Slashdot Mirror

On April 24, 2000, the writer Harlan Ellison filed suit against an individual named Stephen Robertson, a Usenet company named RemarQ, and AOL over four of Harlan Ellison's stories posted on Usenet by Stephen Robertson.

If I understand it correctly, AOL was sued only because that happened to be the service provider of the two who tracked down the identity of Stephen Robertson.

Read about it here

Here's a 2002 story on zdnet about it

The following is from this article:

In April, 2000, Harlan Ellison was told that an individual using the screen name and e-mail address shaker@tco.net was scanning stories by him and other writers and posting them to a newsgroup called alt.binaries.e-book. (The designation alt.binaries means that it is a newsgroup where files of material are exchanged; there is relatively little discussion among the participants.) John Miller (former SFWA(R) secretary) and Susan Parris assisted in tracking the works which were copied to the newsgroup, which they received as part of the subscription to America Online. Four of Harlans stories, all apparently scanned from copies of the Nebula Awards(R) anthologies, were identified as copied by Shaker.

We learned that Shaker was actually Stephen Robertson, a 40-year-old living with his parents in Red Bluff, California. Although Robertsons ISP was Tehama County Online, TCO outsourced its newsgroup services to RemarQ Communties, Inc. TCO cooperated by blocking Shakers account immediately upon notice of the infringing activities and revealing the services provided by RemarQ and was therefore not included in the lawsuit which followed.

The original complaint was filed on April 24, 2000. Stephen Robertson settled with Harlan almost immediately and is no longer a part of the case except for evidence he may have to provide during discovery and trial. The complaint was amended in late May and the Court permitted the filing and service of a second amended complaint in October.

We faced a series of procedural challenges to the complaint prior to answer by either AOL or RemarQ and its new parent company Critical Path, but we have prevailed and are now out of the pleading stage and facing the discovery phase.

AOLs original motion for dismissal or summary judgment on the first amended complaint was heard in July, and resulted in a temporary partial victory for AOL. However, the effect of this early ruling in favor of summary judgment on the copyright allegations has been essentially overruled by the Courts more recent ruling on AOLs motion to dismiss, or in the alternative for a more definite statement, the second amended complaint, which was heard in January and resolved in Harlans favor. AOLs answer to the second amended complaint was due on February 5, 2001.

RemarQ/Critical paths original motion to dismiss or in the alternative for summary judgment on the first amended complaint was scheduled for hearing and moved several times before being declared moot by the Court when granting leave to plaintiff to file the second amended complaint at the end of October. [Note: RemarQ provides its Usenet newsgroup services under the name SuperNews; SuperNews remains one of the prime origination news servers for illegal material posted to alt.binaries.e-book.] RemarQ/Critical Paths motion to dismiss or in the alternative for summary judgment on the second amended complaint was denied by the Court in January. RemarQ/Critical Path answered the second amended complaint on January 26, 2001.

In its order of January 12, 2001, the Court demonstrates a better, but not complete, understanding of the DMCA than evidenced in July. What is important about this ruling is that it sets ou

Whining about this is almost as bad as the tool that got kicked off a British Airways flight for wearing a button that said "Suspected Terrorist."

John Gilmore has done more for personal freedoms and liberties on the net than anyone you know. He founded or helped found the EFF, the "alt" newsgroups, the Cypherpunks, and Cygnus Support, the first company that showed that you could make money supporting open source software. Cygnus was later bought by Red Hat for umpteen millions of dollars, but Gilmore was already rich, having been one of the first employees at Sun Microsystems.

He has steadily plowed his money back into causes designed to promote freedom online and in the physical world. He has funded the FreeS/Wan project designed to provide automatic link-based encryption. He's also funded efforts to add security to the DNS. He provided the money for the machine that proved once and for all that DES was insecure. He is presently suing the government over travel restrictions.

As for the button incident, his point is that we are all being treated as suspected terrorists under the current regulations. As long as people put up with that without a protest, nothing is going to change. We should all be grateful that someone with Gilmore's credentials and financial strength is doing something about the increasingly harsh restrictions that all of us face as the government cracks down.

Freedoms at the door. Flying isn't a God-given right, it's a damn privelege. When you board a plane, you play by their rules. The public transportation in my city has cameras on all the busses... it's meant to aid in finding those the vandalize or otherwise break the law.

Whining about this is almost as bad as the tool that got kicked off a British Airways flight for wearing a button that said "Suspected Terrorist." When you board a plane, you no longer follow the Constitution to the letter --- it's not the open public. It's either their way, or the Long Island Expressway.

Learn to play by others' rules or until then, STFU.

That is all.

1) Posters to Slashdot don't give their name and address. Slashdot can purge IP addy logs, so *they don't know* user info and *can't tell* the RIAA.

2) Many Slashdot posters don't live in the US, so tough shit RIAA.

3) How is posting a *COMMENT* on a *WEBSITE* possibly illegal? The day they take someone to court for that is the day US citizens truly lose their right to free speech.

EFF co-founder John Gilmore was prevented from flying because he was wearing a button deemed to be in "poor taste" and refused to take it off.

'Any legislation that permits all of America's estimated 23 million small businesses to legally send everyone at least one email cannot be considered anti-spam. And any bill that limits a consumer's recourse to clicking an opt-out link 23 million times isn't going to make our lives any better. ....

Opt-out laws have let the problem grow to the state it is today; no one in Congress can supply an adequate explanation as to why opt-out at a national level will make any difference. Opt-out in Korea has been an unmitigated disaster and their legislature is rushing to repair the global damage their opt-out law has done to their Internet economy. California's opt-out law is being scrapped. And the European Union knew better than to waste time with a discredited approach and went straight to opt-in.'

At least this law allows ISPs to prosecute spammers, and it does not block class action suits from multiple spam recipient consumers (AFAICS). Also the damages of $500 per message is a lot better than the proposed Texas state law's puny $10 per message.

But consider these facts: there's 23 million small businesses in the US. That means a lot of "I would like to opt out" mails you'll be sending. Multiply that by however many possible addresses you can receive mail at: foo@domain1.com, foo@[211.11.22.34], foo%domain1.com@domain1.com, root@domain1.com, postmaster@domain1.com, foo@forwardingservice.net, foo@perl.org, foo@users.sourceforge.net, etc. etc. etc.

Then there's the "tagged addressing" concept, where you "tag" the addresses you give out with additional text to identify who you gave it to, e.g. foo+amazon@domain1.com, foo+slashdot@domain1.com. Each of those is a different "e-mail address".

Better get those typing fingers in shape :(

Oh, I wish the people at the pentagon's new program for a database that will contain "raw, non-validated" reports of "anomalous activities" understood this principle. I guess they want to be buried in a mountain of data so that when something bad happens, they can claim that they knew something about it. Argh!!

Six sales Blizzard lost. Certainly not even a scratch in their sales. But, the point is, some people do take boycotts seriously.

Then, if (hypothetically) Senator's method works (which cannot occur) it will be a HUGE hit to Microsoft's credibility as a secure OS

Which is why it'll have to become law that your operating system and hardware must permit self-destruction codes and remote surveillance capabilities (can anyone say Fritz "White Pride!" Hollings? CBDTPA).

Open source will have to be terminated.

*scoove*

According to Declan McCullagh the P2P endgame is now approaching and it will be down to congress to sort this out.

He argues convincingly that the law has been changed in the past by congress when copyrights have been seen to be under threat by a judical decision, so we should expect the same thing to happen here.

"Pay attention to the endgame. In the 1994 U.S. v. LaMacchia prosecution, a judge dismissed charges against a 21-year-old MIT student who ran a pirate Internet site, saying that it was not a criminal offense to do so under current federal law. Criminal penalties "should probably attach to willful, multiple infringements of copyrighted software, even absent a commercial motive on the part of the infringer," Judge Richard Stearns wrote. Stearns suggested that Congress step in.

Congress obliged. Three years later, President Clinton signed into law the No Electronic Theft Act, which makes--as I've written about before--copyright infringement a federal crime even if not done for commercial purposes. "

This is exactly what the judge in the Grokster case has suggested, so expect an RIAA/MPAA sponsored P2P bill in congress sometime soon...

Karma me!

Another proper response is to register sucks-sites for both the prosecuting party and their lawyers.

Remember, Gifford-Krass-Grohsprinkle sucks.

These firms are and represent the scum of the earth. Why? Because they take money from their clients in cases where they know they have no legal standing. They're just bullies for hire, and quite possibly they even fool their clients into thinking they have a real complaint. Scum.

See also MichaelSavageSucks.com also nastygramed by radio show lawyers

if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity

"The IETF's long-ago refusal to consider this issue was hailed as a civil
liberties victory at the time. In fact, it has had the ironic effect of
making it more likely that wiretap solutions will be proprietary and
designed in quiet consultation with the FBI. Bottom line: the notion that
the Net inherently resists government control is in for a bad decade."

Let's examine dates, shall we? Ask the tree himself what he did. Well, it's a little dishonest, Gore dropped out of law school, but the dates are hard to refute.

When the internet was "invented" in 1969, Al Gore was acting as a combat reporter in Vietnam. Comendable enough, but the Senator's son had it much better than most. We can imagine his grasp of computing was about as broad as his expressed interst in such things at the time and for years to come, ZERO.

In the next five years he failed as a farmer, priest and lawyer. No biggie, lots of nice people fail at many things and the effort is commendable if not exceptional. Yet, where is the interest in computing while Unix is being created?

In 1976, Gore started his long and unbroken career as a politician. According to this empasioned defense Al Gore made his first concrete contribution to what we know of as the internet with, "High Performance Computing and Communications Act in 1991." Not bad, he beat Bill Gates to caring, but it's hardly the kind of stuff you could call "instrumental".

Clearly, however, he suffered from his associations with one of the most agresivly dishonest administrations in US history. We can give credit to Al Gore for the 1996 Telecomunications Act, which failed, and the DMCA. It's a mixed record by someone who's writing proves a deep ignorance of many important technical matter. It's right to distinguish between people who understand technical details and those who pretend to know. It would be one thing if he stood on his record honestly. His agradizing and pretenses were blatant enough for people who wanted him elected to notice. The New York Times, the Washington Post and other paper called him on this.

I can only imagine that Apple thinks Gore has some influence to wield in shcool and government computer purchases. It's inconcievable they hired him for technical reasons.

• http://www.firstmonday.dk/issues/issue5_10/wiggins /
• http://www.politechbot.com/p-01394.html
• http://www.democraticunderground.com/articles/02/0 2/20_internet.html

The Politech mailinglist.

From http://www.politechbot.com/info/about.html:

Politech is the moderated mailing list of politics and technology. Topics include privacy, free speech, the role of government and corporations, antitrust, and more. Membership is free, and you can redistribute messages freely if you keep the information intact. You can expect to receive about three messages each weekday. Your email address will not be made public. Archives are available at politechbot.com.

The Politech mailinglist.

From http://www.politechbot.com/info/about.html:

Politech is the moderated mailing list of politics and technology. Topics include privacy, free speech, the role of government and corporations, antitrust, and more. Membership is free, and you can redistribute messages freely if you keep the information intact. You can expect to receive about three messages each weekday. Your email address will not be made public. Archives are available at politechbot.com.

But it's much more useful than that - if they're able to collect all that information, they can correlate it with people who give money to the Green Party or peace groups or environmental groups (some of whom are already on the TSA's not-allowed-to-fly lists because of their political incorrectness.) Also, the increased "information sharing" between the US civilian police agencies, spook agencies, and military, plus the redefinitions of lots of forms of vice as "national security" issues means that they can use those hotel bills from Humboldt County, California to decide to give your luggage a lot of extra attention when you're flying back from Amsterdam, or ask the Internal Revenue Service to check out your tax returns after that trip to Las Vegas just in case you might have been "money laundering" or passing some cash to that suspicious Penn fellow.

Oooh. The Green Party USA must be out of money because they can't even afford their own domain. They have to host on Geocities!

By the way, you might want to check your facts before you post a link to a Geocities site!

Actually I think that the tires show an increase in pressure before they go offline. This could be due to heating as observed here

Two years ago, I was a highly decorated NASA engineer. I was awarded their highest medal, for Exceptional Achievement -- something that is usually reserved for senior managers -- because of my expertise.

I was a safety engineer.

I was removed from my GS-13 position, as an internationally-recognized authority on hypergolic propellants and explosives, and forced off the Kennedy Space Center. At gunpoint.

Their excuse was that I had "abused government equipment." Because I sent a friend an e-mail joke.

The reality was that I wouldn't play their "political ball."

I F-ING WARNED THEM.

I told them that the technicians and engineers were overworked. I told them that there were too many managers and too many meetings and "dog-and-pony" shows. I told them that their senior "face time" play games, while they spent all their time plotting how to give each other pay raises, and left the guys on the floor to struggle day to day with obsolete and overpriced and unqualified equipment, was going to result in another Challenger.

I was there for Challenger.

I saw the same exact conditions happening again. Overpaid, lazy, irresponsible managers concerned solely with their climbing up their ladders.

I told them they were skimping on inspections. I told them that the ground crews were asleep on their feet from exhaustion. I made as much noise as I knew how to make about the top-heavy bureaucracy sitting around in their fancy panelled offices, giving whorish press interviews in their smugness, while they did not have a clue what was going on in the real world where I was working.

They fired me. They fired a GS-13 civil servant, with an Exceptional Service medal and ten dozen commendations. For sending an e-mail joke.

In reality, for objecting to political fat-cats sitting on their fat rear ends and failing to do their jobs.

Like Challenger, those who are most guilty are the ones who will attempt to make the most political capital out of it. But the blame for Columbia lies entirely and totally with the NASA administrators. They should all be investigated for their criminal negligence. They should all serve time in jail.

I warned them. They did their best to destroy me, because I warned them.

It's too bad that innocent astronauts paid with their lives for NASA managers greed and political ass-kissing.

But I am not surprised.

Two years ago, I warned them.

Dian Hardison
Cocoa, FL 32927

Note: Her NASA biography is still online at a NASA site.

There does not (yet) seem to be a prohibition against intermediate mail relays stripping the "ADV:" (or "ADULTADV:") tag from the subject line.

I think that would make a pretty bad defense. Citing the proposal:

No person or entity conducting business in the United States may electronically mail, or cause to be electronically mailed [...] unsolicited advertising material [...] unless the subject line of each and every electronic document or message includes ''ADV:'' (My emphasis)

You could hardly have used a tag-stripping relay by accident, and so you have consciously "caused" tagless mailing.

Also note that the clause permitting normal internet routing applies only "to the extent that the tele-communications utility or Internet service provider merely carries that transmission over its network."

A relay that actively modifies subjects would hardly be able to use that defense...

Okay, since this is slashdot, I'll start with CEI Blasts Open Source Software. Just to put it in local context.
Also, you are right, I was wrong and I should have done the research. I ASSUMED that, as usual, a right-wing group was putting forward a PR flack and, as always true with assuming more then once, I made an ass of me and only me. Nonetheless, instead they front with a geologist (hmmm, that's relevant-NOT!) who then calls such a background one in "the natural sciences". Yeah, sure, pull the other one.
But, as for CEI and how they are funded (were they "bribed"?), let's move on to this, which shows that since 1985 the CEI has been funded almost entirely by large polluting corporations and folks like Scaife, Olin, and McKenna on the very hard right. These are the folks that people like Gingrich had to ask to moderate their public statements because they were too hard-line right wing for *him*.
Now, as for funding, CEI has gotten funding from (among others):
* Amoco Foundation, Inc.
* Coca-Cola Company
* CSX Corporation
* Ford Motor Company Fund
* Philip Morris Companies, Inc.
* Pfizer Inc.
* Precision Valve Corporation
* Sarah Scaife Foundation
* Texaco, Inc.
* Texaco Foundation * American Petroleum Institute
* ARCO Foundation
* Burlington Northern Railroad Co.
* Cigna Corporation
* Detroit Farming Inc.
* Dow Chemical
* EBCO Corp.
* General Motors
Now, I could write this all up for you, but I believe that this report does just fine, starting out with "CEI calls itself 'a non-profit, non-partisan research and advocacy institute dedicated to the principles of free enterprise and limited government.' . . .In fact, it is an ideologically-driven, well-funded front for corporations opposed to safety and environmental regulations that affect the way they do business."

As I said, industry flacks.
Rustin

After reading this you can see that the chances are indeed very slim, if not outright bleak.

They just published an op-ed piece that pretty much says we have arrived at the perpetual copyright.

Also, your elected officials are happy about it.

Folks, this is what we are up against. The House Judiciary applauds the supreme court decision.

At least now you know who aren't your friends.

Such a list becomes pretty useless for any poor sucker (myself included) who lives in a country that is considering legislation to make hardware and software that goes not comply with DRM-ish concepts illegal.

Declan McCullagh has a column on this on CNet. How long will it take Poindexter to merge this database with the supermarkets' databases of purchases, so you can be tracked electronically, all the time?

Really? I thought it was Gore... oh well.
Maybe you should read this: http://www.politechbot.com/p-01394.html

No, the DMCA is quite unusual for having a willfulness element, which goes to the defendant's knowledge of the law rather than guilty conduct. For all the criticism the DMCA has gotten, it oddly enough also contains the key to Elcomsoft's acquittal. From reading news reports, I suspect the jury wanted to acquit and focused on this provision to do it.

Staples is not relevant, it concerns whether the defendant knew the facts -- the "physical properties" of his gun -- not his awareness or ignorance of the law on such guns.

Thanks for citing to Cornell Law, I went there. :)

READ THIS KEYNOTE ADDRESS for an intelligent, no-bullshit media industry view on disruptive technologies such as napster.

Perhaps because SpamCop is overzealous to the point of stupidity?

See, for instance:

• Here;
• Here;
• Here;
• Here;
• Here;
• Here;

Perhaps because SpamCop is overzealous to the point of stupidity?

See, for instance:

• Here;
• Here;
• Here;
• Here;
• Here;
• Here;

Perhaps because SpamCop is overzealous to the point of stupidity?

See, for instance:

• Here;
• Here;
• Here;
• Here;
• Here;
• Here;

Perhaps because SpamCop is overzealous to the point of stupidity?

See, for instance:

• Here;
• Here;
• Here;
• Here;
• Here;
• Here;

Perhaps because SpamCop is overzealous to the point of stupidity?

See, for instance:

• Here;
• Here;
• Here;
• Here;
• Here;
• Here;

Perhaps because SpamCop is overzealous to the point of stupidity?

See, for instance:

• Here;
• Here;
• Here;
• Here;
• Here;
• Here;

Links to Google Cache(N.B. Not always cached.)

C|Net has an interesting editorial cache [Link not cached at time of posting]
Declan McCullagh cache [Cache link active]
Digital Cash. cache [Link not cached at time of posting]

Mirrored Text (for posterity, not karma): Digital Cash.

Implementations of various electronic cash protocols. Digital Cash Implementations of various electronic cash protocols.

magicmoney 1.0 Magic Money is a digital cash system designed for use over electronic mail. Magic Money is a digital cash system designed for use over electronic mail.The system is online and untraceable. Online means that each transactioninvolves an exchange with a server, to prevent double-spending. Untraceablemeans that it is impossible for anyone to trace transactions, or to match awithdrawal with a deposit, or to match two coins in any way. The systemconsists of two modules, the server and the client. Magic Money uses the PGPascii-armored message format for all communication between the server andclient. All traffic is encrypted, and messages from the server to the clientare signed. Untraceability is provided by a Chaum-style blind signature.Note that the blind signature is patented, as is RSA. Using it forexperimental purposes only shouldn't get you in trouble. Digicash isrepresented by discrete coins, the denominations of which are chosen by theserver operator. Coins are RSA-signed, with a different e/d pair for eachdenomination. The server does not store any money. All coins are stored bythe client module. The server accepts old coins and blind- signs new coins,and checks off the old ones on a spent list. sources MagicMoney.tar.gz author Pr0duct Cypher edit application object

-lucre 0.9.0 Unofficial Cypherpunks Release of Chaum's ecash. -lucre is a C library that implements the protocols of DigiCash's ecash.-lucre provides all of the basic things you would like (payment requests,payments, deposits, withdrawals, opening accounts), as well as a fewadvanced features (like the ability to use the same account on multiplemachines, and the ability to use ecash without having a bank account atall). The format of the wallet is somewhat different from that of DigiCash'sstandard client, so you have to be careful if you want to use use both thatand -lucre with the same bank account. It does seem to work, though. sources lucre-0.9.0.tar.gz author Anonymous edit application object

ncash 19971216 An efficient off-line electronic cash system based on the representation problem. Experimental implementation of an off-line electronic cash system based onthe representation problem. From the documentation, "Our system is the firstto be based entirely on descrete logarithms. Using the representationproblem as a basic concept, some techniques are introduced that enable us toconstruct protocols for withdrawl and payment that do not use the cut andchoose methodology of earlier systems. As a concequence, our cash system ismuch more efficient in both computation and communication complexity thanpreviously proposed systems.". The technical paper is mirroredhere. sources snapshot.tar.gz author Niels Möller homepage http://www.lysator.liu.se/~nisse/NCash/NCash.html edit application object

$Id: application-index.html,v 0.24 1999/09/16 14:13:43 root Exp $ munitions.vipul.net Amsterdam, Netherlands mirror &copy 1999-2001, Vipul Ved Prakash. Thanks to xs4all for providing the resoruces to host this site.

Mirrored Text (for posterity, not karma): C|Net has an interesting editorial

Perspective: Tech's answer to Big Brother - Tech News - CNET.com CNET tech sites: Price comparisons | Product reviews | Tech news | Downloads | Site map News.context: Special Reports | Newsmakers | Perspectives Perspective: Tech's answer to Big Brother By Declan McCullagh December 16, 2002, 4:00 AM PT WASHINGTON-Why is everyone so surprised that the U.S. government wants to create a Total Information Awareness database with details about everything you do?

This is an unsurprising result of having so much information about our lives archived on the computers of our credit card companies, our banks, our health insurance companies and government agencies.

Now a Defense Department agency is devising a way to link these different systems together to create a kind of digital alter ego of each of us. After the Sept. 11 terrorist attacks, this proposed centralization was inevitable-and it's only going to get worse.

Blame retired Admiral John Poindexter, national security adviser for former President Ronald Reagan, who returned to the Pentagon in February to run a creepy new agency that's trying to create this mammoth surveillance and information-analysis system. It's called Total Information Awareness, and it's funded by the Defense Advanced Research Projects Agency (DARPA).

Don't get me wrong. I'm not saying it's a good idea, or that it's consistent with the traditional American values of limited government and a sharp demarcation between the private and the public sector. I'm not even sure if Poindexter's brainchild could ever work.

What I am saying is that if our personal information-some of it extraordinarily sensitive-is archived in corporate or government databases and protected only by the weak shield of the law, it's vulnerable to federal snoops.

After the Sept. 11 terrorist attacks, this proposed centralization was inevitable-and it's only going to get worse. When a nation is responding to perilous threats, politicians tend to repeal privacy laws in a femtosecond. The current process started with overwhelming votes for the USA Patriot Act last year. (It cleared the Senate with only one "nay" vote, from the courageous Russ Feingold, D-Wisc.) And if another terrorist attack happens, all bets are off.

That's why simply enacting laws and trusting to the government to protect our privacy can be a very dangerous thing. Just ask the Japanese-Americans forced into internment camps during World War II. New research says they were selected using Census Bureau data-data that was handed over to the government in strict confidence. Or ask the people who were robbed by the former chief of detectives for the Chicago Police Department, who pleaded guilty last year to using law enforcement databases to plot crimes.

Technology offers a better way to preserve our rights against government overreaching. New crises may prompt Congress to vote unanimously to skewer the Bill of Rights. But technological protections don't vary with the whims of politicians or shifts in Supreme Court majorities.

The sad thing is that for years we've known about technology that can slow down this mass "databasification" of American society. We just haven't used it.

One approach is outlined in Peter Wayner's useful book, "Translucent Databases." It describes methods-complete with Java code that produces standard SQL (Structured Query Language)-to construct databases that use one-way functions to scramble data and shield it from prying eyes.

New crises may prompt Congress to vote unanimously to skewer the Bill of Rights. But technological protections don't vary with the whims of politicians or shifts in Supreme Court majorities. "The main goal I had with writing the book is to show it is possible to build a database that does useful work and solves problems without keeping personal information," Wayner said. "At first it seems counterintuitive. You figure that if you're going to arrange appointments and keep track of what customers bought in the past, you need the information there. But it turns out it's possible (to scramble it), and it can make the database smaller and faster, too."

A basic example is the venerable Unix password file, which doesn't store any actual passwords. Instead, the operating system scrambles a user's password using a one-way hash function and saves the scrambled version to the file. Because the function cannot be reversed, the database is secure if viewed by a malicious hacker, but users can still log in.

More importantly, even if Poindexter obtained that file through a court order or some more surreptitious method, assuming the encryption algorithm worked properly, he wouldn't be able to extract anyone's actual passwords from it.

Wayner's book provides tips that more programmers should follow. He shows how to build an encrypted department store database using a one-way function that can't divulge personal information unless a customer's full name is supplied. Other examples include encrypted car rental databases and lotteries.

A second approach was invented by Stefan Brands, previously a scientist at Zero Knowledge Systems, who outlined it in a book titled "Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy."

Brands describes a remarkable technology called limited disclosure certificates. It's a pre-emptive response to current trends in authentication, where you might end up using one digital ID certificate for everything from driving to shopping to health care-and all your information and transactions would instantly appear in Poindexter's database.

Limited disclosure certificates solve that centralization problem. They use a clever bit of mathematics to protect the identity of honest people, but reveal the identity of people who attempt to commit fraud. As soon as you try to cheat someone, the privacy protection evaporates.

Brands predicts in his book how a limited disclosure certificate would work on a smart card: "Any data leakage from and to the smart card can be blocked. The cardholder can even prevent his or her smart card from developing information that would help the card issuer to trade the cardholders' transactions, should the card contents become available to the card issuer. Transactions can be completed within as little as 1/20th of a second, so that road-toll and public transport applications are entirely feasible."

In an interview, Brands added that "instead of all this information about you being managed in central databases, you could manage it yourself. In theory, all the data that organizations hold about you and need to make decisions about you could be distributed to you.

"If you use good cryptography, the organizations' information is protected: You can't modify the information. At the same time, you would then be able to disclose whatever you need for a particular purpose."

MIT professor Ron Rivest described Brands' work as imparting a way for people to remain anonymous and yet convince an Internet service provider that they are a paid subscriber. The beauty is that the user's sessions are unlinkable-the ISP can't even tell if an user currently logged in is the same as the user who used the service at a previous time.

It's true that Congress could outlaw Wayner's and Brands' techniques and force all information to be stored in a surveillance-enabled way. But until that happens, we don't have to make it any easier for Poindexter and his snoops.

More Perspectives

biography Declan McCullagh is the Washington correspondent for CNET News.com, chronicling the ever-busier intersection between technology and politics. Before that, he worked for several years as Washington bureau chief for Wired News. He has also worked as a reporter for The Netly News, Time magazine and HotWired. Search News.com All CNET The Web

From the amateur account:

I doubt I shall ever see a more beautiful judge ;^>

I want pictures... Naked pictures!

Somewhere in that there was some coverage of Jon having three OSen
installed (FreeBSD, GNU/Linux and Windows), during which the prosecutor
got confused by Jon referring to "GNU/Linux", rather than "Linux" per
se; and appeared to be confused about how one computer can have more
than one O/S (or, at least, there was a confusion which appeared to be
about dual boot).

I read through a lot of the list and several things struck me. Overall,
I see the list as lending a lot of credibility to Johansen's case. I
don't see it casting doubt as to this.

Are you a patriot, or are you a terrorist?

Because if you're not with us, you're against us.

And if you're not a patriot, you're a terrorist.

A patriot has nothing to hide from his [sic] Country. A patriot is glad, glad with all his heart to hear that his country is taking the initiative, a patriot supports the party -- if the party wants to know whom Sam or Sally is speaking with, let the party know. If the party wants to know where every Citizen is, what every Citizen does, what every Citizen knows, then let the party know.

A patriot believes. A patriot is the opposite of the dissident.

A patriot does not support laws that allow terrorists, those who do not believe in the strength and ideals of our country, to hide behind anonymity. A patriot does not support anarchy, the total chaos that results when you allow dissidents to mess with public awareness, to spread their lies about our country.

And a patriot does not call for public hearings, checks and balances, handcuffs to hold the hand of Justice, to keep our men [sic] in uniforms -- who believe -- from doing what they believe in, what Americans -- real Americans, not bleeding-heart-liberals need for their protection.

A patriot does not question.

You're either with us, or against us.

If you're not a patriot, you're a terrorist.

I guess I'm a terrorist.

Isn't Rackspace blacklisted for being host to a bunch of spamhausen?

Politech got blacklisted several times.

Here are some choice excerpts from that Pentagon briefing on TIA, for the lazy, with the bullshit cut out. Obviously, you can read the original if you prefer.

Q: ... What are the privacy issues ... ?

Aldridge: There are no privacy issues.

Q: Can you run over the transactions again? It sounds like every time I would enter or a citizen would enter a credit card, any banking transaction, any medical -- I go see my doctor, any prescription, all of those things become part of this database -- right? -- hypothetically?

Aldridge: Hypothetically they would...

Q: Every time they use a telephone, that call enters the database. And if it is voice recognition, for example, then that enters the database, hypothetically, right?

Aldridge: Hypothetically, yes.

When this goes into effect, the credit cards go. The checkbook goes. The ATM card goes. No more video rentals. The cellphone goes. Everything I e-mail out will be encrypted, though I expect that I'll use e-mail a lot less.

Sucks to live in a Republican America.

-Waldo Jaquith

They've lost their focus by going from a cyber-liberties organization concerned with online free speech and privacy and morphed into a anti-market, Naderite consumer-advocacy group.

Now I donate to the Electronic Privacy Information Center and the American Policy Center instead.

Even the Ayn Rand Institute has denounced Lessig as a Marxist.

http://www.politechbot.com/p-03228.html

EFF will never get a penny from me.

Your digital cash will arrive in 2005, when an important David Chaum patent expires.

That's right, exercise your First-World sense of righteous indignation. Thank goodness we Americans are above this sort of bribery. And if by some chance it did happen to us, I'm sure our system would correct for the insanity even quicker than those back-water Panamanians...

I'm the author of the article at Wired.com. I'll try to answer belately some of the questions raised by the story.

Not least of which being, yes, there were Nigerian spam scams galore in the inbox.

I was the person who correctly guessed -- on the first try -- the password to the Press account at UrukLink.net.

FWIW, when I signed in, the account had apparently been abandoned for several months. (It was over quota and rejecting new messages since Aug. 17). What caught by eye first was the message from an ATT.net account offering wireless technology to Iraq, as reported in the article.

Besides contemplating the potential illegality of my unauthorized access, I have also thought hard about the ethics of publishing the material I obtained.

Password cracking is not a generally accepted journalistic practice, as a reporter for another news organization pointed out to me today. I was also notified that the material contained in Saddam's public inbox is not exactly the Pentagon Papers. Nor is my report on the e-mails anywhere near the caliber of the Chiquita expose'.

Nonetheless, I believe, and Wired News's editors backed me on this, that the contents of the inbox were of significant public interest considering the current conflict between the USA and Iraq.

Some readers have dismissed the messages as unimportant because so many came from ordinary Internet users and small businesses (and not from heads of state or major corporations). But I think that's what makes the inbox such an interesting, if unscientific, survey of public opinion.

To minimize the harm cause by the report, we removed the names of individuals and companies who wrote to Saddam -- even those of people from whom we had obtained comments.

Brian

Damnit! This is what I was talking about - the CBDTPA I believe the name of the bill was changed in order to confuse. It has now confused me. Grrr. Senator Hollings gonna get a wedgie if he changes it again.

Unless you were trying to validate the Ayn Rand Institute's libelous assertion that proponents of the public domain are just thieves and vandals, perhaps you could've settled for a link.

You don't give the man enough credit.