ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
image Computing

Total digital privacy may be on the horizon

privacy graphic

 ALSO

   Washington tackles Internet law

   Sign up for the Computer Connection email service

   For more computing stories

 
message board MESSAGE BOARDS

   Internet regulation
 
imageINTERACTIVE

If you could be completely anonymous on the Internet, would you want to be?

Yes No
View Results
 

August 18, 1999
Web posted at: 5:32 p.m. EDT (2132 GMT)


In this story:

How it works

Freedom gets high marks

U.S. encryption policy has its pros and cons

RELATED STORIES, SITES icon



By Robin Lloyd
CNN Interactive Senior Writer

(CNN) -- If American software developers were to touch any of the code in the 10,000 released beta versions of an Internet privacy solution that is getting good preliminary marks, they would be subject to prosecution.

In fact, if Zero-Knowledge Systems were based in the United States, it would be illegal for the company to export its Internet privacy software, dubbed 'Freedom.'

Instead, the Montreal-based start-up, headed up by 26-year-old Austin Hill, is set to release the first product of its kind -- a comprehensive Internet privacy package that offers multiple online pseudonyms and Byzantine encrypted rerouting that even Zero-Knowledge couldn't crack if it wanted to.

No more cookies, e-mail trails and digital identity stealing. At least, that's the idea. More than a dozen "cookie killers" already exist, along with several e-mail and browser anonymity services such as anonymizer.com.

Those all rely on what Hill calls a "trust-me" mechanism. A third party server holds users' identity and data. Freedom makes it so the end-user has sole possession of that data.

"If there was a gun to my head, I still could not reveal or break the privacy of my users," Hill says.

The user has the only "key" to their pseudonyms, which can be linked to independent e-mail addresses, geographic locations and encryption keys.

Freedom is designed to protect the e-mail, chats, browsing and newsgroup searches of anyone from a Chinese dissident posting pro-democracy messages to an employee checking out listings for Alcoholics Anonymous.

The software can encrypt private chats and newsgroup discussions, ensures anonymous Web browsing and can even block spam, Hill says. Each digital identity relies on full strength encryption that ranges from 128 to 4,096 bits.

Freedom 1.0, which works only on Windows platforms, is set for release in late October or early November. It will be downloadable for $49.95. Macintosh and Linux versions are due out next year. Freedom doesn't work with America Online, however, since AOL is an online service separate from the Internet.

Zero-Knowledge released 1,000 beta copies of Freedom at the DefCon 7 convention in Las Vegas last month. Since then, it has released thousands more via its Web site. A total of 50,000 people have requested copies since then.

How it works

Web users leave traces of their identity behind every time they visit a Web site or send e-mail. To get a sense of the process, visit the Center for Democracy and Technology's site and use its demo.

Freedom allows users to set up separate pseudonyms for different aspects of their lives -- an identity for an online chat about health care, another for interactions with friends and family, others for Internet browsing and finally a 'true' identity for e-commerce.

Zero-Knowledge is working on an e-commerce identity protection solution for future versions.

Freedom scrambles data coming from a user's PC and hides the source and destination of Internet traffic routed through the service.

The message or data packet is first sent to Zero-Knowledge's servers where it is wrapped in a layer of encryption.

That initiates a delivery process where the data bounces from one independently owned relay station to the next and can only be opened by one specific user who then forwards it to another specific user, with that process repeating several times.

Eventually a data packet goes to its intended target but neither snoopers, nor the final recipient, have any way of tracing its origins.

Third-party protections, the approach relied upon by Freedom's predecessors, can be hacked or bought away when the company makes a new acquisition, as was the case when Double Click acquired Abacus, Hill said. Or, civil lawsuits can force ISPs to turn over their records.

Freedom gets high marks

David Sobel, general counsel for the Electronic Privacy Information Center, and Ari Schwartz, a policy analyst with the Center for Democracy and Technology, agree that Freedom is a good solution.

"I suspect that it is one of the best solutions that we've seen," Sobel said. Freedom's strength comes from Hill's philosophical commitment to preserving privacy and anonymity on the Internet, Sobel said.

Schwartz underlined the Center's stance on Internet privacy -- software solutions combined with self-regulation among service providers and legislation will be needed to protect privacy online.

The U.S. Congress has introduced several bills this session relating to online privacy but advocates say they may not go far enough.

A CDT report concludes that online privacy is the exception, not the rule, in the private sector.

U.S. encryption policy has its pros and cons

The U.S. policy that prohibits encryption exports and labor is based on protecting security codes produced and cracked by the FBI and other national security agencies.

The downside is that we may lose out on what has turned into a $1.5 billion cryptography business for Canada, where limits are less strict, Hill says.

The U.S. approach could backfire and result in a brain drain of encryption experts, EPIC's Sobel said.

"The end result will be that American companies will lose leadership in this field," he said, "and it is not going to result in encryption being out of the hands of anyone our government might be concerned about."


RELATED STORIES:
Hackers, IT consultants embrace free security tool
August 13, 1999
Wireless data encryption due for handhelds
August 3, 1999
Congress targets exported encryption tech
July 26, 1999
Is your business as safe as you think?
July 16, 1999
DefCon '99 draws security experts from both sides
July 12, 1999

RELATED SITES:
Zero-Knowledge Systems
The Center For Democracy & Technology - Who's Watching You | CDT's Snoop 2.0
Electronic Privacy Information Center
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.