NOTE: THIS IS AN EXTRA SET OF MESSAGES THAT DID NOT APPEAR IN RISKS.  This
file is available by anonymous FTP from the RISKS: directory at CRVAX.SRI.COM 
as noted in RISKS-15.28.  Originally noted on 17 Nov 1993, and later added to.

  Contents:
A short response to L. Detweiler: 'I exist as myself.' (Eric Hughes)
Medusa's Snakes Hiss -- Inquiries into Identity on the Internet (L. Detweiler)
Response [added 18 Nov 1993] (mathew)

------------------------------

Date: Wed, 10 Nov 93 23:14:14 -0800
From: hughes@ah.com (Eric Hughes)
Subject: A short response to L. Detweiler: 'I exist as myself.'

   [This message was inadvertently omitted from RISKS-15.27.  Sorry!  PGN]

L. Detweiler's recent article on the RISKS of confusing an online identity
with a potentially knowable physical one are quite interesting, if
hypothetical.   [See RISKS-15.25.]

I would be interested in hearing of situations where this practice has
actually occurred.  If any RISKS members know of any such incidents from
first-hand experience, please share them with the readership.

Unfortunately, I think he really believes that the cypherpunks mailing list
has been dominated by a small cabal who have been using multiple identities
who talk with each other on the list in order to enforce consensus and to
suppress disagreeing positions, namely his.

It just ain't so.

Therefore, to set the record straight I feel I ought to make the following
public statement:

I, Eric Hughes, have never posted or communicated in any name other than my
own.  I can personally testify that I am not the same as any of the other
people listed at the end of L. Detweiler's post, and I can testify from
personal experience that Arthur Chandler, Hal Finney, Tim C. May, and Nick
Szabo are all different people.

I also decline to answer, point by point, the numerous defamatory innuendos
made by L. Detweiler against the members of the cypherpunks mailing list.
Might I also observe that none of the statements are specific enough to
actually count as accusation, but merely as general slander?

Eric

------------------------------

Date: Tue, 16 Nov 93 21:26:51 -0700
From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Subject: Medusa's Snakes Hiss -- Inquiries into Identity on the Internet

Editor:

I appreciate your patience and the fascination on the part of your readers in
exploring this issue of pseudospoofing, represented by many requests in my
email and RISKS-15.27 (I also wish to thank many in other forums, such as
researchers in Computer Mediated Communications, for their interest). In this
letter I will rebut arguments by many in RISKS-15.27 that seek to trivialize
the clear dangers of pseudoanonymity I pointed out in `Medusa's Snakes and
Cyberspace'. Also, I will further address the CryptoAnarchists == Cypherpunks
speculation.

* * *

First, my humble apologies for coining a new term in RISKS 15.25 without
advance warning, `pseudoanonym' -- this I define as the identity, the `name
tag', of a tentacle or snake of Medusa. What is the difference between a
pseudoanonym and a pseudonym? It is subtle but of paramount importance to my
points on the subject, and, based on RISKS-15.27 and mail from everyone from
the curious academics to the shrieking criminals, I think virtually no one
else has understood the basic distinction so far. (Or, if the CryptoAnarchists
understand exactly what I am talking about, they may be escalating their
sabotage to RISKS!)

If I attempt to track down a snake or a tentacle to a real person, for
whatever reason (e.g., law enforcement investigations leading to
prosecutions), Medusa will match this with further, escalated deceptions, or
ultimately cut off the tentacle as an absolute last resort. An honest human
being will not, and make a conscious decision to what point he will carry the
deception. Do you give up the secrecy of a pseudonym when someone asks `it'
for a phone number? When they send `it' email asking if its true name is that
which you imply, that you are a real person? (What, exactly, is a `lie' by a
snake?) Medusa will go to *any* extent to protect her pseudoanonymous snakes,
i.e. the reputations of the `pseudoanonyms' or `pseudopseudonyms' in her
arsenal, starting with clever evasions and advancing to outright lies. (In
extreme cases, this might even include building a network of interstate phone
numbers.) Again, the basic difference is between `passive concealment' vs.
`active deception'.

The issue of traceability of identity is fundamental, of course, to real world
RISKS like drug trafficking. A drug kingpin may erect an empire very much like
Medusa grows her snakes. The former surrounds himself with associates and a
`front line' of identities that can be cut off if threatened by criminal
investigations by law enforcement agencies. The ability to seize the entire
criminal when one stumbles on one hand in the cookie jar, not just a
quivering, severed tentacle, is absolutely paramount to successful criminal
prosecution. The expendable drug `runners' are very much like Medusa's snakes
-- except that Medusa can potentially maintain her digital Snakes far more
readily and insidiously in Cyberspace! This is all the more plausible `when'
commerce becomes widespread in Cyberspace. The Cryptoanarchists are well aware
of this scenario -- in fact, it is their Paradise!

Consider the anon.penet.fi site. Because a message is always marked as
`anonymous' and anon.penet.fi is well known as a `pseudonymity service', I
consider this a `true' or `pure' pseudonym -- everyone who receives a message
or posting from that site is *aware* that the identity is *imaginary*. With a
pseudopseudonym, the whole point is that the receiver does *not* know, assumes
by default the name tag is `real', and Medusa conspires to *prevent*
*everyone* from finding out it is imaginary.

For this reason, I encourage everyone today using pseudonyms to add
identification their communications that tags it as `pseudonymous' -- in this
way they can build up reputations and maintain their privacy through wholly
legitimate and honest means -- which in no way diminishes the utility of the
technique in creditable uses, such as pseudonymous writing. I do not consider
this use of pseudonymity as `pseudoanonymity'. For the same reason,
communicating under an identity like `Santa Claus' I would consider `obviously
pseudonymous'. Furthermore, I suggest that where people use pseudonymity for
legitimate and honest means, they never lie or deceive when confronted about
it. This might include sharing the secret with others. For example, generally
editors are aware of writer's pseudonyms. Uses outside of these aforementioned
contexts I would generally consider illicit `pseudopseudonyms'.

Consider the following as a mnemonic: 

`I am I.' he said truly.
`I am somebody.' he said, truly pseudonymously.
`I am anyone.' he said, truly anonymously.
`I am somebody.' he lied pseudoanonymously.

* * *

Now let me start out by stating that many of the classic Cypherpunk arguments
are represented in 15.27, perhaps because many of the respondents are
prominent Cypherpunks. This is surely because ``the venerated individual
E.Hughes [Cypherpunk moderator] suggested individuals make themselves known,
and mention L.Detweiler's amorphous post to RISKS.'' apparently in a public
Cypherpunks posting as `J. Dinkelacker' writes.

Mr. Dinkelacker is the originator of the `You better start looking over your
shoulder' threat I alluded to in 15.27, and many other fascinating statements
in private mail and publicly on Cypherpunks, such as `I CONTROL YOU' and
`Cypherpunks, it's such a feeling of raw power over lesser intelligences.' He
is also apparently another closet advocate of pseudoanonymity. From his
posting to Cypherpunks of Oct 18, 1993:

>Pseudonyms are an everyday occurrence. The net just takes these things a
>step further. At present, this is a quantitative, not necessarily
>qualitative, distinction.
[...]
>Many athletes have field nicknames, often which change every season, that
>enable person to person communication on the field of play due to
>familiarity of calling voice and nym. Opponents (often last year's former
>teammates) don't know the nym and their chatter used to spoof ("Jamie, on
>your right!) when the ball is actually on your left is easily filtered.

Note the reference to `opponents' and the metaphor of pseudospoofing as a
game, and `field nicknames, often which change every season.' (pseudoanonyms).
`Mr. Dinkelacker' also appears to be referring to another opponent sending
`chatter used to spoof'. The reference to `filtering' even appears to refer to
pseudospoofing *software*. I believe the reference, `last year's former
teammates' is a veiled reference to *myself* -- a taunt.

Finally, we had a statement from A. Abraham:

>I have communicated with "L. Detweiler" in the past, and have frequently been
>amazed by his postings.  His/her decline in the past month or two has been
>somewhat disturbing.  It seems to illustrate how it is occasionally possible
>for strongly held positions, that seem to rely on an slightly unbalanced view
>of the world, to actually originate in unbalanced minds.

Mr. Abraham has sent me some of the most hostile flames I can ever remember
receiving in mail when I began my (now severed) affiliation with the
Cypherpunks about 10 months ago, objecting to my postings. I don't recall
communicating with him since then, at least, not under the name `A. Abraham'.
He is also a close affiliate of E.Hughes, the Cypherpunks moderator, FTP site
maintainer, and chief Cypherpunk leader. E.Hughes and A.Abraham have
apparently been involved in different Cypherpunk projects such as in digital
cash, according to public postings to the Cypherpunks list -- maybe by A.
Chandler, or T.C.May, I'm not sure. Mr. Abraham posts from ah.com, a site
maintained in part (established?) by E.Hughes. I believe they run their own
DNS service.

Incidentally, here is a posting by A. Chandler to Cypherpunks on Sun. Oct. 10,
reflecting on a talk by E.Hughes. Mr. Chandler writes he was `impressed' by
the `outsider' Eric Hughes' `range and depth of knowledge'. Mr. Chandler
alludes to the `revolutionary' effects of untraceable cash such as tax evasion
and destabilization of governments, which are `bound to encounter opposition
much more massive and sophisticated than [Hughes] indicated'. He also referred
to Hughes' talk giving him (chilling?) `flashbacks to the 1960's and 70's,
when counterculture groups laid intricate plans to overwhelm or end run "the
system"':

>  Yesterday I went to hear a very interesting talk by Eric Hughes, one of
>the founding members of the Cypherpunk list/organization. Unlike most
>encryption pop journalists, who seem to limit themselves to PGP, this
>fellow brought up several boggling ideas:
[...]
>It jarred me to see someone so blithely planning to enter into the world
>of international finance from an essentially "outsider" frame of
>reference. As impressed as I was by the range and depth of Eric's
>understanding of the technical aspects of encryption, I have the feeling
>that setting up such a revolutionary scheme -- which would threaten both
>traditional banking enterprises and the governments that monitor and tax
>them -- is bound to encounter opposition much more massive and
>sophisticated than he indicated.
[...]
>To be fair, he could only talk about the high points of his plans in
>the context of the afternoon talk. But I kept having flashbacks to the 1960s
>and 70s, when counterculture groups laid intricate plans to overwhelm or
>endrun "the system."

Mr. Chandler also told me in mail he has written several books, but I have
been unable to get him to list them to me. Mr. Chandler posts as
<arthurc@crl.com>. Here is another post by Mr. Chandler from November 8, 1993,
also addressing the Cypherpunk position on tax evasion:

>Does the government have the right to know how much money I make, and
>from what sources? The IRS says yes, absolutely. But Eric Hughes, in a
>talk given at San Francisco State University, said, in response to a
>question from an audience, that international digital banking will make
>it very difficult for a national government to track monetary exchanges,
>and thereby tax them. Furthermore, I deduced from the gleam in his eye
>that Eric thought that this was a Good Thing [...]

Next, I found it quite ironic how passionately Mr. Metzger defends the
Cypherpunks in RISKS-15.27. Mr. Metzger is one of the misbehaving Cypherpunks
(to say the least) I referred to in 15.27, who harassed my postmaster, sent a
40 letter mailbomb to me, and a 400 letter threat, all apparently attempts to
silence me. Many Cypherpunks, including the top leadership, shrieked loudly,
also to my postmaster, that I had `violated the privacy' of Mr. Metzger in
publicly condemning his tactics as reprehensible. Mr. Metzger is a close
associate of the Cypherpunk leadership, apparently. Mr. Metzger also appears
to be alluding to tax evasion in the following paragraph:

>Some members of the list are radical libertarians such as myself, who often
>point out (with some glee) that cryptographic techniques, which are
>essentially unstoppable because even high school students can now implement
>extremely secure cipher systems, will likely ultimately eliminate the capacity
>of the government and others to nose in where they do not belong.

So, if Mr. Dinkelacker, Mr. Abraham, and Mr. Metzger are representative, we
can suggest that RISKS has been subject to a `lobbyist campaign' by a
particular political group (the Cypherpunks, or perhaps the Cryptoanarchists),
with some successful `penetration' into issue 15.27. Pseudospoofing and
political lobbying was a topic considered in depth in that issue by e.g. B.
Hicks. I'm a quite concerned how few of these Cypherpunks failed to make their
actual affiliations clear, and consider their `conspicuous omissions' somewhat
deceptive to the esteemed RISKS audience. I wonder if this is the kind of
`propaganda' and `influencing people's opinions' with `spin doctoring' Mr.
Hicks seemed to be advocating. I subscribe to a rule of social etiquette that
if you wish to speak on some subject as an authority, your connections with it
should be openly presented as your credentials.

* * *

The classic Cypherpunk rhetorical tactics are well represented in RISKS-15.27,
and include:

1. 

Evading, conflating, and obfuscating the issues of identity, blurring casual
and harmless uses of pseudonyms with insidious uses of `pseudoanonyms'.
Trivialization of criminal behavior. References to the glorious, beautiful
history of deception as if `that which is ancient is also respectable'.  No
specific counterarguments related to Cypherpunks, only vague generalities
about the history of deception.

``In American politics, we call this `lobbying'.  Any number of groups are
misleadingly named and directed to achieve an agenda (*which* groups, of
course, depend on your own beliefs, so I won't try to name any).'' [...]
``Pseudospoofing isn't anything new; it's just a new guise of something
thousands of years old..'' (A. Glockner)

``Does pseudospoofing have dire implications for democracy? [...] Well, no,
because in the political context, pseudospoofing isn't that different from
what interest groups do now.'' (Brad Hicks)

``I hate to sound repetitive, but again, this threat is nothing new.  Look at
the spoof "LSD tattoo" announcements purporting to come from police officers.
or the pranks played against government departments.  Consider campaigners who
write multiple letters under pseudonyms to send to politicians.'' (`mathew')

`mathew' and A. Glockner agree that pseudoanonymity is a `threat', and mention
various insidious forms of criminal abuse of identity (such as political
influence manipulation, impersonation of law enforcement officers, etc),
`mathew' calling some `pranks'. In my view, this is trivialization of criminal
behavior, and another classic Cypherpunk position. ``Everybody is doing it,
therefore it's not bad''. ``If you can get away with it, it's OK''. ``There's
nothing we can do about any of this.'' ``If it can be done, we should try
it.'' ``Lying and deception is not really different than public information or
political campaigns.'' ``People who are victimized by it are just stupid, and
deserve it.''

Mr. Hicks brings up some extremely important points relating pseudospoofing to
Democracy, and I assert there *are* many `dire implications'. We are voting by
mail and by phone, and some day we will be voting by Cyberspace. Mr. Hicks,
would you like to live in a world where people could create imaginary votes to
manipulate our political, legislative, and judicial system just as trivially
as pseudoanonymous Internet accounts can be accessed today? I for one have
nightmares of the toxic waste currently on the Internet bootstrapping itself
into future Cyberspace or even the real political processes. I believe this is
quite the CryptoAnarchist recipe for Hell. (Or from their view, a Liberating
Utopia. All this could fill many other essays!)

Some extremely serious trivializations of deceptions follow:

``[...] a recent (wonderfully funny) hoax having to do with modem taxes,
that fooled even net veterans like Pat Townson of Telecom Digest.'' (B. Hicks)
 
Although I do not know the specifics of this case, I do not share Mr. Hicks
amusement at an insidiously propagated lie, which Cyberspace is especially
vulnerable to.

``Certainly in the "War of the Worlds" incident, Orsen Wells pseudospoofed a
number of people into believing that the Martians and actually landed.  This
unhappy group of individuals relied solely on their radios (and a single
channel at that) for their information.'' (L. Mignerey)

I would not characterize the people as an `unhappy group of individuals' who
believed the show. The War of the Worlds incident caused a widespread panic
that caused extremely serious `real world' repercussions and is a classic
example of the sheer dangers of pseudospoofing (unfortunately, RISKS issues
from then are not available for my immediate research!). The problem was not
that people trusted their radios. The radio had been developed as a medium of
trust and presented in that light, with serious uses such as global news being
fed to a public almost instantaneously for the first time. In a definite
sense, their radios, or more specifically the people who broadcasted over
them, deceived and betrayed them. This was the essential inspiration for the
ensuing public furor and new broadcasting safeguards, standards, and taboos.

I cannot overemphasize this point. The problem is not merely that people
trusted their radios. This would be like telling a group of scientists that
their journals were full of some disinformation and that they were stupid for
believing all of it. The whole point of the medium is that it engineered to
*promote* trust. We must seek to find design criteria to do so as a service to
humanity, and not laugh and mock them when their trust is betrayed.

Nor is the problem that the people only listened to their radios. For example,
in the kind of CryptoAnarchist conspiracy scenario I revealed, the whole point
was that the group was a massive movement that had infected *many* outlets.
What is our assurance that this will not ever happen? I like to believe that
prohibitions on monopolies of radio stations or other media outlets prevent
this. As I wrote in 15.25, no one can point to any such mechanisms on the
current Internet, quite to the contrary they are virtually completely
nonexistent. In an era of the Global Corporation and massive commercial
mergers, e.g. in telecommunications and media, we would do well to remember
Medusa's Snakes in Cyberspace or face a *new* disaster far beyond that of the
CryptoAnarchists or the War of the Worlds.

``Pardon me, but what on earth does this have to do with RISKS?  The practice
of publishing under a pseudonym has been common for centuries; ironically,
Detweiler himself quotes "Shakespeare", believed by many to be a pseudonym.''
(`mathew')

But there is no record of anyone asking Shakespeare, `Is Shakespeare a
pseudonym? Are you Francis Bacon?' If he evaded or lied, I would consider
`Shakespeare' a pseudopseudonym. If Shakespeare lied to people when they asked
him about his identity, I don't think that would be respectable. Did this ever
happen? To my knowledge no instance was ever recorded! In many contexts in a
civilized society, such as government transactions and not dramatic writing, a
lie would be *criminal*.

``Detweiler then points out that a user could post messages under a pseudonym,
complimenting himself.  Again, this is nothing new.  Authors have been known
to review their own books, written under pseudonyms; or to write letters to
newspapers criticizing themselves.'' (`mathew')

Yes, but is this *respectable*? would honest people condone this if they saw
it? Or would someone write to RISKS when they found out it happened? Should
this be allowed or tolerated in very sensitive and serious forums, like
scientific and professional journals? (Like RISKS!) What about Internet
mailing lists dedicated to research or development? Should there be policies
and laws against it?

``He complains that digital signatures do not solve the problem;
unfortunately, he seems to be under the mistaken impression that written
signatures are better.  In fact, it is quite possible for a person to have
multiple handwritten signatures.'' (mathew)

This was not the problem I complained of -- people *expect* that written
signatures be unique, and our entire legal system is based on it, and my
entire point was that digital signatures do *not* share this property unless
*enforced* and *legislated*.

2. 

References to the glorious, beautiful modern forms of deception, such as on
the Internet, as if `that which is widespread and entrenched is also
respectable and desirable'. This is also the `cat is out of the bag' argument,
the `*any* new identification protocols on the Internet would be Draconian or
Orwellian.'  Misleading references to existing social structures for identity.
References to the `state of the Internet as we know it' instead of Future
Cyberspace:

``The fact is that most (all?) states have rules that you can choose any name
(or more to the point, *names*) that you want as long as 1) the state cannot
prove that it is in the public interest to deny your name change or 2) you are
not intending to defraud anyone or escape legal obligations.  Stage names and
pen names are also long-established instances of this, also.'' (A. Glockner)

Note, however, that most states also require a *public notice* of name
changes. These cannot be considered pseudoanonymous, because there is no
intent to deceive based on identity in a *legal* name change, precisely as you
state.

``I hereby inform everyone that it is occurring, and has occurred for
centuries, and will carry on occurring.  It is not a new risk brought in by
technology.'' (`mathew')

If the technology does not prevent routine deception as our prior social
structures do, *that* *is* a `new risk'. The Internet is precisely such a
medium. I think history bears me out that, particularly in the case of poor
social identification protocols, criminal behavior flourishes. The advances in
technology that increasingly blur identity must be matched with advances that
prevent criminal corruptions and conspiracies or society will pay with
serious, painful, possibly disastrous consequences (we are paying dearly in
many quarters of the Internet *now*!). Mechanisms such as signatures and birth
certificates have evolved over centuries to do so, and unfortunately some
people think that Cyberspace is an exception. We are *not* entering a Brave
New World of `total nonidentity' -- we are simply struggling to adapt to new
forms of it.

``The only possible risk that exists is if people lose their perspective, and
forget the distinction between the network and the real world.  Beyond that,
the use of realistic-sounding nom-de-plumes for various reasons is a long and
time-honored tradition.'' (P. Leppik)

``If we are to dive so deeply into cyberspace that it becomes the total extent
of our research on important issues, then I think the problem is not in the
pseudospoofers but in the pseudospoofed.'' (L. Mignerey)

``To compare pseudospoofed argumentation to brainwashing is to show that you
are far, far too susceptible to peer pressure, and also to irresponsibly
diminish the seriousness of brainwashing.'' [...] ``you cannot exert that kind
of control over anyone's life or body or mind via the Net.  All you can do is
create fake peer pressure.  And if you're that susceptible to peer pressure,
Gods' pity on you.  You need to learn to judge arguments by their quality, not
by the number of people who say that they agree with them.'' (B. Hicks)

``Perhaps the problem is that people have got used to the Internet being
restricted to institutionalized settings, where user accounts are numbered,
and verified to be unique by some central authority.  As the Internet spreads
into the real world, so the real-world practice of pseudonymity will
inevitably spread into the Internet.  When everyone has a computer, everyone
can have a pseudonym; just as anyone with a pen and paper can develop a
real-world pseudonym.'' (`mathew')

Actually, I think quite the converse is happening. Once that people realize
that such serious abuses of identity are so trivial to accomplish on the
Internet, and the very depraved and criminal scenarios it is conducive to
(`Medusa's Snakes in Cyberspace'), sophisticated new systems for preventing it
will be developed. Currently, many respondents like to `blame the victim' by
saying that anyone who could ever be fooled by pseudospoofing deserves
whatever brutal, wretched fate they have been deceived into. Another classic
Cypherpunk argument.

Ideally, we could trust Cyberspace as much as we trust our own senses. That
there are definitely strong influences of `peer pressure' in Cyberspace is
*unequivocal*, that is essentially its basic and fundamental draw! I believe
many such systems can be developed to afford us this trust. They are critical,
because trust is *inherent* to communication, despite the delusions and
fantasies of others. (Zen Koan: What is the cryptographic protocol that
ensures the source or destination of a message is secure?) But we may have to
get burned badly before anyone gets started in implementing these techniques
or is convinced they are necessary. Perhaps that has *always* been the
procedure for the development of safeguards! Only the excruciatingly painful
disasters lead to new improvements!

3.

More vague, inconclusive claims, when the Cypherpunks could have easily
devastated my arguments with some simple and straightforward denials. We don't
have any prominent Cypherpunk saying, `I have never posted pseudoanonymously,
and to my knowledge prominent Cypherpunks [x,y,z] never have either, nor has
it appeared on the Cypherpunks mailing list to my knowledge.' `The Media has
never been deceived about the Cypherpunks'. `There is no secret Cypherpunk
mailing list.' `We do not condone pseudoanonymity.' `We do not seek to
`infiltrate' multiple mailing lists and promote our agenda on them.' `We do
not promote tax evasion, the collapse of governments, anarchy or black
marketeering.' Incidentally, these are some of the claims I requested that
prominent Cypherpunks deny publicly or privately, where I met vicious
stonewalling, evasion, and attacks.

``The allegation that most of the mailing lists members are identical is
bizarre -- anyone is free to check for themselves that people like Tim May,
Eric Hughes, and others are real people.'' (P.Metzger)

I made no such `accusation' that E.Hughes and T.C.May are not real people or
that `most of the mailing list members are identical'. This is another classic
Cypherpunk argument -- ``many people who post to the list are real people,
therefore anyone who posts to the Cypherpunks list is a real person''!

``He gives an example of an anarchist organization using pseudonyms to aid the
destabilization of governments, democracy, law enforcement, and so on.  Every
good conspiracy must have a secret enemy trying to destroy the world.  He
speaks of carefully-guarded mailing lists and secret societies, and explains
that the anarchists could send spoof communications to public addresses,
magazines, and the like.'' [...] ``Detweiler then goes even further, talking
about "pseudospoofers" as using "brainwashing and an illusion of peer pressure
to manipulate unknowing subscribers", with campaigns of "mental assault" to
attack doubters.  Of course, sinister mind-control techniques are a classic
part of any conspiracy theory.'' (`mathew')

`mathew', someone I don't seem to recall from anywhere, including my ~10
months on the Cypherpunk mailing list, but is quite the eloquent Cypherpunk
apologist, gives no evidence the Cypherpunks are not such an organization, as
I implied. And no Cypherpunk has publicly denied it, despite dozens of my
requests in various forms to do so, many addressed privately to leaders.

``He suggests that they "might even be able to make a real-world pariah from
simulated ire and criticism directed at a single strong opponent, say, L.
Detweiler, from many simulated identities in cyberspace".  Thus, he hopes,
everyone who replies to RISKS criticizing his bizarre fears will become
another piece of evidence in his favour.''  (`mathew')

This is correct. For example, if `they' (`CryptoAnarchists') post under
imaginary names, attack my arguments in completely indirect terms as `bizarre
conspiracy theories', no prominent CryptoAnarchists deny any aspects of a
conspiracy scenario, the CryptoAnarchists that *do* write are more in favor of
pseudonymity than against it, indeed, would all be subtle pieces of evidence
in my favor.

``I would like to attest from personal knowledge that the following
personalities each emanate from a separate flesh and blood person...'' (A.
Abraham)

In the realm of pseudospoofing, the specific question, to the contrary, is
`who has ever posted under which identities'? Again, the strange phrasing
about `emanating personalities' is suspicious.

``More to the point: Jamie Dinkelacker is the only name I've used posting on
the net.'' (J. Dinkelacker)

What does it mean to ask the question of Medusa's tentacle, `who are you?'

4. 

More veiled and ad hominem attacks on me personally, generally independent of
my specific arguments, independent of evidence. (The ones that imply I am an
insane conspiracy theorist who should seek professional psychiatric
counseling, one e.g. by P. Metzger, are always my favorites.) I have hundreds
of these from my mail and many Cypherpunks, and are so numerous I will refrain
from quoting them or the latest batch in RISKS-15.27, except for two I found
particularly amusing and ironic:

``People who are suffering from insane fantasies rarely bother to listen if
people tell them that they have insane fantasies.'' (P.Metzger)

People who doggedly pursue the Truth rarely bother to listen to people who say
that, too.

``His posting appears to me to be an artfully crafted conspiracy theory. I'm
sorry if this seems impolite, but the entire article seems to me to be 10%
misconceptions and 90% pure conspiracy theory.  (Oh no!  Mathew is One Of
Them!)  I find such things amusing, but I for one would appreciate it if this
sort of nonsense was kept out of RISKS in future.'' (`mathew')

I'll let history judge the validity of my claims and those of my detractors.
However, if no one investigates, there will certainly be nothing to consider.

* * *

Finally, I will address the question of how the Internet may be improved to
reach the goal of a hospitable Cyberspace for all of humanity:

``Well, if I see someone post to the net under a name I don't recognize --
like (say) L.  Detweiler -- then I assign that person (whom I don't know)
exactly the same probability of being a megalomaniac as I assign an anonymous
user I don't know.'' (`mathew')

What if we devised a system (as I have been advocating) that ensured I would
no longer have to guess `who is who'? Cryptographic protocols exist today to
feasibly build the following `identity infrastructure':

a) people voluntarily apply for certificates that certify their Internet
handles are legal identities. They keep the certificate private for obvious
reasons of preventing impersonation.

b) people affix these digital certificates to their mail and postings,
similarly like digital signatures.

c) others, who wish to ensure the `integrity of identity', filter their
personal mail and news reading based on the certificates and personal
preferences.

d) a central authority is established only to police the databases, handle
guidelines, prevent corruption, and punish offenders (similar to our current
birth certificate & court system)

The Cypherpunks, based on many dozens of messages from my mailbox, are
absolutely terrified by this system, despite it being voluntary, because of
the restrictions on the blurring of identities they find `Draconian and
Orwellian.' They suggest to me that erecting it is the first step toward
Inevitable Totalitarian Oppression. (Similar to the argument that if we
restrict machine guns today, we will wake up in a police state tomorrow.) They
might accept such a system without critical point (d) -- the essential element
that prevents corruption! Note that I am not advocating an Internet Police
Force -- only an Identity Database Police Force. Sincerely, I consider the
perversions by Snakes of Medusa on the current Internet far more oppressive
and conducive to rampant dischord and chaos. Nevertheless, if any such system
with all points intact were established (as I believe is inevitable) or was in
the fragile embryonic planning stage (as I see the current Internet), the
CryptoAnarchists would do everything possible to subvert, sabotage, and
destroy it.

``Once a few snakes of Medusa had their fangs into Cyberspace, an antidote to
the invisible, spreading, self-reinforcing poison would be virtually
impossible to administer -- Medusa would certainly do *anything* to avoid
swallowing it!''

L. Detweiler


Postscripts

1) Mr. Neumann, only partly in irony and jest, I encourage you to adopt an
official policy of `submissions under True Name only' or `obviously
anonymously' and never `pseudoanonymously' in your serious and esteemed forum,
analogous to those in other prestigious professional journals. (I would
personally be satisfied with the `honor and shame system'.) I wonder how it
might have affected past issues, #15.27 in particular!

2) I am unaware of any official Cypherpunk archives, but I encourage anyone to
set up an archival site or examine past Cypherpunk traffic with an eye to
uncovering or researching pseudospoofing; I believe it is quite littered with
it. However, top cypherpunks such as T.C.May have consistently opposed
archival for unclear reasons, calling it `Orwellian'.

3) The Cypherpunks have been profiled in many highly reputable areas of the
U.S. media, including Wired Magazine, the New York Times, and in other
prestigious newspapers. To my knowledge, the topics such as tax evasion,
destabilization of governments, and pseudospoofing have never been addressed
in these outlets, only that of `privacy'. My requests for the official
Cypherpunk positions on these topics have gone unanswered so far. If it were
true that Cypherpunks == Cryptoanarchists, I think we would have a deception
and hoax that has surpassed H.G. Wells' War of the Worlds -- perhaps the first
of its kind in Cyberspace. I admit I am quite frustrated lately in not knowing
for certain, and not being comforted whatsoever by respondents in RISKS-15.27,
many who appear to advocate ``Security through improbability.''

------------------------------

Date: Thu, 18 Nov 93 13:31 GMT
From: mathew@mantis.co.uk (mathew)
Subject: Re: RISKS DIGEST 15.28X

In RISKS-15-28X, L. Detweiler responds to some of the criticisms
levelled against him in RISKS-15-27.

I have no wish to attempt rational discussion with him, but I would
like to reply to a few of the comments he has directed specifically
against me.

Perhaps this reply could be added to 15.28X.  I'm certainly not asking
you to bore the RISKS readership with it.

"L. Detweiler" <ld231782@longs.lance.colostate.edu> writes:
> `mathew' and A. Glockner agree that pseudoanonymity is a `threat', and mention
> various insidious forms of criminal abuse of identity (such as political
> influence manipulation, impersonation of law enforcement officers, etc),
> `mathew' calling some `pranks'. In my view, this is trivialization of criminal
> behavior, and another classic Cypherpunk position. ``Everybody is doing it,
> therefore it's not bad''. ``If you can get away with it, it's OK''. ``There's
> nothing we can do about any of this.'' ``If it can be done, we should try
> it.'' ``Lying and deception is not really different than public information or
> political campaigns.'' ``People who are victimized by it are just stupid, and
> deserve it.''

This is a blatant case of putting words into my mouth.  For what it's
worth, I believe that some criminal pranks *are* trivial, but that of
course many are not.  It depends upon the specific prank in question.

Obviously a 'prank' which results in injury or death is very serious
indeed; one which merely confuses a few people is completely harmless,
even if it is (strictly speaking) illegal.

> `mathew', someone I don't seem to recall from anywhere, including my ~10
> months on the Cypherpunk mailing list, but is quite the eloquent Cypherpunk
> apologist, gives no evidence the Cypherpunks are not such an organization, as
> I implied.

Nor should I.  I am not a member of the Cypherpunks mailing list, nor
have I knowingly met any of the people your tirades are primarily
directed against.  It is entirely possible that the Cypherpunks are a
sinister mind-control organization.  Hell, it's *possible* that aliens
have taken over the telephone company.

I just wished to point out in my reply to your article, that your
accusations are formulated and structured in exactly the same way as
many other classic conspiracy theories, such as the Grey Alien UFO
conspiracies.

As to your not recalling me from anywhere, I've posted to RISKS
before, and I'm quite visible in alt.atheism, talk.bizarre, and a few
other newsgroups.  I am a real person, as can easily be verified by
telephone.  If you happen to be in Cambridge (UK), I'll happily meet you
in person.

> ``Well, if I see someone post to the net under a name I don't recognize --
> like (say) L.  Detweiler -- then I assign that person (whom I don't know)
> exactly the same probability of being a megalomaniac as I assign an anonymous
> user I don't know.'' (`mathew')
> 
> What if we devised a system (as I have been advocating) that ensured I would
> no longer have to guess `who is who'? Cryptographic protocols exist today to
> feasibly build the following `identity infrastructure':
[...deleted...]

Go ahead and start.  I, for one, will never participate, for the same
reason that I will never carry an ID card.

I've never needed to produce my birth certificate; I'm not even sure I
could find it.  There is no mandatory ID card in the UK, and we get along
fine that way.  That's the way I'd like it to stay.

> The Cypherpunks, based on many dozens of messages from my mailbox, are
> absolutely terrified by this system, despite it being voluntary

Ah, but is it "voluntary"?  That's the real problem with ID cards too.
They start off "voluntary", but then suddenly you have to have one
before a shop will take a cheque.

By the way, no quotes are required.  I call myself mathew, and sign my
name that way.  My family name is no big secret, but I generally choose
not to use it, preferring to be called by my first name.  That is my
right under UK law.

mathew

------------------------------