[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"gov runs anon remailers"
fallout from that old, lame Strassman & Marlow paper. a bit on
the new Puzzle Palace.
------- Forwarded Message
Date: Mon, 1 Jul 1996 06:11:41 -0400 (EDT)
From: "Donna J. Logan" <[email protected]>
To: [email protected], [email protected], [email protected]
Subject: CAQ: CIA Spying on EMAIL (fwd)
- - -> SearchNet's snetnews Mailing List
- - ---------- Forwarded message ----------
Date: Sun, 30 Jun 1996 15:19:38 -0700 (PDT)
To: Recipients of pol-abuse <[email protected]>
Subject: CAQ: CIA Spying on EMAIL
From: Bob Witanek <[email protected]>
Posted [email protected] Thu Jun 20 23:46:55 1996
From: Ronnie Dadone <[email protected]>
Subject: CIA Spying on Re-mail?
http://www.worldmedia.com/caq/articles/remail.html
> ARE THE FEDS SNIFFING YOUR RE-MAIL?
>
> by Joh Dillon
>
> THE RULES OF PRIVACY ARE CHANGING WITH ELECTRONIC
> COMMICATIONS, THE EAGERNESS OF GOVERNMENT TO PRY INTO OUR
> COMMINICATIONS, APPARENTLY, IS NOT.
>
> Foreign and domestic intelligence agencies are actively monitoring
> worldwide Internet traffic and are allegedly running anonymous
> re-mailer" services designed to protect the privacy of electronic
> mail users.
>
> The startling claim that government snoops may be surreptitiously
> operating computer privacy protection systems used by private
> citizens was made earlier this year at a Harvard University Law
> School Symposium on the Global Information Infrastructure. The
> source was not some crazed computer hacker paranoid about government
> eavesdropping. Rather, the information was presented by two defense
> experts, Former Assistant Secretary of Defense Paul Strassmann, now
> a professor at West Point and the National Defense University in
> Washington, D.C., along with William Marlow, a top official at
> Science Applications International Corp., a leading security
> contractor.
>
> Anonymous re-mailer services are pretty much what the name implies.
> By stripping identifying source information from e-mail messages,
> they allow people to post electronic messages without traceable
> return address information.
>
> But Strassmann and Marlow said that the anonymous re-mailers, if
> used properly and in tandem with encryption software pose an
> unprecedented national security threat from information terrorists.
> Intelligence services have set up their own re-mailers in order to
> collect data on potential spies, criminals, and terrorists, they
> said. *1
>
> Following their Harvard talk, Strassmann and Marlow explicitly
> acknowledged that a number of anonymous re-mailers in the US are run
> by government agencies scanning traffic," said Viktor
> Mayer-Schoenberger, a lawyer from Austria who attended the
> conference. Marlow said that the [US] government runs at least a
> dozen re-mailers and that the most popular re-mailers in France and
> Germany are run by respective agencies in those countries."2
>
> Mayer-Schoenberger was shocked by the defense experts' statement and
> tried to spread the news by sending an e-mail message to Hotwired,
> the online version of Wired magazine. Although the story did not
> make headlines, his note quickly became the e-mail message relayed
> 'round the world, triggering over 300 messages to Strassmann and
> Marlow. It was followed by the electronic version of spin control.
>
> Strassmann quickly posted a denial. In an interview, he said the
> Austrian completely misunderstood what he and Marlow had said. That
> was false," Strassmann said of Mayer-Schoenberger's message. That
> was the person's interpretation of what we said. ... We did not
> specifically mention any government. What we said was that
> governments are so heavily involved in this [Internet issues] that
> it seems plausible that governments would use it in many ways." *3
> (Marlow did not return a call for comment.)
>
> But Harvard Law School Professor Charles Nesson, who heard the
> original exchange at the Harvard conference, recalls the
> conversation as Mayer-Schoenberger described it. *4
> Mayer-Schoenberger also stands by his story. I remember the
> conversation perfectly well," he e-mailed from Vienna. They said a
> couple of additional things I'm sure they don't want people to
> remember. But the statement about the re-mailers is the one most
> people heard and I think is quite explosive news, isn't it?" *5
>
> Marlow said that actually a fair percentage of re-mailers around the
> world are operated by intelligence services, Mayer-Schoenberger
> recalled in a subsequent interview. Someone asked him: `What about
> the US, is the same true here as well?' Marlow said: `you bet.'
>
> The notes for the Harvard symposium, posted on the World Wide Web,
> also lend credence to Mayer-Schoenberger's account. The CIA already
> has anonymous re-mailers but to effectively control [the Internet]
> would require 7,000 to 10,000 around the world," the notes quote
> Marlow as saying. *6
> --------------------------------------------------------------------
>
> @EASE WITH EAVESDROPPING
>
> Prying into e-mail is probably as old as e-mail itself. The Internet
> is notoriously insecure; messages are kept on computers for months
> or years. If they aren't stored safely, they can be viewed by anyone
> who rummages through electronic archives by searching through the
> hard drive, by using sophisticated eavesdropping techniques, or by
> hacking in via modem from a remote location. Once e-mail is
> obtained, legally or not, it can be enormously valuable. Lawyers are
> increasingly using archived e-mail as evidence in civil litigation.
> And it was Oliver North's e-mail (which he thought was deleted) that
> showed the depths of the Reagan administration's involvement in the
> Iran-Contra affair.
>
> Moreover, it's easier to tap e-mail messages than voice telephone
> traffic, according to the paper written by Strassmann and Marlow. As
> e-mail traffic takes over an ever-increasing share of personal
> communications, inspection of e-mail traffic can yield more
> comprehensive evidence than just about any wire-tapping efforts,
> they wrote. E-mail tapping is less expensive, more thorough and less
> forgiving than any other means for monitoring personal
> communications. 7
> --------------------------------------------------------------------
>
> @ RISK
>
> Two kinds of anonymous re-mailers have evolved to protect the
> privacy of users. The first, and the less secure, are two-way
> database re-mailers," which maintain a log linking anonymous
> identities to real user names. These services are more accurately
> called pseudonymous" re-mailers since they assign a new name and
> address to the sender (usually a series of numbers or characters)
> and are the most vulnerable to security breaches, since the logs can
> be subpoenaed or stolen. The most popular pseudonymous" re-mailer is
> a Finnish service at anon.penet.fi".
>
> I believe that if you want protection against a governmental body,
> you would be foolish to use anon.penet.fi," said Jeffrey Schiller,
> manager of the Massachusetts Institute of Technology computer
> network and an expert on e-mail and network security. Last year, in
> fact, authorities raided anon.penet.fi to look for the identity of a
> Church of Scientology dissident who had posted secret church papers
> on the Internet using the supposedly private service. *8
>
> The second kind of re-mailers are cypherpunk" services run by
> computer-savvy privacy advocates. Someone desiring anonymity detours
> the message through the re-mailer; a re-mailer program removes
> information identifying the return address, and sends it on its way.
> Schiller says that a cypherpunk re-mailer in its simplest form is a
> program run on incoming e-mail that looks for messages containing a
> request-re-mailing-to" header line. When the program sees such a
> line, it removes the information identifying the sender and remails"
> the message. *9 Some re-mailers replace the return address with
> something like [email protected]."
>
> Further protection can be obtained by using free, publicly available
> encryption programs such as Pretty Good Privacy and by chaining
> messages and re-mailers together. Sending the message from re-mailer
> to re-mailer using encryption at each hop builds up an onion skin
> arrangement of encrypted messages inside encrypted messages. Some
> re-mailers will vary the timing of the outgoing mail, sending the
> messages out in random sequence in order to thwart attempts to trace
> mail back by linking it to when it was sent.
> --------------------------------------------------------------------
>
> @ISSUE: THE RIGHT TO PRIVACY
>
> Linking encrypted messages together can be tricky and
> time-consuming. So who would bother? A. Michael Froomkin, an
> assistant professor of law at the University of Miami and an expert
> on Internet legal issues, says anonymity allows people to practice
> political free speech without fear of retribution. Whistleblowers
> can identify corporate or government abuse while reducing their risk
> of detection. People with health problems that are embarrassing or
> might threaten their ability to get insurance can seek advice
> without concern that their names would be blasted electronically
> around the world. *10 A battered woman can use re-mailers to
> communicate with friends without her spouse finding her.
>
> The Amnesty International human rights group has used anonymous
> re-mailers to protect information supplied by political dissidents,
> said Wayne Madsen, a computer security expert and co-author of a new
> edition of The Puzzle Palace, a book on the National Security
> Agency. Amnesty International has people who use re-mailers because
> if an intelligence service in Turkey tracks down [political
> opponents] ... they take them out and shoot them," he said. I would
> rather err on the side of those people. I would rather give the
> benefit of the doubt to human rights." *11
>
> Strassmann and Marlow, on the other hand, see the threat to national
> security as an overriding concern. Their paper, Risk-Free Access
> into the Global Information Infrastructure via Anonymous Re-mailers,
> presented at the Harvard conference, is a call to electronic arms.
> In it, they warn that re-mailers will be employed in financial fraud
> and used by information terrorists" to spread stolen government
> secrets or to disrupt telecommunication, finance and power
> generation systems. Internet anonymity has rewritten the rules of
> modern warfare by making retaliation impossible, since the identity
> of the assailant is unknown, they said. Since biblical times, crimes
> have been deterred by the prospects of punishment. For that, the
> criminal had to be apprehended. Yet information crimes have the
> unique characteristic that apprehension is impossible. ...
> Information crimes can be committed easily without leaving any
> telltale evidence such as fingerprints, traces of poison or
> bullets," they wrote. *12
>
> As an example, they cite the Finnish re-mailer (anon.penet.fi),
> claiming that it is frequently used by the ex-KGB Russian criminal
> element. Asked for proof or further detail, Strassmann said: That
> [paper] is as far in the public domain as you're going to get." *13
>
> At the Harvard symposium, the pair provided additional allegations
> that anonymous re-mailers are used to commit crimes. There was a
> crisis not too long ago with a large international bank. At the
> heart of the problem turned out to be anonymous re-mailers. There
> was a massive exchange around the world of the vulnerabilities of
> this bank's network," Marlow said. *14
>
> But David Banisar, an analyst with the Washington, D.C.-based
> Electronic Privacy Information Center (EPIC) downplayed this kind of
> anecdote, saying that such allegations are always used by
> governments when they want to breach the privacy rights of citizens.
> I think this information warfare stuff seems to be a way for the
> military trying to find new reasons for existence and for various
> opportunistic companies looking for ways to cash in. I'm really
> skeptical about a lot of it. The problem is nine-tenths hype and
> eight-tenths bad security practices," he said. Already existing
> Internet security systems like encryption and firewalls could take
> care of the problem."
>
> The public should not have to justify why it needs privacy, he said.
> Why do you need window blinds? Privacy is one of those fundamental
> human rights that ties into other human rights such as freedom of
> expression, the right to associate with who you want, the right to
> speak your mind as you feel like it. ... The question shouldn't be
> what do you have to fear, it should be `Why are they listening in?'
> With a democratic government with constitutional limits to
> democratic power, they have to make the argument they need to listen
> in, not the other way around." *15
>
> Froomkin, from the University of Miami, also questioned Strassmann
> and Mayer's conclusions. First of all, the statistics about where
> the re-mailers are and who runs them are inaccurate. I can't find
> anybody to confirm them," he said. I completely disagree with their
> assessment of facts and the conclusions they draw from them. ...
> Having said that, there's no question there are bad things you can
> do with anonymous re- mailers. There is potential for criminal
> behavior." *16
>
> Banisar doubts that intelligence agencies are actually running
> re-mailers. It would entail a fairly high profile that they tend to
> shy away from, he said. However, it is likely that agencies are
> sniffing" monitoring traffic going to and from these sites, he said.
> --------------------------------------------------------------------
>
> @ WORK SNIFFING THE NET
>
> Not in doubt, however, is that the government is using the Internet
> to gather intelligence and is exploring the net's potential
> usefulness for covert operations. Charles Swett, a Department of
> Defense policy assistant for special operations and low-intensity
> conflict, produced a report last summer saying that by scanning
> computer message traffic, the government might see early warnings of
> impending significant developments." Swett added that the Internet
> could also be used offensively as an additional medium in
> psychological operations campaigns and to help achieve
> unconventional warfare objectives." *17 The unclassified Swett paper
> was itself posted on the Internet by Steven Aftergood of the
> Federation of American Scientists.
>
> The document focuses in part on Internet use by leftist political
> activists and devotes substantial space to the San Francisco-based
> Institute for Global Communications (IGC), which operates Peacenet
> and other networks used by activists. IGC shows, Swett writes, the
> breadth of DoD-relevant information available on the Internet."
>
> The National Security Agency is also actively sniffing" key Internet
> sites that route electronic mail traffic, according to Puzzle Palace
> co-author Wayne Madsen. In an article in the British newsletter
> Computer Fraud and Security Bulletin, Madsen reported that sources
> within the government and private industry told him that the NSA is
> monitoring two key Internet routers which direct electronic mail
> traffic in Maryland and California.18 In an interview, Madsen said
> he was told that the NSA was sniffing" for the address of origin and
> the address of destination" of electronic mail.
>
> The NSA is also allegedly monitoring traffic passing through large
> Internet gateways by scanning network access points" operated by
> regional and long-distance service providers. Madsen writes that the
> network access points allegedly under surveillance are at gateway
> sites in Pennsauken, N.J. (operated by Sprint), Chicago (operated by
> Ameritech and Bell Communications Research) and San Francisco
> (operated by Pacific Bell). *19
>
> Madsen believes that NSA monitoring doesn't always stop at the US
> border, and if this is true, NSA is violating its charter, which
> limits the agency 's spying to international activities. People
> familiar with the monitoring claim that the program is one of the
> NSA's `black projects,' but that it is pretty much an `open secret'
> in the communications industry," he wrote.
>
> Electronic communications open up opportunities to broaden
> democratic access to information and organizing. They also provide a
> means and an opportunity for governments to pry. But just as people
> have a right to send a letter through the post office without a
> return address, or even to drop it in a mail box in another city, so
> too, electronic rights advocates argue, they have the right to send
> an anonymous, untraceable electronic communication. And just as the
> post office can be used maliciously, or to commit or hide a crime,
> re-mailers can be used by cruel or criminal people to send hate mail
> or engage in flame wars." And like the post office, the highways,
> and the telephone, the Internet could be used by spies or
> terrorists. Those abuses, however, do not justify curtailing the
> rights of the vast number of people who use privacy in perfectly
> legal ways.
>
> Robert Ellis Smith, editor of the Privacy Journal newsletter, said
> government agencies seem obsessed with anonymous re-mailers. They
> were set up by people with a very legitimate privacy issue, he said.
> Law enforcement has to keep up with the pace of technology as
> opposed to trying to infiltrate technology. Law enforcement seems to
> want to shut down or retard technology, and that's not realistic.
> Anonymous re-mailers are not a threat to national security. *20
> -END--
>
> SUBSCRIPTION INFO
- - -> Send "subscribe snetnews " to [email protected]
- - -> Posted by: "Donna J. Logan" <[email protected]>
- ------- End of Forwarded Message
------- End of Forwarded Message