Group project:
Protecting privacy through anonymity tools

Issue

What is the significance of the Internet as a medium for anonymous communication and other anonymous activities, viewed from a technical perspective as well as from legal and societal perspectives?

• How good are the present tools that claim to support anonymous activity on the Internet? Is evolving technology making it easier or more difficult to preserve anonymity?
• What is the legal framework underlying Internet anonymity, and how is this evolving?
• What limits are there to anonymous activity on the Internet, and, from a societal perspective, what limits should there be, if any?

Project Description & Background

How well do these services work, and to what extent is internet anonymity practical from a technical perspective? What needs do available tools meet, and what needs are left unmet? For example, anonymous remailers are reasonably robust, but what about technologies for control of personal information? And is anonymous shopping even possible?

At the same time, there are concerns that easy access to anonymity is undesirable, because it can inhibit law-enforcement efforts to pursue criminals, constrain the ability of victims of defamation to obtain civil redress, and undermine the mechanisms of responsibility for ones words and actions sustain public civility. In the US, the resulting debates about the value of harm of anonymity are played out against a strong tradition of respect for, and possible Constitutional guarantees of, a right of anonymous communication.

Group Assignment

The goal for this project is evaluate available tools for providing anonymity on the Internet, and also to survey the legal and societal frameworks surrounding Internet anonymity.

1. Describe some of the controversies surrounding anonymity on the Internet, and some of the arguments for and against on-line anonymity.
2. Review the legal framework, both in the US and in other countries, surrounding anonymous communication and other anonymous activities.
3. What are some new technologies, both for anonymity, and for tracing identity? On balance, should we expect that it will be easier or more difficult to conceal ones identity in the future?
4. Select several available tools and services for providing anonymity. Study their underlying technology, and develop a framework for characterizing how the kinds of anonymity they provide and how well they do this. What are the limits of these tools for various on-line activities?
5. Conduct evaluations of several of these tools with respect to ease of use and suitability for use by non-specialists.

Resources

General background:

• A. Michael Froomkin, Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Data Bases, U. Pittsburgh J. of Law and Commerce, vol. 15, no. 395 (1996). An excellent orientation to anonymity on the Internet and the Constitutional constraints on regulation of anonymous communication.
  http://www.law.miami.edu/~froomkin/articles/ocean.htm
• Roger Dingledine. The Free Haven Project: Design and Deployment of an Anonymous Secure Data Haven (PS) MIT Master's Thesis, June 2000. The Free Haven project is the work of a half dozen MIT students (plus a Harvard student), to design, implement, and deploy a functional data haven. Chapters 2-5 of Dingledine's thesis present a good survey of technical approaches to providing anonymity, as well as some of the relevant legal background.
  http://www.freehaven.net/doc/freehaven10.ps

Legal resources and analysis

• McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995). This Supreme Court decision may be critical to the legal status of anonymity on the Internet. In it, the Court affirms the right to conduct anonymous political leafletting.
  http://www.findlaw.com/cgi-bin/getcase.pl?court=US&vol=000&invol=U10296
• American Civil Liberties Union of Georgia v. Miller (N.D. Ga. June 20, 1997) In this decision, a federal court in Atlanta granted the ACLU of Georgia’s motion for a preliminary injunction, voiding a Georgia statute that criminalized anonymous on-line communications.
  http://www.aclu.org/court/aclugavmiller.html
• Julie E. Cohen, A Right to Read Anonymously: A Closer Look at "Copyright Management" in Cyberspace (PDF), (HTML), 28 Conn. L. Rev. 981 (1996). Cohen's paper deals with digital copyright management systems and anti-tampering laws (as were subsequently enacted in 1998 as part of the Digital Millennium Copyright Act). The bulk of her analysis argues that these systems run afoul of a Constitutional guarantee of the right to read anonymously.
  http://www.law.georgetown.edu/faculty/jec/read_anonymously.pdf
• Paul Covell, Steve Gordon, Alex Hochberger, James Kovacs, Raffi Krikorian, and Melanie Schneck. Digital Identity in Cyberspace (HTML) (MS Word) This is a term paper written for this class in fall 1998. Chapters 4 and 5 present a legal analysis in support of the claim that a system of internet access with mandatory identification (traceability, where a warrant is required to access identity information) would be deemed Constitutional.
  http://swissnet.ai.mit.edu/classes/6.805/student-papers/fall98-papers/identity/linked-white-paper.html

Technology for anonymous communication

• Zero-Knowledge Systems is a company specializing in privacy and anonymity services for businesses and individuals. One of their products is the Freedom Internet Privacy Suite.
• Anonymizer.com (in the US) and Anonymize.net (in England) are two companies that provide services to support anonymous web surfing and other activities. Rewebber (in Germany) is a free anonymous browsing service, which is intended to be financed by advertizing.
• iPrivacy is another company that sells privacy services. They go beyond anonymous Web browsing to also include services for anonymous ordering, credit card transactions, and shipping.
• Lumeria is a company that lets users own and control their personal information by establishing a "Superprofile".
• David Mazières and M. Frans Kaashoek. The design, implementation and operation of an email pseudonym server (PDF) (PS), in Proceedings of the 5th ACM Conference on Computer and Communications Security (1998). This paper describes experience at the MIT Lab for Computer Science with nym.alias.net, a service that permits people to anonymously send and receive email.
  http://swissnet.ai.mit.edu/classes/6.805/articles/anonymity/mazieres_pnym.pdf
• Crowds: Anonymity loves company The Crowds system, developed by Mike Reiter and Avi Rubin, protects anonymity by grouping users into a large groups (crowds), and issuing requests to Web servers on behalf of a group rather than an individual. This web page provides background and resources, including software for running your own crowd. Reiter and Rubin's paper Crowds: Anonymity for web transactions (PS), ACM Trans. Inf. Syst. Secur., 1(1):66--92 (1997), describes theoretical basis of the crowds system.
  http://swissnet.ai.mit.edu/classes/6.805/articles/anonymity/crowds.ps
• Michael G. Reed, Paul F. Syverson, and David M. Goldschlag. Anonymous Connections and Onion Routing (PS). In IEEE Journal on Selected Areas in Communication: Special Issue on Copyright and Privacy Protection, 1998. This paper describes a general-purpose technique for achieving anonymous data connections, making use of a network of special rounters.
  http://swissnet.ai.mit.edu/classes/6.805/articles/anonymity/onion.ps
• Ian Goldberg and David Wagner, TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web, First Monday, vol. 3, no.4, April 6th. 1998. This describes another system for supporting anonymous publication, this one based on a network of TAZ (Temporary Anonymous Zone) servers.
  http://www.firstmonday.dk/issues/issue3_4/goldberg/

• Roger Dingledine, Michael J. Freedman, David Molnar. The Free Haven Project: Distributed Anonymous Storage Service (PS) In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, July 2000 (paper completed December, 2000). This is an update on Free Haven, based on Dingledine's thesis (cited above). Also see the Free Haven web site at www.freehaven.net.
  http://www.freehaven.net/doc/berk/freehaven-berk.ps
• The Publius Censorship Resistant Publishing System is a system, based on a network of "Publius servers", that supports anonymous publication in a way designed to prevent after-the-fact tampering with published documents.
  http://cs1.cs.nyu.edu/waldman/publius.html
• R. Hauser and G. Tsudik. On Shopping Incognito (PS), Second USENIX Workshop on Electronic Commerce, November 1996. This paper discusses two problems that arise in the purchase of information goods -- browsing and payment -- and describes possible methods for accomplishing these without compromising a buyer's anonymity.
  http://swissnet.ai.mit.edu/classes/6.805/articles/anonymity/hauser-tsudik.ps

Points of view on anonymity

• Paul A. Strassmann and William Marlow, Risk-free access into the global information infrastructure via anonymous re-mailers. This paper, written for a 1996 symposium at the Kennedy School of Government, is meant to alert policy makers to the capabilities of anonymous remailers as "one of the potential sources of infectious threats to the well-being of our information-based civilization".
  http://www.strassmann.com/pubs/anon-remail.html
• David R. Johnson, The Unscrupulous Diner's Dilemma and Anonymity in Cyberspace. This note by the co-director of the Cyberspace Law Institute argues that it is necessary to limit anonymous communicationsin order to achieve a civilized form of cyberspace.
  http://www.cli.org/DRJ/unscrup.html
• David L. Sobel The Process that "John Doe" is Due: Addressing the Legal Challenge to Internet Anonymity. This paper discusses the challenges to anonymity, both from law enforcement and from civil liability suits, and argues that current laws are insufficient to protect anonymity.
  http://www.vjolt.net/symp2000/johndoe.html
• Jonathan D. Wallace, Nameless in Cyberspace: Anonymity on the Internet (PDF) Cato Institute Briefing Paper No. 54, December 8, 1999. This paper argues that proposals to limit anonymous Internet communication are unconstitutional, and that "it makes no sense to treat Internet speech differently from printed leaflets or books".
  http://www.cato.org/pubs/briefs/bp54.pdf
• Karina Rigby, Anonymity on the Internet Must be Protected. This is a term paper written for this course in fall 1995. It's a bit out of date, since it came before several impotant cases, and before the real growth in the use of the Web, but it's a good example of a class paper.
  http://swissnet.ai.mit.edu/6805/student-papers/fall95-papers/rigby-anonymity.html
• Sissela Bok, Secrets: On the Ethics of Concealment and Revelation, Oxford University Press, 1984.

• Amitai Etzioni, The Limits of Privacy, Basic Books, 2000.