At 10:17 AM 10/30/2002 -0800, you wrote:
>I'd like to understand how we could be useful to the cypherpunk community.
>I've got some wild guesses (run a public keyserver, run a mixmaster node,
>etc), but I don't really know what is most badly needed, or how we could
>provide the most bang for the bandwidth buck. (We do pay for bandwidth, so
>"serving up Debian ISOs" is not a viable way we can help the community at
>this time.) Ideally, we'd like to find applications that don't use a lot of
>bandwidth (<500kbps aggregate), but require a server that's got a fixed IP,
>is up all the time, and has very low latency to most of the Net.
>
>How can we help?
David,
One simple way would be to implement a search warrant circumvention
process. I've recommended this for libraries but there's no reason it
wouldn't work for an ISP. After reviewing Federal procedures for subpoena
I have uncovered a loophole that may not only allow ISPs to provide the
privacy protection patrons desire but perhaps create a new profit center.
The efficacy of my approach is based on the presumption that it is lawful
for the ISP to answer questions from patrons who are not the subject of a
search warrant or other law enforcement investigation. So, for example, if
I were to contact you or your staff and request that you tell me if I my
account records had been requested by law enforcement your staff would be
under no legal restraint from complying with the request (unless I was, in
fact, the subject of such an investigation). Should a request be received
from a patron who was the target of such an investigation, the ISP would
simply fail to respond. My understanding is that the courts cannot order
an ISP to act affirmatively and provide a patron with incorrect information
(i.e., they cannot deputize you and force you to lie to the patron).
Using this approach patrons can now discover from the ISP whether they are
the target of any investigation without the ISP taking any affirmative
action, without the ISP running afoul of the USA Patriot Act or other court
issued subpoenas. To offset the costs of such activity the ISP could
impose a small fee against the patron's account for each check of their
records.
Implementing such a system will, of course, require a ISP which is prepared
to place a high enough value of their patron's assumed right of privacy to
undertake conduct which may be unpopular to law enforcement. Your offer to
help out in a cypherpunk fashion indicates to me you're that sort of person.
steve