No Such Weblog

According to this press release, the JAP anonymizing proxy (think of it as anonymizer.com plus Chaumian mixes) is anonymizing again: The District Court in Frankfurt/Main decided yesterday that the enforcement of the judicial instruction by the Lower District Court in Frankfurt to the partners of the AN.ON project ... is to be suspended.

The battle about the JAP anonymizing proxy continues: After a decision of the Lower District Court in Frankfurt to add surveillance features to the system had been suspended by the District court (details; code is law analysis), German federal police obtained a search warrant from the Lower District Court last Friday. The data captured while the surveillance measures were in place (a single record was collected) were turned over to police during a search conducted Saturday. The Lower District Court's decision to issue the search warrant is believed to be illegal, and will be taken to a higher court. In particular, there was no obligation to turn over the data until a final decision is reached on the legality of the original surveillance measures.

Press release: German / English

Mailing list discussion about the search against the JAP anonymizing proxy is taking off on FITUG's debate mailing list; a quickly-updated unofficial archive is here.

Heise News reports that the district court in Frankfurt/Main has found that there was no base in law for an earlier order from a lower court that had required the JAP anonymizing proxy to implement a "crime detection feature." This feature would lift the anonymity of those who would use the service to access a specific web site.

When the district court had suspended enforcement of that order earlier this month, police searched the anonymization service; the data collected while the (illegal) surveillance measures were in place were turned over. This search is the topic of separate court proceedings.

Press release.

When trying to get a pre-paid SIM card for mobile phone use in Germany, customers had to identify themselves. The data weren't gathered for operational purposes, but exclusive to be a vailable for law enforcement purposes.

Germany's federal administrative court has now ruled that the national regulator's order which had lead to this practice had no basis in law, and was violating customers' privacy rights.

Heise reports that the AN.ON project has won another victory in court.

An illegal order from a lower court had forced the anonymization service to implement and activate a wiretapping function. When a higher court suspended that order, police obtained a search warrant and seized the data gathered when the (illegal) wiretapping function was active.

That search has now been found to be illegal.

Later: Press release.

Writes Esther Dyson in the New York Times (link credit: Bret Fausett): What I'm proposing is not a rule-free society, but one in which rules come from the bottom up: generally enforced by peers, with governments in the background. ... The basic rule is transparency: You need to know whom you are dealing with, or be able to take proper measures to protect yourself.

Unfortunately, the article essentially sets up anonymity and accountability online as contradictions. They need not be: The kind of accountability Esther describes is not so much about knowing who someone is in real life, but rather about recognizing a party you are dealing with (or knowing that you don't recognize a party seeking to communicate with you, and taking appropriate action). It's, often, not so much about linking on-line activity to real lilfe, but more often about linking current on-line activity to past on-line activity -- and, by symmetry, linking future on-line activity to current on-line activity.

This is so because for many activities online, stakes are actually quite low: To decide who's messages to read on mailing lists, or blogs, or slashdot -- or, in the past, Usenet --, for instance, it may quite well be enough to know that source's reputation among peers, or to have read earlier messages from that source. If something goes wrong, only littlel damage is done. All one needs to know to make this kind of choice is a regularly-used online pseudonym (most often, that's the e-mail address these days). If the same person uses a different pseudonym elsewhere, that's their business.

(Where the stakes are higher, reliable links to a person's online existence are, of course, useful.)

Accountability online is not a binary choice between total anonymity on the one hand, and total transparency with links to real life on the other: There is a broad spectrum between these, and often, the level of transparency and accountability that's needed will lie somewhere in between.

As a side note, all the accountability you can get won't fix viruses and similar security intrusions, unlike what Esther suggests: Just like the ordinary flu, successful online viruses often travel along the links in social networks.