Will Anonymous e-mail be the Next Casualty of War?
February 14, 2002
Ever wonder how to trace the trail of that spam, track its source, and shut it down once and for all? These days, so does the U.S. government. The U.S government is on the trail of SPAM and other email messages in attempts to track various sources of the e-mail messages.
According to IDG News, e-mail messages yielded few clues to the location of abducted Wall Street Journal reporter Daniel Pearl. IDG reports that investigators complain that the search for Pearl is hampered by difficulties pinpointing where the e-mail originated. Authorities have released few details, but apparently the e-mail was prepared and sent in a way that made it difficult to track. In at least one case, investigators were able to identify three Pakistanis who allegedly had links to a particular PC used to send photos and messages about Pearl.
The Pearl case is just one of the latest current events that is fueling a contentious debate over anonymity on the Internet. Tracking down bad guys is good thing. Sending anonymous e-mail is quite easy. Both fee-based and free services cater to the paranoid and guarantee anonymity.
Advicebox.com allows the user to send e-mail anonymously and free through a Web-based interface. Anonymizer charges $5 monthly for a subscription that supports anonymous e-mail and Web browsing. Both Anonymizer and QuickSilver will also let people post messages anonymously to Usenet groups. Other anonymous e-mail software programs include Private Idaho and Potato. Both of which make tracing an e-mail nearly impossible.
The easiest way to send anonymous e-mail is through one of about 35 remailers. The service strips the sender№s e-mail of all electronic ties to the person and ships the message to its recipient. However, privacy purists point out that the remailer still knows the sender№s real identity. So some remailers encrypt and send e-mail through the Mixmaster network, developed by Anonymizer president Lance Cottrell.
According to IDG, the Mixmaster network involves client software that runs locally on the sender№s PC, and Mixmaster servers that forward the e-mail. The client can be used as a plug-in for the QuickSilver e-mail client or with other remailer software. When the sender uses QuickSilver, e-mail is encrypted (under triple DES technology) and sent to multiple Mixmaster servers. The Mixmaster servers strip the return address each time thus making e-mail impossible to trace. On the last leg of the e-mail's journey, it's decrypted and delivered to an in-box.
Cottrell told IDG that the Mixmaster remailer network is hack-and spook-proof. "If a message is sent and you want to find out who sent it, there is no way you can," Cottrell added. But most Internet users don't realize how easy it is to trace e-mail. For most normal law-abiding people a Yahoo Mail account under a pseudonym is sufficient. E-mails sent from Web-based e-mail services like Yahoo or Hotmail carry the fixed Internet protocol address of the PC or network used to send the message.
A site like Advicebox.com doesn't carry IP information with its Web-based mail, IDG reports. Advicebox.com keeps tabs of computers that visit its site but doesn't log or record the e-mail sent through its service, Tim Cutting, company spokesperson told IDG. Advicebox.com had to hand over the electronic evidence to police when a recipient of a death threat delivered by Advicebox.com e-mail reported it to police.
"AdviceBox keeps zero record of the e-mail contents sent from the site. However, as with any computer server, it does keep a record of what ISPs access the server and at what time," Cutting added.
Anonymizer intentionally keeps no records of people's comings and goings, making a subpoena useless, Cottrell told IDG. Since September 11, law enforcement has not contacted Cottrell except to sign up for his service. Cottrell says his clients include local cops, FBI agents, and U.S. embassies.
Most anonymous e-mail proprietors admit their products can be tools for terrorists, pedophiles, and scammers. But they also point out that anonymous e-mail can protect whistle-blowers or the politically oppressed, and help shield the identity of people who would otherwise be afraid to seek help over the Net.
"Just like any powerful technology, in the wrong hands it can be misused," Rob Courtney, policy analyst with the Center for Democracy and Technology told IDG. "It's quite clear the benefits of anonymous e-mail greatly outweigh the risks," he claimed.
While anonymous e-mail can be a safe way for an employee to blow the whistle on a questionable business practices, or to tip off police to a crime, it also is easy to imagine anonymous e-mail making it safe for terrorists to communicate, plan murderous attacks, or issue ransom notes. "The abuse bothers me," Richard Christman, the developer of QuickSilver told IDG. But he added that free speech is more important.
Anonymizer's Cottrell told IDG that his services have helped many, such as Yugoslavian human-rights activists during the Milosovec regime. Also, an airline mechanic once inquired about Anonymizer so he could anonymously tip off airline executives to shoddy maintenance practices. Anonymity is an important aspect of free speech, government legal agencies told IDG. But they warn that if it is used for a crime, law enforcement will try to strip away the cloak.
The FBI likens anonymous e-mail to guns. Like firearms, services and software are legal, but if they're used in a crime, the FBI will take action. "If we need to, we will investigate," Steven Berry, an FBI spokesperson told IDG. Tracing e-mail has helped catch bad guys, such as the Philippino creator of the I Love You virus. It also identified a University of California at Irvine student whose e-mail message threatened to "hunt down and kill" Asian students.
Late last year, the U.S. government got some serious investigative help when Congress passed the Patriot Act in response to the terrorist attacks. The measure gives government the authority to monitor e-mail and other electronic communication and share that information among agencies.
"E-mail is just one clue to the larger crime," says a representative of the Department of Justice, of the new tools provided by the Patriot Act. Last November, the FBI acknowledged the existence of Magic Lantern. Magic Lantern is a Trojan horse program under development. It is intended to render encryption useless by logging the keystrokes on a suspect's PC. That will only help in some cases, however; if FBI officials can't figure out who is sending e-mail, how can they plant a bug on the computer?
The threat to online privacy is real, privacy activists warn. They argue that anonymous e-mail, in an age of cookies, Web bugs, and government surveillance, may be even more important today than before September 11. Since the terrorist attacks, public and political sensibility has shifted regarding privacy, Beth Givens, director of the Privacy Rights Clearinghouse told IDG.
Americans are now more willing to accept facial recognition technology at the Olympics show a personal ID to virtually anyone who asks, and surrender their anonymity online. That sensibility has reached the Internet. Anonymous Internet usage is getting harder to achieve. Just days after the terrorist strike, the government required ISPs to open their records in hope of finding electronic leads.
Zero Knowledge, which ensured anonymous Internet access, shut down its Freedom Network, which provided anonymous e-mail and Web surfing. SafeWeb closed its free anonymous Web browsing service, too. Both say they halted anonymous Net access not because of government pressure, but because they were not commercially viable. Privacy advocates told IDG that this weakens consumers' protection from government and big business.
Givens added that anonymous remailers are not a rogue tool, but one of the Net's last free speech vehicles. She argued the Internet has also become less anonymous as companies use libel suits to find and unmask their online critics. In fact, civil and criminal investigations have chipped away at anonymous communication.
Anonymity could have helped 21 Raytheon employees who riled Raytheon executives on a Yahoo bulletin board. Raytheon was so upset by the postings, which it alleged disclosed confidential information, that it forced Yahoo by court order to reveal the users' identities. Charges were eventually dropped, IDG reports.
Remailers, though legal, are not immune from such investigations. At the request of California police and the Church of Scientology, Finnish police ordered Johan Helsingius to identify an Internet user who allegedly stole files from the church and was using Helsingius' remailer technology to post them on Usenet groups. Additionally, in 1999, Canadian Carl Edward Johnson used a remailer network called Cypherpunks to send rambling but threatening messages to Bill Gates, the IRS, and government officials. Investigators pieced together rants posted on Web sites, in e-mail messages, and writing found at his home to confirm his identity.
The issue raises concern throughout the political spectrum. Anonymous communications has a long, proud history in the United States, Adam Thierer, of the Cato Institute, a right-wing Libertarian think tank told IDG. In 1776, Thomas Paine's Common Sense, a pamphlet urging separation from Britain, was released under the pseudonym "An Englishman."
"Paine didn't hide his identity to be cute or clever. He did it so he wouldn't be thrown in jail or put to death," Thierer added. "Anonymity is a key component to free speech and political discord." The most cautious even worry that hackers or government agents operate some remailers.
"There is no evidence that any of these tools of anonymity have ever been used by a terrorist," Anonymizer's Cottrell added. But then again, IDG poses that question that if terrorist did use Cottrell's Anonymizer service, how would anyone know?
by Cosmiverse Staff Writer. Copyright © 1999-2002 Cosmiverse.com.