POSTCARD FROM CYBERSPACE / DANIEL AKST The Helsinki Incident and the Right to Anonymity By

---
Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank! 



POSTCARD FROM CYBERSPACE / DANIEL AKST
The Helsinki Incident and the Right to Anonymity
By DANIEL AKST
Los Angeles Times  Wednesday February 22, 1995

   Something happened recently on the Internet that no doubt sent
chills down an awful lot of spines. A government used its power to breach
anon.penet.fi.

   Before you write this off as another of the arcane tempests that
generate so much ire among the get-a-life set, take heed. This one goes
to the heart of what the electronic frontier is like, how it is changing
and what the future holds for this new medium.

   Anon.penet.fi is basically a computer in Helsinki, Finland, whose
purpose is to allow e-mail users all over the world to send anonymous
messages, both to individuals as private e-mail and to Internet
newsgroups, as the Net's 10,000-plus discussion forums are known. You
message anon.penet.fi and it strips off your identity, substituting a
code number. Responses at your anon.penet.fi address get routed back to
you.

   There are many "anonymous remailers" like anon.penet.fi, but probably
none is as stable or widely used. Its operator, a selfless computer
networking specialist named Johan (Julf) Helsingius, supports the server
to the tune of $1,000 a m
integrity.

   Helsingius has rules: He won't disclose the name behind an anonymous
ID, but every message explains how to send him complaints. Abuse
anon.penet.fi and you'll probably find yourself locked out of the system.

   During previous incidents in which he was pressured to disclose the
identity of a user, Helsingius stood firm. Then the inevitable happened:
He was faced with a search warrant served by Finnish police.

   According to Helsingius, authorities in his country were investigating
an allegation by the Church of Scientology that anon.penet.fi had been
used to make public private information taken from a church computer.
You'll recall that the controversial Los Angeles-based church provoked
anger on the Internet not long ago when a church attorney attempted to
obliterate the newsgroup alt.religion.scientology, a well-known gathering
place for church critics in which anonymous postings are common. Armed
with a court order, church officials also seized computer disks from the
Glendale home of a church critic whom they accused of violating copyright
law by posting church materials on the Net.

   Helsingius refused at first to knuckle to the church's demands, but he
says the search warrant gave Finnish authorities the right to seize his
computer, which contains the identity of all 200,000 people who have sent
messages through anon.penet.fi during its 2 1/2 years of existence. Faced
with a potentially catastrophic loss of confidentiality--anon.penet.fi
processes more than 7,000 messages daily, mostly for
Americans--Helsingius and his attorney negotiated a compromise: On Feb.
8, he gave police the single identity in question.

   Within the hour, Helsingius reports, a church representative told him
the church had the name. (A church spokeswoman contacted would say only
that "we took actions to handle illegal posting," insisting that her
organization was simply defending its rights. As for anonymous posting,
the spokeswoman added, "People should be responsible for what they do.")
 
   Hackers have obtained anon.penet.fi user IDs before--when users failed
to protect themselves with passwords--but according to some of those who
follow such matters, this was the first time a government had made a
successful frontal assault.

   OK, so you check sports scores on America Online, or use CompuServe to
research companies, or mostly send e-mail to your kids in college. Why
should any of this matter to you?

   First of all, I suspect there is more to you than that. If you're a
gay cleric, an adult victim of child abuse, a recovering alcoholic, a
bondage fancier with a strait-laced employer, or a computer engineer who
wants to tell people what's  really  going on at your company, you
might want to post your thoughts and feelings on the Internet or
elsewhere in cyberspace without giving away your real name.

   Or maybe you're a little lonely and want to meet somebody in
la.personals. The personal ads in this newspaper don't include names,
after all. Maybe you're having marital troubles. Or maybe you simply need
to get out of your own skin for a little while.

   "I consider myself to be a fairly good example of why anonymous
remailers are needed on the Net," wrote one defender of anon.penet.fi in
the newsgroup alt.privacy.anon-server, one of many in which users have
expressed impassioned support. "To be blunt, I am bisexual, a pervert and
a witch. I also live in Alabama, where at least two of the three are
illegal. In a worst-case scenario, I could lose my job, have my career
ruined, face prosecution and possibly even have to deal with violence."

   I lead a more prosaic life, in a place where you can probably find
witches in the Yellow Pages, so I haven't yet felt the need to post
anonymously. I also know that anonymity is a two-edged sword. You might feel the
need for it, after all, if you're bent on harassment or clogging up the
Internet with loony rantings about some  idee fixe. 

   The recent breach of anon.penet.fi, in fact, came amid an Internet
pornography scandal started by a Swedish newspaper report of kiddie-porn
photographs being posted through Helsingius' server. (The report was
wrong; anon.penet.fi bans postings to picture newsgroups and limits
message sizes--pictures contain a lot of data--to control volume.)

   Yet defenders of anonymity make a strong case for its preservation.
They note that kill files, complaints and more speech are readily
available for those who feel offended by something said behind the veil
of an assumed user ID. And the timorous can stick to commercial on-line
services or BBSes, where system operators can (and usually do) intervene
when problems arise.

   It's obvious that what happened in Finland is only the beginning.
Clearly, there are circumstances--kidnapings, threats, massive fraud--in
which the right of anonymity is lost. But if we're not careful to provide
more stringent safeguards than those that failed to protect
anon.penet.fi, we'll soon face a mask of anonymity that it will be
impossible to lift under any circumstances.

   Just wait until digital cash becomes commonplace. As incidents like
the one in Finland become more routine, little countries with a hankering
for foreign exchange will step up to provide Internet secrecy, just as
certain Caribbean islands now provide banking secrecy, for a fee.

   All it takes is sovereignty and a cheap computer.

   When that day comes, we'll look back on today's eleemosynary providers
of anonymity with nostalgia, and marvel that the Internet ever could have
been so innocent.

Daniel Akst, a Los Angeles writer, is a former assistant business
editor for technology at The Times. He welcomes messages at
akstd@news.latimes.com but regrets that he cannot reply to them all.

Tip Box--Anonymous Mail

   Probably no anonymous remailer is absolutely secure. People who 
really  care about anonymity and have the technical skills will route
messages through several remailers, making their identity that much
harder to trace.

   The best way to find out more about anonymous remailers is at Raph
Levien's excellent World Wide Web page, http://www.cs.berkeley.edu/
~raph/remailer-list.html. If you just want Levien's list of remailers,
finger remailer-list@kiwi.cs.berkeley.edu.

   To learn more about Johan Helsingius' well-known server, send e-mail
to help@anon.penet.fi. And for a good introduction to the topic
generally, visit the newsgroups alt.privacy or alt.privacy.anon-server
for Andre Bacard's FAQ (Frequently Asked Questions) on the subject.

---

E-Mail Fredric L. Rice / The Skeptic Tank