Lessig

Declan does this sort of thing all the time. I'm glad you have the ability to set the record straight for yourself. Here's a reference to the most notorious incident:

http://legalminds.lp.findlaw.com/list/cyberia-l/msg27528.html

"Likewise, intelligent people may decide for themselves whether
Declan's insistence in the righteousness of his cause is evidence of
a journalist rightly defending a factual story, or a self-promoting
quasi-journalist trying himself to make news as a vehicle to promote
his own writings.
--
Andrew C. Greenberg"

“Lessig want [sic] to preserve freedom by ending anonymity”

See the recent(ish) New Yorker article here: http://www.newyorker.com/critics/books/?031006crbo_books1 by Menand regarding using [sic] to express sublimated contempt.

My Economist subscription ran out the issue before so I don't know who inserted the [sic] but I just thought I'd share.

dear mr. lessig,

with all due respect, sir, it seems you are playing word games.

first of all, "pseudonynmity" is a rather imprecise word. in fact, as it is not found in the OED, it is not a word at all. we (us mice) have only your definition to guide us as to its meaning.

it does not appear in your response that you offer an explicit
defintion, so we are left to try and understand what exactly you mean from the body of your response.

What I said was that the trend in our laws was to destroy any privacy at all — that the idiocy of Patriot Acts, etc., was effectively eliminating any form of privacy. There are two kinds of responses to this — one to try to defend and build a system protecting absolute anonymity; the second is to build effective protections for pseudonymous life, which is shorthand for traceable transactions, but where the permission to trace is protected by something like a warrant requirement. I’m not saying the government should build these systems, but that they should be permitted and indeed encouraged.

absolute anonymity we understand literally to mean absolute anonymity. this means we can, for example, send and receive messages and, if we so choose, there is NO WAY that any particular person can be traced to any particular message. our privacy is perfect. we can do whatever we want and it can't be traced to us. our privacy is perfectly within our control.

under absolute anonymity terrorists, pedophiles, scam artists, stalkers, spammers, illegal file sharers, as well as legitimate political protestors, and us mice can send and receive messages without any risk of being identified. (perhaps this is hyperbole, but "absolute" is a strong word.)

"pseudonynmity" is not absolute anonymity. that is, we can only send and receive messages which are technically and legally traceable to us. ("pseudonynmity" is thus perhaps more accurately described as "clipperchiponynmity" or "escrowedidentityonynmity.)

am i ok so far?

absolute anonymity, since we are speaking in absolutes, is all or nothing. we either have it, or we do not have it. there is no half-way. either one constructs a a system protecting absolute anonymity or one provides means to enable traceability. either there is a way for pedophiles to send and receive messages with perfect privacy, or there is not. et cetera.

the two regimes cannot co-exist - as you appear to suggest is possible. either the sytem enables traceability, or it does not. either there are legal means by which traceability may be used, or no such legal authority exists. (in effect, absolute anonymity becomes a special class of pseudoanonymity where the technical means exist, but the legal means are thwarted.)

you suggest that there is a distance between the two, but it seems to me that you are being deliberately vague about how large (or small) this difference is:

Notice again, this says nothing about “limiting anonymity.” It only talks about extending pseudonynmity.

honestly, this is a statement worthy of donald rumsfeld.

extending "pseudonynmity" only makes sense in the context of first enabling, and then extending, traceability. if it is an option, the system has to support it and if the system supports it then my anonymity is no longer absolute.

perhaps only the "crudest sort of mind" would conclude from this that you are "against anonymity" but to us mice the practical distinction seems rather very thin.

frankly "pseudonynmity" it is a rational, reasonable, and thoroughly sensible concept. it is also necessary.

most people accept that yelling "fire" in a crowed theatre is beyond the limits of free speech - yet if the theater remains dark and no one can be identifed and anyone can yell fire without the risk of sanction i would consider this a retrenchment of freedom rather than an expansion.

i am somewhat perplexed why you try to distance yourself rhetorically from a sensible regime which you otherwise seem to embrace? i do not believe you can have it both ways, which it appears to me you are trying to do.

Lessig writes, "except if you translate it into the claim that we ought to eliminate anonymity, which, of course, does not follow".

But, three blind mice did make a thoughtful argument that your position logically implies this, which you ignored. three's argument goes:

1. Absolute anonymity requires that traceability be impossible. (three blind mice's claim).
2. Pseudonynmity requires traceability. (Lessig and three agree).
3. Therefore, absolute anonymity and pseudonynmity cannot co-exist. (from 1 and 2).

Now, Lessig is right that, so far, this is not an argument about what we "ought" to do, but the rest of what three says seems to get us there. I saw three as also arguing:

4. Lessig says we ought to enable pseudonynmity. (everyone agrees he says this)
5. To the extent that one says we ought to enable pseudonynmity, one is necessarily saying that we ought to disable absolute anonymity. (From 3 above which says they can't co-exist.)
6. Therefore, Lessig is saying that we ought to disable absolute anonymity. (From 4 and 5).

It is no "crude mind" that makes this argument. It may well be a flawed argument, and Declan may well have gotten Lessig's view all wrong, but three blind mice just made a very thoughtful presentation of why advocating pseudonynmity might necessarily imply advocating the end of absolute anonymity. I get the impression Lessig is still too frustrated with Declan (or perhaps got some really unfair and hurtful e-mails) because the way three blind mice's argument is dismissed out of hand is out of character. There's a real point here that is worth debating.

If I were making three's argument, I might have some pause at the first sub-conclusion: "Therefore, absolute anonymity and pseudonynmity cannot co-exist." I think this may only be true "within the same transaction." Or, it might depend on the architecture of the pseudonynmity solution. If the solution is transaction based, then there might be a way to opt-out and retain absolute anonymity. But if the solution is built right into our computers (Trusted Computing) or into the network itself (bye-bye dumb networks and end-to-end) then what three blind mice is saying about the impossibility of their co-existence is likely true.

I would also say three ignores something that might be just as good as his "absolute anonymity." That would be what we might call "practically absolute anonymity" and it would be based on encryption that would take the best supercomputer over 1000 years to decrypt or some such thing. If something like this were to remain viable in a pseudonynmity regime, most people would likely be satisfied.

Declan may have just missed the boat, but three blind mice has a more subtle position. He's claiming not that Lessig SAYS we should eliminate absolute anonymity, but rather that what Lessig does say IMPLIES that we should eliminate absolute anonymity. The further claim then is that Lessig is unaware of the logical implications of what he says, and so people are trying to point these implications out. Hopefully this helped.

John,

That was my point too when I said, "I might have some pause at the first sub-conclusion." You're right to disagree with that implication if, as you suggest, it is possible to handle anonymity on a transaction by transaction basis. But as I also said, if instead they build this pseudonynmity architecture right into our computers or the network, then I believe the implication holds and untraceable anonymity becomes impossible. (By the way, I think that's what three meant by "absolute" anonymity. He meant "in principle untraceable anonymity". As I further suggested, I think most would be happy with "in practice untraceable anonymity".)

Here's my quick take and gloss - the argument being made was this:

That *effectively*, we would be better off if we stopped screaming

"We're gonna build ANONYMOUS CRYPTO-ANARCHY! Federalist Papers! Nyms!
Cypherpunk Remailers! Double-blinded Chaumian E-Gold Bearer Cybercoins!"
etc. etc.

And instead, concentrated on making such unsexy things as supermarket loyalty cards, or even credit cards, less *readily* amenable as components of a national database - even if, ultimately, identities can be traced here.

Of course, Declan McCullagh can't even hear an argument like this, and even if he could, he wouldn't think about it. So he made up an issue as if this was trying to refight the "Clipper Chip" battles, which wasn't being advocated at all. And is now sending more bomb-throwing messages, e.g. with "string the bastards up!" in the subject line.

Now, it is a debatable argument. If we got into details, honestly, I'm not sure it holds up too well. But it wasn't about outlawing anonymity, or saying people shouldn't have a right to be anonymous if they want, or Clipper Chip redux, or any other red-meat Libertarian-baiting topic being flacked by a "journalist" with an extensive history of fabrication.

I believe Professor Lessig is correct that we should aim for a standard of "anonymity" that works for most situations. Just as the idea of security is relative - so is anonymity. Someone may think they're anonymous when sending off an email from a remailer in a library - but someone may be 10 feet behind them with a video camera.

The principle of security is often expressed in the following way: that the amount of resources required to obtain a protected item is greater in value than that of the item itself.

I think that anonymity is similar. So, as Professor Lessig has stated - we need to find levels of anonymity that are strict enough so that they prevent casual or malicious identification - but do not frustrate law enforcement with legitimate warrants. We may have other levels for different situations. But I think it is best to look at anonymity as question of degree - not an absolute we should be fighting for.

p.s. Professor - I noticed that you "bet your job" on the virus bounty idea - just like you did on the spam bounty thing. I hope for the sake of your students that your job is not too leveraged! :-)

professor lessig, anonymous, and john s. thank you for your thoughtful comments.

your participation and candor makes this a valuable forum.

i will endeavour to keep my reply brief.

first the professor.

My argument is that people ought to be free in real space to have many of these sorts of identities. Does anyone really disagree with that?

sir, we are in complete agreement. the ability to post here under the nom de plume "three blind mice" is extremely valuable to us. it allows us to explore thoughts and ideas without the fear of having to defend these thoughts in a deposition.

(by the way, the mice prefer the plural. we didn't think about it when we first chose the pseudonym, but we rather find it suitable. "three" allows us to write the royal "we" from the juxtaposition of lowly rodents - although it is admittedly difficult to remain in character. "blind" is appropriate since we post here with the hope of intellectual illumination. and lastly, a little bit of silliness prevents us from taking ourselves too seriously.)

the question is not whether one should be able to assume these multiple personalities, the question is whether or not these multiple personalities should be able to to be connected to living, breathing, DNA through normal forensic means.

absolute anonymity deserves to be interpreted in its ordinary and usual meaning. absolute means absolute. it means that the system is designed such that it is impossible (or at least extremely difficult) to connect any transaction to any individual. with absolute anonymity, we do not have to trust "the law", or the government, or any other unreliable guarantor. our anonymity is completely within our control.

(there are actually enormous technical challenges to this, but we'll ignore this for the moment.)

the present situation on the net, for the most part, is "pseudoanonymity." we (the mice) are anonymous to the other participants on this thread, but we are traceable via our IP address to a specific physical location. from this information, the police would have little difficulty connecting this post to us. (which gives the mice deposition nightmares.)

to answer john s., our belief is it would be exceedingly difficult for both regimes to co-exist. the closest we can come today is to send/receive messages from an internet cafe in the middle of nowhere, while wearing a disguise, and paying with unmarked, untraceable bills. for a single transaction, it's very possible, but for multiple, repeated transactions, practicalities would likely impose patterns which would render our identity necessarily obvious.

designing a system which provides connectivity while avoiding any trace of the connections which are made would be difficult to honestly construct and maintain - especially when once considers that almost every security agency in the world mandates "lawful interception" ports to be built into communication systems which operate in their countries.

a high level of encryption (as suggested by anonynmous) may not preserve my anonymity, but it would preserve the privacy of the contents of a transaction. but let's ignore this since it's a bit of a non sequitor.

what all this boils down to is anonymous' suggestion that:

As I further suggested, I think most would be happy with “in practice untraceable anonymity”.

this is exactly professor lessig's proposal for "pseudonynmity." transactions are "in practice" untraceable unless legal authority is granted.

it is imminently sensible, rational, reasonable and necessary.

what the mice still do not understand is the harsh reaction against declan for concluding that “Lessig wants to preserve freedom by ending [absolute] anonymity.” [our addition/clarification]

we did not read this as ending the "relative anonymity" such as prevails at this site, but rather as meaning that absolute untraceability between transactions and individuals is an undesirable characteristic to build into a public communications system such as the present internet.

who would disagree with this?

mr.s mice,
Seth puts it exactly right, though I wouldn't say I was angry at Declan. My point is (as his comments suggest) this is classic declan, waiving a red flag in front of his readers, and then laughing as they go racing into battle for a cause that is false. I just didn't say what Declan said I said. I'm not sure I agree with Seth that it was malicious. I think it was worse than malicious -- careless. I'm sure Declan read the line from the Novell guy and then later mistakenly associated it with me. For there really was someone in the story who did advocate ending anonymity. It just wasn't me.

As to your (or as my mom would say, ya'll's) point about the coexistence of absolute and relative anonymity: that is a hard and debatable point. I do think multiple systems should coexist -- remailers and strong encryption with the practical anonymity you describe. But my concern is that people seem to think that so long as you have anonymous remailers out there, there's nothing to worry about w/r/t privacy. That's just false. In a million contexts, business and gov't are building an extraordinarily efficient system for monitoring. As Seth rightly points out, this system has no effective protections for privacy built in. I'm just saying we need to build stronger norms and architectures to protect the rights there.

Where?, people ask. Well take financial transactions. It just is not the case today that you can have either absolute anonymity w/r/t financial transactions, or any effective or convenient pseudonymity. You can't have absolute anonymity because it must be traced back to you at some point; and no effective pseudonymity because bank regulations, etc., make it very hard to assert your name is other than it is. There are tricks (PayPal hacks) or loopholes (some credit card companies allow you to give a credit card tied to your account without also asking for a SSN), but these are relatively difficult.

My point is that it should be easier. No one thinks it odd that AOL gives you n identities (what is it these days); we should have the same norm about Citibank -- an account with Citibank should give me n identities. But of course those identities would have to be traceable back to me, or at least my assets, and so again, I believe there should be stronger protections for that traceability.

As Seth says, all of this is debatable and uncertain. But what is not debatable is this: the many who wrote angry emails to me in response to Declan's post were not angry with me because of what I actually said, but because of what Declan said I said. Most of those people, when I responded and pointed the error out, wrote back to apologize. But of course, I don't think it is they who should be apologizing.

thank you mr. finkelstein, professor lessig.

the mice won't enter into what appears to be an internecine battle with this journalist, but we will say (all three of us) that the ad hominen attacks on him launched by some of the contributors to this thread are a bit off-putting. man-bites-dog journalism is nothing new. mr. f. you do a lovely job arguing on point, stay on it. (if you don't mind us saying.)

we are apparently coming at this from opposite ends. mr. f. and professor lessig starting from the point of total anarchy, and we mice (starting at the wrong end in typical fashion) from the point of absolute anonynmity.

the mices' thinking was thus rather crude and although we had further to travel, we are all met somewhere in the middle in complete agreement.

thank you for your illumination.

This is a fascinating thread. What the final few comments finally reveal is that it is "the context" of the "transaction" that drives the argument.

Prof. Lessig consitently cites the financial "transaction" -- and having done a variety of work in domestic and international banking networks -- he is quite correct in stating that there IS NO PRIVACY in these transactions. While he never states it quite this way, I will: the domestic and international authorization, clearing, and settlement networks will NEVER operate without the certainty on the part of one bank (or its affiliates) knowing whom they are conducting business with (or on behalf of). What I believe Prof. Lessig is clearly arguing for in this context is that the BANKS introduce under the protection of the law mechanism's by which the individuals who use the banks as their agent to conduct a financial transaction be granted "pseudo-anonymity" that can only be "cracked" via a warrant issued based on probable cause, etc. He also seems to imply that in this "future-world" the transactions conducted under this rule of law would NOT be subject to data-mining, CRM systems, sold/exchanged with affiliates, etc. I am ABSOLUTELY in support of this. I would note, however, that significant financial transactions can and are accomplished in anonymity: cash is king and will remain so for the forseeable future (this is minor point relating to the fact that "micro-transactions" can't be readily traced because if the inherent fungibility of the $). The "macro" transaction of the automatic payroll deposit is absolutely "traceable". SideBar: How many of us remember the days when you got your paycheck as a check (or actual cash) and immediately "cashed" the check and lived off of the proceeds until the next check arrived? I lived this way until my mid-20's, didn't live this way for nearly 15 years, and have lived this way for the past two years during the "IT downturn".

To continue the idea of, "it's all about the context" ... Another transaction context would be "medical records". What few citizens comprehend is that despite (recently enacted) HIPPA guidelines (in the US) there already exist massive data-marts that are shared with the medical services community. For example, there are clearing houses (very similar to the banking industries notions) for life insurance health exams that the industry uses to police themselves and potential applicants from obtaining "excessive" coverage. Who has access to this? It makes me shudder to think that this is likely outside of the HIPPA guidelines.

Another context ... "exchanging emails/messages". This is clearly an area where "absolute anonymity" can be obtained PROVIDED that all particpants "opt-in" to what is, in effect, a closed system. The fact that encryption, remailing, hopping, etc. can be utilized further "strengthens and protects" the abosolute anonytity of the closed system. But, I believe from what I've read, that Prof. Lessig isn't arguing about what can be done in "closed" systems -- and lets not even get into the discussion that if I (a US citizen) were to offer for sale such a system that I would be commiting a crime -- but is arguing that the means by which "trace" can be performed with TODAY's available technology is ONLY with a warrant that was obtained through appropriate use of procedure and law. It is my understanding that the Patriot Act removes the requirement of probable cause and a requisite warrant and as such is viewed by some (many) as unconstitutional.

Sorry for the long post ... it just seems to me that the "transaction" needs to always be put into "context" and as such not be used as a generic term: all transactions are not equal (and therefore there is no "absolute" transactional model). The rule of law (as I understand it) is society's way to "practically" deal with issues such as these by establishing appropriate procedure and practice.

Keep up the excellent work Prof.

Try this test of the logic:

1. Absolute anonymity requires that traceability be impossible.
2. Fully Disclosed Identity requires traceability.
3. Therefore, absolute anonymity and fully disclosed identity cannot co-exist. (from 1 and 2).

nope, don't believe that for a moment.

Brian, I am not a "Dr." And after watching the Sawyer interview and the Lynch special, I don't quite understand what point you're making. She clearly indicates that the message of the special is inaccurate -- certainly on the same scale as the Reagan show was to be (but I didn't see that).

And TrainSaw -- it is true, the author (anonymous) of the Economist piece placed the two together in a way that might be thought to suggest that I was Dr. Nugent. But in fact, I did not advocate ending anonymity (as Nugent did); the article didn't say I did; and any uncertainty about the matter could have been clarified in a simple email -- to me, not the gaggle of readers of a mailing list.

But this is all taking the wrong tone. Declan and I have had fun arguing since 1996. He jabs when he can; I when I can. He's plays well, even if sometimes fast and a bit loose. But I did entrust him with my job (in the spam bet) and I'm sure I'd trust him with something more sometime again. The only real point of all this is to say: whatever sensible strategy just now is to protect and extend privacy, I am not advocating the elimination of anonymity. So call of the dogs.

Again, though, am I missing something?

well, TrainSaw, yes. we think you're missing the point. please read through the length of this thread - especially seth finkelstein's responses to us (three blind mice.) we believe the arguments and explanations are all there.

what the mice fail to understand is why there is any opposition to what professor lessig is proposing. why all the hate mail?

perhaps you would explain for us mice your views on the matter in somewhat greater depth. specifically:

1.) is pseudonynmity a good idea or a bad idea?

2.) is limiting anonymity a bad idea?

3.) how do you see the relationship, if any, between 1) and 2)?

please use commonly accepted words, or provide definitions, and be as specific as possible. as the mice discovered there are subtle nuances to this debate which may be obscured by speaking in generalities or using vague terminology.

There's another definition of pseudonymity, used by cryptographers: it's a persistent identity which is not traceable to a real person. Anonymity is an unsigned letter with no return address; with pseudonymity you can know that the same person sent you five letters, even though you don't know who that person is.

The distinction is important, because with this kind of pseudonymity you can implement reputation systems. You can verify that a lot of people trust the sender, and that no trusted person has repudiated the sender.

There's no need to give a government the keys to the kingdom, and rely on legal protections that are rapidly disintegrating as Congress passes more KEEP US SAFE FROM THE EVIL TERRORIST Acts.

Several attacks are presented on the "sophisticated anti-hacker security" features of Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing Internet content considered harmful. Motivations, tools, and methods are discussed for reverse engineering in general and reverse engineering of censorware in particular. The encryption of the configuration and data files is reversed, as are the password hash functions. File formats are documented, with commentary. Excerpts from the list of blocked sites are presented and commented upon. A package of source code and binaries implementing the attacks is included

incest stories

incest forum

Declan McCullagh has a way of sensationalising (sp?) things from time to time. I would just brush it off as a rather misconcieved and misplaced idea of his own.

gay