The New York Times December 31, 1994, pp. 1, 53. Computer Jokes and Threats Ignite Debate on Anonymity By Peter H. Lewis The news release carried a startling announcement: the Microsoft Corporation had agreed to acquire the Roman Catholic Church in exchange for "an unspecified number of shares of Microsoft common stock." The release, distributed in the guise of an Associated Press news article to thousands of computers around the world, was a prank, its anonymous mastermind untraceable. But soon after Rush Limbaugh read it on his national television program, the company found itself fielding calls from outraged viewers. Computer experts see the episode as part of a larger trend. The use of identity-disguising techniques, like electronic messages sent anonymously or under a pseudonym, is on the rise in the on-line realm known as cyberspace. And the practice is not limited to sophomoric hoaxes. The White House computer network, for example, has received death threats against the President, both anonymous and under pseudonyms. Electronic "mail bombs," sent anonymously by computer modem, temporarily disabled the Pipeline, a popular Internet service, a few weeks ago in New York City. Earlier this year at the Massachusetts Institute of Technology, unknown, untraceable bootleggers illegally traded copyrighted software through a computer bulletin board that prosecutors described as one of the most active network sites in the multibillion-dollar global market for pirated software. And a form of electronic money called "digital cash," which is expected to arrive within a few months, could become the basic currency for new forms of on-line shopping and commerce. But it could also lead to virtually untraceable financial transactions that law-enforcement officials fear could usher in entirely new forms of racketeering, money laundering and other crimes of anonymity. The cloaked criminal is nothing new, of course. Unidentified callers have long plagued telephone users, and faked documents are older than the postal system. In those older media, as on computer networks, abuses are rare. Still, experts see something new afoot, because computer networks give masked messengers a nearly instantaneous means for reaching thousands of people around the world. A fake Microsoft news release sent by mail to a few friends is one thing; one that reaches many thousands of people who may not be clued in to the joke is very much another. As a result, the growing use of unsigned messages over computer networks is creating a debate about how best to prevent abuses without stifling the right to speak freely and even anonymously. "We've tolerated anonymity until now because it has not been that big a problem," said I. Trotter Hardy, a specialist in intellectual property law at the College of William and Mary in Williamsburg, Va. But Professor Hardy sees trouble spinning on the global computer web known as the Internet. "Anonymity is power," he said, "and I think it will be abused on the Net." It is easy to disguise one's identity in cyberspace, and only slightly harder to slip into total anonymity. The method most common is to use a "screen name" or pseudonym. But anyone with reasonable computer skills could probably trace this type of message to its source. It is also easy to sign up for an electronic mail service under an assumed name. But the surest way to achieve virtually untraceable anonymity is to route a message through a computer known as an anonymous remailer. Such computers are set up to receive incoming electronic mail, strip the messages of the sender's identifying information and forward them anonymously to recipients. At any given time, there are an estimated 20 to 25 publicly accessible remailers around the world, operated as a public service for people presumed to have legitimate reasons for wanting to maintain privacy when communicating over the Internet. The largest remailer site, which has the address anon.penet.fi, has been operated for several years as a public service by a 33-year-old computer consultant in Helsinki named Julf Helsingius. The site processes some 6,000 messages a day from around the globe. To thwart abuses arising from anonymity, many corporate and individual computer users have begun stamping their electronic documents with an encoded "digital signature." These signatures, which require both the sender and recipient to know the key to the electronic code provide assurance that people who send messages are indeed who they say they are. Some operators of commercial computer networks, meanwhile, have threatened to block anonymous messages of any sort. Others, like Netcom Inc. of San Jose, Calif., one of the largest commercial providers of Internet access, have specifically barred the use of remailers on their networks. Yet remailers, despite their potential for mischievous or criminal use, serve a legitimate function, say people who consider privacy an inalienable right. These defenders of anonymity consider remailers, pseudonyms and other tools like secret coding to be the best defenses against the steady erosion of privacy in an era in which computers are continually collecting personal, financial and medical information on tens of millions of Americans. Typically, it is a commercial Internet access provider like Netcom, rather than government authorities, that restrict the use of remailers. But many remailer sites are under continuous scrutiny by law-enforcement agents in the United States and abroad. "The problem with anonymous remailers," Professor Hardy said, "is that they allow anonymity for all purposes -- good, bad or indifferent. That means that in practice, the best that can be hoped from governments is that they will weigh the good effects against the bad." Complicating matters of government oversight is the fact that the Internet, widely regarded as the backbone of a global information infrastructure, now reaches into 159 countries, and the majority of its users are not subject to United States law. Within the United States, so long as no specific law is being broken anonymity in cyberspace is protected by the constitutional rights to privacy and free speech. But Professor Hardy said he feared that some notorious crime in the future involving electronic anonymity -- perhaps a threat linked to a murder, a rash of electronic-banking forgeries, or a terrorist takeover of a vital Government computer system -- could incite Congress to pass legislation without fully considering the ramifications. The push for legislation may have already begun. On Thursday, a Federal judge in Boston dismissed an indictment against a student accused of operating the software-bootleggers' bulletin board at the Massachusetts Institute of Technology -- not because the judge was excusing any activities, but because he said Congress had not yet written laws to deal with computer-age crimes. Privacy and free-speech advocates argue that any attempt to restrict or outlaw electronic anonymity will be circumvented by criminals and terrorists. Instead, these advocates fear, efforts to suppress anonymity will quash an often legitimate means of self-expression by law-abiding citizens. Hundreds of people each day, for instance, use the cloak of electronic anonymity to share their deepest secrets about drug addiction, childhood sexual abuse or other sensitive topics with sympathetic strangers on electronic bulletin boards or computer-network "chat rooms." The ability to send anonymous and untraceable messages can also shield political and religious dissidents, whistle-blowers and human rights advocates from possible re-prisals. On the worldwide bulletin-board network known as the Usenet, for example, people who identify themselves only as former members of the Church of Scientology -- because they say they fear retribution from the church -- have been anonymously posting what they say are official church documents. The postings are part of a continuing debate between Scientology detractors and defenders in the alt.religion.scientology discussion group. "I'm no anonymity hawk, but it seems to me there were some good reasons the Supreme Court gave for holding that anonymous speech is constitutionally protected," said Eugene Volokh, a professor of law at the University of California at Los Angeles. "Criticism of the government, of your employer, of whomever else might have power over you are all much harder when you have to sign your name to it." But the same technologies that defend privacy are also being used to cause trouble. David Lusby, of Key West, Fla., for instance, was named in a $200 million libel suit by a Long Island investment firm, Stratton Oakmont, after someone using his electronic identity posted a message on the Prodigy computer network accusing the firm of criminal fraud. Mr. Lusby was dropped from the suit two weeks ago after he convinced Stratton Oakmont's lawyers that the message was a forgery. Many Internet experts contend that the most troublesome identity issues lie a year or two down the road. As more and more daily business is conducted over computer networks, with orders placed and goods paid for on-line, the opportunities for forgery and fraud will escalate. But so will the need for an electronic currency, a legal tender offering the same liquidity -- and anonymity -- as cash does today. "Digital cash," as this concept is called, is a credit-and-debit system that gives buyers and sellers the private electronic equivalents of Swiss bank accounts. Digital-cash technologies are already under development, and barring some new form of regulation they will soon allow untraceable financial transactions in cyberspace. "If total anonymity becomes the model for a cyberspace cash system, you open the door to push-button money laundering, copyright violations, fraud and other potential abuses," said Steven Levy, who is writing a book on data security. "Tax collection becomes a problem, and it's harder to track down crimes." But even bigger problems might arise, Mr. Levy said, if the Government tried to outlaw digital cash, or insisted on some sort of electronic audit trail for every digital transaction. "George Orwell in his worst nightmare scenario never imagined the advent of traceable cash," Mr. Levy said. "The lack of anonymity means that every move you make can be traced, which poses a danger to privacy and opens the door to surveillance like we've never seen." [Sidebar] Internet Stealth Whether to insure privacy and security, or to carry out hoaxes or crimes, thousands of people each day are sending anonymous messages over the Internet global computer web. A common way to transmit such messages is to send them through a type of network clearinghouse known as an anonymous remailer. There are an estimated 20 to 25 remailers around the world operated as a public service for people presumed to have legitimate reasons for communicating anonymously. 1. Messages can be sent to the anonymous remailer by anyone, anywhere. Some remailers assign an I.D. number to users, a list of which is kept by the remailer administrator. 2. A remailer receives an incoming message, automatically strips off all traces of the author's identity and then forwards the message anywhere on the global Internet -- whether to a single electronic mail box, or to thousands of addressees, or often through a series of other remailers. 3. Because the messages are remailed in a random sequence different from the order in which they arrive, people who may be monitoring the remailers cannot match the outgoing messages with the incoming messages to identify who sent which message. . . . And Countermeasures Various identity-disguising techniques enable mischief makers or criminals to send messages forging someone else's name and electronic address. As a result, some people on the Internet have begun to authenticate their correspondence with a "digital signature. Use of a digital signature allows the recipient to verify the true identity of a message's author. 1. A digital signature acts like a packing list written in secret code. Using a personal electronic "key" -- typically a string of numbers -- a person sending a message creates an encoded list of information that is transmitted along with the message. 2. The recipient opens the message and checks the contents. Then, using a separate "key" previously provided by the sender, the recipient tries to decode the digital signature. If the key works and the information about the content of the message is correct, the recipient can be certain of whom the message came from and that it has not been altered in transmission. Source: William Stallings, author of "Protect Your Privacy: A Guide for PGP" Users (digital signatures)