Such responsibility is currently on the shoulders of administrators at Oberlin College as they try to determine the role of anonymous remailer technology in their community. This technology, which allows Internet users to send email and post to newsgroups anonymously, has some members of the Oberlin community concerned. A group of individuals, believed to be Oberlin students, have been sending anonymous, harassing, anti-homosexual email to openly gay members of the faculty and student body*. Recipients of this "hate literature" are upset that the use of an anonymous remailer has allowed the perpetrators to remain hidden, leaving no way for victims to defend themselves against this discrimination.
Some on campus are calling for a ban on the use of anonymous remailers to protect others from such harassment. Administrators are hesitant to institute such a ban, though, without first understanding the impact it would have on the free expression and communication that are essential parts of the school's culture. This paper has been commissioned by the Oberlin College administration to study the issues surrounding anonymous remailer technology before any policy is established controlling its use*.
We begin with an explanation of anonymous remailer technology, followed by a discussion of the social and ethical issues currently surrounding it. Next, we provide an overview of policy regarding anonymous electronic communication at other colleges and universities across the nation. These examples are intended to provide a framework within which Oberlin can establish its own guidelines. Finally, we conclude by recommending several key points that we feel should be included in Oberlin's policy on the use of anonymous remailer technology, based on the policies of other schools and the current situation on campus.
An anonymous remailer is a piece of software that allows Internet users to send electronic communications (e.g. email and news group postings) anonymously. Remailer software takes an electronic communication and processes it so that the recipient of the message cannot identify the source from which it originated. There are currently two basic mechanisms by which this is done, each of which differs in the level of anonymity is provides.
The term "pseudo-anonymous" is used to describe to this type of remailer because it does not actually afford the sender complete anonymity. The anonymous email address of each account holder is mapped to the user's real email addresses in a database, allowing the same anonymous address to be used many times and to receive replies to messages published anonymously. Such a database also allows the operator to determine the originator of the message, despite his/her desire to remain unknown.
Examples of popular pseudo-anonymous remailers include alpha.c2.org, Private Idaho, the Nymserver, Nym.alias.net, MailAnon and the most famous of all, anon.penet.fi, recently closed down as a result of a legal entanglement with the Finnish government.
The design of Cypherpunk, as described in an essay by well known remailer expert Lance Cottrell, is "a nested set of encrypted messages. Each message is encrypted to a remailer. The message contains the instructions for each remailer (such as where to send the message next) and the message to be forwarded. Each remailer removes a layer of encryption, and accompanying instructions, takes any requested actions, and sends the message on to the next destination."
Mixmaster, designed by Cottrell himself, uses a much more powerful design for ensuring anonymity. A Mixmaster remailer divides messages into packets, all of equal length. Each packet includes 20 information headers and is encrypted in several layers of DES encryption. Each packet is passed to several different remailers before reaching its destination; usually, packets from the same message are sent through different sets of remailers so as not to be associated with each other. Only the final remailer can figure out which packets are related and reassemble them in order to forward the message to the recipient. Message headers are also reorganized after they are used to disguise the order in which the packet visited the remailers through which it was sent. This reorganization prevents the packet from being traced back to the original source.
Because these two types of remailers do not store any information about the sender of the message, there is no way for the recipient to reply or for the message to be traced back to its originator.
Ralph Levin, in a rebuttal to one opponent of anonymous remailers, recognizes the fact that "Not all anonymous messages are pleasant or popular," but that "Unpopular speech is a necessary consequence of free speech. At least to the founders of this country, the benefits of free speech outweigh the discomfort." Levin goes onto remind readers that some of the most famous writings in American history, the Federalist Papers, were originally published anonymously, and that the founding fathers believed "the ideas should stand on their own merit, without opinion being swayed by the names behind them."
Opponents of anonymous remailers do not, generally, deny the benefits of electronic anonymity. Their argument is instead that the danger posed by negative uses of the technology outweigh the good it might be able to do. Martha S. Siegel, in an editorial in the January 2, 1995 edition of the San Francisco Chronicle, argued that "National and personal security are serious considerations when anyone can, with complete anonymity, send encrypted information worldwide via the Internet. Such problems are further exacerbated by a computer...which exists for the sole purpose of laundering computer messages, much like dirty money is laundered through small island nations. Consequently, if you want to, say, threaten someone with death, your risk of retribution is small." Siegel goes on to call people using anonymity to do counterproductive things, such as flaming, "self-styled vigilantes" who "routinely challenge free speech in Cyberspace unabated."
Walter S. Mossberg, in a January 25, 1995 article in the Wall Street Journal, argues that not only does anonymity on the Internet allow you to do bad things without getting caught, but it actually makes it more likely that normally good people will do bad things in the first place. He notes that "When these forums operate under the cloak of anonymity...[i]t sure makes it easier to spread wild conspiracy theories, smear people, conduct financial scams, or victimize others sexually." Mossberg goes on to say that "it's easier to 'flame' someone from the safety of a keyboard than it is to curse them face-to-face, or even over the phone. So on-line discussions too often break down into a kind of name calling that wouldn't be tolerated in a real-life meeting or social setting."
In a paper from the Symposium on the Global Information Infrastructure, Paul A. Strassmann and William Marlow claim that "information crimes have the unique characteristic that apprehension is impossible, since even identification of the criminal is not feasible," and that "[t]he introduction of Anonymous Remailers into the Internet has altered the capacity to balance attack and counter-attack, or crime and punishment." Their argument is not that there aren't good uses for anonymity on the Internet, but that by giving those who might make bad use of it the ability to do so without fear of apprehension, we make ourselves vulnerable to attack now and years from now. "For the last two hundred years the theory of warfare has been guided by "force-exchange" equations in which the outcome was determined by the rate of attrition of each opposing force. In information attacks these equations do not apply because the attacker remains hidden and cannot be retaliated against."
The preceding arguments all appear to have merit, and no clear distinction between which is "right" and which is "wrong" appears to exist. Anyone wishing to establish a position on the use of anonymous remailer technology must consider all of the arguments presented here and decide for themselves whether the individual right to free expression is more important than the exposure of society to a particularly dangerous type of crime.
|In general, users should identify themselves as the originators
of electronic communication. In cases where anonymity is desired,
only pseudo-anonymous remailers may be used to achieve it.
|Messages sent anonymously may neither violate the law nor the policies
of Oberlin College. Anonymous messages may not be sent to any user
or posted to any news group or bulletin board that has expressly asked
that anonymous communication not be sent.
|If an anonymous message violates the law, this, or any other Oberlin College policy, the administration of Oberlin College reserves the right to obtain a court order to extract from the anonymous remailer used the identity of the message originator. That identity may be used to initiate disciplinary, legal, or civil action.|
Psuedo-anonymous remailers allow people to communicate anonymously while still providing authorities a way to trace messages that violate law or school policy. By allowing the use of pseudo-, but not truly, anonymous remailers, we give all parties involved a way to achieve their goals. The likelihood that anyone without a valid court order could obtain the identity of a message sent through these remailers is slim, so users are afforded a reasonably secure level of privacy. They are not, however, given a complete absolution from guilt in the form of perfect anonymity. Victims of harassment can use the courts to access remailer databases and find out the identity of their attacker, thus giving them a means of pressing charges. The people using anonymity for good can do so while those using it for bad can be caught. Everyone is happy (except the people who get caught, of course!).
This policy also has the nice feature in that it is somewhat technologically enforceable. There are mechanisms by which administrators can block messages to and from truly anonymous servers, thus helping to enforce the policy on a daily basis. Most operators of remailers are also willing to block messages to an email address or domain if the owner of that domain asks, so the school could simply request that no truly anonymous messages be sent to email addresses containing "oberlin.edu".
We are confident that this policy strikes a nice balance between personal and societal concerns over anonymity on the Internet. It is specific enough for students to understand boundaries of acceptable behavior, and can be applied in conjunction with other policies against misuse of electronic communication to foster a positive, creative, and innovative environment for all members of the Oberlin College community.