Justification for sharing email lists
Several questions have been raised concerning the production and
distribution of email lists of militia contacts and allies and directories of
militia contacts. This is to explain and justify this effort, and to enable
persons to make better use of such lists.
Each person who is active on the Internet and wants to copy messages to
groups of recipients inevitably gets into the business of maintaining email
lists. It can be quite a chore, requiring a great deal of valuable time to keep
the lists complete and accurate.
This process is facilitated by two kinds of distribution methods: usenet
newsgroups and email listservices (sometimes called reflectors). In the first, a
subscriber to the newsgroup reads postings to that newsgroup, posts his own
articles to it, and they may or may not be read by others. In the second,
persons subscribe to the service, and persons sending an email message to the
list will have their message copied to all subscribers.
The advantage of a listservice is that if you know who is subscribed and
online, you can have some confidence that they will receive your messages,
whereas you can never know who may or may not read a newsgroup during the short
period that your postings are made available.
A person who frequently reads and posts to certain newsgroups, and who
subscribes to certain listservices, will inevitably develop lists of newsgroups
for cross-posting the same message to multiple newsgroups, and lists of
listservices for cross-posting messages to multiple email lists. But neither
provides assurances that a message is received by a particular party.
If email cannot be delivered to a recipient, it will normally be bounced, or
returned to the sender, with a message explaining why the message could not be
delivered, such as "bad address", or "mailbox full", or "delivery
deferred". However, although some bounces will be reflected to all the
subscribers to a listservice, normally a well-running listservice will filter
such bounces out, and only the administrator of the listservice will receive
them. Moreover, some popular Internet providers do not return bounced email to
the sender. All the sender knows is that he didn't get a reply from the
recipient, and it may take a phone call or two to find out whether he got it.
So what does one do if one wants some assurance that his messages will reach
all of the members of some group who are online to read their mail? One has to
maintain one's own email list. This may be done in several ways: One can
manually type in a long list of recipients in the Cc: list of each message sent.
One can define an "alias" name to which a message can be sent,
consisting of a list of email addresses, and the mailing program (MUA or Mail
User Agent) will expand the alias into the list before the message goes out. Or,
one can maintain a database table of email addresses, perhaps with other
identifying information, and use a program to send a given message to each
address in the table, perhaps selecting on some combination of field values.
If a group of persons united in a common cause want to keep each other, and
perhaps a larger surrounding group, mutually informed via email, then the only
practical alternative is for them to maintain and share a common directory or
database of addresses. One way to do that would be for one of them to undertake
to set up a listservice for the group. But that makes the group dependent on the
administrator to maintain the subscriber lists, and to notify each of the
subscribers of changes in the composition of the membership. If something
happens to that administrator or his computer, everybody is out of contact.
The only secure thing anyone can do is to maintain their own local email
list, but how does one acquire and maintain its member addresses? One can begin
by including everyone one has corresponded with as a primary addressee. Next,
one can add the entries on the Cc: lists of one's correspondents for messages on
the subject of interest, on the assumption that they are persons with a
continuing interest in the subject. This is most easily done by simply including
all the recipients of a received message in a reply, perhaps after adding a few
recipients of one's own.
There are several problems with this. First, you don't always know who the
addresses belong to, and therefore whether they are really a suitable recipient
for a given message. If enough people add an inappropriate recipient to their
lists, the result may be many, many copies of that address in many, many
correspondent's email lists, and an irate recipient who doesn't want email on
that subject. Second, you may get bad addresses from messages of a sender whose
Internet provider doesn't return misaddressed email. Third, you may not get
changes to email addresses, and may even continue to send to bad addresses after
you get the changes, especially if you just "include all recipients"
in making replies.
The obvious solution is for several of the members of the group to get
together, consolidate correspondent addresses, figure out who they are, divide
them into subsets based on the kinds of messages appropriate to each, share the
lists among the group, and ask for people to submit additions and corrections.
The questions that have been raised mainly concern the disclosure of such
lists. While admitting that such disclosure aids the members of the group in
communicating with one another, some may feel that it also aids potential
adversaries, and that the damage such potential adversaries can be expected to
do with the information outweighs the expectable benefits to the group.
A determination of the risks and benefits of such disclosure must begin with
a threat assessment. Who are the potential adversaries, what are the chances
that such disclosure will provide them any information they don't already have,
what damage might they do with any additional information it would provide them,
and how would the disclosure affect the chances that they would undertake to do
any such damage, or that they would be successful?
First, who are the potential adversaries? We can group them into several
categories: federal agencies and their puppetmasters, state and local agencies,
the media, commercial organizations, and rival advocacy groups.
Let us begin with federal agencies. To understand whether such disclosure
aids them, one must first have an understanding of their capabilities, and for
that one must begin with an understanding of how the Internet works.
The Internet is a cooperative network of computers, linked together with
communications lines, which store and forward messages from the sender to each
computer along a path to the recipient. Each of the computers or organizations
in the network has a facility called the Domain Name Service (DNS) which
resolves the address of the recipient and determines the next computer in the
path. This is done by maintaining a common database of computers linked to the
network, called hosts, organized into named hierarchies called domains. One
includes one's computer in the system by registering a name and IP number for it
with a central service called the NIC. Some computers mainly act as forwarders
to other computers along the main channels, or trunks, which others, the
branches or leaves, are only concerned with forwarding messages to other
computers in the organization, or to users, and with managing outgoing message
The important thing to know about all this is that each of the main
computers in the system has its own copy of the addresses of all known "leaves"
or hosts, that messages are stored on disk for a short period of time while the
DNS facility figures out where to send them next, and that most of the computers
in the system are not secure against intrusion by the government, or even by
private parties, with physical access to the computers. While they are on disk,
or, for that matter, even while they are in memory, messages can be read,
copied, scanned, selected, and copies of selected messages diverted. Most of the
main computers in the Internet system are owned by organizations that receive
public funds, either by government agencies themselves, universities, or
corporations that do a substantial amount of business with the government.
It is not a secret that all email traffic is monitored by the National
Security Agency, not only the traffic in the United States, but throughout the
world. Other agencies are known to do their own monitoring.
Some think that to receive such messages, "infiltrators" must pose
as recipients. This is not the case. That would be inefficient. They have much
One of the things they are known to do is to maintain a database of all
sender-recipient pairs, with the dates and subjects of their messages. That
includes the usenet newsgroups. This can enable them to get a report of all of
the combinations of corresponding addressees on any given topic. This is not
difficult to do. Any competent programmer could easily whip out a program to do
that, and keep it running in background on a link in the network, scanning and
organizing the sender, recipient, and copy lists within the messages, and
showing how each is linked to all the others.
It is possible to encrypt the contents of messages in ways that are
effectively unbreakable, using RSA/PGP encryption, which also provides for
authentication of the sender. But the address information cannot be encrypted in
the present Internet system. (The author is involved in studies of ways to
encrypt addressing as well, making the kind of penetration described above much
It is also not a secret that the NSA monitors all other forms of
communication as well: voice and fax telephone, radio and television
broadcasting, two-way radio communications. Most such monitoring is done by
computers, which record everything while listening for certain keywords or other
"signatures" (such as individual voices), and flag the tape for
suspected sessions, so that later, personnel time permitting, the flagged tapes
can be audited by human beings. If a tape is not flagged, or if no one gets
around to auditing it, then after a certain period of time the tape gets reused.
Tapes of special interest are saved for future use.
The reader may recall that the FBI and other government agencies have been
active lately trying to do things like get their own encryption technology used
in all telephones, and getting it made legal to obtain reports of who called or
was called by any given person in a given period. They are only asking for it to
be made legal to do what they are already doing illegally, from a single central
office, with a few keystrokes. They want to use in court what they are now using
So, we can conclude that federal agencies know who is communicating with
whom. But, some might object, "they don't necessarily know the identities
of the individuals behind the addresses, and that is what we object to the
It is a simple matter to write a program that extracts the addresses of
everyone who posts to a given newsgroup, everyone who sends email to a
listservice, and everyone on the sender and Cc: lists of received email, and
which even extracts identifying information and saves it. This doesn't have to
be done at a link in the network. Any user can do it. Sooner or later most
people will provide some identifying information, to someone, somewhere, and it
will get picked up.
So, one might be careful and not provide identifying information. But what
about the account information kept by the Internet provider? Small, local or
regional providers may be somewhat secure against outsiders obtaining copies of
account information, but the larger, nationwide providers are not. Some even
sell the information to the open market. If you provided any identifying
information in obtaining the account, such as a credit card, and the provider is
one of the larger ones, then you can assume that the federal agencies have the
So, you say you work for a company, and your name is not identified as part
of the address of your workstation or your user account on it. Really? The
company files personnel information with the government on its employees, and
federal agencies have their own "crackers" who can probably penetrate
your system and find out who belongs to each user account and who has superuser
privileges. If you are a contractor or system administrator, perhaps you can
conceal your identity, but not if you are a wage employee.
So what about state and local agencies? Any threat they might provide would
be in conjunction with federal agencies. Generally, the prospect of attacking
persons who are linked into a nationwide network of people who can bring a lot
of unwanted attention and pressure down on them from all across the country is
more likely to discourage them than to assist them.
And the media? The hazard here is that they will be able to find you to ask
you questions about topics of the day related to your political activities. If
you are not ready for that, you can discredit yourself and the movement. The
solution is to be ready for it, either to answer the questions yourself or to be
able to put the media organization into contact with someone who is better
prepared than you are.
If you are going to work for a cause, then you had better use the media for
that when you get the chance. Don't expect them to be your lapdogs, as they too
often are for the government and the Establishment. They can be tough, but if
you hold your own, you can advance your cause better than through almost any
other means. Stick to the facts, and keep your arguments brief and tightly
reasoned. Maintain professional composure and project a positive attitude.
And commercial organizations? The main concern here is that disclosure may
adversely affect business or employment. This is a legitimate concern. People
have lost jobs over their political involvement, and had customers shun them.
However, things are not as bad as they were in the McCarthy Era and the days of
the House Un-American Activities Committee. Blacklisting requires a considerable
expenditure of scarce assets, and as long as there are as many people involved
in the patriot/militia movement as there are, it is unlikely that very many
persons could be effectively targeted, or targeted in a way that would not be
found out, resulting in bad publicity and expensive litigation for the
government and businesses participating in such discrimination, which is a
violation of criminal law. All a targeted person would have to do is spread the
facts about the blacklisting across the Internet and enough people would come to
the victim's aid to make him a hero and take care of many of his needs.
An informal survey of patriot/militia activists finds little evidence of
systematic discrimination of this kind. Such as there is seems to be local in
origin, and would not be significantly affected by something like disclosure of
an email list or directory.
Finally, there are opposing advocacy groups. Obviously, some of them might
try to make trouble for movement leaders. But they can also get into trouble
that way, and discredit themselves and their causes. Most of them are going to
know who the leaders are through their direct encounters with them. The most
likely response will be for them to develop and disclose their own lists and
directories, to demonstrate their relative strength, if they have any.
If the patriot/militia movement involved only a few tens of thousands of
persons, then such disclosure might indeed be a problem. But it involves
millions, and polls indicate that an increasing percentage of the general
population share their concerns. The movement has numbers, and is gaining more
support. What it lacks is organization and communications.
Some try to treat the situation as though we were the Resistance in Occupied
France during WWII. Things might come to that some day, and we should prepare
for the contingency that they might, but that is not the situation we are in
today, and we need to take advantage of the present circumstances while we can.
Now consider the advantages of disclosure. The first is for improved
effectiveness and speed of internal communications. Remember we are mainly
disclosing the information to each other. This is especially important for
alerts and rallying grassroots pressure. For this purpose, time is of the
essence. React a day late and we miss our window of opportunity. And if we are
not coordinated and united, our separate efforts will be far less effective and
may even cancel each other out. We have also seen the importance of rumor
control, of not having some people going off half-cocked, while disinformation
prevents the rescue of someone who really needs it.
The second is to lower the cost of communications. The alternative to being
able to contact many people rapidly and at low cost while one has the time to do
it right is to have to do it under crisis conditions later, when there simply
may not be the time to do it at all. This is especially the case with Internet
email. It is far less costly than long-distance voice and fax calls, copying,
and postage. And the patriot/militia movement is not exactly overflowing with
funds. We are already spending far too much of our limited resources on
conventional communications, that could be put to better use. That includes the
personal time of patriots, as much as their money. Anything we can do to save
our time will go a long way to keeping people active longer and the movement
The third is as a demonstration of strength. During the recent crisis
period, the previous release of directory information was used effectively to
demonstrate that the movement was indeed a movement of hundreds of thousands or
millions, and not just of a few thousands, and that it was nationwide and
spontaneous, arising everywhere at almost the same time. The fact that the media
could call leaders in almost every state, and get similar information, impressed
them, and through them, both policymakers and the public. It also went a long
way, by being so open and forthright, in dispelling much of the disinformation
that was directed against it.
The fourth is for recruitment. Such lists and directories make it possible
for people to get involved, to find out how to organize in their own areas, to
share materials and ideas, and to reassure one another that they have plenty of
good company and that they are not just some fringe activity with no hope of
Now is the time to take advantage of the explosive growth of the Internet to
develop email contacts in every county of every state, and in every precinct of
metropolitan counties. They need to all share the same information in an
inexpensive and timely manner. We need to help all activists who don't already
have computers to get at least one, get online, and get involved at the federal
state, and local level, each a part of a coordinated whole.
The next step will be to go wireless. We must take advantage of the wired
Internet, but not become excessively dependent on it. Using packet radio, and
perhaps techniques like spread-spectrum and frequency shifting, we can extend
the Internet to a wireless network that will enable any militia unit to send an
authenticated message to any other, anywhere in the country, in less than 4
seconds, and make sure the recipient reads it in less than a minute. Such a
system could continue despite disasters or disorders of almost any kind, and
allow the continuance of constitutional governance under the most trying