The Internet and the State

Part 4: Anonymity and Identification

1. Cryptography as a Threat to the State

Reading

1. Statement of Louis J. Freeh, Director of the Federal Bureau of Investigation, Before the Senate Committee on Judiciary Subcommittee for the Technology, Terrorism, and Government Information, on Cybercrime (March 28,  2000);  Declan McCullagh, Former FBI chief takes on encryption, CNET News.com (Oct. 14, 2002)
2. Froomkin, The Metaphor is the Key: Cryptography, the Courts, and the Constitution, 143 Penn. L. Rev. 709 (1995), §§ I.A, I.C.2(a)&(b), III & IV.B
3. Froomkin, It Came From Planet Clipper: The Battle Over Cryptographic Key "Escrow", 1996 U. Chi. L. Forum 15, §§ III B & C.
4. Anonymous, Introduction to Blacknet
5. Orin S. Kerr,  The Fourth Amendment in Cyberspace: Can Encryption Create a "Reasonable Expectation of Privacy?", 33 Conn. L. Rev. 503 (2001) (on Westlaw)
6. Junger v. Daley, 209 F.3d 481 (6th Cir. 2000)
7. Kyllo v. United States, -- U.S. -- (No.99-8508 June 11, 2001).  Majority opinion.  Dissenting opinion.
8. Carrie Kirby, New Encryption laws for e-mail unlikely (Oct. 6, 2001)

Thinking

• Which of the following are First Amendment "speech"
• a message encrypted in a code no one remembers
• ancient hieroglyphics
• modern art
• the source code for cryptographic software
• a paper piano roll in a player piano
• a list of random numbers
• a program (compiled) for cryptographic software
• an encrypted message
• a gun
• a nuclear bomb
• blueprints for a gun
• blueprints for a nucelar bomb
• instructions on how to build a nuclear bomb in rhyming couplets set to music
• What meaning does a 'reasonable expectation of privacy' have as technology changes?
• What limits can the US government impose on the use of cryptography in peacetime?  In wartime?
• How dangerous is cryptography in the wrong hands?
• Can it be kept out of the wrong hands?  How?
• If cryptography cannot be kept out of the wrong hands, what policies can nations adopt to minimize illicit uses short of an outright ban?

Optional

1. Bernstein v. United States, 176 F.3d 1132 (9th Cir. 1999) [note that this opinion was withdrawn by Bernstein v. U.S. Dept. of Justice, 192 F.3d 1308 (1999), which granted a rehearing en banc; the matter was subsequently remanded to the district court for further proceedings in which the government basically said it doesn't intend to enforce the regulations against people like Bernstein]
2. D.J. Bernstein, Bernstein v. United States web site
   
3. Eben Moglen, So Much For Savages (1999)
4. Dam, Kenneth and Lin, Herbert (Eds), Executive Summary of the CRISIS Report
5. Hal Abelson et al, The Risks of Key Recovery, Key Escrow & Trusted Third Party Encryption (1998)
6. Peter Lewis, On the Net (Sept. 11, 1995)
7. Tim C. May, The Crypto Anarchist Manifesto,
8. Report of the President's Working Group on Unlawful Conduct on the Internet, The Electronic Frontier: The Challenge of Unlawful Conduct Involving Use of the Internet
9. Bruce Sterling, The Hacker Crackdown (1994),
10. John Gilmore, Re: PERL/RSA t-shirts for Americans only (June 6, 1995)
11. Dave Touretzky, How to decrypt a DVD: in haiku form (2001)
12. Highly recommended: Don't Eat Pete, D-e-C-S-S (descramble) (.mp3) (big file, be very patient)

 2. Anonymity Control (part 1)

Reading

1. Froomkin, Part II.A of Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases
2. Froomkin, Legal Issues in Anonymity and Pseudonymity, 15 The Information Society 113 (1999). [This document is not available online, but a more dated treatment of the same topic can be found in parts II.B of Froomkin, Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases ]
3. Stefanie Olsen, Nearly undetectable tracking device raises concern (July 12, 2000)
4. McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995).
5. Urofsky v. Gilmore, 216 F.3d 401 (4th Cir. 2000). (An easier to read version, lacking a few corrections, is here).
6. Julie E. Cohen,  A Right to Read Anonymously: A Closer look at "Copyright Management" in Cyberspace, 28 Conn. L. Rev. 981 (1996). .pdf or ugly text version. pp. 1-19 & 30-51
7. Eric Friedman and Paul Resnick, The Social Cost of Cheap Pseudonyms (Aug. 17, 2000) (.pdf), pp. 1-7 & 22

Thinking

• Even if the First Amendment allows it, in light of the Dormant Commerce Clause can states legislate against anonymity?
• Imagine your client wants to run an anonymous remailer.  Are there any civil or criminal liaibility issues you might wish to warn your client about?
• Your client has read about Haven Co and thinks it's the perfect place to locate his anonymous remailer.  Does that resolve any of your concerns?

Optional

1. O'Connor v. Ortega, 480 U.S. 709 (1987)
2. Claudia Rocio Vasquez R., Columbia Orders Control of All Pre-Paid Call Cards (Aug. 17, 2000 )(Use the babelfish translator if you don't read Spanish)
3. Altern.org, Loi sur la liberté de communication, 28 juin 2000 (In French, but there's always babelfish)
4. Declan McCullagh, The Wrong Way to Do Dirty Tricks (June 16, 2001)
5.  PGP
1. Freeware int'l PGP: http://www.pgpi.org/
2. The original PGP rant (by Phil Zimmerman): http://www.pgpi.org/doc/whypgp/en/
3. PGP FAQ Pages:
1. http://cryptography.org/getpgp.htm
2. http://www.andrebacard.com/pgp.html
3. http://web.bham.ac.uk/N.M.Queen/pgp/pgp.html
4. A good modern PGP rant: http://www.geocities.com/SiliconValley/Bay/9648/pgp2000-eng.html

  3 . Anonymity Control (continued)

Reading

1. IDing Consumers
1. Roger Clarke, Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue
2. Edgar Bronfman, Jr, Remarks (May 26, 2000).
3. 18 USC 2701
4. In re Doubleclick Inc Privacy Litigation., 154 F.Supp.2d 497 (S.D.N.Y., 2001).
2. IDing Speakers
1. David L. Sobel, The Process that "John Doe" Is Due: Addressing the Legal Challenge to Internet Anonymity, 5 Va. J.L. & Tech. 3 (2000).
2. Doe v. 2themart.com Inc., 140 F. Supp. 2d 1088 (W. D. Wash. 2001).
3. Anderson v. Hale, 2001 WL 503045, 2001 U.S. Dist. LEXIS 6127, 49 Fed.R.Serv.3d 364 (N.D. Ill. May 10, 2001)
4. In re Subpoena Duces Tecum to America Online, Inc., 2000 WL 1210372 (Va.Cir.Ct.,2000).
3. Stephen K. Gielda, Church of the Swimming Elephant, What it is like behind Cotse? (June 5, 2001)
4. Data Trails: John Leyden, EU to force ISPs and telcos to retain data for one year (Aug. 20, 2002)
5. National ID Cards?  Froomkin,The Uneasy Case for National ID Cards as a Means to Enhance Privacy (draft)

Thinking

• I've argued in several articles that anonymity/pseudonymity is the only form of self-help available to individuals who wish to protect themselves against data profiling -- the aggregation of facts about them in databases that can then be used for marketing and other purposes.  Other people have replied that if that's right, privacy is as good as dead, because anonymity/pseudonymity is of little practical value to most honest people most of the time.  Your thoughts?
• Please feel encouraged to bash holes in my ID cards article.

Optional

• Statewatch, EU: data retention to be "compulsory" for 12-24 months (Aug. 23, 2002) (summary) & full report (.pdf)
• Declan McCullagh, Will Canada's ISPs become spies? CNET News.com (Aug. 27, 2002)

To Part 1   Part 2   Part 3   Part 4   Part 5
To Syllabus Index
To Class Policies

Last updated Oct. 28, 2002