Online and Unidentifiable?

[InfoSec News <isn () C4I ORG>]

http://www.washingtonpost.com/wp-dyn/articles/A21689-2000Jun29.html

By John Schwartz
Washington Post Staff Writer
Friday, June 30, 2000; E01

Everyone knows two things about the Internet. First, it's impossible
to censor. Second, the Internet is anonymous.

As it happens, neither is true: The increasing ability to trace
Internet surfers' wanderings and the threat of lawsuits have
considerably dampened the online medium's Wild West spirit.

But that hasn't stopped people from trying to help the Net live up to
its reputation. Today researchers at AT&T Labs will announce the
creation of Publius, a new system that could go a long way toward
eliminating online censorship. The innovation could bring the full
promise--and, critics warn, the perils--of unfettered speech to the
global medium.

"It seems like more and more, technologies are being introduced that
limit the freedom of individuals--especially in repressive
administrations" around the world, said Aviel D. Rubin, who developed
Publius with AT&T colleague Lorrie F. Cranor and graduate student Marc
Waldman. "We are hoping that by providing some tools to help the
individual, we can help offset this trend a little bit."

The researchers chose their system's name carefully: "Publius" was one
of the pen names used by Alexander Hamilton, John Jay and James
Madison to anonymously publish the Federalist Papers.

The twin notions that the Internet is uncensorable and that it is
anonymous have become deeply ingrained in public perception. A popular
New Yorker cartoon tells us that "On the Internet, nobody knows you're
a dog," and Internet activist John Gilmore's famous statement that
"the Net treats censorship as damage and routes around it" has become
an online cliche.

Yet a team of cryptographers and privacy activists turns out to be a
poor match for an army of lawyers. Time and again, attempts to shut
down speech on the Internet have succeeded. The Church of Scientology
has been able to bring substantial pressure to bear on Web sites that
publish documents that the church considers to be copyrighted
property, and activists fear the effects of the new Digital Millennium
Copyright Act. Companies often use subpoena power to uncover the names
of online employee-critics, force them to withdraw their comments and
fire them, said Michael Godwin, author of "Cyber Rights: Defending
Free Speech in the Digital Age."

"People are so used to thinking of the Net as ephemeral, anonymous and
unchanging that they forget the one thing computers are really good at
is remembering things and searching for them," Godwin said.

The idea of making the Internet truly resistant to censorship is not
new, and a number of online projects with names like "freenet" and
"Anderson's eternity service" attempt to evade the controls that
currently exist over Internet content. But the entry of the
prestigious AT&T Labs researchers into the field raises the movement
to a new level.

Publius works by encrypting files--from text to pictures and
music--and dividing them into fragments like pieces of a jigsaw puzzle
to be distributed over a number of servers, the computers that store
and distribute information on the World Wide Web.

Someone wanting to receive materials from the Publius network would
look through a directory of offerings on a Publius-affiliated Web
site; the network itself would do the work of reassembling the pieces
of the requested file.

Because Publius puts documents on a number of servers, any effort to
censor is greatly hindered. The Publius network would make it hard to
trace the original transaction, and files placed on the network could
not be removed without the direct action of the owners of the
participating servers. The sender can decide into how many pieces to
break the file and how many owners of servers would have to act
together to eliminate it.

The researchers' announcement today will lead to a two-month trial of
the technology with a limited number of servers. If that works, they
plan to create a permanent version of the system.

Internet experts who have learned about Publius say they are
impressed. "This is a unique approach and it is well executed," said
Edward Felten, an associate professor of computer science at Princeton
University. "We think it's a pretty cool system," said Adam Shostak of
Toronto-based Zero Knowledge Systems, which sells software for
anonymous Internet use.

Not everyone is pleased, however. Bruce Taylor, an anti-pornography
activist with the National Law Center for Children and Families, said,
"It's nice to be anonymous, but who wants to be more anonymous than
criminals, terrorists, child molesters, child pornographers, hackers
and e-mail virus punks?"

Taylor said the researchers might be motivated by good intentions, but
the uses to which Publius is put won't always be for the best. "That
doesn't mean they shouldn't do it, just because somebody might abuse
it, but it does raise questions."

So far, AT&T Labs' corporate parent has allowed the project to
continue.

"The truth is that researchers at AT&T Labs have quite a free rein to
pick topics for their work," Rubin said. "The culture at the labs here
is that we are scientists, and we are expected to solve
forward-looking problems that contribute to basic knowledge."

AT&T Labs spokesman Michael Dickman acknowledged that internal memos
from corporate officers raised the possibility that the system could
be used to disseminate child pornography and other undesirable
content. He said the company is unlikely to follow the course of
American Online, which canceled work on Gnutella, a technology for
distributing music over the Internet that was criticized as a
potential boost to copyright piracy.

"It is only a research project at this point in time," Dickman said,
and part of the trial is intended to see whether the system will be
abused.

Publius is not a commercial product; the researchers will give the
software away. They have published a full description of Publius and
the technology behind it at www.cs.nyu.edu/waldman/publius.

Rubin said that he and Cranor saw the ideal user of Publius as "a
person in China observing abuses, on a day-to-day basis," of human
rights. In nations where freedom of speech is severely limited and
people might suffer great hardship for speaking out, Publius could be
an instrument of social change. "That's what motivates Lorrie and me,"
he said. "That's why we were interested in this project."

Rubin said the administrators of the Publius computers can band
together to remove content that they collectively find abhorrent, and
that he believes child pornography would certainly fall under that
category.

"There's always historically been a fear of new technologies," Rubin
said. "When cars were introduced, there were fears that they would
help bad guys get away.

"We just hope that the good uses outweigh the bad," he said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".