ALSO    Washington tackles Internet law    Sign up for the Computer Connection email service    For more computing stories    MESSAGE BOARDS    Internet regulation   INTERACTIVE If you could be completely anonymous on the Internet, would you want to be? Yes No View Results

August 18, 1999
Web posted at: 5:32 p.m. EDT (2132 GMT)

In this story: How it works Freedom gets high marks U.S. encryption policy has its pros and cons RELATED STORIES, SITES

By Robin Lloyd
CNN Interactive Senior Writer

(CNN) -- If American software developers were to touch any of the code in the 10,000 released beta versions of an Internet privacy solution that is getting good preliminary marks, they would be subject to prosecution.

In fact, if Zero-Knowledge Systems were based in the United States, it would be illegal for the company to export its Internet privacy software, dubbed 'Freedom.'

Instead, the Montreal-based start-up, headed up by 26-year-old Austin Hill, is set to release the first product of its kind -- a comprehensive Internet privacy package that offers multiple online pseudonyms and Byzantine encrypted rerouting that even Zero-Knowledge couldn't crack if it wanted to.

No more cookies, e-mail trails and digital identity stealing. At least, that's the idea. More than a dozen "cookie killers" already exist, along with several e-mail and browser anonymity services such as anonymizer.com.

Those all rely on what Hill calls a "trust-me" mechanism. A third party server holds users' identity and data. Freedom makes it so the end-user has sole possession of that data.

"If there was a gun to my head, I still could not reveal or break the privacy of my users," Hill says.

The user has the only "key" to their pseudonyms, which can be linked to independent e-mail addresses, geographic locations and encryption keys.

Freedom is designed to protect the e-mail, chats, browsing and newsgroup searches of anyone from a Chinese dissident posting pro-democracy messages to an employee checking out listings for Alcoholics Anonymous.

The software can encrypt private chats and newsgroup discussions, ensures anonymous Web browsing and can even block spam, Hill says. Each digital identity relies on full strength encryption that ranges from 128 to 4,096 bits.

Freedom 1.0, which works only on Windows platforms, is set for release in late October or early November. It will be downloadable for $49.95. Macintosh and Linux versions are due out next year. Freedom doesn't work with America Online, however, since AOL is an online service separate from the Internet.

Zero-Knowledge released 1,000 beta copies of Freedom at the DefCon 7 convention in Las Vegas last month. Since then, it has released thousands more via its Web site. A total of 50,000 people have requested copies since then.

Web users leave traces of their identity behind every time they visit a Web site or send e-mail. To get a sense of the process, visit the Center for Democracy and Technology's site and use its demo.

Freedom allows users to set up separate pseudonyms for different aspects of their lives -- an identity for an online chat about health care, another for interactions with friends and family, others for Internet browsing and finally a 'true' identity for e-commerce.

Zero-Knowledge is working on an e-commerce identity protection solution for future versions.

Freedom scrambles data coming from a user's PC and hides the source and destination of Internet traffic routed through the service.

The message or data packet is first sent to Zero-Knowledge's servers where it is wrapped in a layer of encryption.

That initiates a delivery process where the data bounces from one independently owned relay station to the next and can only be opened by one specific user who then forwards it to another specific user, with that process repeating several times.

Eventually a data packet goes to its intended target but neither snoopers, nor the final recipient, have any way of tracing its origins.

Third-party protections, the approach relied upon by Freedom's predecessors, can be hacked or bought away when the company makes a new acquisition, as was the case when Double Click acquired Abacus, Hill said. Or, civil lawsuits can force ISPs to turn over their records.

David Sobel, general counsel for the Electronic Privacy Information Center, and Ari Schwartz, a policy analyst with the Center for Democracy and Technology, agree that Freedom is a good solution.

"I suspect that it is one of the best solutions that we've seen," Sobel said. Freedom's strength comes from Hill's philosophical commitment to preserving privacy and anonymity on the Internet, Sobel said.

Schwartz underlined the Center's stance on Internet privacy -- software solutions combined with self-regulation among service providers and legislation will be needed to protect privacy online.

The U.S. Congress has introduced several bills this session relating to online privacy but advocates say they may not go far enough.

A CDT report concludes that online privacy is the exception, not the rule, in the private sector.

The U.S. policy that prohibits encryption exports and labor is based on protecting security codes produced and cracked by the FBI and other national security agencies.

The downside is that we may lose out on what has turned into a $1.5 billion cryptography business for Canada, where limits are less strict, Hill says.

The U.S. approach could backfire and result in a brain drain of encryption experts, EPIC's Sobel said.

"The end result will be that American companies will lose leadership in this field," he said, "and it is not going to result in encryption being out of the hands of anyone our government might be concerned about."

Note: Pages will open in a new browser window

External sites are not endorsed by CNN Interactive.