Recommendations for Anonymous Remailer Policy at Oberlin College

Recommendations for Anonymous Remailer Policy at Oberlin College*

Copyright Megan Burns, 1999

I.    Introduction
II. An Overview of Anonymous Remailer Technology
    A. Pseudo-Anonymous Remailers
    B. Anonymous Remailers
    C. Remailer Options
III. Current Debate over Anonymous Remailers
IV. Oberlin's Current Policy on Anonymous Remailers
V. Anonymous Remailer Policies at other U.S. Colleges
VI. Conclusion: Policy Recommendations for Oberlin College

Disclaimer

Introduction

Across the United States, colleges and universities are preparing for the arrival of a new millennium. Researchers are making progress in the fields of science, engineering, politics, and art that define what life will be like in the twenty-first century. Because many of the advances being made have the potential to change lives, they often raise difficult social, ethical, and political questions. Society must consider what changes could come from each advance, the nature of those changes, and the potential impacts they might have on society as a whole. People often turn to academia, as a significant source of innovation, to provide an understanding of how such changes should be incorporated into everyday life. This puts a burden of responsibility on college administrators, because their decisions now have the potential to affect policies throughout world.

Such responsibility is currently on the shoulders of administrators at Oberlin College as they try to determine the role of anonymous remailer technology in their community. This technology, which allows Internet users to send email and post to newsgroups anonymously, has some members of the Oberlin community concerned. A group of individuals, believed to be Oberlin students, have been sending anonymous, harassing, anti-homosexual email to openly gay members of the faculty and student body*. Recipients of this "hate literature" are upset that the use of an anonymous remailer has allowed the perpetrators to remain hidden, leaving no way for victims to defend themselves against this discrimination.

Some on campus are calling for a ban on the use of anonymous remailers to protect others from such harassment. Administrators are hesitant to institute such a ban, though, without first understanding the impact it would have on the free expression and communication that are essential parts of the school's culture. This paper has been commissioned by the Oberlin College administration to study the issues surrounding anonymous remailer technology before any policy is established controlling its use*.

We begin with an explanation of anonymous remailer technology, followed by a discussion of the social and ethical issues currently surrounding it. Next, we provide an overview of policy regarding anonymous electronic communication at other colleges and universities across the nation. These examples are intended to provide a framework within which Oberlin can establish its own guidelines. Finally, we conclude by recommending several key points that we feel should be included in Oberlin's policy on the use of anonymous remailer technology, based on the policies of other schools and the current situation on campus.

An Overview of Anonymous Remailer Technology

Before regulating use of any technology, it is important that policy makers have a clear and accurate understanding of that technology and its capabilities. Consequently, we begin with an overview of current anonymous remailer technology.

An anonymous remailer is a piece of software that allows Internet users to send electronic communications (e.g. email and news group postings) anonymously. Remailer software takes an electronic communication and processes it so that the recipient of the message cannot identify the source from which it originated. There are currently two basic mechanisms by which this is done, each of which differs in the level of anonymity is provides.

Pseudo-Anonymous Remailers

The first type of anonymous remailer is called a "pseudo-anonymous remailer". Here users establish an account with the operator of the remailer software. A first time user sends to the remailer the message he/she wishes to distribute anonymously. The server then strips the sender's actual email address from the message and assigns an "anonymous" email address, which it places on the "From:" line of the message header. The message, with its new anonymous header, is then forwarded to the intended recipient. Future anonymous communications are accomplished by simply sending messages to the remailer and including with them the address(es) to which they should be sent. The remailer then strips away the real sender's address, replaces it with the anonymous one, and forwards the messages.

The term "pseudo-anonymous" is used to describe to this type of remailer because it does not actually afford the sender complete anonymity. The anonymous email address of each account holder is mapped to the user's real email addresses in a database, allowing the same anonymous address to be used many times and to receive replies to messages published anonymously. Such a database also allows the operator to determine the originator of the message, despite his/her desire to remain unknown.

Examples of popular pseudo-anonymous remailers include alpha.c2.org, Private Idaho, the Nymserver, Nym.alias.net, MailAnon and the most famous of all, anon.penet.fi, recently closed down as a result of a legal entanglement with the Finnish government.

Anonymous Remailers

The second type of remailer available today is truly anonymous in that it provides no way of tracing the origin of a message. Most truly anonymous remailers use one of two algorithms, called "Cypherpunk" and "Mixmaster". The technical details of the two algorithms are beyond the scope of this paper, but we provide an explanation of the basic idea behind each.

The design of Cypherpunk, as described in an essay by well known remailer expert Lance Cottrell, is "a nested set of encrypted messages. Each message is encrypted to a remailer. The message contains the instructions for each remailer (such as where to send the message next) and the message to be forwarded. Each remailer removes a layer of encryption, and accompanying instructions, takes any requested actions, and sends the message on to the next destination."

Mixmaster, designed by Cottrell himself, uses a much more powerful design for ensuring anonymity. A Mixmaster remailer divides messages into packets, all of equal length. Each packet includes 20 information headers and is encrypted in several layers of DES encryption. Each packet is passed to several different remailers before reaching its destination; usually, packets from the same message are sent through different sets of remailers so as not to be associated with each other. Only the final remailer can figure out which packets are related and reassemble them in order to forward the message to the recipient. Message headers are also reorganized after they are used to disguise the order in which the packet visited the remailers through which it was sent. This reorganization prevents the packet from being traced back to the original source.

Because these two types of remailers do not store any information about the sender of the message, there is no way for the recipient to reply or for the message to be traced back to its originator.

Remailer Options

In addition to the basic functionalities provided by all remailers, many offer special options, including:

Nicknames, so recipients don't have to refer to the sender by the (often long) anonymous address
Use of primary and secondary real email addresses
Automatic removal of certain parts of messages, such as signatures, which could identify the sender
Automatic delay of messages for random period of time to prevent correlation with messages sent from the user's machine
Blocking of messages to particular users or newsgroups who have requested that anonymous communication not be sent.

Current Debate over Anonymous Remailers

As with any powerful technology, there is the potential for use of anonymous remailers on both sides of the ethical and legal line. Supporters of the technology argue that anonymity in electronic communication allows people to discuss ideas, events, and personal issues without fear of discrimination or retribution. Avi Baumstein, in response to an editorial against the use of anonymous remailers, argues that "Our government is founded on anonymity...", and cites several situations in which anonymity can be positive. He argues that anonymity allows victims to participate in online support groups and allows whistle blowers to alert the public to potential dangers without fear of retribution. According to Baumstein, anonymous electronic communication also allows "opinions to be judged on their own merit, rather than on their name". He notes that a desire for anonymity need not imply that the sender has something to hide, pointing to The Economist as an example of a publication that is both anonymous and well respected.

Ralph Levin, in a rebuttal to one opponent of anonymous remailers, recognizes the fact that "Not all anonymous messages are pleasant or popular," but that "Unpopular speech is a necessary consequence of free speech. At least to the founders of this country, the benefits of free speech outweigh the discomfort." Levin goes onto remind readers that some of the most famous writings in American history, the Federalist Papers, were originally published anonymously, and that the founding fathers believed "the ideas should stand on their own merit, without opinion being swayed by the names behind them."

Opponents of anonymous remailers do not, generally, deny the benefits of electronic anonymity. Their argument is instead that the danger posed by negative uses of the technology outweigh the good it might be able to do. Martha S. Siegel, in an editorial in the January 2, 1995 edition of the San Francisco Chronicle, argued that "National and personal security are serious considerations when anyone can, with complete anonymity, send encrypted information worldwide via the Internet. Such problems are further exacerbated by a computer...which exists for the sole purpose of laundering computer messages, much like dirty money is laundered through small island nations. Consequently, if you want to, say, threaten someone with death, your risk of retribution is small." Siegel goes on to call people using anonymity to do counterproductive things, such as flaming, "self-styled vigilantes" who "routinely challenge free speech in Cyberspace unabated."

Walter S. Mossberg, in a January 25, 1995 article in the Wall Street Journal, argues that not only does anonymity on the Internet allow you to do bad things without getting caught, but it actually makes it more likely that normally good people will do bad things in the first place. He notes that "When these forums operate under the cloak of anonymity...[i]t sure makes it easier to spread wild conspiracy theories, smear people, conduct financial scams, or victimize others sexually." Mossberg goes on to say that "it's easier to 'flame' someone from the safety of a keyboard than it is to curse them face-to-face, or even over the phone. So on-line discussions too often break down into a kind of name calling that wouldn't be tolerated in a real-life meeting or social setting."

In a paper from the Symposium on the Global Information Infrastructure, Paul A. Strassmann and William Marlow claim that "information crimes have the unique characteristic that apprehension is impossible, since even identification of the criminal is not feasible," and that "[t]he introduction of Anonymous Remailers into the Internet has altered the capacity to balance attack and counter-attack, or crime and punishment." Their argument is not that there aren't good uses for anonymity on the Internet, but that by giving those who might make bad use of it the ability to do so without fear of apprehension, we make ourselves vulnerable to attack now and years from now. "For the last two hundred years the theory of warfare has been guided by "force-exchange" equations in which the outcome was determined by the rate of attrition of each opposing force. In information attacks these equations do not apply because the attacker remains hidden and cannot be retaliated against."

The preceding arguments all appear to have merit, and no clear distinction between which is "right" and which is "wrong" appears to exist. Anyone wishing to establish a position on the use of anonymous remailer technology must consider all of the arguments presented here and decide for themselves whether the individual right to free expression is more important than the exposure of society to a particularly dangerous type of crime.

Oberlin's Current Policy on Anonymous Remailers

To date, Oberlin College's General Policies for Computer Use have no mention of anonymous remailer technology. There are requirements that students and faculty not send "rude, obscene, or harassing messages (including chain letters)", but there is no regulation forbidding them from sending non-offensive messages anonymously.

Anonymous Remailer Policies at other U.S. Colleges

Although Oberlin has not yet dealt with this issue in its computer use policy, may other schools have. The following is a list of the policies regarding anonymous electronic communication from a number of well know colleges and universities in the U.S.:

Rensselaer Polytechnic Institute's Policy on Electronic Citizenship: "Although there are instances in which anonymous communication is acceptable, it is generally advisable to identify yourself accurately. It is not acceptable to use anonymity to harass, threaten, or deceive others."

Carnegie Mellon University's Computing and Information Resources Code of Ethics: "Messages sent to other users should always identify the sender."

Code of Conduct For Users of Computing Systems and Services At The George Washington University: "University users of e-mail or other electronic communications shall not employ a false identity. Nor may email be sent anonymously with the intent to deceive."

University of Buffalo Conditions of Use of University Computing & Information Technology Resources: "As a condition for use of the UB computing systems, all users are expected...To not develop programs or use any mechanisms to alter or avoid accounting for the use of computing services or to employ means by which the facilities and systems are used anonymously or by means of an alias. For example, users shall not send messages or mail, or print files which do not show the username of the user using the system..."

SUNY Buffalo Computer and Network Usage Policy: "The establishment of a background process that services incoming requests from anonymous users for purposes of gaming, chatting, or browsing the Web is prohibited."

University of California Electronic Mail Policy: "Email may...be sent anonymously provided this does not violate any law or this or any other University policy, and does not unreasonably interfere with the administrative business of the University."

Harvard University Computer Rules & Responsibilities: "electronic mail, like telephone messages, must be neither obscene nor harasing...Similarly, messages must not misrepresent the identity of the sender..."

In addition to examining policies of specific schools, the author also found a study at Brown University in which the computer use policies of fifty-seven colleges and universities were consolidated into a single report. The following statements were found in that report regarding anonymous electronic communication:

"identify yourself clearly and accurately in electronic communication."

"publishers must be clearly and specifically identified including the names and other contact information of individuals responsible for a given set of electronic information."

"sending information, especially electronic mail, that does not correctly identify the sender can be unethical."

Conclusion: Policy Recommendations for Oberlin College

After careful consideration of the power of anonymous remailer technology for both good and bad, the current issues under debate, and the policies in place at other colleges and universities, the authors feel that Oberlin College should institute a policy with balance. It is our opinion that the following policy statement balances the right to free and unthreatened expression with the need to protect members of the community from harassment and discrimination:

In general, users should identify themselves as the originators of electronic communication. In cases where anonymity is desired, only pseudo-anonymous remailers may be used to achieve it.

Messages sent anonymously may neither violate the law nor the policies of Oberlin College. Anonymous messages may not be sent to any user or posted to any news group or bulletin board that has expressly asked that anonymous communication not be sent.

If an anonymous message violates the law, this, or any other Oberlin College policy, the administration of Oberlin College reserves the right to obtain a court order to extract from the anonymous remailer used the identity of the message originator. That identity may be used to initiate disciplinary, legal, or civil action.

Psuedo-anonymous remailers allow people to communicate anonymously while still providing authorities a way to trace messages that violate law or school policy. By allowing the use of pseudo-, but not truly, anonymous remailers, we give all parties involved a way to achieve their goals. The likelihood that anyone without a valid court order could obtain the identity of a message sent through these remailers is slim, so users are afforded a reasonably secure level of privacy. They are not, however, given a complete absolution from guilt in the form of perfect anonymity. Victims of harassment can use the courts to access remailer databases and find out the identity of their attacker, thus giving them a means of pressing charges. The people using anonymity for good can do so while those using it for bad can be caught. Everyone is happy (except the people who get caught, of course!).

This policy also has the nice feature in that it is somewhat technologically enforceable. There are mechanisms by which administrators can block messages to and from truly anonymous servers, thus helping to enforce the policy on a daily basis. Most operators of remailers are also willing to block messages to an email address or domain if the owner of that domain asks, so the school could simply request that no truly anonymous messages be sent to email addresses containing "oberlin.edu".

We are confident that this policy strikes a nice balance between personal and societal concerns over anonymity on the Internet. It is specific enough for students to understand boundaries of acceptable behavior, and can be applied in conjunction with other policies against misuse of electronic communication to foster a positive, creative, and innovative environment for all members of the Oberlin College community.

* This paper was written for the Information Technology and Social Accountability course in the Heinz School of Management and Public Policy at Carnegie Mellon University. The author is in no way affiliated with Oberlin College, nor are the recommendations made in this paper intended for use by that college. The situation presented as the background for this paper is not real. The recommendations listed here are simply answers to an essay questions posed as part of the assignment for Module 3 of the ITSA class. All information about remailer technology, Oberlin College's current IT use policy, and other college's IT policies is accurate according to the references listed, but no evidence was found that the situation regarding the abuse of anonymous remailers by Oberlin students is in any way true.