POSTCARD FROM CYBERSPACE / DANIEL AKST The Helsinki Incident and the Right to Anonymity By DANIEL AKST Los Angeles Times Wednesday February 22, 1995 Something happened recently on the Internet that no doubt sent chills down an awful lot of spines. A government used its power to breach anon.penet.fi. Before you write this off as another of the arcane tempests that generate so much ire among the get-a-life set, take heed. This one goes to the heart of what the electronic frontier is like, how it is changing and what the future holds for this new medium. Anon.penet.fi is basically a computer in Helsinki, Finland, whose purpose is to allow e-mail users all over the world to send anonymous messages, both to individuals as private e-mail and to Internet newsgroups, as the Net's 10,000-plus discussion forums are known. You message anon.penet.fi and it strips off your identity, substituting a code number. Responses at your anon.penet.fi address get routed back to you. There are many "anonymous remailers" like anon.penet.fi, but probably none is as stable or widely used. Its operator, a selfless computer networking specialist named Johan (Julf) Helsingius, supports the server to the tune of $1,000 a month and has developed a reputation for integrity. Helsingius has rules: He won't disclose the name behind an anonymous ID, but every message explains how to send him complaints. Abuse anon.penet.fi and you'll probably find yourself locked out of the system. During previous incidents in which he was pressured to disclose the identity of a user, Helsingius stood firm. Then the inevitable happened: He was faced with a search warrant served by Finnish police. According to Helsingius, authorities in his country were investigating an allegation by the Church of Scientology that anon.penet.fi had been used to make public private information taken from a church computer. You'll recall that the controversial Los Angeles-based church provoked anger on the Internet not long ago when a church attorney attempted to obliterate the newsgroup alt.religion.scientology, a well-known gathering place for church critics in which anonymous postings are common. Armed with a court order, church officials also seized computer disks from the Glendale home of a church critic whom they accused of violating copyright law by posting church materials on the Net. Helsingius refused at first to knuckle to the church's demands, but he says the search warrant gave Finnish authorities the right to seize his computer, which contains the identity of all 200,000 people who have sent messages through anon.penet.fi during its 2 1/2 years of existence. Faced with a potentially catastrophic loss of confidentiality--anon.penet.fi processes more than 7,000 messages daily, mostly for Americans--Helsingius and his attorney negotiated a compromise: On Feb. 8, he gave police the single identity in question. Within the hour, Helsingius reports, a church representative told him the church had the name. (A church spokeswoman contacted would say only that "we took actions to handle illegal posting," insisting that her organization was simply defending its rights. As for anonymous posting, the spokeswoman added, "People should be responsible for what they do.") Hackers have obtained anon.penet.fi user IDs before--when users failed to protect themselves with passwords--but according to some of those who follow such matters, this was the first time a government had made a successful frontal assault. OK, so you check sports scores on America Online, or use CompuServe to research companies, or mostly send e-mail to your kids in college. Why should any of this matter to you? First of all, I suspect there is more to you than that. If you're a gay cleric, an adult victim of child abuse, a recovering alcoholic, a bondage fancier with a strait-laced employer, or a computer engineer who wants to tell people what's really going on at your company, you might want to post your thoughts and feelings on the Internet or elsewhere in cyberspace without giving away your real name. Or maybe you're a little lonely and want to meet somebody in la.personals. The personal ads in this newspaper don't include names, after all. Maybe you're having marital troubles. Or maybe you simply need to get out of your own skin for a little while. "I consider myself to be a fairly good example of why anonymous remailers are needed on the Net," wrote one defender of anon.penet.fi in the newsgroup alt.privacy.anon-server, one of many in which users have expressed impassioned support. "To be blunt, I am bisexual, a pervert and a witch. I also live in Alabama, where at least two of the three are illegal. In a worst-case scenario, I could lose my job, have my career ruined, face prosecution and possibly even have to deal with violence." I lead a more prosaic life, in a place where you can probably find witches in the Yellow Pages, so I haven't yet felt the need to post anonymously. I also know that anonymity is a two-edged sword. You might feel the need for it, after all, if you're bent on harassment or clogging up the Internet with loony rantings about some idee fixe. The recent breach of anon.penet.fi, in fact, came amid an Internet pornography scandal started by a Swedish newspaper report of kiddie-porn photographs being posted through Helsingius' server. (The report was wrong; anon.penet.fi bans postings to picture newsgroups and limits message sizes--pictures contain a lot of data--to control volume.) Yet defenders of anonymity make a strong case for its preservation. They note that kill files, complaints and more speech are readily available for those who feel offended by something said behind the veil of an assumed user ID. And the timorous can stick to commercial on-line services or BBSes, where system operators can (and usually do) intervene when problems arise. It's obvious that what happened in Finland is only the beginning. Clearly, there are circumstances--kidnapings, threats, massive fraud--in which the right of anonymity is lost. But if we're not careful to provide more stringent safeguards than those that failed to protect anon.penet.fi, we'll soon face a mask of anonymity that it will be impossible to lift under any circumstances. Just wait until digital cash becomes commonplace. As incidents like the one in Finland become more routine, little countries with a hankering for foreign exchange will step up to provide Internet secrecy, just as certain Caribbean islands now provide banking secrecy, for a fee. All it takes is sovereignty and a cheap computer. When that day comes, we'll look back on today's eleemosynary providers of anonymity with nostalgia, and marvel that the Internet ever could have been so innocent. Daniel Akst, a Los Angeles writer, is a former assistant business editor for technology at The Times. He welcomes messages at akstd@news.latimes.com but regrets that he cannot reply to them all. Tip Box--Anonymous Mail Probably no anonymous remailer is absolutely secure. People who really care about anonymity and have the technical skills will route messages through several remailers, making their identity that much harder to trace. The best way to find out more about anonymous remailers is at Raph Levien's excellent World Wide Web page, http://www.cs.berkeley.edu/ ~raph/remailer-list.html. If you just want Levien's list of remailers, finger remailer-list@kiwi.cs.berkeley.edu. To learn more about Johan Helsingius' well-known server, send e-mail to help@anon.penet.fi. And for a good introduction to the topic generally, visit the newsgroups alt.privacy or alt.privacy.anon-server for Andre Bacard's FAQ (Frequently Asked Questions) on the subject.