   Village Voice, October 8, 1996, p. 23.


   Cyber

   By Dave Mandl

   The Remailer Is Dead, Long Live the Remailer. Life After
   Penet


   Of the many tools in the online privacy activist's kit,
   anonymous remailers are arguably the most powerful.
   Remailers are remote mail drops that "anonymize" e-mail
   and other Internet postings by removing the sender's
   address from a message and then sending it on, making it
   possible for whistle-blowers, dissidents, and others
   requiring anonymity to avoid revealing their true
   identities.

   Of the dozens of anonymous remailers in the world, none
   has been more widely used than Penet, the Finland-based
   server run by Johan (Julf) Helsingius. Penet has helped
   everyone from human rights activists fearing reprisals to
   people recovering, from sexual abuse to people with
   straight jobs who want to discuss their erotic
   peccadillos in public forums. Whole Usenet newsgroups
   dealing with highly sensitive or politically charged
   issues virtually owe their existence to Penet. But on
   August 30, after three years of operation, Julf's
   remailer was shut down.

   Penet's troubles began when an enemy of the Church of
   Scientology used it to disseminate copyrighted church
   documents anonymously. The notoriously litigious church
   pressed charges, and a Helsinki court, ruling that e-mail
   wasn't entitled to the same protection as, say, phone
   calls, ordered Julf to reveal the perpetrator's real
   name. Julf appealed the ruling, but fearing, that if he
   lost the case he ultimately might be forced to compromise
   the identities of more users, he decided to close Penet
   until the legal situation becomes clearer.

   How disastrous is the loss of Penet (which handled a
   whopping 8000 messages a day)? Are other remailers
   prepared to take up the slack? And most important, are
   Julf's problems a portent of the obstacles awaiting
   anyone whose remailer becomes too successful?

   By the strict standards of the cypherpunks, a loosely
   knit affinity group of the Net's most radical and
   technoliterate privacy advocates, Penet's security was
   actually on the flimsy side. Its Achilles' heel was the
   file --  just begging to be subpoenaed -- that linked
   users' real names to their Penet pseudonyms.
   Cypherpunk-run remailers, on the other hand, generally
   leave no trace of the sender's true identity. In
   addition, cypherpunk remailers can be "chained" --
   messages can be routed through several far-flung
   remailers before reaching their final destination, making
   message tracing all but impossible, even for the remailer
   operators.

   So why was Penet used more than all other remailers
   combined? For one thing, because it was so easy to use.
   Cypherpunk remailers tend to require a bit more technical
   skill, some even requiring users to be conversant with
   UNIX or install fairly sophisticated software on their
   own machines. Penet was also favored for its reliability
   and stability. Other remailers have come and gone, but
   the Penet computer was always up, and its latency (the
   delay between the time it received a message and re-sent
   it) was always reasonable.

   Penet's downfall was due less to its imperfect security
   than to its success. Because of the ubiquitousness of the
   Penet header on files posted anonymously to mailing lists
   and newsgroups, Julf got more than his share of unwanted
   attention. For example, the London Observer, in a rabid
   scare piece on the (imagined) scourge of kiddie porn on
   the Net, recently accused him by name of being a "key
   link in the international pedophile chain."

   Other critics have simply cited the ease with which
   anonymous remailers can be used to harass people,
   illegally distribute classified information, or spread
   bootlegged graphics or music. True enough -- except that
   these same problems plague the phone system and the U.S.
   Postal Service, and there haven't been many proposals to
   close them down. The rights to free speech and anonymity
   that have long been upheld in traditional media still
   aren't taken for granted on the Net, though cases like
   Julf's are forcing courts to resolve these issues once
   and for all.

   As for the ease-of-use problem, there are glimmers of
   hope. For example, Oakland-based Community ConneXion now
   offers a World Wide Web interface that makes sending
   anonymous e-mail, encrypted and chained through up to 10
   remailers, effortless. And the freeware Windows program
   Private idaho is a major step toward simple point-and-
   click remailing.

   One solution to dealing with both unreliability and the
   increasingly frequent legal and governmental threats is
   for remailers to charge a modest fee. This would give
   them the freedom to devote more time to supporting and
   improving their systems, and it would allow them to build
   up the financial resources to fend off attacks -- whereas
   now, being unpaid amateurs, they have no choice but to
   buckle under even mild pressure.

   As with other threats to privacy and freedom of speech on
   the Net, the attacks on Penet and other remailers appear
   to be backfiring. The need to protect people's identities
   in cyberspace is accepted by all but a small minority of
   government, corporate, and religious figures, who now
   find themselves in the uncomfortable position of facing a
   very pissed-off group of freedom-loving techies with time
   on their hands. And electrons are notoriously hard to
   corral.

   -----

   Penet: http://www.penet.fi

   Anonymous remailer FAQ:
   http://www.well.com/user/abacard/remail.html

   Community ConneXion: http://www.c2.net/remail

   Private Idaho: http://www.eskimo.com/~joelm/pi.html

   Author's address: dmandl@panix.com

   [End]







