[Image] [Image] -----------KEEP FREE MEDIA FREE----------- ------------------------------------------------------------------------ [Are_The_FEDS_Sniffing_your_RE-Mail?] by John Dillon THE RULES OF PRIVACY ARE CHANGING WITH ELECTRONIC COMMICATIONS, THE EAGERNESS OF GOVERNMENT TO PRY INTO OUR COMMINICATIONS, APPARENTLY, IS NOT. [E_Mail_Users_Unaware_of_Snooping_Feds] Email users like these patrons of a cybercafe, probably assume that when they use re-mailers, they ensure the anonymity of their correspondence. Foreign and domestic Rather, the information was presented intelligence agencies are by two defense experts, Former actively monitoring worldwide Assistant Secretary of Defense Paul Internet traffic and are Strassmann, now a professor at West allegedly running anonymous Point and the National Defense re-mailer" services designed University in Washington, D.C., along to protect the privacy of with William Marlow, a top official electronic mail users. The at Science Applications International startling claim that Corp., a leading security contractor. government snoops may be Anonymous re-mailer services are surreptitiously operating pretty much what the name implies. By computer privacy protection stripping identifying source systems used by private information from e-mail messages, citizens was made earlier they allow people to post electronic this year at a Harvard messages without traceable return University Law School address information. Symposium on the Global Information Infrastructure. The source was not some crazed computer hacker paranoid about government eavesdropping. ------------------- But Strassmann and Marlow a lawyer from Austria who attended said that the anonymous the conference. Marlow said that the re-mailers, if used properly [US] government runs at least a dozen and in tandem with encryption re-mailers and that the most popular software pose an re-mailers in France and Germany are unprecedented national run by respective agencies in those security threat from countries." Mayer-Schoenberger was information terrorists. shocked by the defense experts' Intelligence services have statement and tried to spread the set up their own re-mailers news by sending an e-mail message to in order to collect data on Hotwired, the online version of Wired potential spies, criminals, magazine. Although the story did not and terrorists, they said. make headlines, his note quickly Following their Harvard talk, became the e-mail message relayed Strassmann and Marlow 'round the world, triggering over 300 explicitly acknowledged that messages to Strassmann and Marlow. It a number of anonymous was followed by the electronic re-mailers in the US are run version of spin control. by government agencies scanning traffic," said Viktor Mayer-Schoenberger, ------------------- Strassmann quickly posted a the conversation perfectly well," he denial. In an interview, he e-mailed from Vienna. They said a said the Austrian completely couple of additional things I'm sure misunderstood what he and they don't want people to remember. Marlow had said. That was But the statement about the false," Strassmann said of re-mailers is the one most people Mayer-Schoenberger's message. heard and I think is quite explosive That was the person's news, isn't it?" Marlow said that interpretation of what we actually a fair percentage of said. ... We did not re-mailers around the world are specifically mention any operated by intelligence services, government. What we said was Mayer-Schoenberger recalled in a that governments are so subsequent interview. Someone asked heavily involved in this him: `What about the US, is the same [Internet issues] that it true here as well?' Marlow said: `you seems plausible that bet.' The notes for the Harvard governments would use it in symposium, posted on the World Wide many ways." (Marlow did not Web, also lend credence to return a call for comment.) Mayer-Schoenberger's account. The CIA But Harvard Law School already has anonymous re-mailers but Professor Charles Nesson, who to effectively control [the Internet] heard the original exchange would require 7,000 to 10,000 around at the Harvard conference, the world," the notes quote Marlow as recalls the conversation as saying. Mayer-Schoenberger described it. Mayer-Schoenberger also stands by his story. I remember ------------------- @EASE WITH EAVESDROPPING Prying into e-mail is depths of the Reagan administration's probably as old as e-mail involvement in the Iran-Contra itself. The Internet is affair. Moreover, it's easier to tap notoriously insecure; e-mail messages than voice telephone messages are kept on traffic, according to the paper computers for months or written by Strassmann and Marlow. As years. If they aren't stored e-mail traffic takes over an safely, they can be viewed by ever-increasing share of personal anyone who rummages through communications, inspection of e-mail electronic archives by traffic can yield more comprehensive searching through the hard evidence than just about any drive, by using sophisticated wire-tapping efforts, they wrote. eavesdropping techniques, or E-mail tapping is less expensive, by hacking in via modem from more thorough and less forgiving than a remote location. Once any other means for monitoring e-mail is obtained, legally personal communications. or not, it can be enormously valuable. Lawyers are increasingly using archived e-mail as evidence in civil litigation. And it was Oliver North's e-mail (which he thought was deleted) that showed the ------------------- @ RISK Two kinds of anonymous Finnish service at anon.penet.fi". I re-mailers have evolved to believe that if you want protection protect the privacy of users. against a governmental body, you The first, and the less would be foolish to use secure, are two-way database anon.penet.fi," said Jeffrey re-mailers," which maintain a Schiller, manager of the log linking anonymous Massachusetts Institute of Technology identities to real user computer network and an expert on names. These services are e-mail and network security. Last more accurately called year, in fact, authorities raided pseudonymous" re-mailers anon.penet.fi to look for the since they assign a new name identity of a Church of Scientology and address to the sender dissident who had posted secret (usually a series of numbers church papers on the Internet using or characters) and are the the supposedly private service. most vulnerable to security breaches, since the logs can be subpoenaed or stolen. The most popular pseudonymous" re-mailer is a ------------------- The second kind of re-mailers Some re-mailers replace the return are cypherpunk" services run address with something like by computer-savvy privacy nobody@nowhere.org." Further advocates. Someone desiring protection can be obtained by using anonymity detours the message free, publicly available encryption through the re-mailer; a programs such as Pretty Good Privacy re-mailer program removes and by chaining messages and information identifying the re-mailers together. Sending the return address, and sends it message from re-mailer to re-mailer on its way. Schiller says using encryption at each hop builds that a cypherpunk re-mailer up an onion skin arrangement of in its simplest form is a encrypted messages inside encrypted program run on incoming messages. Some re-mailers will vary e-mail that looks for the timing of the outgoing mail, messages containing a sending the messages out in random request-re-mailing-to" header sequence in order to thwart attempts line. When the program sees to trace mail back by linking it to such a line, it removes the when it was sent. information identifying the sender and remails" the message. ------------------- @ISSUE: THE RIGHT TO PRIVACY Linking encrypted messages expert and co-author of a new edition together can be tricky and of The Puzzle Palace, a book on the time-consuming. So who would National Security Agency. Amnesty bother? A. Michael Froomkin, International has people who use an assistant professor of law re-mailers because if an intelligence at the University of Miami service in Turkey tracks down and an expert on Internet [political opponents] ... they take legal issues, says anonymity them out and shoot them," he said. I allows people to practice would rather err on the side of those political free speech without people. I would rather give the fear of retribution. benefit of the doubt to human Whistleblowers can identify rights." Strassmann and Marlow, on corporate or government abuse the other hand, see the threat to while reducing their risk of national security as an overriding detection. People with health concern. Their paper, Risk-Free problems that are Access into the Global Information embarrassing or might Infrastructure via Anonymous threaten their ability to get Re-mailers, presented at the Harvard insurance can seek advice conference, is a call to electronic without concern that their arms. In it, they warn that names would be blasted re-mailers will be employed in electronically around the financial fraud and used by world. A battered woman can information terrorists" to spread use re-mailers to communicate stolen government secrets or to with friends without her disrupt telecommunication, finance spouse finding her. The and power generation systems. Amnesty International human rights group has used anonymous re-mailers to protect information supplied by political dissidents, said Wayne Madsen, a computer security ------------------- Internet anonymity has At the Harvard symposium, the pair rewritten the rules of modern provided additional allegations that warfare by making retaliation anonymous re-mailers are used to impossible, since the commit crimes. There was a crisis not identity of the assailant is too long ago with a large unknown, they said. Since international bank. At the heart of biblical times, crimes have the problem turned out to be been deterred by the anonymous re-mailers. There was a prospects of punishment. For massive exchange around the world of that, the criminal had to be the vulnerabilities of this bank's apprehended. Yet information network," Marlow said. But David crimes have the unique Banisar, an analyst with the characteristic that Washington, D.C.-based Electronic apprehension is impossible. Privacy Information Center (EPIC) ... Information crimes can be downplayed this kind of anecdote, committed easily without saying that such allegations are leaving any telltale evidence always used by governments when they such as fingerprints, traces want to breach the privacy rights of of poison or bullets," they citizens. I think this information wrote. As an example, they warfare stuff seems to be a way for cite the Finnish re-mailer the military trying to find new (anon.penet.fi), claiming reasons for existence and for various that it is frequently used by opportunistic companies looking for the ex-KGB Russian criminal ways to cash in. I'm really skeptical element. Asked for proof or about a lot of it. The further detail, Strassmann said: That [paper] is as far in the public domain as you're going to get." ------------------- problem is nine-tenths hype Froomkin, from the University of and eight-tenths bad security Miami, also questioned Strassmann and practices," he said. Already Mayer's conclusions. First of all, existing Internet security the statistics about where the systems like encryption and re-mailers are and who runs them are firewalls could take care of inaccurate. I can't find anybody to the problem." The public confirm them," he said. I completely should not have to justify disagree with their assessment of why it needs privacy, he facts and the conclusions they draw said. Why do you need window from them. ... Having said that, blinds? Privacy is one of there's no question there are bad those fundamental human things you can do with anonymous re- rights that ties into other mailers. There is potential for human rights such as freedom criminal behavior." Banisar doubts of expression, the right to that intelligence agencies are associate with who you want, actually running re-mailers. It would the right to speak your mind entail a fairly high profile that as you feel like it. ... The they tend to shy away from, he said. question shouldn't be what do However, it is likely that agencies you have to fear, it should are sniffing" monitoring traffic be `Why are they listening going to and from these sites, he in?' With a democratic said. government with constitutional limits to democratic power, they have to make the argument they need to listen in, not the other way around." ------------------- @ WORK SNIFFING THE NET Not in doubt, however, is Madsen reported that sources within that the government is using the government and private industry the Internet to gather told him that the NSA is monitoring intelligence and is exploring two key Internet routers which direct the net's potential electronic mail traffic in Maryland usefulness for covert and California.18 In an interview, operations. Charles Swett, a Madsen said he was told that the NSA Department of Defense policy was sniffing" for the address of assistant for special origin and the address of operations and low-intensity destination" of electronic mail. conflict, produced a report last summer saying that by The NSA is also allegedly monitoring scanning computer message traffic passing through large traffic, the government might Internet gateways by scanning network see early warnings of access points" operated by regional impending significant and long-distance service providers. developments." Swett added Madsen writes that the network access that the Internet could also points allegedly under surveillance be used offensively as an are at gateway sites in Pennsauken, additional medium in N.J. (operated by Sprint), Chicago psychological operations (operated by Ameritech and Bell campaigns and to help achieve Communications Research) and San unconventional warfare Francisco (operated by Pacific Bell). objectives." The unclassified Swett paper was itself posted Madsen believes that NSA monitoring on the Internet by Steven doesn't always stop at the US border, Aftergood of the Federation and if this is true, NSA is violating of American Scientists. its charter, which limits the agency 's spying to international The document focuses in part activities. People familiar with the on Internet use by leftist monitoring claim that the program is political activists and one of the NSA's `black projects,' devotes substantial space to but that it is pretty much an `open the San Francisco-based secret' in the communications Institute for Global industry," he wrote. Communications (IGC), which operates Peacenet and other networks used by activists. IGC shows, Swett writes, the breadth of DoD-relevant information available on the Internet." The National Security Agency is also actively sniffing" key Internet sites that route electronic mail traffic, according to Puzzle Palace co-author Wayne Madsen. In an article in the British newsletter Computer Fraud and Security Bulletin, ------------------- [Image] Electronic communications and the telephone, the Internet could open up opportunities to be used by spies or terrorists. Those broaden democratic access to abuses, however, do not justify information and organizing. curtailing the rights of the vast They also provide a means and number of people who use privacy in an opportunity for perfectly legal ways. Robert Ellis governments to pry. But just Smith, editor of the Privacy Journal as people have a right to newsletter, said government agencies send a letter through the seem obsessed with anonymous post office without a return re-mailers. They were set up by address, or even to drop it people with a very legitimate privacy in a mail box in another issue, he said. Law enforcement has city, so too, electronic to keep up with the pace of rights advocates argue, they technology as opposed to trying to have the right to send an infiltrate technology. Law anonymous, untraceable enforcement seems to want to shut electronic communication. And down or retard technology, and that's just as the post office can not realistic. Anonymous re-mailers be used maliciously, or to are not a threat to national commit or hide a crime, security. re-mailers can be used by cruel or criminal people to send hate mail or engage in flame wars." And like the post office, the highways, --------------------------------------------------------------------- CAQ57 Contents | CAQ Contents | Subscribe to CAQ | MediaFilter | PoMoWar