Publically taking a position seems to be what White Rose is about. This makes sense and would demonstrate to the left a commitment. At the moment the left wins everytime a blogger or poster hides behind a none too secure alias.

invisiblog.com

It uses Mixmaster for anonymity, and PGP for authentication.

Posting is a bit tricky at the moment, requiring some familiarity with PGP and Mixmaster, but we’re working on a client application for Windows and Unix that automates the process. Future versions of the client might also include support for receiving anonymous mail via nymservers.

(apologies if this is a dupe; my previous attempt at posting didn’t seem to work)

invisiblog.com

(disclosure: I’m its creator)

Creating and posting to blogs is a bit fiddly at the moment, requiring some experience with PGP and Mixmaster, but we’re approaching the release of a client application for Windows and Unix that makes the process user-friendly. Later versions of the client may also include functionality for receiving anonymous email via nymservers.

While Scott has a commercial motivation, as the head of Sun Microsystems to make this statement, it nonetheless contains an important truth. Technological advances and decreasing costs, combined with the uses we choose to put technology to (and the uses that governments put technology to), make ever increasing details of our lives persistent somewhere in some database/computer.

To think you can opt out this process, is a topic suitable for alt.survivalism (incidentally, for a while one of my favourite newsgroups; it can get deliciously weird).

One of the largest components of government IT budgets (and business for that matter) is spent on linking up all these disconnected sources of data, to get a bigger picture on each individual (customer in the business jargon). Its obviously filtered up to the powers that be, that this exercise would be a lot easier in the UK if there were a universal unique identifier for each person. Hence the identity card.

But be clear, absent the universal identifier (card), this linking up of data will still occur, it will just be harder, take longer and cost more.

Lets say for the sake of argument, that you help generate a ground-swell of public opinion that stops the identity card. You will stop nothing of any significance occuring in terms of the end result. All you will achieve is delays and increased costs to both government and private business.

I would genuinely prefer a voluntary system run by an entity with an arms-length relationship with government where access could be through some publically accountable and auditable mechanism. But we need to separate the benefits of secure identities from the risks and costs of different ways of implementing them.

To reject secure identities because you don’t like the risks of a particular system, is throwing the baby out with the bath water. I still maintain that more secure identity systems have the potential to enormously increase our security and freedom and I for one will support their implementation in principle.

Precisely. I am convinced that political efforts to protect our privacy will fail miserably. We need a technological solution. We need to place the laws of physics (preferably the laws of mathematics) between us and the State if we are to survive.

We need the ability to communicate and BROADCAST information anonymously. The techniques used need to work even if the State understands their principles of action. The techniques need to be packaged in a user-friendly way so that any idiot can use them.

Comments: Welcome to White Rose
What we REALLY need is HARDENED ANONYMOUS COMMUNICATION. In particular, we need some way to run blogs and post messages without it being traced back to realspace identities. Current generation proxies and anonymizers work great until the surveilance state either brackets the proxies with sniffers or seizes them directly. What percentage of public proxies are actually honeypots?

We need a better technological solution.

>>What better way to get one than using the blogosphere to trumpet the need? How do we go about it?<<

We need to get in touch with all manner of hackers, coders, and cryptographers. We need people to create several distinct applications:

1. A secure point-to-point messaging system (mostly done already, needs to be made more idiot-friendly). It will need to be redesigned so that encrypted data can be sent without being detectable as such, since eventually non-State use of encryption will be banned.

2. A mechanism for blogging where it is MATHEMATICALLY UNFEASABLE or PHYSICALLY IMPOSSIBLE to connect the posts to a realspace identity. Assume for this purpose that ECHELON can sniff every router on the planet — if it can’t now, it will eventually.

This is a much, much harder problem than is seems at first glance.

3. A sturdy mechanism for detecting State access to a computer system, so that private information therein can be deleted or rendered useless before the State gets its hands on it. We must assume that the State will be able to compromise physical security on any computer system on a relatively short time scale.

Let me take a ‘trans-Anglosphere’ view: I recall a chum of mine in the USA in 1994 watched through his window one night when a pair of New Jersey State Troopers went through his garbage and took away all the discarded letters, bills and documents they found… because he was a member of an anti-Jim Florio political group (the then NJ governor). Now fast forward a few years…imagine if the state of NJ could force all ISPs to keep copies of your e-mails for 5 years in case they are requested by the authorities… now imagine that access to that sort of information can be gained by relatively low level state employees who would not have to go to the trouble of getting a couple corrupt cops to rummage through your garbage but would just send an official looking letter to the ISP saying you are making enquiries relating to terrorism and need access to the archived e-mails (but in reality hope they can find something incriminating on a person who is a political or even personal annoyance).

Do you seriously think ‘checks and balances’ in western democracies would stop that sort of abuse if the information gathering infrastructure is in place and the data is just there waiting to be looked at? Well… Welcome to Britain and the Regulation of Investigative Powers Act, which has had several attempts to widen the number of civil servants who can get access to information about people, all the way down to lowly town councils.

There is no freedom without privacy.

“It is proper to take alarm at the first experiment on our liberties. We hold this prudent jealousy to be the first duty of citizens and one of the noblest characteristics of the late Revolution. The freemen of America did not wait till usurped power had strengthened itself by exercise and entangled the question in precedents. They saw all the consequences in the principle, and they avoided the consequences by denying the principle. We revere this lesson too much…to forget it.”
James Madison

Freedom and privacy are different things and people frequently confuse and lump them together. I value my freedom, but don’t consider my privacy that important. In fact I resent government restrictions on my right to use and where I consider it appropriate to forgo, my privacy as I see fit. Privacy has been eroded for many years primarily because people freely choose forgo it in exchange for increased security – cheques and credit cards over cash, increased security for residences and property (gated compounds are common where I live), secure online identities.

We then get to the interesting part, which is that to a large extent freedom is determined by security. This ranges from the proverbial little old lady who is afraid to go out after dark, to the traveller who stays home because of fear of terrorism, to the person who won’t buy stuff online because he doesn’t want his credit card number stolen. So we have a very real trade-off between privacy and freedom via security. I consider perhaps the most important social development over the next ten or so years, is how we utilize new technologies with the capability to dramatically increase the strength of identity and hence improve security and increase freedom.

In railing against identity cards you are confusing three different things. One is a card as a proof of (more-or-less) secure identity. The second is the more abstract notion of a universal secure identity itself. And the third element is forced identity.

The simple fact is that much of the modern world would be unworkable without reasonably secure identity. An enormous number of things depend on it, from banks to healthcare systems to traffic fines. How useful would an anonymous passport or credit card be? Given that we have to have secure identities to transact in the modern world, would a universal cradle-to-grave system be more secure and effective? Its hard to avoid the answer Yes! Most countries have them, including the USA with a quasi-universal system in its SSN.

Although everyone will concentrate on the identity cards themselves, I consider them a secondary part of the whole thing. I already carry around a bunch of identity cards – ATM card, credit card, drivers license, residence permit (I live overseas), medical card. One more is neither here nor there.

Which brings us to the third aspect. Should it be forced? (and perhaps a wider version of the same question is – should the government being doing this at all?). This is the place where we need discussion, because as a Libertarian I find the idea of a voluntary system with mild incentives for adoption much more palatable that a forced system, and similarly if the government had a minor role, I would be much happier. There are several precedents for a private enterprise run system – domain names, commercial digital identity products from RSA, and mobile phones, which have a moderately secure digital identity and are in widespread use. However, to get such a system off the ground in the near future requires some innovative thinking by government – an unlikely eventuality. Long term, I am convinced it will happen of its accord as people understand the implications of more secure identities and voluntary adopt them.

And then there is the whole ‘Big Brother’ fear that governments will use the data collected (unscrupolously or otherwise) to increase control and limit freedom. I worry about this probably less than others, as think while government is incompetant, corrupt, and wasteful, it is, in Western democracies, generally not venal.

I’ve probably violated some maximum comment length here but the subject interests me. Good luck with the blog!

What better way to get one than using the blogosphere to trumpet the need? How do we go about it?

We need a better technological solution.