, so these common sense notions may not be followed. Nothing is perfect, and customs will evolve. I can imagine schemes developing for choosing customers--a remailer might not accept as a customer certain abusers, based on digital pseudonyms < hairy). 8.9.7. Possible legal steps to limit the use of remailers and anonymous systems - hold the remailer liable for content, i.e., no common carrier status - insert provisions into the various "anti-hacking" laws to criminalize anonymous posts 8.9.8. Crypto and remailers can be used to protect groups from "deep pockets" lawsuits - products (esp. software) can be sold "as is," or with contracts backed up by escrow services (code kept in an escrow repository, or money kept there to back up committments) + jurisdictions, legal and tax, cannot do "reach backs" which expose the groups to more than they agreed to - as is so often the case with corporations in the real world, which are taxed and fined for various purposes (asbestos, etc.) - (For those who panic at the thought of this, the remedy for the cautious will be to arrange contracts with the right entities...probably paying more for less product.) 8.9.9. Could anonymous remailers be used to entrap people, or to gather information for investigations? - First, there are so few current remailers that this is unlikely. Julf seems a non-narc type, and he is located in Finland. The Cypherpunks remailers are mostly run by folks like us, for now. - However, such stings and set-ups have been used in the past by narcs and "red squads." Expect the worse from Mr. Policeman. Now that evil hackers are identified as hazards, expect moves in this direction. "Cryps" are obviously "crack" dealers. - But use of encryption, which CP remailers support (Julf's does not), makes this essentially moot.
Next Page: 8.10 Cryptanalysis of Remailer Networks
Previous Page: 8.8 Anonymous Message Pools, Newsgroups, etc.
By Tim May, see README
HTML by Jonathan Rochkind