An interesting article came across my radar this morning. It details what happens when the FBI comes to claim a server because of crimes committed using the server’s capability, and you should read it.
However, I’d like to focus on the especially fascinating and contradictory tension regarding providing privacy for cybercrime:
Using Mixmaster, email users can achieve nearly undefeatable anonymity — multiple servers pass messages from one to the other, each time stripping out header information and replacing it with false data, making it nearly impossible for investigators to “trace” the message to the original sender.
“If you had asked me before this happened if one of our members ran an anonymous remailer, I would have said, ‘probably,’ ” said McClelland. “That’s exactly the kind of thing we want to support and we want to protect.”
When correctly configured, anonymous remailers leave no trace at all. There are no log files to check, no other server “fingerprints.”
“The fact that the FBI’s investigation led them to an anonymous remailer should have been the end of the story….” wrote Hanni Fakhoury.
“These people making the threats, these are jerks, nobody wants to protect them,” Lopez said.
There is a hacktivist notion that everything by a single individual should be completely private, and everything by the government should be completely public. It’s an interesting notion, and most of the people who espouse it mean well, but it can be severely misguided.
Terroristic threats are a crime. Bomb threats against a university are not a matter to shrug off lightly. One simply has to examine the rash of recent shooting deaths by lunatics on university campuses to know that student safety is a serious consideration.
Make no mistake: McClelland’s organization is happy that they’re able to provide the ability for anonymous remailing, leaving no trace at all. Fakhoury believes that because the criminal who emailed the bomb threats used an anonymous remailer, that should have been “the end of the story.”
And yet they say “nobody wants to protect [the criminals].” That’s simply a fallacy. One only has to read the enablers’ own words.
As with all privacy issues, from anonymous hate speech by a single individual, to WikiLeaks, this ends up being a debate about the needs of the people as a whole. The argument here is whether the need of the student body of the University of Pittsburgh for safety is more important than the need for privacy of the individual doing the threatening.
Though Lopez protests, he is doing his best before, during, and after the crime to ensure the criminal’s privacy. Now, I’m not here to make a judgment as to whether that’s right or wrong. But I’m also not here to attack the FBI for doing what they believe is necessary to find the criminals.