Draft, Presented 11/16/94
Douglas Barnes, Austin Cypherpunks
The Babel Fish
It used to be that a lot of my net friends thought the growth and global spread of the Internet was an unmitigated Good Thing. "Global communication is the key to world peace," I used to hear. "High bandwidth connections between nations will create a global sense of community."
And this has really come to pass in pockets of the net. I count many people around the world, people I've never met as, "friends," and feel a strong sense of community on certain mailing lists.
But you don't hear the boundless optimism anymore, thanks mostly to fine folks like Canter and Seigel and the hordes of Delphi and AOL. Like many barbarian invasions, the invaders are assimilated quickly -- but with each wave there are fewer illusions about Internet growth leading to peace, love and baby ducks. As the net expands it seems to increase the opportunities for conflict faster than the opportunities for togetherness and world understanding.
Some of you may be insulated from this sort of thing -- as recently as last year I attended a talk based on the premise of "more Internet nodes will lead to world peace." It turned out the speaker's experience for this conclusion was based on hanging out on the Well, which is about as peaceful, insulated and self-selecting as an online community can get.
After he gave the talk, I invited the speaker to come sample some of the more "full contact" Internet services. I spent most of an afternoon showing him the seamier underside of Usenet and IRC, which is easy to ignore on the Well. We talked.
"I bet you've never heard of the Babel Fish, have you?" I asked. He hadn't.
"It doesn't really exist," I told him. "It was made up by a science fiction author named Douglas Adams, a very silly person, but with some insight in this matter. See, if you put a Babel Fish in your ear, you can understand anything spoken to you in any language. Talk about increasing your global bandwidth!"
"A fish? In your ear?"
"I did say he was silly. But listen, here's what he says about it." I read to him:
... the poor Babel fish, by effectively removing all barriers to communication between different races and cultures, has caused more and bloodier wars than anything else in the history of creation.
"Now that's just science fiction, but that's what we're going to be faced with as the Internet grows, only substitute `flame wars' for `wars.' People aren't going to be throwing virtual flowers to each other, they're going to be mixing full-color animations of aborted fetuses crying `mommy... mommy' into their abortion flamewars. They're going to burn each other in virtual effigy. Christians will dangle fantastically well-rendered 3-D pork chops in front of Moslems, Moslems will dangle 3-D T-bones in front of Hindus. And those are just the interpersonal problems... just wait until governments get involved."
The Internet is like a multi-media Babel Fish. It lets us communicate with great immediacy and little forethought. In a matter of seconds we can send our ill-considered opinions, our home videos, our get-rich-quick schemes, even scanned images of our genitals, racing around the world, impacting hundreds if not thousands of legal jurisdictions, evoking amusement, boredom or offense in tens of thousands of communities... each with its unique set of community standards.
Now a swamp is a place that doesn't look so bad from the outside until you go into it and find yourself hip-deep in muck and alligators. Then the alligators chew your legs off.
The swamp of global jurisdiction is already beginning with the war between smut and anti-smut. More and more countries and cultures, with radically different community standards, obscenity hot buttons and sacred cows will get actively involved in the net. Whether the topic is bondage in Bangladesh, pubic hair in Peoria or spankings in Singapore, the local citizenry are going to be outraged, and the net will draw the attention of the authorities. Communities will demand that the authorities Do Something. It's only a matter of time. Here in the US one can hardly pick up a newspaper or magazine without being treated to another dose of handwringing about irresponsible content on the Internet -- as the net spreads globally, so will the commotion.
But so what? It's just commotion, right?
A Tennessee court recently convicted a pair of California sysops for making sexually explicit images available by modem to the whole world, which, unfortunately for them, includes Tennessee. No matter that the images didn't violate Los Angeles community standards. In Tennessee they did, and since the images could be retrieved in Tennessee through the phone system, that was good enough to convict them on charges of interstate trafficking in obscenity. While it's still not clear how this case will be resolved on appeal, it is an early and so far successful attempt to judge globally available information by the standards of an arbitrary, far-removed jurisdiction. At least for the purposes of determining obscenity, digitized pictures placed on a computer, with a modem, were considered a shot fired across a frontier.
The swamp is just beginning to fill, and truly international examples are still sparse. But one of the early flashpoints will certainly be the widely varying international standards regarding sexual images. The laws are all over the map: in Saudi Arabia, distributing Sports Illustrated Online Swimsuit Edition would likely be grounds for involuntary amputation without anesthetic; in Amsterdam, pretty much anything goes, including what most of the world considers child pornography. In Japan genitalia are OK, but displaying pubic hair can get you thrown in jail; in the US, even the tamer skin mags show pubic hair, with special censure reserved for the actual genitalia -- depending, of course, on community standards. We already have convictions resulting from differences in standards just within the US; there is growing pressure here and elsewhere to punish those who electronically publish offensive materials, regardless of what country they're in or what nationality they are.
A key question, then, is on what basis, and through what mechanisms, will countries be able to punish those who violate faraway local ordinances through their participation in global internetworks? I believe that as the Internet grows in importance, both socially and commercially, nations will be more and more motivated to extend jurisdiction to the very source of what they perceive as offensive or illegal content. Moreover, it won't just be naughty gifs, but insider trading, espionage, libel, anti-trust, blasphemy, sedition, breach of contract, money laundering, and violation of patent, trademark, copyright and trade secrets law -- a grab bag of offenses with wildly varying treatment on the international scene.
There is a popular notion among many netters that "If it isn't a crime in the country where I'm logged in, I can't be extradited, convicted or punished elsewhere." Unfortunately for those who will get to be the test cases, countries have a variety of handy legal doctrines to prosecute extraterritorial behavior, and a variety of ways of effecting that jurisdiction.
The relevant doctrines are:
The next trick is how nations get their hands on and/or punish the possibly far-removed offenders.
The underlying principle in the US and many other countries is, "mala captatus, bene detentus," or, "bad capture, good detention". This is illustrated in a variety of cases, including quite recently United States v. Alvarez-Machain, in which the DEA paid bounty hunters $20,000 to kidnap from Mexico a suspect in the slaying of US DEA agent Enrique Camarena. The Supreme Court held that "United States sponsored abduction of a fugitive criminal suspect from foreign soil does not prohibit his trial in a US court, notwithstanding an official protest by the offended nation." So how a suspect is brought into a given jurisdiction is largely irrelevant in an attempt to overturn a conviction (with some exceptions; for instance, the Toscanino case, where the accused was kidnapped, tortured for seventeen days, and then illegally extradited from Brazil.)
Rather than pondering legal niceties, a more important factor to consider is
how badly someone irritates a given country and what treaties and resources
said country can bring to bear. Popular methods for effecting extraterritorial
Hip Boots, Canoes, and Draining the Swamp
A great many real benefits that are anticipated from global internetworking are going to be lost, if users, information providers and online merchants become mired in this swamp of overlapping jurisdictions, conflicting regulations and variable community standards.
One possibility is that network participants will just have to suffer. They will be forced to shoulder the burden of avoiding entanglement with hundreds of sets of national and provincial laws -- or get off the net. As the net becomes more global, the possibility of foreign legal entanglements will act as an increasingly substantial barrier to entry. Furthermore, it will limit economic activity and free speech on the net due to fear of unexpected international consequences.
To counter this, one can imagine various schemes to limit distribution. Certain publications or information products might be available only to residents of certain countries, along the lines of the ftp sites used for distributing cryptography in the US. To be secure, this would require, for starters, a global standard for authenticating individuals as to their citizenship -- an electronic passport. Companies would then have to hire experts to screen materials, and only then could controversial materials be made available, based on the consumer's nationality. Alternatively, publishers and merchants could use these same experts to assist them in reducing their offerings to a pablum-like least offensive denominator. Individuals would likely be on their own, unless they could afford a legal staff.
Another possibility, the one I'm going to focus on, is for individuals, commercial publishers and online merchants to operate anonymously. This is a big step for large corporations with strong brand names, and their first step in this direction might be to use online distributors who are anonymous, rather than taking the whole corporation behind an electronic veil. With time though, as information companies begin life with a pseudonymous identity, brands and customer loyalty can be built up around network pseudonyms. There is already a long history, both in print and on the net, of individuals creating and using strong pseudonyms; the federalist papers, for instance, were written pseudonymously, and historians are still trying to sort out who actually wrote which ones.
If carried out effectively, and if users are careful not to give away their identity, robust anonymity handily solves the problems of surprise legal jurisdiction, fatwa, and individual retaliation. Users would pay for anonymizing services with anonymous digital cash, of course -- and it makes no difference how their packets get on the net in the first place, if they're all processed through a packet laundry in Jamaica or Finland.
Sometimes, though, network participants will be motivated to make their "true names" knowable. For instance, participants who wanted to inspire confidence could escrow their true names with their local government or a commercial arbitration agency. As part of a transaction, participants would exchange true name escrow certificates. If the transaction goes sour, the injured party could seek a remedy with the cooperation of the escrow government or agency. This provides a mechanism for resolving commercial disputes while limiting the dispute resolution process to a particular set of laws or an agreed-upon arbitration process. True name escrow certificates could also be used by publishers, indicating their willingness to be accept actions for libel in a given jurisdiction, potentially enhancing their credibility.
This anonymity approach enjoys a competitive advantage over the more cumbersome "national authentication" or "pablum" schemes because:
Whenever the subject of anonymity comes up, however, many people begin to fear a breakdown of the already tenuous civility on the net. Not that there is a firm link from real name to Internet access account right now, but there is still a comforting illusion, and for some users there is enough information to take complaints to school officials, postmasters, and their ilk. As we have seen with Canter and Seigel, however, the current system does little to deter the hard-core disrupter, even a well-identified one.
So I will briefly mention one way a degree of order can be maintained among participating spheres of activity (such as a newsgroups, mailing lists or IRC channels), while preserving anonymity, through the voluntary applicaton of Chaumian credentials. In this type of system, each real user receives an "is-a-person" credential through their local government or a notary public, which is used to generate a unique pseudonym within each sphere of activity (what Chaum refers to as "organizations"). Credentials issued within one sphere of activity could be securely transferred to another without anyone except the user being aware of a link between the two pseudonyms. For instance, each sphere might have a credential of "is not a spammer," and implement a mechanism requiring that all submissions come with "is not a spammer" credentials. Then they might get really organized, and have someone issue "meta is-not-a-spammer" credentials, representing the is/is-not a spammer status in a large number of spheres.
The net probably needs to experiment with these and other automated forms of moderation regardless of whether there is a link between a username and a true name. But such systems are complex, and very much require the consent of the governed -- if someone sets up a mailing list or a newsgroup with this type of restriction, and people don't like it, they can stay away in droves. If people like the effect, they'll get involved and participate. In any event, I don't see anonymity as being any more disruptive to civility on the net than the existing situation -- if anything it evens out the playing field -- and anonymity does not add much to the inherent complexity of automated moderation and similar approaches for weeding out disruptive participants in a public or semi-public forum.
But this sort of voluntary social control is not what law enforcement is concerned with.
The bottom line is, your typical computer cop wishes he or she could track every packet on a global internetwork and pin it on a particular individual. Anything that gets in the way of this is Not Good. Not only that, but it would sure be nice if the packet was encrypted only with government-approved cryptography, and didn't have any subtext lurking in the low-order bits. While there are many arguments from a law enforcement perspective on why all this would be desirable, it is not realistic or necessary for effective law enforcement on the net.
Indulge me in a quick analogy.
Suppose you've got a problem with some dude robbing 7-11s. How do you catch the guy? Do you:
Now that last suggestion would certainly slow down or stop the rip-offs, but from both an economic and a social point of view it is completely unworkable. It would infuriate the customers. It would hurt 7-11's business. It also overlooks the technological race between police-supplied radio ID bracelets and counterfeit ones, or the possibility of jamming, or...
This is similar to the problem law enforcement would face if they attempted to force authentication for all activity on a global internetwork of meaningful size and scope. It would be a form of censorship, and, to quote John Gilmore, "The Internet interprets censorship as damage, and routes around it." You might end up with a global internetwork with the properties you describe, but it would quite rapidly be replaced with or shadowed by another net that did not have this policy. Users might even get sneaky and route most of their packets as disguised data over your global internetwork. What's more, the technology for creating and extending wide area networks is getting easier to set up every day, and can run over an expanding variety of media (wires, fiber, microwave, spread spectrum RF, laser, meteor bounce and so forth).
One approach that law enforcement might take is to encourage legislation against anonymizing tools, and attempt to marginalize and discredit anonymous services. This is going to be an uphill battle for authorities, at least in the US, as there is strong protection for products and services with substantial legal use. For instance, information companies would dearly love to take action against VCRs and anti-copy-protection software, but these have been determined to have substantial legal use, in addition to the possibility of facilitating a crime.
I think that it is going to be in the best interests of law enforcement to focus on applying conventional law-enforcement tactics directed at their own citizens, rather than trying to take on the whole net or anonymous services in general. They are unlikely to be very successful, and would likely have a "destroying the village in order to save it" effect on the rapid growth of global internetworking.
Anonymizing tools and services on global internetworks can give a competitive advantage to publishers and merchants, and security to individuals from foreign governments and unhinged individuals worldwide. While they can be used to further illegal ends, much as a ski mask or a Halloween mask can, they have substantial legal use in protecting privacy and preventing unforseeable foreign legal entanglements. Some services and transactions may require a disclosure of identity, or at least a potential disclosure, just as many buildings will require you to take off your ski mask or Halloween mask before entering a building, but anonymity per se is not illegal and should not be made illegal. I think I can safely predict that there will be commercial anonymization tools and services available on the net by this time next year. I also predict that they will be used primarily for legal purposes -- at least, purposes that are legal in the home country of the user. I think that rigorous, cryptography-based anonymity is going to the best way out of the global swamp of jurisdiction, and because of this I expect many people will come to appreciate it in the years to come.
 240 US 60 (1916)
 United States v. Aluminum Company of America (ALCOA), 148 F. 2d 416 (1945)
 Neale and Stephens, International business and national jurisdiction,. Oxford University Press, 1988. pp 44-46
 Id. pp 16.
 Id. 271.
 Ma, Frances, "Noriega's abduction from Panama: Is Military
Invasion an Appropriate Substitute for International Extradition?" Loyola, Los
Angeles, International and Comparative Law Journal. p. 945.
 This principle is rooted in Ker v. Illinois, 119 US 436 (1886) and
Frisbie v. Collins, 342 US 519 (1952).
 Wing, Michael, "Extradition Treaties-International Law--The US
Supreme Court Approves Extraterritorial Abduction of Foreign
Criminals--United States v. Alvarez-Machain, 112 S. Ct. 2188 (1992)",
Georgia Journal of International and Comparative Law, Vol. 23:435. Note that
the case against Dr. Alvarez was subsequently dismissed by the judge for lack
 United States v. Alvarez-Machain, 112 S. Ct. 2188 (1992)
 500 F.2d 267 (2d Cir 1974)
 Gibson, William, "Disneyland with the Death Penalty", Wired
 Moss, "Official Kidnapping," 77 ABA Journal 24 (January 1991)
 Appignanesi and Maitland, The Rushdie File, Institute of
Contemporary Arts, 1990.
 Pipes, The Rushdie Affair, Birch Lane Press, New York,
1990. p. 28
 Abdallah et. al., Pour Rushdie, George Braziller, Inc.,
 Chaum, "Showing Credentials without Identification: Transferring
Signatures between Unconditionally Unlinkable Pseudonyms," .
 This would also assume that Usenet news is fixed so that it is
not absurdly trivial to get past moderating mechanisms.
 Id. 271.
 Ma, Frances, "Noriega's abduction from Panama: Is Military Invasion an Appropriate Substitute for International Extradition?" Loyola, Los Angeles, International and Comparative Law Journal. p. 945.
 This principle is rooted in Ker v. Illinois, 119 US 436 (1886) and Frisbie v. Collins, 342 US 519 (1952).
 Wing, Michael, "Extradition Treaties-International Law--The US Supreme Court Approves Extraterritorial Abduction of Foreign Criminals--United States v. Alvarez-Machain, 112 S. Ct. 2188 (1992)", Georgia Journal of International and Comparative Law, Vol. 23:435. Note that the case against Dr. Alvarez was subsequently dismissed by the judge for lack of evidence.
 United States v. Alvarez-Machain, 112 S. Ct. 2188 (1992)
 500 F.2d 267 (2d Cir 1974)
 Gibson, William, "Disneyland with the Death Penalty", Wired [??]
 Moss, "Official Kidnapping," 77 ABA Journal 24 (January 1991)
 Appignanesi and Maitland, The Rushdie File, Institute of Contemporary Arts, 1990.
 Pipes, The Rushdie Affair, Birch Lane Press, New York, 1990. p. 28
 Abdallah et. al., Pour Rushdie, George Braziller, Inc., 1994.
 Chaum, "Showing Credentials without Identification: Transferring Signatures between Unconditionally Unlinkable Pseudonyms," .
 This would also assume that Usenet news is fixed so that it is not absurdly trivial to get past moderating mechanisms.