Will anonymous e-mail become a casualty of war?

R. A. Hettinga rah at shipwright.com
Thu Feb 14 22:11:42 EST 2002 

http://www.cnn.com/2002/TECH/internet/02/13/anonymous.email.idg/index.html
  

Powered by	  
 

 SAVE THIS | EMAIL THIS | Close 
 
Will anonymous e-mail become a casualty of war?


By Tom Spring

(IDG) -- Ever wonder how to trace the trail of that spam, track its source,
and shut it down once and for all? These days, so does the U.S. government.

E-mail messages yielded a few clues to the location of abducted Wall Street
Journal reporter Daniel Pearl. But investigators complain the search for
Pearl is hampered by difficulties pinpointing where the e-mail originated.
Authorities have released few details, but apparently the e-mail was
prepared and sent in a way that made it difficult to track. In at least one
case, investigators were able to identify three Pakistanis who allegedly
had links to a particular PC used to send photos and messages about Pearl.

The Pearl case is just the latest current event fueling a contentious
debate over anonymity on the Internet. Tracking down bad guys is good
thing. But without anonymity, can free speech and whistle-blowers exist
online?

Options for anonymity

Sending anonymous e-mail is quite easy. Both fee-based and free services
pander to the paranoid and guarantee anonymity. Advicebox.com lets you send
e-mail anonymously and free through a Web-based interface. Anonymizer
charges $5 monthly for a subscription that supports anonymous e-mail and
Web browsing. Both it and QuickSilver also let you post messages
anonymously to Usenet groups. Other anonymous e-mail software programs
include Private Idaho and Potato, which make tracing an e-mail nearly
impossible.

The simplest way to send anonymous e-mail is through one of about 35
remailers. The service strips your e-mail of all electronic ties to you and
ships the message to its recipient. However, privacy purists point out that
the remailer still knows your real identity. So some remailers encrypt and
send e-mail through the Mixmaster network, developed by Anonymizer
president Lance Cottrell.

The Mixmaster network involves client software that runs on your PC, and
Mixmaster servers that forward your e-mail. The client can be used as a
plug-in for the QuickSilver e-mail client or with other remailer software.
When you use QuickSilver, e-mail is encrypted (under triple DES technology)
and sent to multiple Mixmaster servers, stripping the return address each
time and making e-mail impossible to trace. On the last leg of your
e-mail's journey, it's decrypted and delivered to an in-box. Cottrell
insists the Mixmaster remailer network is hack-and spook-proof.

"If a message is sent and you want to find out who sent it, there is no way
you can," Cottrell says..p>

Tiers of anonymity, paranoia

Most Internet users don't realize how easy it is to trace e-mail. For most
normal law-abiding people a Yahoo Mail account under a pseudonym is
sufficient.

However, e-mail sent from Web-based e-mail services like Yahoo or Hotmail
carry the fixed Internet protocol address of the PC or network used to send
the message. A site like Advicebox.com doesn't carry IP information with
its Web-based mail.

Advicebox.com keeps tabs of computers that visit its site but doesn't log
or record the e-mail sent through its service, according to Tim Cutting,
company spokesperson. But last year, Advicebox.com had to hand over the
electronic evidence to police when a recipient of a death threat delivered
by Advicebox.com e-mail reported it to police.

"AdviceBox keeps zero record of the e-mail contents sent from the site.
However, as with any computer server, it does keep a record of what ISPs
access the server and at what time," Cutting adds.

Anonymizer intentionally keeps no records of people's comings and goings,
making a subpoena useless, says Cottrell. How do the Feds feel about that?
Since September 11, law enforcement has not contacted Cottrell except to
sign up for his service. Cottrell says his clients include local cops, FBI
agents, and U.S. embassies.

Anonymous or responsible?

Most anonymous e-mail proprietors admit their products can be tools for
terrorists, pedophiles, and scammers. But they also point out that
anonymous e-mail can protect whistle-blowers or the politically oppressed,
and help shield the identity of people who would otherwise be afraid to
seek help over the Net.

"Just like any powerful technology, in the wrong hands it can be misused,"
says Rob Courtney, policy analyst with the Center for Democracy and
Technology. "It's quite clear the benefits of anonymous e-mail greatly
outweigh the risks," he claimed.

Certainly, anonymous e-mail can be a safe way for an employee to blow the
whistle on a questionable business practices, or to tip off police to a
crime. On the other hand, it also is easy to imagine anonymous e-mail
making it safe for terrorists to communicate, plan murderous attacks, or
issue ransom notes.

"The abuse bothers me," acknowledges Richard Christman, the developer of
QuickSilver. But he says free speech is more important. Anonymizer's
Cottrell says his services have helped many, such as Yugoslavian
human-rights activists during the Milosovec regime. Also, an airline
mechanic once inquired about Anonymizer so he could anonymously tip off
airline executives to shoddy maintenance practices.

Anonymity: A smoking gun?

Anonymity is an important aspect of free speech, say government legal
agencies. But if it's used for a crime, law enforcement will try to strip
away the cloak.

The FBI likens anonymous e-mail to guns. Like firearms, services and
software are legal, but if they're used in a crime, the FBI will take
action. "If we need to, we will investigate," says Steven Berry, an FBI
spokesperson. Tracing e-mail has helped catch bad guys, such as the
Philippino creator of the I Love You virus. It also identified a University
of California at Irvine student whose e-mail message threatened to "hunt
down and kill" Asian students.

Late last year, the U.S. government got some serious investigative help
when Congress passed the Patriot Act in response to the terrorist attacks.
The measure gives government the authority to monitor e-mail and other
electronic communication and share that information among agencies. "E-mail
is just one clue to the larger crime," says a representative of the
Department of Justice, of the new tools provided by the Patriot Act.

Last November, the FBI acknowledged the existence of Magic Lantern, a
Trojan horse program under development. It is intended to render encryption
useless by logging the keystrokes on a suspect's PC. That will only help in
some cases, however; if FBI officials can't figure out who is sending
e-mail, how can they plant a bug on the computer?

Sensibility drift

The threat to online privacy is real, say privacy activists. They argue
that anonymous e-mail, in an age of cookies, Web bugs, and government
surveillance, may be even more important today than before September 11.

Since the terrorist attacks, public and political sensibility has shifted
regarding privacy, says Beth Givens, director of the Privacy Rights
Clearinghouse. Americans are now more willing to accept facial recognition
technology at the Olympics, show a personal ID to virtually anyone who
asks, and surrender their anonymity online.

That sensibility has reached the Internet. Anonymous Internet usage is
getting harder to achieve. Just days after the terrorist strike, the
government required ISPs to open their records in hope of finding
electronic leads.

Zero Knowledge, which ensured anonymous Internet access, shut down its
Freedom Network, which provided anonymous e-mail and Web surfing. SafeWeb
closed its free anonymous Web browsing service, too. Both say they halted
anonymous Net access not because of government pressure, but because they
were not commercially viable.

Privacy advocates say this weakens consumers' protection from government
and big business. Givens says anonymous remailers are not a rogue tool, but
one of the Net's last free speech vehicles. She argues the Internet has
also become less anonymous as companies use libel suits to find and unmask
their online critics.

Legal prying continues

In fact, civil and criminal investigations have pried at anonymous
communication. Anonymity could have helped 21 Raytheon employees who riled
Raytheon executives on a Yahoo bulletin board. Raytheon was so upset by the
postings, which it alleges disclosed confidential information, that it
forced Yahoo by court order to reveal the users' identities. Charges were
eventually dropped.

Remailers, though legal, are not immune from such investigations. At the
request of California police and the Church of Scientology, Finnish police
ordered Johan Helsingius to identify an Internet user who allegedly stole
files from the church and was using Helsingius' remailer technology to post
them on Usenet groups.

In 1999, Canadian Carl Edward Johnson used a remailer network called
Cypherpunks to send rambling but threatening messages to Bill Gates, the
IRS, and government officials. Investigators pieced together rants posted
on Web sites, in e-mail messages, and writing found at his home to confirm
his identity.

The issue raises concern throughout the political spectrum. Anonymous
communications has a long, proud history in the United States, says Adam
Thierer, of the Cato Institute, a right-wing Libertarian think tank. In
1776, Thomas Paine's Common Sense, a pamphlet urging separation from
Britain, was released under the pseudonym "An Englishman."

"Paine didn't hide his identity to be cute or clever. He did it so he
wouldn't be thrown in jail or put to death," Thierer says. "Anonymity is a
key component to free speech and political discord."

The most cautious even worry that some remailers are operated by hackers or
government agents.

"There is no evidence that any of these tools of anonymity have ever been
used by a terrorist," says Anonymizer's Cottrell. But then again, if
terrorist did use Cottrell's Anonymizer service, how would anyone know?

 
 

 
Find this article at:
http://www.cnn.com/2002/TECH/internet/02/13/anonymous.email.idg/index.html
 

 SAVE THIS | EMAIL THIS | Close 
 Check the box to include the list of links referenced in the article.

 
 



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list