"Computers and networks also promise to make George Orwell's Big Brother look
like an amatuer." [CCD_A15]
Anonymity is something many users of the Internet believe is a right they do
and should have. Although many 'net users are perfectly happy to have people
know who they are, and how to contact them, there are others who do not wish
such information to be disclosed.
Anonymous remailers that allow people to send electronic mail and post to
newsgroups are one of the methods by which people maintain their anonymity.
They work by removing the user's e-mail address and replacing it with an
address at the remailer site which redirects to the account of the anonymous
user. This means that although the user can be replied to through the
remailer, they cannot be identified, as the redirection addresses are kept
The anon.penet.fi Case
The most well-known remailer on the Internet was anon.penet.fi. It was in
action for years before it was recently shut down by its owner and
administrator, Johan Helsingius. He closed down the service due to legal
problems with the service that were affecting his job and home life.
The English newspaper the Observer made claims that child pornography was
being sent through the penet service. Police sergeant Kaj Malmberg from the
Helsinki Police Crime Squad, a specialist in computer crimes, confirms that
the Observer's claims were found to be groundless, and that Helsingius had
restricted the operations of his remailer so that pictures could not be sent
through it over a year before [PE1].
"These remailers have made it possible for people to discuss very sensitive
matters, such as domestic violence, school bullying or human rights issues
anonymously with confidentiality on the Internet. To them the closing of the
remailer is a serious problem," says Helsingius [PE1]. The penet service had over half a
million users. They will have to find alternate remailers to use from now.
Johan Helsingius and his company, Oy Penetic Ab, as owner of the anon.penet.fi
service, became involved in a legal battle with the Church of Scientology over
copyright material. The Church of Scientology claims that a user of the penet
service posted copyright material, and demanded the real address of the
offending user, supported by a Finnish court order after Helsingius refused to
reveal the address on the basis that the confidentiality of an e-mail message
is protected by law.
Helsingius appealed the judgement of the District Court of Helsinki that he
must reveal the address based on the fact that the Finnish Constitution and
the European Convention on Human Rights protect the information he is being
asked to reveal. He believes that the confidentiality is similar to the
confidentiality of information sources of the press.
The Court of Appeal issued a temporary injunction on the enforcement of the
District Court of Helsinki judgement on September 20 1996 [PE2].
Encryption is often used by 'net users who wish to make sure that their e-mail
is secure from being read by anybody who might intercept it on its journey
from their computer to its destination.
The most commonly used, and most secure, encryption forms use one-way encryption
algorithms. These utilise certain properties of large prime numbers.
PGP, or Pretty Good Privacy, is a one-way encryption routine and piece of
encryption software written by Philip Zimmerman, founder, chairman and Chief
Technology Officer of PGP Inc. Zimmerman was under investigation by the FBI
for several years for publishing PGP on the 'net where it was downloadable
easily across national borders, contravening US law [CRN_A5].
PGP is said to have saved lives, where it has prevented police in totalitarian
countries from collecting evidence on political dissidents. Zimmerman receives
many letters of thanks from human rights organisations for making his software
publicly available [CRN_A5].
The idea behind this is that a user who wishes to be sent encrypted mail
generates a 'public key' and a 'private key'. The public key, they can give
out freely without risk. This is what others use to encrypt messages or data
destined for them. The public key is useless in attempting to decrypt the
message. The private key, from which the public key is derived, is the only
key which can be used to decrypt data encoded using the public key.
PGP is widely used by Internet users for encoding e-mail messages to keep them
from being read by anyone other than the intended recipient.
US Export Law
The USA has laws in place which govern the export of encryption software,
methods, or routines. These rules mean that the US version of a software
product which utilises encryption (if it uses a key longer than 40 bits),
may not be exported. An export version must be created, or the software may
not be exported.
The US government proposed a chip, known as the Clipper chip, last year, which
would allow safe, easy encryption for all users of the Internet in the USA. The
Clipper chip was going to include a 'back door' to allow law enforcement to
gain access to users' e-mail for the purpose of criminal investigation. The
suggestion that this would be a mandatory addition outraged 'net users both in
America and the rest of the world where users were afraid that similar policies
might follow in their countries if the US pioneered it. Clipper is on hold at
Dissemination of Private Information
UCC Students complained to the Irish Times about privacy questions raised by
a new database on the Web for finding e-mail addresses of staff and students
earlier this year. When given a specific surname, for example, the search
engine would return a list of all matching students with their e-mail addresses.
Since usernames are the same as ID numbers at UCC, this meant anybody could
obtain students' ID numbers and use them to obtain other information about
them. For example, the UCC library's online database allows you to view personal
details from home and term addresses to library fines, provided you know the
student's name and ID number [ITC_O7_b].
Internet Eireann & Indigo
In late June this year, Indigo and failed
Service Provider Internet Eireann (not to be confused with the relatively new
Irish ISP, Internet Ireland) were at the centre of great controversy. When
Internet Eireann went out of business, both Ireland
Online (IOL) and Indigo offered to honour the subscriptions of Internet
Eireann customers left without an account part-way through their subscription.
Indigo was, it turned out, given the password file containing all the usernames
and passwords (encrypted) of the users of Internet Eireann. Indigo used this
password file to add Internet Eireann users' accounts to their system. The file
was found in a publicly accessible area of Indigo's system (in a directory
accessible using Indigo's anonymous ftp server). Indigo said the file was
inadvertently moved there during system maintenance in April, but later said it
had been copied there in February, shortly after Internet Eireann's collapse,
a fact supported by the timestamp (suggesting the last time the file was copied
or moved) on the file which was picked up from the server by the Irish Times.
This file contained username/password pairs which were still in use on Indigo's
system. Some of these passwords were easily cracked using a program very easily
found on the Internet, called Crack.
Colm Grealy of IOL said, "When we made the offer .. we took this all in good
faith ... and presumed that people wouldn't abuse it ... We issued them with
new user names and passwords." He said IOL "were certainly not offered"
Internet Eireann's user database or any information contained within it. "We
took a view at the time when Internet Eireann went into difficulties that its
major asset was its customer database, so it was no longer up to the company
itself to dispose of that asset once it went into liquidation." [ITC_J1].
Obviously, such a security breach should never have happened. Having someone's
password would allow anybody to access their account, read their e-mail, send
e-mail in their name, perhaps gain access to sensitive data, and change their
Some state and local governments in the US are coming under fire for selling
databases of information on residents. The county of Los Angeles has been
involved in legal controversy regarding its plans to sell electronic access
to court records, offering access for a one-time fee of $49,000 and 20-40
cents per access thereafter. Some groups such as the IAA (Information Industry
Association) are for the dissemination of all public records. INK [INK] offers access to several thousand
state databases, mostly free, and some for a fee [COW_A19].
In April, Yahoo! [YAH] and Database
America Co. caused uproar when they provided electronic access to a database of
90 million private US telephone numbers online through the web. The list
included unlisted home numbers, among which were home telephone numbers of people
such as police officers, judges, and prosecutors who's lives might be in danger
if it was discovered where they lived [COW_A29].
Social Security Numbers
Lexis-Nexis caused huge
controversy in the USA in September when it became known that it was
electronically publishing individuals' Social Security numbers and
maiden names on a new proprietary online service, P-Trak. The list actually
sells people's names, current and previous addresses and phone numbers, and
previous names (such as maiden names). This information is easily available
elsewhere according to company spokeswoman Judi Schultz. In fact, the service
did distribute social security numbers for 11 days during June, however this
has been removed from the service [COW_S23]. "Because it's the bullwark of
legal identity in the U.S., a Social Security number can gain a snooper
access to credit-card numbers, securities data the works," said Joseph Seanor,
president of investigation firm Cibir Corp. In Alexandria, Virginia in [COW_A12].
Cookies are used to store information about you, your web usage, preferences
and so on locally on your machine. When you visit a site, it may send details
about anything you have entered in a form, or where you have been in the site,
or whatever the owner of the site pleases, to your machine to be stored in a
'cookie'. When you visit the site again, it may check to see if it has
previously stored a cookie, and, if so, access and make use of this
information. The browser is allowed to pass a cookie only to the site that
created it, fortunately.
Some search engine sites are utilising cookies to personalise what they return
when you make searches based on previous searches showing what you are likely
how many different users have visited their sites than were previously possible
by means of storing a cookie assigning each user a unique identification and
checking this when a user visits the site.
Privacy issues have been raised about the storage of such data without the
knowledge of the user, however, any information stored can only be information
volunteered by the user (and not made available to any other sites), or
information about their usage. This cannot logically be considered an invasion
of privacy, especially as the user can remove cookies on their system with
relative ease if they wish [DTC_J30_b].
Junk e-mail is the bane of many 'net users' lives. Long-time Internet users
who were online reading newsgroups, using IRC, role-playing in MUDs, MUCKs,
MOOs, MUSHs and other online games (like the old "go north", "get lamp" text
adventures of old, but with other real people in the game), and using UNIX
'ftp' to retrieve files long before advertisers hit the online media find the
change to huge commercialisation highly irritating when it forces its way into
their private e-mail boxes.
Unsolicited junk e-mail is actually illegal in America, however this does not
seem to stop the occurrence of this plague of the 'net. It is understandable,
and reasonable, that you can expect ad banners on web pages which are offering
Internet users world-wide were shocked recently when they received junk e-mail
which seemed to be offering child pornography for sale [DTC_O29_b]. It turned out that this
was a hoax, however it caused uproar. Interestingly, "Under the American
Communications Decency Act, struck down by a Philadelphia court this summer
but awaiting review by the Supreme Court, it would have been illegal to receive
such a message in America" [DTC_O29_b].
"Advertising revenue on the World Wide Web soared 83 percent in the first
half of the year, and the Internet is set to become a $5-billion-a-year
commercial medium by the year 2000..." [ITC_S9].
It is the advertising that funds the content being brought to you. If not for
the advertising funding the plethora of free 'net services, you would have to
pay to subscribe to a service such as, say Alta Vista [ATV] in order to search the 'net for
information. Considering this, the advertising now rife on the 'net is bearable
and understandable. It is also not shoved in you face the way that unsolicited e-mail is. If you don't want to see
it, you don't have to view pages that have ads on them, however unrealistic that
Barclays bank has been investing in research into the use of 'biometrics',
the measurement of physical or behavioural patterns unique to each individual,
for use in making its banking facilities more secure. The preferred method is
finger scanning, which involves placing the finger on a camera lens and
fingerprint characteristics being compared to stored information. Security
issues of fingerprint details being available electronically, Barclays insist,
are non-issues. They claim the information cannot be used to reconstruct a
fingerprint usable for fraud, and also propose to encode the information on a
personal card rather than storing it on a mainframe, so the customer is in
control of their own information. This would seem to bring up issues of fraud
being carried out by altering the information on the card.
Caller ID: the transmission of the number of the caller so enabling the person
being called either to check what number was the source of the last call they
received (whether they picked up or not), or, with some systems, to have the
number displayed on the phone at the time of the call.
British Telecom's 'Calling Line Identification' (CLI), is a Caller ID system
which allows anyone using their service to dial 1471 to get the number of the
last call made to their line. It gets 8 million calls per day. They also have
a system by which the number can be displayed as the phone rings, but this
involves buying a piece of equipment for about £50, which few have availed of.
Privacy issues are associated with the system. Some people are unhappy about
their numbers being transmitted.
This issue has been tackled by some services allowing users to block transmission
of their numbers, however, this may cause problems for them in future as a
facility is being introduced to allow people to block 'anonymous' calls