Sjoera Nas: _DIGITAL ANONYMITY AND THE LAW_

digital rights initiated in brussels, umbrella organisation 14 members, professional lobby in brussels

newsletter edri.org

children protected from content, no anonymity for children granted 
public perception: anonymity = danger

anonymity in eu
- no constitutional protection
- no legal provisions or case laws

privacy directive 1995
- general rules on the lawfulnes of processing of personal data
- principle of transparence
- right to access data
- right to object
privacy dir. 2002
- preamble: anonymous means to access telecom network should be available
- traffic and location data must be erased or anonymized when no longer needed
- how relates this to protection of personal data in whois?

eu defenses of anonymity
- article 29 working party data protection authorities nov 97
- council of europe may 03
- e-commerce directive recital 14 

freedom & an.on
- Freedom / Zero Knowledge Systems (1998 - (T)2001) technically challenging
broke 1 month after 911 because of pressure, perhaps also used as an excuse because hard to develop
- an.on 2001 - today, universities dresden, berlin, funded by ministry of internal affairs
forced to retain ip addresses in aug 03, legal victory in sep 03
reputation might have sufffered a lot due to this incident

current eu working programs
- rapid
- apes
- prime
? alternative to microsoft passport, eu concerned about ms data consolidation

anonimity in the us
press coverage in europe about european situation is bad, copy/paste us press releases, little local coverage
right to anonymity acknowledged in several contexts
- publications
- handbills
- establish political or religious organisations
- _right to read anonymously_

supreme court: anonymity protected by first amendment
2 cases:
- talley vs california: protest bills (?against racism without author info?)
- mcintyre vs ohio: anonymous pamphleteering (?against school?), 
(federalist papers were pub'ed anonymously)

john doe subpoenas issued upon provider to force revelation of data
- providers didn't require subpoena
- providers didn't notify users
cyberslapp.org

dmca
problems:
- no judicial prove
- statement by rights holder is enough
- no penalties for abuse

RIAA vs verizon ¤512 does not apply to a provider that acts solely as a conduit for communications. therefore it can not be used in the battle against p2p

since sep.03 3000 cases, average transaction of USD 3000

europe: providers pressed to voluntarily release data 

ipre directive
published 26.4.04, immediately active
similar to dmca
worrysome: article 8: right of information to rights holders
originally focus on classical counterfeiting
no safeguards for privacy and freedom of speech
never seen such heavy lobbying work

Janko Roettgers: _A DARKNET FULL OF FRIENDS_

todays p2p networks:
not much change since napster, perhaps more decentralized
no relation with other users, horizon changes with every login
seems "anonymous" (on peronal, not technical level)
network open to share with every other user -> eavesdroppers able to access every user

classic darknet - network of trust
introducing new content is a problem
directconnect, hotline - used for closed groups
sooner or later new users are integrated to get more content - risk of compromise with eavesdroppers
false idea of security: false feeling of trust encourages riskier behaviour
e.g. raids against warez scene recently who felt secure on private servers

social networks
friendster:
1st degree - 24
2nd degree - 620
3rd degree - 32000(?)

no exact model, possible to learn. transfer concepts to file sharing:

users connected with certain degrees 
orkut: disclosure of info/data dependant on degree of familiarity
"risk-based shizms" - calculating risks
possible to stay under threshold of potential legal prosecution???
not just for legal but also bandwidth reasons
"be nice to your friends"

user with different profiles/identities, connected to different networks which might be interconnected
identities not necessarily traceable to one user
1 network for friends with music affiliation
1 network for personal friends
^^ different networks further differentiated by degree

? centralized system ??? legally risky
if it's posible to distribute directories of content - possible to distribute directories of users?

skype - distributed decentralized user directory

today - bad usability for discovering content, collaborative filter through people with similar tastes, opportunity to discover new content

contact:
roettgers@lowpass.de
mixripburn.de

Ian Clarke: _THE FREENET PROJECT_

opensource project to protect and ensure freedom of information on internet
combination of two ideas, technical and political
emergent architecture: simple components with simplistic behaviour, combined sophisticated behaviour, comparable to e.g. ant colony, bird swarm
1997 - internet publicly perceived as anonymous, open for information
concern that it would be easy to monitor distribution of information
theoratical concern of 1997 became a very real concern in 2004

decentralized anonymous system for information distribution
layer of anonymity above internet layer

goals:
- one to many publication
- provide reasonable anonymity for producers and consumers
- deniability for operators of nodes in the network
- decentralized
- scalable
- robust against failure and malicious attacks

small world - milgram study
- 5 hops on average
- based on local knowledge
- robust - if misrouted -> restart search

? did i really get this right ?
idealised example:
peers only know of their immediate neighbours
"game of chinese whispers"
provides deniability
because of encryption nodes are unaware of what is requested/transferred

information doesn't reside in one specific place
information will tend to migrate towards areas of demand
popular info will be more widely cached
!! unrequested info may be lost from the network !!

/* the following outlined very rough, partly skipped */
cryptography in freenet
link level encryption
document verification - content hashed keys: key is hash of documents contents correct key -> correct document
data tunnelled
failed requests cached
load balancing
thread pooling

freenet today
approx. 200 known freesites ("flogs")

/* some example screenshots of sites and apps */

"reasonably convenient" /* - gotta love this */
"ease of use comparable to linux97"

trust vs anonymity?
public/private-key architecture - allows people to build up anonymous identities
building reputation slowly over time

questions answered:
widespread? over 2 million downloads of software, translated to mandarin chinese

keys searchable? upon first use listing of several sites, no search engine, (?few entry points?) might seem clunky, 1995ish, in praxis appears to be functional

how do requests work, truly anonymous? "nodes learn where to route requests", in theory anonymity is impossible, trick is to make incrementally more difficult to track

_PANEL_

open for questions

social file sharing
limiting file pool? 
Janko: as it is now there's still a limited search horizon

circles based on shared interests can't offer network of trust? 

use of social networks - accidental discovery, effective in keeping out bogeyman?, does this pose the risk of fragmented networks?
Janko: people migrating to other networks (fasttrack -> edonkey), stopping to share out of pressure, social network based -> more transparent environment

freenet
morally wrong content? 
Ian: freenet is providing a service without drawing distinctions, otherwise would destroy purpose of the project

copyright directive
ipre, how much lobbying involved?
Sjoera: person who prepared the bill - (not sure i got this right - ???married to high executive of vivendi, is expected to make 10 millions in 2 years through vivendi shares??? ) apparently heavily biased, massive lobbying work
only heard by left wing, conservatives not listening

Sjoera Nas: orkut, friendster located in us - no data protection
google as a threat to privacy?
linkedin perhaps better policy?

technology overtaking legislation - ?technological progress can't be stopped by legislation?
Ian Clarke: anonymizing tools not easy to use now, no reason that freenet can't be a lot easier to use than e.g. wmp
Sjoera: pgp one of the easier to use privacy softwares, still there are few users
Ian Clarke: usability issues not fundamental to technology
no strong market yet driving developers, but it's growing

People want to be anon because they are doing something that is perceived as illegal - anonymity and p2p coming together
Sjoera: Law can prescribe behaviour, or it can follow - in case of file sharing law has to follow, p2p file sharing efficient way to share highly demanded information

From Audience: Jankos proposal introduces a certain aspect of fairness, morality
Janko: hard to have a moral filesharing network. Ammorality is a certain requirement right now to counteract against legal trends/to prove current legal trends as wrong.

From audience (with passion): it's wrong to cripple 21st century technology to sustain 20th century business models, 20th century morality

Panel speakers generally more or less agreed with this as a closing statement