[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] (Fwd) Will anonymous e-mail become a casualty of war?
- To: debate@lists.fitug.de
- Subject: [FYI] (Fwd) Will anonymous e-mail become a casualty of war?
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Sun, 17 Feb 2002 12:18:37 +0100
- Delivered-To: mailing list debate@lists.fitug.de
- List-Help: <mailto:debate-help@lists.fitug.de>
- List-Id: <debate.lists.fitug.de>
- List-Post: <mailto:debate@lists.fitug.de>
- List-Subscribe: <mailto:debate-subscribe@lists.fitug.de>
- List-Unsubscribe: <mailto:debate-unsubscribe@lists.fitug.de>
- Mailing-List: contact debate-help@lists.fitug.de; run by ezmlm
- Organization: NONE
- Priority: normal
------- Forwarded message follows -------
Date sent: Thu, 14 Feb 2002 22:11:42 -0500
To: Digital Bearer Settlement List <dbs@philodox.com>,
dcsb@ai.mit.edu, cryptography@wasabisystems.com
From: "R. A. Hettinga" <rah@shipwright.com>
Subject: Will anonymous e-mail become a casualty of war?
http://www.cnn.com/2002/TECH/internet/02/13/anonymous.email.idg/index.
html
Powered by
SAVE THIS | EMAIL THIS | Close
Will anonymous e-mail become a casualty of war?
By Tom Spring
(IDG) -- Ever wonder how to trace the trail of that spam, track its
source, and shut it down once and for all? These days, so does the
U.S. government.
E-mail messages yielded a few clues to the location of abducted Wall
Street Journal reporter Daniel Pearl. But investigators complain the
search for Pearl is hampered by difficulties pinpointing where the
e-mail originated. Authorities have released few details, but
apparently the e-mail was prepared and sent in a way that made it
difficult to track. In at least one case, investigators were able to
identify three Pakistanis who allegedly had links to a particular PC
used to send photos and messages about Pearl.
The Pearl case is just the latest current event fueling a contentious
debate over anonymity on the Internet. Tracking down bad guys is good
thing. But without anonymity, can free speech and whistle-blowers
exist online?
Options for anonymity
Sending anonymous e-mail is quite easy. Both fee-based and free
services pander to the paranoid and guarantee anonymity. Advicebox.com
lets you send e-mail anonymously and free through a Web-based
interface. Anonymizer charges $5 monthly for a subscription that
supports anonymous e-mail and Web browsing. Both it and QuickSilver
also let you post messages anonymously to Usenet groups. Other
anonymous e-mail software programs include Private Idaho and Potato,
which make tracing an e-mail nearly impossible.
The simplest way to send anonymous e-mail is through one of about 35
remailers. The service strips your e-mail of all electronic ties to
you and ships the message to its recipient. However, privacy purists
point out that the remailer still knows your real identity. So some
remailers encrypt and send e-mail through the Mixmaster network,
developed by Anonymizer president Lance Cottrell.
The Mixmaster network involves client software that runs on your PC,
and Mixmaster servers that forward your e-mail. The client can be used
as a plug-in for the QuickSilver e-mail client or with other remailer
software. When you use QuickSilver, e-mail is encrypted (under triple
DES technology) and sent to multiple Mixmaster servers, stripping the
return address each time and making e-mail impossible to trace. On the
last leg of your e-mail's journey, it's decrypted and delivered to an
in-box. Cottrell insists the Mixmaster remailer network is hack-and
spook-proof.
"If a message is sent and you want to find out who sent it, there is
no way you can," Cottrell says..p>
Tiers of anonymity, paranoia
Most Internet users don't realize how easy it is to trace e-mail. For
most normal law-abiding people a Yahoo Mail account under a pseudonym
is sufficient.
However, e-mail sent from Web-based e-mail services like Yahoo or
Hotmail carry the fixed Internet protocol address of the PC or network
used to send the message. A site like Advicebox.com doesn't carry IP
information with its Web-based mail.
Advicebox.com keeps tabs of computers that visit its site but doesn't
log or record the e-mail sent through its service, according to Tim
Cutting, company spokesperson. But last year, Advicebox.com had to
hand over the electronic evidence to police when a recipient of a
death threat delivered by Advicebox.com e-mail reported it to police.
"AdviceBox keeps zero record of the e-mail contents sent from the
site. However, as with any computer server, it does keep a record of
what ISPs access the server and at what time," Cutting adds.
Anonymizer intentionally keeps no records of people's comings and
goings, making a subpoena useless, says Cottrell. How do the Feds feel
about that? Since September 11, law enforcement has not contacted
Cottrell except to sign up for his service. Cottrell says his clients
include local cops, FBI agents, and U.S. embassies.
Anonymous or responsible?
Most anonymous e-mail proprietors admit their products can be tools
for terrorists, pedophiles, and scammers. But they also point out that
anonymous e-mail can protect whistle-blowers or the politically
oppressed, and help shield the identity of people who would otherwise
be afraid to seek help over the Net.
"Just like any powerful technology, in the wrong hands it can be
misused," says Rob Courtney, policy analyst with the Center for
Democracy and Technology. "It's quite clear the benefits of anonymous
e-mail greatly outweigh the risks," he claimed.
Certainly, anonymous e-mail can be a safe way for an employee to blow
the whistle on a questionable business practices, or to tip off police
to a crime. On the other hand, it also is easy to imagine anonymous
e-mail making it safe for terrorists to communicate, plan murderous
attacks, or issue ransom notes.
"The abuse bothers me," acknowledges Richard Christman, the developer
of QuickSilver. But he says free speech is more important.
Anonymizer's Cottrell says his services have helped many, such as
Yugoslavian human-rights activists during the Milosovec regime. Also,
an airline mechanic once inquired about Anonymizer so he could
anonymously tip off airline executives to shoddy maintenance
practices.
Anonymity: A smoking gun?
Anonymity is an important aspect of free speech, say government legal
agencies. But if it's used for a crime, law enforcement will try to
strip away the cloak.
The FBI likens anonymous e-mail to guns. Like firearms, services and
software are legal, but if they're used in a crime, the FBI will take
action. "If we need to, we will investigate," says Steven Berry, an
FBI spokesperson. Tracing e-mail has helped catch bad guys, such as
the Philippino creator of the I Love You virus. It also identified a
University of California at Irvine student whose e-mail message
threatened to "hunt down and kill" Asian students.
Late last year, the U.S. government got some serious investigative
help when Congress passed the Patriot Act in response to the terrorist
attacks. The measure gives government the authority to monitor e-mail
and other electronic communication and share that information among
agencies. "E-mail is just one clue to the larger crime," says a
representative of the Department of Justice, of the new tools provided
by the Patriot Act.
Last November, the FBI acknowledged the existence of Magic Lantern, a
Trojan horse program under development. It is intended to render
encryption useless by logging the keystrokes on a suspect's PC. That
will only help in some cases, however; if FBI officials can't figure
out who is sending e-mail, how can they plant a bug on the computer?
Sensibility drift
The threat to online privacy is real, say privacy activists. They
argue that anonymous e-mail, in an age of cookies, Web bugs, and
government surveillance, may be even more important today than before
September 11.
Since the terrorist attacks, public and political sensibility has
shifted regarding privacy, says Beth Givens, director of the Privacy
Rights Clearinghouse. Americans are now more willing to accept facial
recognition technology at the Olympics, show a personal ID to
virtually anyone who asks, and surrender their anonymity online.
That sensibility has reached the Internet. Anonymous Internet usage is
getting harder to achieve. Just days after the terrorist strike, the
government required ISPs to open their records in hope of finding
electronic leads.
Zero Knowledge, which ensured anonymous Internet access, shut down its
Freedom Network, which provided anonymous e-mail and Web surfing.
SafeWeb closed its free anonymous Web browsing service, too. Both say
they halted anonymous Net access not because of government pressure,
but because they were not commercially viable.
Privacy advocates say this weakens consumers' protection from
government and big business. Givens says anonymous remailers are not a
rogue tool, but one of the Net's last free speech vehicles. She argues
the Internet has also become less anonymous as companies use libel
suits to find and unmask their online critics.
Legal prying continues
In fact, civil and criminal investigations have pried at anonymous
communication. Anonymity could have helped 21 Raytheon employees who
riled Raytheon executives on a Yahoo bulletin board. Raytheon was so
upset by the postings, which it alleges disclosed confidential
information, that it forced Yahoo by court order to reveal the users'
identities. Charges were eventually dropped.
Remailers, though legal, are not immune from such investigations. At
the request of California police and the Church of Scientology,
Finnish police ordered Johan Helsingius to identify an Internet user
who allegedly stole files from the church and was using Helsingius'
remailer technology to post them on Usenet groups.
In 1999, Canadian Carl Edward Johnson used a remailer network called
Cypherpunks to send rambling but threatening messages to Bill Gates,
the IRS, and government officials. Investigators pieced together rants
posted on Web sites, in e-mail messages, and writing found at his home
to confirm his identity.
The issue raises concern throughout the political spectrum. Anonymous
communications has a long, proud history in the United States, says
Adam Thierer, of the Cato Institute, a right-wing Libertarian think
tank. In 1776, Thomas Paine's Common Sense, a pamphlet urging
separation from Britain, was released under the pseudonym "An
Englishman."
"Paine didn't hide his identity to be cute or clever. He did it so he
wouldn't be thrown in jail or put to death," Thierer says. "Anonymity
is a key component to free speech and political discord."
The most cautious even worry that some remailers are operated by
hackers or government agents.
"There is no evidence that any of these tools of anonymity have ever
been used by a terrorist," says Anonymizer's Cottrell. But then again,
if terrorist did use Cottrell's Anonymizer service, how would anyone
know?
Find this article at:
http://www.cnn.com/2002/TECH/internet/02/13/anonymous.email.idg/index.
html
SAVE THIS | EMAIL THIS | Close
Check the box to include the list of links referenced in the article.
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44
Farquhar Street, Boston, MA 02131 USA "... however it may deserve
respect for its usefulness and antiquity, [predicting the end of the
world] has not been found agreeable to experience." -- Edward Gibbon,
'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List Unsubscribe by sending "unsubscribe
cryptography" to majordomo@wasabisystems.com
------- End of forwarded message -------
--
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de