Re: making mail traceable (was Re: Received header Considered Pathetic)
2004-01-17 12:59:03
I think this is a good discussion, so I'll do my best to fan the
flames. :-)
Keith correctly and clearly stated the core problem: automating abuse
tracing without providing non-repudiation. It's an impossible goal if
stated in terms of absolutes, though, so let me restate my own vision
of what the goal should be: providing as much automated abuse tracing
as possible without non-repudiation, or (in less technical terms) to
provide the best possible spam tracing without eliminating anonymous
email.
This is a problem that needs to balance privacy rights with law
enforcement. Historically, the way that open societies have typically
dealt with this kind of issue is via the checks and balances of
distributed control. We can go a long way towards that by using
cryptographic tokens to validate ISP's, but requiring legal procedures
to access ISP's records in the course of a spam investigation.
Thus, getting a million complaints about spam messages that were
cryptographically shown to come through an ISP should be enough to get
a warrant to trace the senders, but one or a few complaints should be
subjected to a much higher standard, to prevent police "fishing trips"
in the name of spam control. Automated traceability is a key to
distinguishing between the two cases.
Of course, the previous paragraph would be more precise if, instead of
"ISP" I had said "privacy-sensitive administrative domain." Any
domain-administering entity could choose to make tracing information
from within its domain completely private, as long as it took
responsibility for working with the authorities when it proved to be
the terminal publicly-ascertainable node to which major spam could be
traced. Such domains would likely include large corporations and other
institutions, including those that choose to run anonymous email
gateways and fight spammers in their own ways (for example with
computationally intensive challenge-response systems).
And yes, I realize that the above discussion completely ignores the
jurisdictional issues, but I doubt that it will take more than a decade
or two to work them out, and we need to think in the long term if we
really want to control spam. -- Nathaniel
PS -- Am I afraid that all of this will help Big Brother? You bet.
That's why I want to design as many checks & balances into the system
as we can come up with. But I think the CANSPAM act has made it very
clear that there are likely to be ever more detailed regulations
governing email systems, and I think it would be a losing battle (and
therefore arguably irresponsible) to oppose any particular proposal
without having a more moderate alternative proposal to endorse. The US
congress passed this law, however ill-informedly, because they
correctly perceived a public demand to fix the problem of spam.
Enabling Big Brother is, quite simply, the easiest, laziest solution to
the problem, and therefore it is precisely what will happen unless we
go to the effort of designing a less objectionable one. -- Nathaniel
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: making mail traceable, (continued)
- Re: making mail traceable, James M Galvin
- Re: making mail traceable, Keith Moore
- Re: making mail traceable, James M Galvin
- Re: making mail traceable (was Re: Received header Considered Pathetic), Bruce Lilly
- Re: making mail traceable (was Re: Received header Considered Pathetic), Keith Moore
- Re: making mail traceable (was Re: Received header Considered Pathetic), Bruce Lilly
- Re: making mail traceable (was Re: Received header Considered Pathetic),
Nathaniel Borenstein <=
- Re: making mail traceable, James M Galvin
- Re: making mail traceable, Graham Klyne
- Re: making mail traceable, Keith Moore
- Re: making mail traceable, Al Costanzo
- Re: making mail traceable, Keith Moore
- Re: making mail traceable, Al Costanzo
- Re: making mail traceable, Keith Moore
- Re: making mail traceable, Al Costanzo
- Re: making mail traceable, Keith Moore
- Re: making mail traceable, Al Costanzo
|
|
|