1997-12-25 - Anonymity Press

Header Data

From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@cyberpass.net
Message Hash: 7dac55110010b6041fa4767c1ed13e63a7469f1fb3e178e7a4255c64c0d02a23
Message ID: <199712250329.EAA01195@basement.replay.com>
Reply To: N/A
UTC Datetime: 1997-12-25 03:33:15 UTC
Raw Date: Thu, 25 Dec 1997 11:33:15 +0800

Raw message

From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 25 Dec 1997 11:33:15 +0800
To: cypherpunks@cyberpass.net
Subject: Anonymity Press
Message-ID: <199712250329.EAA01195@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



(New York) Newsday, December 24, 1997, pp. C5, C6.

Anonymity and the Internet

Balancing freedom of speech with the need to protect
identities

By Gail Dutton
Special Correspondent

"Is Singapore the future?" asked information scientist Dave
Farber of the University of Pennsylvania. If it is, the
right to communicate anonymously on the Internet must be
protected now, to ensure continued freedom of speech,
according to participants at the Conference on Anonymous
Communications on the Internet, sponsored by the American
Academy for the Advancement of Sciences last month in
Irvine, Calif.

"Law enforcement in the U.S. is a trusted third party,"
Farber said. But, Lance Cottrell, president of Obscura
Information Security, added, "What is considered a good
government today may become an oppressive government 50
years from now."

The debate hinges upon whether any government should be able
to trace messages--encrypted or not--to their sources.
Singapore's repressive system is probably not the future
here, but participants at the conference agreed that the
right to communicate anonymously must be addressed now.

Anonymous e-mailers have been around since the beginning of
the Internet, but they have become increasingly simple to
use. Anonymous Internet e-mail and Web visits aren't just
for techies. For example, with The Anonymizer, developed by
Cottrell sending untraceable, anonymous e-mail is as simple
as clicking on the Web site (http://www.anonymizer.com) and
uploading your message. Entering a Web site is just as easy,
and can be done from the same site.

Now that anonymity is simple and available to everyone,
law-enforcement agents are getting nervous.

There is always the potential for abuse. Laws are written
for a paper-based society, according to attorney Joe
Rosenbaum, who specializes in information technology at
Hughes, Hubbard and Reed in Manhattan. "But, with the
Internet, access is multiplied so that individuals lose
control of their personal information," Rosenbaum said.

For example, public information becomes widely and quickly
accessible to anyone with an Internet connection, and
private information is available for mining by any site a
user visits. As a result, profiles of households can be
developed and linked directly to them, based upon Web visits
and information they provided individual sites--such as
names income, news preferences and any other information a
site requires for registering. The profiles could be used
for academic research or--what more people dread--market
research.

"Corporations need to recognize the right of data ownership
by individuals," maintained conference


speaker Donna Hoffman of Project 2,000, a communications
project at Purdue University. "Lack of trust [between
customers and companies] is the primary barrier to Internet
commerce. People are bothered by things online that they
aren't significantly bothered by offline," she added.

At work, if your employer asked your honest opinion of a
very sensitive, politically charged work issue, would you
give your unvarnished opinion? In writing? Would your answer
change if you were guaranteed 100 percent, untraceable
anonymity? If you said "yes" to the last question you just
gave corporations a reason to promote anonymous
communications.

Companies tend to be as protective as individuals when it's
their information being mined. They can filter out certain
addresses, banning them from the site. However, individuals--
often competitors--sometimes can enter anonymously and get 
the data they need.

To combat this, "You can build a site that doesn't allow
anonymity," Cottrell said. That would only slow that
research --not prevent the data from being compiled. Often
the information companies are trying to protect is publicly
available sometimes in their own printed literature.
With The Anonymizer, developed by Lance Cottrell of Obscura
Information Security, sending untraceable, totally anonymous
e-mail is as simple as clicking on the Web site and
uploading your message.

Pseudonymity

"Most people aren't looking for the same type of security as
the National Security Agency," Rosenbaum said. Generally,
pseudonymity--which is traceable --provides acceptable
security for all but the most sensitive communications, he
said.

The right to protect personal information, even from
corporations and market-research firms, is a driving force
behind pseudonymity. So far, consumers do not trust the
security and privacy of the Internet.

"Contrary to what companies believe, consumers aren't
interested in selling their personal information. Instead,
people want a relationship based upon trust-- trust that the
company won't sell their information," Hoffman said.

By using pseudonymity, Internet users can prevent companies
from linking customer profiles to their true identities.
This option also promotes commerce, by allowing customers to
use another name for their transactions, while using a
public key encryption method to let companies confirm and
authenticate an order. To maintain pseudonymity, customers
can pay their bills with electronic cash from companies such
as like DigiCash ( http://www.digicash.com ), and have
merchandise shipped to a postal box, she said. Although that
option is possible technologically, it is far from standard
practice.

The problem with this solution, Hoffman said, is that buyer
and seller would have to rely upon a trusted third party.
But, "No one knows who the third party may be, what their
responsibilities are and who will reinforce their
obligations if there is a dispute."

What Are You Hiding?

"Anonymity and pseudonymity both involve hiding knowledge
from somebody," according to Terrell Bynum, professor of
philosophy and director of the Research Center on Computing
and Society at Southern Connecticut State University.
"Therefore, what are you hiding, and from whom?"

The answer, obviously, is identity, and the reason is to
avoid repercussions of certain actions. That is a
particularly valuable option for whistle-blowers,
dissidents, human rights activists and others who put their
jobs and, sometimes, their lives on the line. It becomes
less palatable when the purpose is to defame or defraud.

Concerns

The need for anonymity in the United States is very
different from that in countries where human rights may be
stifled or, for that matter, in Europe, which has
data-protection laws, Rosenbaum explained. In the United
States, anonymity more often protects careers and
reputations than lives. It means users can protect their
personal data when visiting Web sites, minimize scrutiny by
law enforcement agents or others because of expressed
opinions, visit X-rated Web sites without their employers or
spouses knowing and send e-mail confidentially. In other
nations, anonymity offers sometimes the only way to voice
dissent or send human rights information out of the country
without risking lives.

The downside is that true anonymity also facilitates illegal
activities, such as fraud, libel, transmission of child
pornography and money laundering. And that ability makes
some people--notably law enforcement agents--nervous.

"The issue," Rosenbaum said, "is the degree of difficulty in
charging and convicting criminals. Making communications
more untraceable is creating problems that didn't exist
before."

Nonetheless, "Acts of physical destruction and violence are
almost impossible" on the Internet, said Peter Wayner, a
consulting editor at Byte Magazine. Limiting anonymity,
however, also can harm by limiting opportunities for free
speech.

"It is not clear that a happy middle ground can be found
that provides sufficient anonymity without risking serious
abuses," said Peter G. Neuman, principal scientist of SRI
International. Attendees agreed that the dangers of banning
anonymous communications are greater than the dangers of
allowing them.

Site Guidelines Recommended

"If you know information is from an anonymous source, you
treat it differently than if it is from a known identity or
a known and respected pseudonym," said Helen Nissenbaum,
associate director of the Center for Human Values at
Princeton University. Therefore Web sites should say, up
front, whether they allow anonymous postings, the conference
attendees agreed.

Ideally, anonymity guidelines would come from the Web
communities themselves, similar to professional
associations' codes of ethics. Individual newsgroups or each
person on the Internet could decide whether to accept
anonymous or pseudonymous communications.

Gail Dutton is a freelance writer.

[Box] Keeping Secrets

Anyone can drop a letter in a mailbox or place a call from a
pay phone anonymously. On the Internet, however, Internet
service providers track each message. Because they can be
easily read, they also can be scanned for keywords.

"The ease of surveillance on the Internet is unprecedented
in the history of communication," according to Lance
Cottrell, president of Obscura Information Security (
http://www.anonymizer.com ).

Because the act of sending and receiving messages is logged,
messages must be remailed assure anonymity.

"A message is still vulnerable to traffic analysis," said
Peter Wayner, Byte Magazine consulting editor. In practice,
remailers receive mail, ignore the "from" part of the
address, package it into a uniform size message and mail it
to another remailer, who does the same thing. "All messages
have to be identified in size and form," Cottrell explained.
To ensure anonymity, mail is routed through several
remailers, in and out of several countries, before it
reaches its destination. When remailers' records are
checked, as they sometimes are by U.S. law enforcement
officials, there should be nothing that allows the e-mail to
be traced, Cottrell said.

Another free program, currently being developed by Lucent
Technologies, offers pseudonymity for Web browsing by
changing a user's name, password and return e-mail address
automatically for each site a user logs onto. For example,
after logging onto http://lpwa.com:8000/, users can visit
Web sites in privacy and any e-mail sent to their return
address will be forwarded by the Lucent server to the actual
address and "carbon copied" to the pseudonym. Lucent knows
who uses the service, but other Web sites do not.

[End]








Thread