Home >> Resources >> Articles >> Anonymous Remail Raises Concerns

Anonymous Remail Raises Concerns

By Deborah Weil
Contributing Editor
The Internet Letter
April, 1995


A disgruntled employee hunches over his or her computer screen, tapping out a message. A few key clicks and - thanks to an anonymous remailer - the words vanish into cyberspace with nary a trace of the sender's name or e-mail address.

Perhaps the employee has posted a "flame" to hundreds of newsgroups on the Internet, starting a bogus rumor about the company. Worse, perhaps the staffer is divulging proprietary information - about a bug in the company's hardware or software, for example. One rumor circulating on the 'Net is that the flaw in the Pentium chip was originally revealed by an Intel employee, who masked his identity using anonymous remail.

April Fool’s? It’s certainly possible, but not something corporate higher-ups are losing sleep over. "I think they haven’t given it any thought," said Mike Godwin, staff counsel for the Washington, D.C.-based Electronic Frontier Foundation.

Howard High, a spokesman at Intel Corp. said, "I don’t think we would have any idea" if an employee had blown the whistle on the Pentium chip. (As far as he knows, High said, the flaw was discovered and first publicized in November, 1994, after an e-mail message about it was sent through the Internet by Thomas Nicely, a mathematics professor at Lynchburg College in Lynchburg, Va.)

More importantly, said High, "I would feel more concerned about the danger to (our) company culture if an individual felt that he couldn’t be open." At Intel, as at many high-tech companies, employees relish finding problems and pointing them out, High said.

"We’re too busy doing real work to worry about monitoring our people," he added. "They have a lot of freedom and empowerment to do their work."

Whistleblowers have always been able to march down to the nearest pay phone, Godwin said. The fact that employees technically are able to send anonymous e-mail from their work stations doesn’t mean that they are more likely to do so. "It doesn’t seem to be the case, yet, that the people using anonymous remailers are doing it destructively or for anti-social reasons," Godwin said.

"I do not see this topic as a major issue," said Howard Funk, a Katonah, N.Y., Internet consultant, and former IBM executive. Companies who want to analyze employees’ external e-mail can do so easily, he explained. "There are at least two ways companies can protect themselves against unwise or malevolent employees... The simplest of these is simply to use packet filtering to prevent mail from being sent to the known addresses of the anonymous remailers.

"The other, useful after the fact, is simply to check the logs which capture both the sending and receiving address of mail being sent via the corporate system."

Still, a number of recent incidents involving prank messages or inappropriate use of anonymous remail worries Internet experts. A fake message posted in December to the Internet in the form of an AP news article announced that Microsoft Corp. had agreed to "acquire" the Catholic Church for an unspecified number of shares. While obviously a hoax, the news prompted lots of angry phone calls to Microsoft headquarters.

The White House e-mail system has been receiving death threats to the President via the Internet. "It’s an annoying phenomenon," said Stephen Horn, director of Presidential e-mail. Horn refused to specify whether the messages were sent anonymously, but added, "You can draw some conclusions just from the nature of the ’Net."

Another indicator that anonymous messaging is a growing trend is that the best known and trusted anonymous remail server - anon.penet.fi - is in ever greater demand. Administrator Johan Helsingius, or Julf as he is known on the Internet, says he now has 250,000 users on his database, with 8,000 - 9,000 messages going through the server daily. He runs the free server from an undisclosed location in Helsinki, Finland.

Those asking for the service are "70 percent U.S.A.-based," Julf said, with domain names "pretty mixed" among .com, .edu, .org and .net. He says he operates the server "for humanitarian reasons" and to permit freedom of expression about sensitive issues.

Some users want anonymity to cloak controversial political discussions or to talk about human rights violations or sexual abuse, Julf said. But in addition to the obvious reasons, programmers post anonymous technical questions without fear of embarrassment. Employees also want to discuss childcare issues without their employer knowing, he said.

About a year ago, Julf said, a software company contacted him asking if he had the e-mail address of an employee who was suspected of leaking information about a bug in the company’s software. (Julf declined to identify the whereabouts or name of the firm.) Julf refused to divulge the information, telling the company that it would need a court order to force him to do so. The company did not follow up, he said, and the inquiry was dropped.

More recently, Finnish Police served Julf with a search and seizure warrant to ferret out the identity of a Church of Scientolgy member who was posting confidential information to the Internet via remail. Julf "negotiated with (police)," he said, in order to avoid giving up his entire database. "I transferred (the electronic address) to one diskette which was just the information they were looking for."

One abuse of the server Julf has noted is that small mail-order companies use anonymous e-mail as a way to flood newsgroups on the Internet with advertising. "I can’t stop them from doing it," Julf said. "But once they do it, I get lots of complaints and then I warn them." His server also automatically blocks such flooding by shutting down if more than 100 messages are being sent at once.

Despite such potential abuses, the right to send anonymous mail is seen as Constitutionally protected by free-speech advocates. "There’s a sense by many on the Net that anonymity is a good thing, that it promotes freedom of expression," said EFF’s Godwin.

While not acknowledging that anonymous remail is a problem, corporations frown on employees sending anonymous messages from office computers. "It’s really a Netiquette issue," explained Kevin Clark, an IBM division head in the corporation’s Somers, N.Y. office. "IBM asks employees to identify themselves and to exercise the same courtesy as if they were writing on paper... We want to be good citizens in cyberspace."