(New York) Newsday, December 24, 1997, pp. C5, C6. Anonymity and the Internet Balancing freedom of speech with the need to protect identities By Gail Dutton Special Correspondent "Is Singapore the future?" asked information scientist Dave Farber of the University of Pennsylvania. If it is, the right to communicate anonymously on the Internet must be protected now, to ensure continued freedom of speech, according to participants at the Conference on Anonymous Communications on the Internet, sponsored by the American Academy for the Advancement of Sciences last month in Irvine, Calif. "Law enforcement in the U.S. is a trusted third party," Farber said. But, Lance Cottrell, president of Obscura Information Security, added, "What is considered a good government today may become an oppressive government 50 years from now." The debate hinges upon whether any government should be able to trace messages--encrypted or not--to their sources. Singapore's repressive system is probably not the future here, but participants at the conference agreed that the right to communicate anonymously must be addressed now. Anonymous e-mailers have been around since the beginning of the Internet, but they have become increasingly simple to use. Anonymous Internet e-mail and Web visits aren't just for techies. For example, with The Anonymizer, developed by Cottrell sending untraceable, anonymous e-mail is as simple as clicking on the Web site (http://www.anonymizer.com) and uploading your message. Entering a Web site is just as easy, and can be done from the same site. Now that anonymity is simple and available to everyone, law-enforcement agents are getting nervous. There is always the potential for abuse. Laws are written for a paper-based society, according to attorney Joe Rosenbaum, who specializes in information technology at Hughes, Hubbard and Reed in Manhattan. "But, with the Internet, access is multiplied so that individuals lose control of their personal information," Rosenbaum said. For example, public information becomes widely and quickly accessible to anyone with an Internet connection, and private information is available for mining by any site a user visits. As a result, profiles of households can be developed and linked directly to them, based upon Web visits and information they provided individual sites--such as names income, news preferences and any other information a site requires for registering. The profiles could be used for academic research or--what more people dread--market research. "Corporations need to recognize the right of data ownership by individuals," maintained conference speaker Donna Hoffman of Project 2,000, a communications project at Purdue University. "Lack of trust [between customers and companies] is the primary barrier to Internet commerce. People are bothered by things online that they aren't significantly bothered by offline," she added. At work, if your employer asked your honest opinion of a very sensitive, politically charged work issue, would you give your unvarnished opinion? In writing? Would your answer change if you were guaranteed 100 percent, untraceable anonymity? If you said "yes" to the last question you just gave corporations a reason to promote anonymous communications. Companies tend to be as protective as individuals when it's their information being mined. They can filter out certain addresses, banning them from the site. However, individuals-- often competitors--sometimes can enter anonymously and get the data they need. To combat this, "You can build a site that doesn't allow anonymity," Cottrell said. That would only slow that research --not prevent the data from being compiled. Often the information companies are trying to protect is publicly available sometimes in their own printed literature. With The Anonymizer, developed by Lance Cottrell of Obscura Information Security, sending untraceable, totally anonymous e-mail is as simple as clicking on the Web site and uploading your message. Pseudonymity "Most people aren't looking for the same type of security as the National Security Agency," Rosenbaum said. Generally, pseudonymity--which is traceable --provides acceptable security for all but the most sensitive communications, he said. The right to protect personal information, even from corporations and market-research firms, is a driving force behind pseudonymity. So far, consumers do not trust the security and privacy of the Internet. "Contrary to what companies believe, consumers aren't interested in selling their personal information. Instead, people want a relationship based upon trust-- trust that the company won't sell their information," Hoffman said. By using pseudonymity, Internet users can prevent companies from linking customer profiles to their true identities. This option also promotes commerce, by allowing customers to use another name for their transactions, while using a public key encryption method to let companies confirm and authenticate an order. To maintain pseudonymity, customers can pay their bills with electronic cash from companies such as like DigiCash ( http://www.digicash.com ), and have merchandise shipped to a postal box, she said. Although that option is possible technologically, it is far from standard practice. The problem with this solution, Hoffman said, is that buyer and seller would have to rely upon a trusted third party. But, "No one knows who the third party may be, what their responsibilities are and who will reinforce their obligations if there is a dispute." What Are You Hiding? "Anonymity and pseudonymity both involve hiding knowledge from somebody," according to Terrell Bynum, professor of philosophy and director of the Research Center on Computing and Society at Southern Connecticut State University. "Therefore, what are you hiding, and from whom?" The answer, obviously, is identity, and the reason is to avoid repercussions of certain actions. That is a particularly valuable option for whistle-blowers, dissidents, human rights activists and others who put their jobs and, sometimes, their lives on the line. It becomes less palatable when the purpose is to defame or defraud. Concerns The need for anonymity in the United States is very different from that in countries where human rights may be stifled or, for that matter, in Europe, which has data-protection laws, Rosenbaum explained. In the United States, anonymity more often protects careers and reputations than lives. It means users can protect their personal data when visiting Web sites, minimize scrutiny by law enforcement agents or others because of expressed opinions, visit X-rated Web sites without their employers or spouses knowing and send e-mail confidentially. In other nations, anonymity offers sometimes the only way to voice dissent or send human rights information out of the country without risking lives. The downside is that true anonymity also facilitates illegal activities, such as fraud, libel, transmission of child pornography and money laundering. And that ability makes some people--notably law enforcement agents--nervous. "The issue," Rosenbaum said, "is the degree of difficulty in charging and convicting criminals. Making communications more untraceable is creating problems that didn't exist before." Nonetheless, "Acts of physical destruction and violence are almost impossible" on the Internet, said Peter Wayner, a consulting editor at Byte Magazine. Limiting anonymity, however, also can harm by limiting opportunities for free speech. "It is not clear that a happy middle ground can be found that provides sufficient anonymity without risking serious abuses," said Peter G. Neuman, principal scientist of SRI International. Attendees agreed that the dangers of banning anonymous communications are greater than the dangers of allowing them. Site Guidelines Recommended "If you know information is from an anonymous source, you treat it differently than if it is from a known identity or a known and respected pseudonym," said Helen Nissenbaum, associate director of the Center for Human Values at Princeton University. Therefore Web sites should say, up front, whether they allow anonymous postings, the conference attendees agreed. Ideally, anonymity guidelines would come from the Web communities themselves, similar to professional associations' codes of ethics. Individual newsgroups or each person on the Internet could decide whether to accept anonymous or pseudonymous communications. Gail Dutton is a freelance writer. [Box] Keeping Secrets Anyone can drop a letter in a mailbox or place a call from a pay phone anonymously. On the Internet, however, Internet service providers track each message. Because they can be easily read, they also can be scanned for keywords. "The ease of surveillance on the Internet is unprecedented in the history of communication," according to Lance Cottrell, president of Obscura Information Security ( http://www.anonymizer.com ). Because the act of sending and receiving messages is logged, messages must be remailed assure anonymity. "A message is still vulnerable to traffic analysis," said Peter Wayner, Byte Magazine consulting editor. In practice, remailers receive mail, ignore the "from" part of the address, package it into a uniform size message and mail it to another remailer, who does the same thing. "All messages have to be identified in size and form," Cottrell explained. To ensure anonymity, mail is routed through several remailers, in and out of several countries, before it reaches its destination. When remailers' records are checked, as they sometimes are by U.S. law enforcement officials, there should be nothing that allows the e-mail to be traced, Cottrell said. Another free program, currently being developed by Lucent Technologies, offers pseudonymity for Web browsing by changing a user's name, password and return e-mail address automatically for each site a user logs onto. For example, after logging onto http://lpwa.com:8000/, users can visit Web sites in privacy and any e-mail sent to their return address will be forwarded by the Lucent server to the actual address and "carbon copied" to the pseudonym. Lucent knows who uses the service, but other Web sites do not. [End]