[FWD:] CAQ: CIA Spying on Anonymous Re-mail?
Jimmer ENDRES
[Found on misc.activism.progressive; m.a.p and CAQ are both recommended]
/** covertaction: 44.0 **/
** Topic: CIA Spying on Re-mail? **
** Written 9:38 AM Jun 3, 1996 by caq in cdp:covertaction **
ARE THE FEDS SNIFFING YOUR RE-MAIL
by Joh Dillon
THE RULES OF PRIVACY ARE CHANGING WITH ELECTRONIC COMMICATIONS, THE
EAGERNESS OF GOVERNMENT TO PRY INTO OUR COMMINICATIONS, APPARENTLY,
IS NOT.
Foreign and domestic intelligence agencies are actively monitoring
worldwide Internet traffic and are allegedly running anonymous
re-mailer" services designed to protect the privacy of electronic mail
users.
The startling claim that government snoops may be surreptitiously
operating computer privacy protection systems used by private citizens
was made earlier this year at a Harvard University Law School Symposium
on the Global Information Infrastructure. The source was not some
crazed computer hacker paranoid about government eavesdropping. Rather,
the information was presented by two defense experts, Former Assistant
Secretary of Defense Paul Strassmann, now a professor at West Point and
the National Defense University in Washington, D.C., along with William
Marlow, a top official at Science Applications International Corp., a
leading security contractor.
Anonymous re-mailer services are pretty much what the name implies. By
stripping identifying source information from e-mail messages, they
allow people to post electronic messages without traceable return
address information.
But Strassmann and Marlow said that the anonymous re-mailers, if used
properly and in tandem with encryption software pose an
unprecedented national security threat from information terrorists.
Intelligence services have set up their own re-mailers in order to
collect data on potential spies, criminals, and terrorists, they said.
*1
Following their Harvard talk, Strassmann and Marlow explicitly
acknowledged that a number of anonymous re-mailers in the US are run by
government agencies scanning traffic," said Viktor Mayer-Schoenberger,
a lawyer from Austria who attended the conference. Marlow said that
the [US] government runs at least a dozen re-mailers and that the most
popular re-mailers in France and Germany are run by respective agencies
in those countries."2
Mayer-Schoenberger was shocked by the defense experts' statement and
tried to spread the news by sending an e-mail message to Hotwired, the
online version of Wired magazine. Although the story did not make
headlines, his note quickly became the e-mail message relayed 'round
the world, triggering over 300 messages to Strassmann and Marlow. It
was followed by the electronic version of spin control.
Strassmann quickly posted a denial. In an interview, he said the
Austrian completely misunderstood what he and Marlow had said. That
was false," Strassmann said of Mayer-Schoenberger's message. That was
the person's interpretation of what we said. ... We did not
specifically mention any government. What we said was that governments
are so heavily involved in this [Internet issues] that it seems
plausible that governments would use it in many ways." *3 (Marlow did
not return a call for comment.)
But Harvard Law School Professor Charles Nesson, who heard the original
exchange at the Harvard conference, recalls the conversation as
Mayer-Schoenberger described it. *4 Mayer-Schoenberger also stands by
his story. I remember the conversation perfectly well," he e-mailed
from Vienna. They said a couple of additional things I'm sure they
don't want people to remember. But the statement about the re-mailers
is the one most people heard and I think is quite explosive news, isn't
it?" *5
Marlow said that actually a fair percentage of re-mailers around the
world are operated by intelligence services, Mayer-Schoenberger
recalled in a subsequent interview. Someone asked him: `What about the
US, is the same true here as well?' Marlow said: `you bet.'
The notes for the Harvard symposium, posted on the World Wide Web, also
lend credence to Mayer-Schoenberger's account. The CIA already has
anonymous re-mailers but to effectively control [the Internet] would
require 7,000 to 10,000 around the world," the notes quote Marlow as
saying. *6
@EASE WITH EAVESDROPPING
Prying into e-mail is probably as old as e-mail itself. The Internet is
notoriously insecure; messages are kept on computers for months or
years. If they aren't stored safely, they can be viewed by anyone who
rummages through electronic archives by searching through the hard
drive, by using sophisticated eavesdropping techniques, or by hacking
in via modem from a remote location. Once e-mail is obtained, legally
or not, it can be enormously valuable. Lawyers are increasingly using
archived e-mail as evidence in civil litigation. And it was Oliver
North's e-mail (which he thought was deleted) that showed the depths of
the Reagan administration's involvement in the Iran-Contra affair.
Moreover, it's easier to tap e-mail messages than voice telephone
traffic, according to the paper written by Strassmann and Marlow. As
e-mail traffic takes over an ever-increasing share of personal
communications, inspection of e-mail traffic can yield more
comprehensive evidence than just about any wire-tapping efforts, they
wrote. E-mail tapping is less expensive, more thorough and less
forgiving than any other means for monitoring personal communications.
7
@ RISK
Two kinds of anonymous re-mailers have evolved to protect the privacy
of users. The first, and the less secure, are two-way database
re-mailers," which maintain a log linking anonymous identities to real
user names. These services are more accurately called pseudonymous"
re-mailers since they assign a new name and address to the sender
(usually a series of numbers or characters) and are the most vulnerable
to security breaches, since the logs can be subpoenaed or stolen. The
most popular pseudonymous" re-mailer is a Finnish service at
anon.penet.fi".
I believe that if you want protection against a governmental body, you
would be foolish to use anon.penet.fi," said Jeffrey Schiller, manager
of the Massachusetts Institute of Technology computer network and an
expert on e-mail and network security. Last year, in fact, authorities
raided anon.penet.fi to look for the identity of a Church of
Scientology dissident who had posted secret church papers on the
Internet using the supposedly private service. *8
The second kind of re-mailers are cypherpunk" services run by
computer-savvy privacy advocates. Someone desiring anonymity detours
the message through the re-mailer; a re-mailer program removes
information identifying the return address, and sends it on its way.
Schiller says that a cypherpunk re-mailer in its simplest form is a
program run on incoming e-mail that looks for messages containing a
request-re-mailing-to" header line. When the program sees such a line,
it removes the information identifying the sender and re- mails" the
message. *9 Some re-mailers replace the return address with something
like nob...@nowhere.org."
Further protection can be obtained by using free, publicly available
encryption programs such as Pretty Good Privacy and by chaining
messages and re-mailers together. Sending the message from re-mailer to
re-mailer using encryption at each hop builds up an onion skin
arrangement of encrypted messages inside encrypted messages. Some
re-mailers will vary the timing of the outgoing mail, sending the
messages out in random sequence in order to thwart attempts to trace
mail back by linking it to when it was sent.
@ISSUE: THE RIGHT TO PRIVACY
Linking encrypted messages together can be tricky and time-consuming.
So who would bother? A. Michael Froomkin, an assistant professor of law
at the University of Miami and an expert on Internet legal issues, says
anonymity allows people to practice political free speech without fear
of retribution. Whistleblowers can identify corporate or government
abuse while reducing their risk of detection. People with health
problems that are embarrassing or might threaten their ability to get
insurance can seek advice without concern that their names would be
blasted electronically around the world. *10 A battered woman can use
re-mailers to communicate with friends without her spouse finding her.
The Amnesty International human rights group has used anonymous
re-mailers to protect information supplied by political dissidents,
said Wayne Madsen, a computer security expert and co-author of a new
edition of The Puzzle Palace, a book on the National Security Agency.
Amnesty International has people who use re-mailers because if an
intelligence service in Turkey tracks down [political opponents] ...
they take them out and shoot them," he said. I would rather err on the
side of those people. I would rather give the benefit of the doubt to
human rights." *11
Strassmann and Marlow, on the other hand, see the threat to national
security as an overriding concern. Their paper, Risk-Free Access into
the Global Information Infrastructure via Anonymous Re-mailers,
presented at the Harvard conference, is a call to electronic arms. In
it, they warn that re-mailers will be employed in financial fraud and
used by information terrorists" to spread stolen government secrets or
to disrupt telecommunication, finance and power generation systems.
Internet anonymity has rewritten the rules of modern warfare by making
retaliation impossible, since the identity of the assailant is unknown,
they said. Since biblical times, crimes have been deterred by the
prospects of punishment. For that, the criminal had to be apprehended.
Yet information crimes have the unique characteristic that apprehension
is impossible. ... Information crimes can be committed easily without
leaving any telltale evidence such as fingerprints, traces of poison or
bullets," they wrote. *12
As an example, they cite the Finnish re-mailer (anon.penet.fi),
claiming that it is frequently used by the ex-KGB Russian criminal
element. Asked for proof or further detail, Strassmann said: That
[paper] is as far in the public domain as you're going to get." *13
At the Harvard symposium, the pair provided additional allegations that
anonymous re-mailers are used to commit crimes. There was a crisis not
too long ago with a large international bank. At the heart of the
problem turned out to be anonymous re-mailers. There was a massive
exchange around the world of the vulnerabilities of this bank's
network," Marlow said. *14
But David Banisar, an analyst with the Washington, D.C.-based
Electronic Privacy Information Center (EPIC) downplayed this kind of
anecdote, saying that such allegations are always used by governments
when they want to breach the privacy rights of citizens. I think this
information warfare stuff seems to be a way for the military trying to
find new reasons for existence and for various opportunistic companies
looking for ways to cash in. I'm really skeptical about a lot of it.
The problem is nine-tenths hype and eight-tenths bad security
practices," he said. Already existing Internet security systems like
encryption and firewalls could take care of the problem."
The public should not have to justify why it needs privacy, he said.
Why do you need window blinds? Privacy is one of those fundamental
human rights that ties into other human rights such as freedom of
expression, the right to associate with who you want, the right to
speak your mind as you feel like it.
... The question shouldn't be what do you have
to fear, it should be `Why are they listening in?' With a democratic
government with constitutional limits to democratic power, they have to
make the argument they need to listen in, not the other way around."
*15
Froomkin, from the University of Miami, also questioned Strassmann and
Mayer's conclusions. First of all, the statistics about where the
re-mailers are and who runs them are inaccurate. I can't find anybody
to confirm them," he said. I completely disagree with their assessment
of facts and the conclusions they draw from them. ... Having said that,
there's no question there are bad things you can do with anonymous re-
mailers. There is potential for criminal behavior." *16
Banisar doubts that intelligence agencies are actually running
re-mailers. It would entail a fairly high profile that they tend to
shy away from, he said. However, it is likely that agencies are
sniffing" monitoring traffic going to and from these sites, he said.
@ WORK SNIFFING THE NET
Not in doubt, however, is that the government is using the Internet to
gather intelligence and is exploring the net's potential usefulness for
covert operations. Charles Swett, a Department of Defense policy
assistant for special operations and low-intensity conflict, produced a
report last summer saying that by scanning computer message traffic,
the government might see early warnings of impending significant
developments." Swett added that the Internet could also be used
offensively as an additional medium in psychological operations
campaigns and to help achieve unconventional warfare objectives." *17
The unclassified Swett paper was itself posted on the Internet by
Steven Aftergood of the Federation of American Scientists.
The document focuses in part on Internet use by leftist political
activists and devotes substantial space to the San Francisco-based
Institute for Global Communications (IGC), which operates Peacenet and
other networks used by activists. IGC shows, Swett writes, the breadth
of DoD-relevant information available on the Internet."
The National Security Agency is also actively sniffing" key Internet
sites that route electronic mail traffic, according to Puzzle Palace
co-author Wayne Madsen. In an article in the British newsletter
Computer Fraud and Security Bulletin, Madsen reported that sources
within the government and private industry told him that the NSA is
monitoring two key Internet routers which direct electronic mail
traffic in Maryland and California.18 In an interview, Madsen said he
was told that the NSA was sniffing" for the address of origin and the
address of destination" of electronic mail.
The NSA is also allegedly monitoring traffic passing through large
Internet gateways by scanning network access points" operated by
regional and long-distance service providers. Madsen writes that the
network access points allegedly under surveillance are at gateway sites
in Pennsauken, N.J. (operated by Sprint), Chicago (operated by
Ameritech and Bell Communications Research) and San Francisco (operated
by Pacific Bell). *19
Madsen believes that NSA monitoring doesn't always stop at the US
border, and if this is true, NSA is violating its charter, which limits
the agency 's spying to international activities. People familiar with
the monitoring claim that the program is one of the NSA's `black
projects,' but that it is pretty much an `open secret' in the
communications industry," he wrote.
Electronic communications open up opportunities to broaden democratic
access to information and organizing. They also provide a means and an
opportunity for governments to pry. But just as people have a right to
send a letter through the post office without a return address, or even
to drop it in a mail box in another city, so too, electronic rights
advocates argue, they have the right to send an anonymous, untraceable
electronic communication. And just as the post office can be used
maliciously, or to commit or hide a crime, re-mailers can be used by
cruel or criminal people to send hate mail or engage in flame wars."
And like the post office, the highways, and the telephone, the Internet
could be used by spies or terrorists. Those abuses, however, do not
justify curtailing the rights of the vast number of people who use
privacy in perfectly legal ways.
Robert Ellis Smith, editor of the Privacy Journal newsletter, said
government agencies seem obsessed with anonymous re-mailers. They were
set up by people with a very legitimate privacy issue, he said. Law
enforcement has to keep up with the pace of technology as opposed to
trying to infiltrate technology. Law enforcement seems to want to shut
down or retard technology, and that's not realistic. Anonymous
re-mailers are not a threat to national security. *20
--END--
SUBSCRIPTION INFO:
CAQ (CovertAction Quarterly) has won numerous awards for
investigative journalism. It is read around the world by
investigative reporters, activists, scholars, intelligence
buffs, news junkies, and anyone who wants to know
the news and analysis behind the soundbites and
headlines. Recommended by Noam Chomsky;
targeted by the CIA.
Each article in the 64-page magazine, which is in its
16th year of publication, is extensively footnoted and
accompanied by photographs and graphics.
For a single issues send $6.
A one year subscription:
US $22;
Canada/Mexico $27;
Latin America/Europe $33;
Other areas $35.
Please send credit card information (VISA or Mastercard
including number and expiration date), check or money order
in $US to:
CAQ
1500 Massachusetts Ave. #732
Washington, DC 20005, USA
Phone: 202-331-9763
Fax: 202-331-9751
E-mail: c...@igc.apc.org
** End of text from cdp:covertaction **
***************************************************************************
This material came from PeaceNet, a non-profit progressive networking
service. For more information, send a message to peacen...@igc.apc.org
***************************************************************************
Hal
Overall this article presents a reasonably balanced presentation, however
the sensational charges at the top are what people are most likely to
remember.
Jimmer ENDRES <jbe...@pitt.edu> writes:
>Following their Harvard talk, Strassmann and Marlow explicitly
>acknowledged that a number of anonymous re-mailers in the US are run by
>government agencies scanning traffic," said Viktor Mayer-Schoenberger,
>a lawyer from Austria who attended the conference. Marlow said that
>the [US] government runs at least a dozen re-mailers and that the most
>popular re-mailers in France and Germany are run by respective agencies
>in those countries."2
For a list of currently active remailers see <URL:
http://www.cs.berkeley.edu/~raph/remailer-list.html >. There are no
remailers in France or Germany on that list. And I don't think there
have been any. Referring to "the most popular re-mailers in France and
Germany" tells me that the authors don't know what they are talking
about.
The claims made by these speakers have been debunked several times, as
the article goes on to mention. It apparently originally contained
footnote references which were removed in this posting, so people can't
follow up and see for themselves. So unfortunately I am afraid this will
contribute to the misinformation which surrounds this issue.
Hal Finney
Manuel Guesdon
Jimmer ENDRES <jbe...@pitt.edu> wrote/écrivais:
[...]
>| Marlow said that
>| the [US] government runs at least a dozen re-mailers and that the most
>| popular re-mailers in France and Germany are run by respective agencies
>| in those countries."2
AFAIK, there's no anonymous re-mailers in France....
____________________________________________________________________
Manuel GUESDON - SOFTWARE BUILDERS <mgu...@worldnet.fr>
Home: http://www.worldnet.fr/~mguesdo PGP Key Id: 76AB60D1
== Author of AppTranslator (A Windows Software Localization Tool) ==
========== http://www.worldnet.fr/~mguesdo/SBDev_WLT.html ==========