A cryptographic solution to securely aggregate allegations could make it easier to come forward

Nobody wants to be the first person to do or say a risky thing. One recent example of this is the revelations that a number of powerful figures, like Harvey Weinstein, Roger Ailes, Bill O’Reilly and Bill Cosby, had a long pattern of sexual harassment and even assault, and many people were aware of it, but nobody came forward until much later.

People finally come forward when one brave person goes public, and then another, and finally people see they are not alone. They might be believed, and action might be done.

Eleven years ago, I proposed a system to test radical ideas, primarily aimed at voting in bodies like congress. The idea was to create a voting system where people could cast encrypted votes, with the voter’s identity unrevealed. Once a majority of yes votes were cast, however, the fragments of the decoding key would assemble and the votes and the voter identities could be decoded.

This would allow, for example, a vote on issues where a majority of the members support something but few are willing to admit it. Once the total hit the majority, it would become a passed bill, with no fear in voting.

I still would like to see that happen, but I wonder if the approach could have more application. The cryptographic approach is doable when you have a fixed group of members voting who can even meet physically. It’s much harder when you want to collect “votes” from the whole world.

You can easily build the system, though, if you have a well trusted agency. It must be extremely trusted, and even protected from court orders telling it to hand over its data. Let’s discuss the logistics below, but first give a description of how it would work.

Say somebody wants to make an allegation, such as “I was raped by Bill Cosby” or “The Mayor insisted I pay a bribe” or “This bank cheated me.” They would enter that allegation as some form of sworn legal statement, but additional details and their identity would be encrypted. Along with the allegation would be instructions, “Reveal my allegation once more than N people make the same allegation (at threshold N or less.)”

In effect, it would make saying “#metoo” have power, and even legal force. It also tries to balance the following important principles, which are very difficult to balance otherwise:

  1. Those wronged by the powerful must be able to get justice
  2. People are presumed innocent
  3. The accused have a right to confront the evidence against them and their accusers

How well this work would depend on various forms of how public the information is:

  • A cryptographic system would require less (or no) trusting individual entities or governments, but would make public the number of allegations entered. It would be incorruptible if designed well.
  • An agency system which publishes allegation counts and actual allegations when the threshold is reached.
  • An agency system which keeps allegation counts private until the threshold is reached.
  • An agency system which keeps everything private, and when the threshold is reached discloses the allegation only to authorities (police, boards of directors).

There are trade-offs as can be shown above. If allegations are public, that can tell other victims they are not alone. However, it can also be a tool in gaming the system.

The allegation must be binding, in that there will be consequences for making a false allegation once the allegations are disclosed, especially if the number of existing allegations is public. We do not want to create a power to make false anonymous allegations. If it were public that “3 people allege rape by person X” that would still create a lot of public shame and questions for X, which is fine if the allegations are true, but terrible if they are not. If X is not a rapist, for example, and the threshold is high, it will never be reached, and those making the allegations would know that. Our system of justice is based important principles of presumption of innocence, and a right to confront your accusers and the evidence against you.  read more »

Replacing the FCC with "don't be spectrum selfish."

Radio technology has advanced greatly in the last several years, and will advance more. When the FCC opened up the small “useless” band where microwave ovens operate to unlicenced use, it generated the greatest period of innovation in the history of radio. As my friend David Reed often points out, radio waves don’t interfere with one another out in the ether. Interference only happens at a receiver, usually due to bad design. I’m going to steal several of David’s ideas here and agree with him that a powerful agency founded on the idea that we absolutely must prevent interference is a bad idea.

My overly simple summary of a replacement regime is just this, “Don’t be selfish.” More broadly, this means, “don’t use more spectrum than you need,” both at the transmitting and receiving end. I think we could replace the FCC with a court that adjudicates problems of alleged interference. This special court would decide which party was being more selfish, and tell them to mend their ways. Unlike past regimes, the part 15 lesson suggests that sometimes it is the receiver who is being more spectrum selfish.

Here are some examples of using more spectrum than you need:

  • Using radio when you could have readily used wires, particularly the internet. This includes mixed mode operations where you need radio at the endpoints, but could have used it just to reach wired nodes that did the long haul over wires.
  • Using any more power than you need to reliably reach your receiver. Endpoints should talk back if they can, over wires or radio, so you know how much power you need to reach them.
  • Using an omni antenna when you could have used a directional one.
  • Using the wrong band — for example using a band that bounces and goes long distance when you had only short-distance, line of sight needs.
  • Using old technology — for example not frequency hopping to share spectrum when you could have.
  • Not being dynamic — if two transmitters who can’t otherwise avoid interfering exist, they should figure out how one of them will fairly switch to a different frequency (if hopping isn’t enough.)

As noted, some of these rules apply to the receiver, not just the transmitter. If a receiver uses an omni antenna when they could be directional, they will lose a claim of interference unless the transmitter is also being very selfish. If a receiver isn’t smart enough to frequency hop, or tell its transmitter what band or power to use, it could lose.

Since some noise is expected not just from smart transmitters, but from the real world and its ancient devices (microwave ovens included) receivers should be expected to tolerate a little interference. If they’re hypersensitive to interference and don’t have a good reason for it, it’s their fault, not necessarily the source’s.  read more »

Remaining neutral on network neutrality -- it's the monopoly, stupid

People ask me about the EFF endorsing some of the network neutrality laws proposed in congress. I, and the EFF are big supporters of an open, neutral end-to-end network design. It’s the right way to build the internet, and has given us much of what we have. So why haven’t I endorsed coding it into law?

If you’ve followed closely, you’ve seen very different opinions from EFF board members. Dave Farber has been one of the biggest (non-business) opponents of the laws. Larry Lessig has been a major supporter. Both smart men with a good understanding of the issues.

I haven’t supported the laws personally because I’m very wary of encoding rules of internet operation into law. Just about every other time we’ve seen this attempted, it’s ended badly. And that’s even without considering the telephone companies’ tremendous experience and success in lobbying and manipulation of the law. They’re much, much better at it than any of the other players involved, and their track record is to win. Not every time, but most of it. Remember the past neutrality rules that forced them to resell their copper to CLECs so their could be competition in the DSL space? That ended well, didn’t it?

Read on…  read more »

Baby Bells announce new "GoodPackets" program to charge for access

New York, March 22, 2006 (CW) Bell South and AT&T, two of the remaining Baby Bell or “iLec” companies announced today, in conjunction with GoodPackets Inc., a program to charge senders for certified delivery of internet packets to their ISP customers.

William Smith, CTO of Bell South, together with AT&T CEO Ed Whitacre, who will be his new boss once the proposed merger is completed, made a joint announcement of the program together with Dick Greengrass, CEO of GoodPackets.

Under the program, customers of GoodPackets interested in better delivery of their packets to AT&T and BellSouth DSL customers will pay GoodPackets a fee to get their packets certified. Certified packets will bypass blocks and filters in the routers of the ISPs for premium delivery to customers, and be tagged as certified to the end-user.

“We’re just seeing too many bad packets these days, and we have to block some of them. But serious, professional sites on the internet don’t want their packets blocked, and are willing to pay to assure they aren’t,” said Whitacre. According to Greengrass, a portion of the money paid to GoodPackets will be given to the ISP in question.”

According to Smith, “his firm should be able, for example, to charge Yahoo Inc. for the opportunity to have its search site load faster than that of Google Inc.”

“A lot of these extra packets filling our pipes are of dubious origin, in any event. A large portion of internet traffic comes from peer to peer filesharing systems which are often infringing copyright, or from companies like Skype bypassing the telcom tarrifs we all have to pay. Charging money will let the legitimate companies out there distinguish their traffic from all this unknown traffic, and assure delivery,” said Whitacre.

Traffic originating from BellSouth and AT&T servers would not need to pay for the premium access. “It’s our network, after all, and our video servers don’t go through the routers to the outside world to get to our users,” said Smith.

Greengrass insisted the fees were not for delivery, but for certification that the packets come from a known and trusted source. Users and ISPs can then decide if they want to give them more reliable delivery and acceptance. That the charges are per packet is simply a way to differentiate the market, and not overcharge low-volume senders.

For those who don’t get it, this is a satire comparing the AOL/Yahoo/Goodmail program to the network neutrality debate.

The true invention of the internet, redux, and Goodmail/Network Neutrality

I wrote an essay here a year ago on the internet cost contract and how it was the real invention (not packet switching) that made the internet. The internet cost contract is “I pay for my end, you pay for yours, and we don’t sweat the packets.” It is this approach, not any particular technology, that fostered the great things that came from the internet. (Though always-on also played a big role.)

It’s time to re-read that essay because two recent big issues uncover attacks on the contract, and thus no less than the foundation of the internet.

The first is the Goodmail program announced by AOL. The EFF has been a leading member of a coalition pushing AOL to reconsider this program. People have asked us, “how bad can it really be?” Why is putting a price on E-mail so bad?

One particular disturbing thing about the goodmail program is that it reminds me a bit of a protection racket. Goodmail hopes its customers will pay it hundreds of millions of dollars because they are afraid of spam filters. They are selling those customers (who are required to be legitimate mailers sending solicited mail) protection from the spam filters of AOL. Problem is, those spam filters shouldn’t be blocking the legitimate mail at all — it is a flaw in the filters that makes people want to buy protection from them. They’re buying protection from something that shouldn’t be harming them in the first place. An ISP, like AOL, would normally be expected to have the duty to deliver legitimate mail to its customers. To serve those customers, they also block spam. Now, unlike the mobster selling protection, AOL’s spam-blockers are not blocking the legitimate mail maliciously, but that’s about the only difference, and part of why this smells bad.

This has been my direct criticism of the program on its own. Goodmail says it’s really a certification program. There have been IETF standards to sign E-mail and get certificates for signers for a long time, and many “Certificate Authority” companies of all stripes who sell such a process. They don’t charge per message, though.

The charging per message sets a nasty precedent which is an attack on the internet cost contract. It violates the rule about not sweating the individual traffic. I pay for my end, you pay for yours. As soon as we start deciding some traffic is good and bad, and some traffic has to pay to transit the pipes or get through the filters, we’ve taken a step backwards to the settlement based networks that the internet defeated decades ago.

In the 70s and 80s the world had many online services you paid for by the hour. It had MCI mail, which you paid to send. It had packet switched X.25 networks you paid for by the kilopacket. They were all crushed by the internet, not just in cost, buy in innovation. AOL, the last of the online services, had to adopt the internet model in almost all respects to avoid a slope to doom.

The idea of a two-tier internet, which many have been writing about recently, has generated the debate on a subject called network neutrality. Sometimes the problem is attempts to block services entirely based on what they are (such as blocking VoIP that competes with the phone service of the company that owns the wires.) Other times it’s a threat that companies providing high-bandwidth services, like video and voice, should “pay their share” and not get a “free ride” on the pipes that “belong” to the telco or cable ISPs.

Once again, the goal is to violate the contract. The pipes start off belonging to the ISPs but they sell them to their customers. The customers are buying their line to the middle, where they meet the line from the other user or site they want to talk to. The problem is generated because the carriers all price the lines at lower than they might have to charge if they were all fully saturated, since most users only make limited, partial use of the lines. When new apps increase the amount a typical user needs, it alters the economics of the ISP. They could deal with that by raising prices and really delivering the service they only pretend to sell, or by charging the other end, and breaking the cost contract. They’ve rattled sabres about doing the latter.

The contract is worth defending not just because it gives us cheap internet or flat rates. It is worth defending because it fosters innovation. It lets people experiment with services that would get shut down quickly if people got billed per packet. Without the cost contract, great new ideas will never get off the ground. And that would be the real shame.

On the two-tier internet

Of late there’s been talk of ISPs somehow “charging” media-over-IP providers (such as Google video) for access to “their” pipes. This is hard to make sense of, since when I download a video from a site, I am doing it over my pipe, which I have bought from my ISP, subject to the contract that I have with it. Google is sending the data over their pipe, which they bought to connect to the central peering points and to my ISP. However, companies like BellSouth, afraid that voice and video will be delivered to their customers in competition with their own offerings, want to do something to stop it.

To get around rules about content neutrality on the network that ILEC based ISPs are subject to, they now propose this as a QOS issue. That there will be two tiers, one fast enough for premium video, and one not fast enough.

Today I’ve seen comments from Jeff Pulver and Ed Felten on possible consequences of such efforts. However, I think both directions miss something… (read on)  read more »

WSIS and the splitting of the root

There’s talk that in the battle between the USA and Europe over control of ICANN, which may come to a head at the upcoming World Summit on the Information Society in Tunis, people will seriously consider “splitting the root” of DNS.

I’ve written a fair bit about how DNS works and how the true power over how names get looked up actually resides with hundreds of thousands of individual site administrators. However, there is a natural monopoly in the root. All those site admins really have to all do the same thing, or you get a lot of problems, which takes away most of that power.

Still, this is an interesting power struggle. If a large group of admins decided to switch to a new DNS root, different from ICANN, they could. The cooperation of Microsoft, which includes the default root list for IIS, and Paul Vixie, who puts that list in BIND, would play a large part in that as well.

In fact, many times in the past people have split the root by creating alternate, “superset” roots which mirror the existing .com/.org/.net/etc. and add new top level domains. Some of these have been “innocent” efforts frustrated at how slowly ICANN had created new TLDs, but in truth all of them have also been landgrabs, hoping to get ownership of more generic terms, furthering the mistake that was made with .com. ICANN is also furthering the mistake, just more slowly. (The mistake is ignoring what trademark law has known for centuries — you don’t grant ownership rights in ordinary generic terms.)

All of these superset attempts have also failed. I don’t think I have ever seen anybody promote a URL using one of the alternate root TLDs, or give me an email address from an alternate root TLD. I consider that failure.

This is, of course, what creates the natural monopoly. Few people are interested in setting it up so that two different people looking for a domain get different results. That applies to the fact that most people get an error for (in the alternate TLDs) and a few get the registrant’s site, but it applies even moreso to the idea that Americans would get one answer for and Europeans a different one.

Because of this, Larry Lessig recently suggested he wasn’t worried about a root split because there would be such strong pressure to keep them consistent.

The difficulty is, what’s the point of creating your own root if you can’t actually make it any different from the original? The whole point of wanting control is to have your way when there is a dispute, and to have your way does not mean just doing it the same as everybody else lest we get inconsistent results.

It’s possible that a group of nations might try to wrest control in order to do nothing at first, but eventually create a superset of TLDs which would, for the first time, be a success. That might work, since if all the nations of the world except the USA were to go to a new root set, it would be hard for the private individuals in the USA who control name servers not to follow. But then the new group would no doubt attempt at some point to issue policies for the existing top-level-domains and country code domains.  read more »

ICANN Announces ".polinc" TLD for politically incorrect and dangerous-opinion sites

ICANN is pleased to announce that the independent evaluation process, which began last year, has resulted in a further sponsored Top Level Domain (sTLD) application moving to the next stage.

As the process for selecting new sponsored Top Level Domain (sTLDs) continues from a pool of ten applications, ICANN has now entered into commercial and technical negotiations with an additional candidate registry, ICM Registry, Inc, (.POLINC).

The .POLINC top level domain will be a voluntary arena for sites that wish to express ideas that are politically incorrect or inflammatory. Sites that promote ideas including racism, homosexual advocacy, embryonic stem cell harvesting, creationism, evolutionism, opposition to the war in Iraq, defence of the liberation of Iraq and other topics that are inflammatory can voluntarily register in the .POLINC domain to make it clear what sort of material can be found on the site.

“We’re not trying to suprise anybody with the fact that our sites have unpopular an inflammatory opinions on them,” said Brad Templeton, Chairman of the web site notorious for its opposition to the surveillance tools the Justice Dept. says are needed for the War on Domestic Terror. Templeton also operates the site, which contains jokes, some of which lampoon stereotypes of all manners. “By giving us our own domain, people will know exactly what they are getting. Our views are for adults. We’re not trying to push them on kids.”

Operators of .POLINC domains believe that by using this domain, they will have an answer to any user who complains about finding their material on the internet, in particular parents who don’t want their children exposed to highly radical views. Internet filtering software, commonly sold to parents, schools and libraries, will be able to easily and reliably block access to .POLINC sites by children and library patrons.

 read more »

ICANN moves towards .XXX (+.JOBS, .TRAVEL) -- Even worse ideas

I have written before about what a terrible idea it is to generate top level domains that are generic, and have a meaning, because they create artificial monopolies over real words and generic terms, something even trademark law figured out was stupid centuries ago.

Now ICANN has gone one worse and annouced that a .XXX domain is underway. It is also talking about TLDs for jobs, and travel as well as .CAT, .POST and .MOBI.

The .XXX domain is a terrible idea, not just because of the monopoly it gives. It is almost certainly the first step towards putting greater liability on people who provide adult content and don’t brand it with a .XXX domain. There is justifiable fear of laws that punish adult content outside of .XXX and don’t punish it inside. But at the same time filters will take the simple step of blocking all of .XXX from companies, schools, libraries and kids “just to be safe.”

Which creates a “damned if you do, damned if you don’t” situation for anybody who is borderline adult, not necessarily hard core porn, but viewed by some as not appropriate for children. Including possibly many of the dirty jokes on my own RHF web site.

I wish there were some way to stop this.

Addendum: While the Daily Show (best show on TV) did a great segment on how incredibly silly it was for TV shows to sit there and read out blogs aloud on TV, MSNBC has just such a segment called “Tony’s Tabs”, part of “Connected Coast to Coast with Ron Reagan and Monica Crowley”, and in my most unusual trackback ever, this posting was featured on it…

More on generic domains, and poli-spam

There has been some discussion of the generic domain proposal on slashdot (alas mostly incorrect because they didn't read the underlying essays.) The posting here was also posted on
a DNS discussion site, and there are multiple comments.

As noted, my blog entry was primarily a summary of views related to the proposal of yet another generic TLD. Mistakenly I gave the .yahoo example making some people think I was proposing just giving TLDs to big companies, which is the exact opposite of the proposal. Those who wish to comment should see actual proposal to break up ICANN to see where I'm coming from.

Additional not on Political Spam: John Gilmore wondered if it might be unconstitutional to limit the number of E-mails each candidate got to send to the voters in their district. I doubt that's true, but it turns out it's not needed. If voters have easy opt-out links and an opt-out web site, candidates that overwhelm voters with messages would quickly be unsubscribed to, losing their chance to get their message out closer to the election.

It's also not necessary to provide email for ballot propositions. They are not really in need of campaign finance reform in the same way. Those who donate to a proposition do so only to help it win. They may have ulterior motives for that, but they are not doing it to get influence with a candidate later on other issues, which is the CFR problem.

Otherwise doing ballot propositions seems harder, since it is hard to see who would be the "official" opponent (though election books seem to do something here.) Everybody deserves a say, but open mail lists clearly would not work.

New mobile domain another bad idea

You may have seen a new proposal for a "mobile" top-level domain name for use by something called "mobile users" whatever they are. (The domain will not actually be named .mobile, rumours are they are hoping for a coveted one-letter TLD like .m "to make it easier to type on a mobile phone.)

Centuries ago, as trademark law began its evolution, we learned one pretty strong rule about building rules for a name system for commerce, and even for non-commerce.

Nobody should be given ownership of generic terms. Nobody should have ownership rights in a generic word like "apple" -- not Apple Computer, not Apple Records, not the Washington State Apple Growers, not a man named John Apple.

Rather, generics must be shared. Ownership rights can accrue to them only in specific contexts that are not generic. Because the word "Apple" has no generic meaning when it comes to computers, we allow a company to get rights in that name when applied to computers. A different company has those rights when it applies to records. More than this, different parties could own the same term with the same context in two different cities. There is probably a "China Delight" restaurant in your town.

We hammered out the rules to manage such naming systems literally over centuries, with many laws and zillions of court cases.

Then, when DNS came along we (and I include myself since I endorsed it at the time) threw it all away. We said, when it came to naming on the internet, we would create generic top level domains, and let people own generic names within them.

Thus, "com" for commerce has within it "" Centuries of law establshed nobody could own the generic word "drugstore" but when it comes to names used on the internet, we reversed that. No wonder that company paid near a million for that domain as I recall, and at the record, the inflated number of 7.5 million was paid for

The old TLDs have that mistake built into them. On the internet, we are the only EFF organization because we were first. Nobody else can be that.

The new TLDs continue that trend. Be it .museum, which allows one body to control the generic word museum, or a new proposal for .mobile.

Because of this, people fight over the names, pay huge sums, sue and insist only one name is right for them.

I maintain that the only way to get a competitive innovative space is to slowly get rid of the generics and allow a competitive space of branded TLDs for resale. .yahoo, .dunn, .yellowpages, .google, .wipo, and a hundred other branded resellers competing on on even footing to create value in their brand and win customers with innovative designs, better service, lower prices and all the usual things. I presume .wipo would offer trademark holders powerful protections within their domain. Let them. Perhaps .braddomains would, when you bought a domain, give you every possible typo and homonym for your domain so people who hear it on the radio won't get it wrong typing it in. Perhaps .centraal (former, non-generic name of the now defunct "RealNames" company) would follow their keyword rules. I know .frankston would offer permanent numeric IDs to all. Let them all innovate, let them all compete.

We're nowhere near this system, but I didn't just make up the idea of not owning generics. I think centuries of experience shows it is the best way to go. I wrote this today in response to the .mobile proposal, but you can also find much more on the ideas in my site of DNS essays including this plan to break up ICANN, and essays on generics and also the goals we have for a domain system

Syndicate content