THE RULES OF PRIVACY ARE CHANGING WITH ELECTRONIC COMMICATIONS,
THE EAGERNESS OF GOVERNMENT TO PRY INTO OUR COMMINICATIONS,
APPARENTLY, IS NOT.
Email users like these patrons of a cybercafe, probably assume that when they use re-mailers, they ensure the anonymity of their correspondence.
Foreign and domestic intelligence agencies are actively monitoring worldwide Internet traffic and are allegedly running anonymous re-mailer" services designed to protect the privacy of electronic mail users. The startling claim that government snoops may be surreptitiously operating computer privacy protection systems used by private citizens was made earlier this year at a Harvard University Law School Symposium on the Global Information Infrastructure. The source was not some crazed computer hacker paranoid about government eavesdropping. | Rather, the information was presented by two defense experts, Former Assistant Secretary of Defense Paul Strassmann, now a professor at West Point and the National Defense University in Washington, D.C., along with William Marlow, a top official at Science Applications International Corp., a leading security contractor. Anonymous re-mailer services are pretty much what the name implies. By stripping identifying source information from e-mail messages, they allow people to post electronic messages without traceable return address information. |
But Strassmann and Marlow said that the anonymous re-mailers, if used properly and in tandem with encryption software pose an unprecedented national security threat from information terrorists. Intelligence services have set up their own re-mailers in order to collect data on potential spies, criminals, and terrorists, they said. Following their Harvard talk, Strassmann and Marlow explicitly acknowledged that a number of anonymous re-mailers in the US are run by government agencies scanning traffic," said Viktor Mayer-Schoenberger, | a lawyer from Austria who attended the conference. Marlow said that the [US] government runs at least a dozen re-mailers and that the most popular re-mailers in France and Germany are run by respective agencies in those countries." Mayer-Schoenberger was shocked by the defense experts' statement and tried to spread the news by sending an e-mail message to Hotwired, the online version of Wired magazine. Although the story did not make headlines, his note quickly became the e-mail message relayed 'round the world, triggering over 300 messages to Strassmann and Marlow. It was followed by the electronic version of spin control. |
Strassmann quickly posted a denial. In an interview, he said the Austrian completely misunderstood what he and Marlow had said. That was false," Strassmann said of Mayer-Schoenberger's message. That was the person's interpretation of what we said. ... We did not specifically mention any government. What we said was that governments are so heavily involved in this [Internet issues] that it seems plausible that governments would use it in many ways." (Marlow did not return a call for comment.) But Harvard Law School Professor Charles Nesson, who heard the original exchange at the Harvard conference, recalls the conversation as Mayer-Schoenberger described it. Mayer-Schoenberger also stands by his story. I remember | the conversation perfectly well," he e-mailed from Vienna. They said a couple of additional things I'm sure they don't want people to remember. But the statement about the re-mailers is the one most people heard and I think is quite explosive news, isn't it?" Marlow said that actually a fair percentage of re-mailers around the world are operated by intelligence services, Mayer-Schoenberger recalled in a subsequent interview. Someone asked him: `What about the US, is the same true here as well?' Marlow said: `you bet.' The notes for the Harvard symposium, posted on the World Wide Web, also lend credence to Mayer-Schoenberger's account. The CIA already has anonymous re-mailers but to effectively control [the Internet] would require 7,000 to 10,000 around the world," the notes quote Marlow as saying. |
Prying into e-mail is probably as old as e-mail itself. The Internet is notoriously insecure; messages are kept on computers for months or years. If they aren't stored safely, they can be viewed by anyone who rummages through electronic archives by searching through the hard drive, by using sophisticated eavesdropping techniques, or by hacking in via modem from a remote location. Once e-mail is obtained, legally or not, it can be enormously valuable. Lawyers are increasingly using archived e-mail as evidence in civil litigation. And it was Oliver North's e-mail (which he thought was deleted) that showed the | depths of the Reagan administration's involvement in the Iran-Contra affair. Moreover, it's easier to tap e-mail messages than voice telephone traffic, according to the paper written by Strassmann and Marlow. As e-mail traffic takes over an ever-increasing share of personal communications, inspection of e-mail traffic can yield more comprehensive evidence than just about any wire-tapping efforts, they wrote. E-mail tapping is less expensive, more thorough and less forgiving than any other means for monitoring personal communications. |
Two kinds of anonymous re-mailers have evolved to protect the privacy of users. The first, and the less secure, are two-way database re-mailers," which maintain a log linking anonymous identities to real user names. These services are more accurately called pseudonymous" re-mailers since they assign a new name and address to the sender (usually a series of numbers or characters) and are the most vulnerable to security breaches, since the logs can be subpoenaed or stolen. The most popular pseudonymous" re-mailer is a | Finnish service at anon.penet.fi". I believe that if you want protection against a governmental body, you would be foolish to use anon.penet.fi," said Jeffrey Schiller, manager of the Massachusetts Institute of Technology computer network and an expert on e-mail and network security. Last year, in fact, authorities raided anon.penet.fi to look for the identity of a Church of Scientology dissident who had posted secret church papers on the Internet using the supposedly private service. |
The second kind of re-mailers are cypherpunk" services run by computer-savvy privacy advocates. Someone desiring anonymity detours the message through the re-mailer; a re-mailer program removes information identifying the return address, and sends it on its way. Schiller says that a cypherpunk re-mailer in its simplest form is a program run on incoming e-mail that looks for messages containing a request-re-mailing-to" header line. When the program sees such a line, it removes the information identifying the sender and remails" the message. | Some re-mailers replace the return address with something like nobody@nowhere.org." Further protection can be obtained by using free, publicly available encryption programs such as Pretty Good Privacy and by chaining messages and re-mailers together. Sending the message from re-mailer to re-mailer using encryption at each hop builds up an onion skin arrangement of encrypted messages inside encrypted messages. Some re-mailers will vary the timing of the outgoing mail, sending the messages out in random sequence in order to thwart attempts to trace mail back by linking it to when it was sent. |
Linking encrypted messages together can be tricky and time-consuming. So who would bother? A. Michael Froomkin, an assistant professor of law at the University of Miami and an expert on Internet legal issues, says anonymity allows people to practice political free speech without fear of retribution. Whistleblowers can identify corporate or government abuse while reducing their risk of detection. People with health problems that are embarrassing or might threaten their ability to get insurance can seek advice without concern that their names would be blasted electronically around the world. A battered woman can use re-mailers to communicate with friends without her spouse finding her. The Amnesty International human rights group has used anonymous re-mailers to protect information supplied by political dissidents, said Wayne Madsen, a computer security | expert and co-author of a new edition of The Puzzle Palace, a book on the National Security Agency. Amnesty International has people who use re-mailers because if an intelligence service in Turkey tracks down [political opponents] ... they take them out and shoot them," he said. I would rather err on the side of those people. I would rather give the benefit of the doubt to human rights." Strassmann and Marlow, on the other hand, see the threat to national security as an overriding concern. Their paper, Risk-Free Access into the Global Information Infrastructure via Anonymous Re-mailers, presented at the Harvard conference, is a call to electronic arms. In it, they warn that re-mailers will be employed in financial fraud and used by information terrorists" to spread stolen government secrets or to disrupt telecommunication, finance and power generation systems. |
Internet anonymity has rewritten the rules of modern warfare by making retaliation impossible, since the identity of the assailant is unknown, they said. Since biblical times, crimes have been deterred by the prospects of punishment. For that, the criminal had to be apprehended. Yet information crimes have the unique characteristic that apprehension is impossible. ... Information crimes can be committed easily without leaving any telltale evidence such as fingerprints, traces of poison or bullets," they wrote. As an example, they cite the Finnish re-mailer (anon.penet.fi), claiming that it is frequently used by the ex-KGB Russian criminal element. Asked for proof or further detail, Strassmann said: That [paper] is as far in the public domain as you're going to get." | At the Harvard symposium, the pair provided additional allegations that anonymous re-mailers are used to commit crimes. There was a crisis not too long ago with a large international bank. At the heart of the problem turned out to be anonymous re-mailers. There was a massive exchange around the world of the vulnerabilities of this bank's network," Marlow said. But David Banisar, an analyst with the Washington, D.C.-based Electronic Privacy Information Center (EPIC) downplayed this kind of anecdote, saying that such allegations are always used by governments when they want to breach the privacy rights of citizens. I think this information warfare stuff seems to be a way for the military trying to find new reasons for existence and for various opportunistic companies looking for ways to cash in. I'm really skeptical about a lot of it. The |
problem is nine-tenths hype and eight-tenths bad security practices," he said. Already existing Internet security systems like encryption and firewalls could take care of the problem." The public should not have to justify why it needs privacy, he said. Why do you need window blinds? Privacy is one of those fundamental human rights that ties into other human rights such as freedom of expression, the right to associate with who you want, the right to speak your mind as you feel like it. ... The question shouldn't be what do you have to fear, it should be `Why are they listening in?' With a democratic government with constitutional limits to democratic power, they have to make the argument they need to listen in, not the other way around." | Froomkin, from the University of Miami, also questioned Strassmann and Mayer's conclusions. First of all, the statistics about where the re-mailers are and who runs them are inaccurate. I can't find anybody to confirm them," he said. I completely disagree with their assessment of facts and the conclusions they draw from them. ... Having said that, there's no question there are bad things you can do with anonymous re- mailers. There is potential for criminal behavior." Banisar doubts that intelligence agencies are actually running re-mailers. It would entail a fairly high profile that they tend to shy away from, he said. However, it is likely that agencies are sniffing" monitoring traffic going to and from these sites, he said. |
Not in doubt, however, is that
the government is using the
Internet to gather intelligence
and is exploring the net's
potential usefulness for covert
operations. Charles Swett, a
Department of Defense policy
assistant for special operations
and low-intensity conflict,
produced a report last summer
saying that by scanning computer
message traffic, the government
might see early warnings of
impending significant
developments." Swett added that
the Internet could also be used
offensively as an additional
medium in psychological
operations campaigns and to help
achieve unconventional warfare
objectives." The
unclassified Swett paper was
itself posted on the Internet by
Steven Aftergood of the
Federation of American
Scientists.
The document focuses in part on Internet use by leftist political activists and devotes substantial space to the San Francisco-based Institute for Global Communications (IGC), which operates Peacenet and other networks used by activists. IGC shows, Swett writes, the breadth of DoD-relevant information available on the Internet." The National Security Agency is also actively sniffing" key Internet sites that route electronic mail traffic, according to Puzzle Palace co-author Wayne Madsen. In an article in the British newsletter Computer Fraud and Security Bulletin, |
Madsen
reported that sources within the
government and private industry
told him that the NSA is
monitoring two key Internet
routers which direct electronic
mail traffic in Maryland and
California.18 In an interview,
Madsen said he was told that the
NSA was sniffing" for the
address of origin and the
address of destination" of
electronic mail.
The NSA is also allegedly monitoring traffic passing through large Internet gateways by scanning network access points" operated by regional and long-distance service providers. Madsen writes that the network access points allegedly under surveillance are at gateway sites in Pennsauken, N.J. (operated by Sprint), Chicago (operated by Ameritech and Bell Communications Research) and San Francisco (operated by Pacific Bell). Madsen believes that NSA monitoring doesn't always stop at the US border, and if this is true, NSA is violating its charter, which limits the agency 's spying to international activities. People familiar with the monitoring claim that the program is one of the NSA's `black projects,' but that it is pretty much an `open secret' in the communications industry," he wrote. |
Electronic communications open up opportunities to broaden democratic access to information and organizing. They also provide a means and an opportunity for governments to pry. But just as people have a right to send a letter through the post office without a return address, or even to drop it in a mail box in another city, so too, electronic rights advocates argue, they have the right to send an anonymous, untraceable electronic communication. And just as the post office can be used maliciously, or to commit or hide a crime, re-mailers can be used by cruel or criminal people to send hate mail or engage in flame wars." And like the post office, the highways, | and the telephone, the Internet could be used by spies or terrorists. Those abuses, however, do not justify curtailing the rights of the vast number of people who use privacy in perfectly legal ways. Robert Ellis Smith, editor of the Privacy Journal newsletter, said government agencies seem obsessed with anonymous re-mailers. They were set up by people with a very legitimate privacy issue, he said. Law enforcement has to keep up with the pace of technology as opposed to trying to infiltrate technology. Law enforcement seems to want to shut down or retard technology, and that's not realistic. Anonymous re-mailers are not a threat to national security. |
CAQ57 Contents | CAQ Contents | Subscribe to CAQ | MediaFilter | PoMoWar