Interesting People mailing list archives
IP: PRIVACY Internet Hide and Seek: Staying Under Cover (fwd)
From: Dave Farber <farber () cis upenn edu>
Date: Sun, 11 Apr 1999 10:05:40 -0400
Date: Sun, 11 Apr 1999 01:17:54 +0300 (EEST) From: Luther Van Arkwright <waste () zor hut fi> To: cypherpunks () toad com http://www10.nytimes.com/library/tech/99/04/circuits/articles/08pete.html April 8, 1999 STATE OF THE ART / PETER H. LEWIS Internet Hide and Seek: Staying Under Cover W ASHINGTON -- He did his best to remain anonymous, but within days after an expert programmer released the Melissa computer virus into the world late last month, the police reported that his identity had been cracked. Investigators used a tracking mechanism the Microsoft Corporation had secretly installed in its Office software to gather information on its customers surreptitiously. In Yugoslavia, meanwhile, messages poured onto the Internet from the war zone, providing what appeared to be firsthand accounts of Serbian atrocities against ethnic Albanians in Kosovo. Privacy advocates realized that if the Serbian authorities were able to trace the identities of the writers, many lives could be lost. Ominously, messages from some writers had stopped suddenly. The privacy groups moved swiftly to provide the writers with special access to Anonymizer.com, an Internet service that allows users to be anonymous and untraceable online, and with information about PGP, a data encryption program so strong that the United States prohibits its export. These two cases, worlds apart, underscore a growing dilemma that now confronts the electronic world. "Anonymity has incontestable value in a huge number of situations, and it is constitutionally protected," said Philip Reitinger, a prosecutor for the Justice Department, speaking at a Computers, Freedom and Privacy conference here today. Moments later, during a panel discussion, he added, "If you're serious about prosecuting crime on the global communications infrastructure, you have to have traceability. "Should communications on the Internet be traceable in some circumstances? And if so, what should the rules be?" The issue is a broad one because anonymity is not of interest only to criminals and dissidents, and not available only to the technically astute. New technologies are emerging that enable even casual Internet users to be anonymous online for the first time. At the same time, new technologies are being deployed to gather ever more personal information from users. In recent weeks, a debate has emerged over new technologies that have been deployed to allow companies to track individual users on the Internet. The Intel Corporation embedded a unique identification number in its Pentium III processor that would enable network operators to identify individual computers on the Internet, and the Microsoft Corporation designed a "globally unique identifier" that secretly appears in Microsoft Office documents and can be used to trace files back to a specific person. The Microsoft Office identification number was used in the Melissa investigation. Some privacy tools are being simplified and made available commercially to a broad audience, allowing anyone to browse the World Wide Web and use E-mail without being identified. The technologies are morally neutral. They could be used, for example, to commit a crime or to report one anonymously. The tools, like the Anonymizer (www.anonymizer.com) , are also useful simply for browsing the Web without having to give up personal information to marketers, for visiting sex-related Web sites without potential embarrassment, posting messages on newsgroups using pseudonyms and for avoiding spam, the bulk-mail advertising pitches that advertisers send incessantly to E-mail addresses they have culled from the Net. "The Internet has shifted the balance away from privacy, and these are attempts to bring it back," said David Banisar, an officer of the Electronic Privacy Information Center (www.epic.org) . There are other anonymity systems in the works. AT&T Labs-Research in New Jersey, a system called Crowds is being tested that operates on the premise, familiar to any New Yorker, that one can be anonymous in a crowd. In the Crowds system, large groups of geographically dispersed Internet users would be able to band together and their individual Web page requests would be randomly forwarded through a shared computer called a proxy server. The operator of the Web site would not know which member of the crowd submitted the request, and neither would anyone else in the crowd. More information is available at www.research.att.com/projects/crowds. ___________________________________________________________________ On-line anonymity tools insure privacy as well as shield wrongdoers. ___________________________________________________________________ At the Lucent Corporation's Bell Labs, another anonymity system called the Lucent Personalized Web Assistant allows a Web user to create a pseudonym for each Web site; the same pseudonym would be used on each visit. The Web site operator would not know the visitor's true identity but could still build a profile of the user's preferences that could be used to tailor advertisements and content to the customer on subsequent visits. More information about Lucent's system is available at www.lpwa.com. Yet another anonymity system under development, this one at the Government's Naval Research Laboratory, is Onion Routing. An Onion Router (www.onion-router.net) hides not only the content of messages, but also the very fact that two people are communicating over a public network. One of the more intriguing anonymity services under development is Freedom, a Windows program developed by a Canadian company, Zero Knowledge Systems (www.zeroknowledge.com). Freedom, which is expected to be available for public testing next month, is similar to the Lucent system in that it enables users to establish pseudonyms that are consistent over time. That would allow a user to participate freely in a discussion group without worrying about being identified. Freedom is expected to cost $50 a year for five separate digital pseudonyms (extra identities are $10 a year). These on-line personas cannot be traced to reveal the user's identity. The technical details of the system, including strong data encryption, masked Internet addresses and proxy servers, are hidden behind a simple user interface, which I've tried in early form. After a user chooses a persona by clicking on it, all identifying information is stripped from the original request and replaced by the information created for the pseudonym. Millions of Internet users already employ pseudonyms; America Online, for example, calls them screen names and allows each subscriber to have several. But in most cases a pseudonym can be traced to its real owner, often when the Internet company is compelled by a court order to divulge the information or is tricked into doing so. For example, the giant defense contractor Raytheon Corporation sued more than 20 employees earlier this year for posting pseudonymous messages about the company on the Internet. At least two employees resigned after Yahoo, in response to a court subpoena, revealed the true identities behind the postings. Ray-theon asserts that the messages, which contained gossip and criticisms of the company, divulged proprietary and confidential information. With Freedom, not even Zero Knowledge Systems can link the pseudonyms to a user's real identity. The company knows only that the person has a Freedom account. The oldest commercial service offering anonymity, and the only one currently available to users of any Internet-connected computer, is Anonymizer.com. Unlike Freedom, Anonymizer does not require the user to download or install any special software. For a fee of $5 a month, users can process Web browsing requests and send messages through Anonymizer's proxy servers. (There is also an unlimited free browsing service, but Anonymizer inserts a delay, typically 10 seconds, on page views in the free service. The paid service has no delays.) For an extra fee, Anonymizer will also allow users to receive E-mail responses and set up Web pages. In either case, the user types the address of the Web site to be visited, and the request is sent to Anonymizer's proxy computer. The proxy strips off the customer's identifying information and forwards the request to the Web site, which knows only that the request is coming from Anonymizer. The page or graphics file is then returned to the user's computer, and the site can be bookmarked for return visits with the anonymity intact. If a company is tracking Web usage by its employees -- which the courts have ruled is legally permissible, along with reading employees' E-mail and listening to their phone calls -- it will see only that the user is connected to Anonymizer.com, but it will not be able to find out what sites are being visited. For that reason, a number of companies prohibit employee access to the Anonymizer site. Other companies use Anonymizer regularly to visit the Web sites of competitors and gather information, and law enforcement agencies use it routinely to check up on people under investigation. At the other end of the line, some commercial sites do not allow connections from Anonymizer, either because they require visitors to provide personal information before granting them access or because they have had bad experiences with Anonymizer users who abused the system with bogus credit card scams or harassing messages. Anonymizer was forced to block its users' access to the White House Web site because customers were sending threats to the President. Anonymizer boots out customers who try to use the system to send batches of spam, or in response to complaints from people being harassed through the site. As with all of the anonymous services now being developed for the Internet, the good has to be balanced with the bad. "The real world is routinely anonymous," said Lance Cottrell, Anonymizer's chief executive. "When you drive down the street, typically there is no one photographing your license plate, no one keeping track of where you park and how long you stay. What's unusual about the Internet is that everything is by default logged and tracked. What's aberrant is not the presence of anonymity on the Internet, but that you have to take special steps to achieve it." State of the Art is published on Thursdays. Click here for a list of links to other columns in the series. ________________________________________________________________ Related Sites These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability. * www.anonymizer.com * www.epic.org * www.research.att.com/projects/crowds * www.lpwa.com * www.onion-router.net * www.zeroknowledge.com ________________________________________________________________ Peter H. Lewis at lewis () nytimes com welcomes your comments and suggestions. Copyright 1999 The New York Times Company
Current thread:
- IP: PRIVACY Internet Hide and Seek: Staying Under Cover (fwd) Dave Farber (Apr 11)