Riseup hat eben bekanntgegeben, dass am Mittwoch nachmittag einer seiner Server in New York vom FBI beschlagnahmt wurde. Es handelt sich um einen Server von Europas ältestem unabhängigen Provider ECN (Italien), der in einer gemeinsamen Colocation von Riseup und May First/People Link untergebracht war. Auf dem Server lag ein anonymer Mixmaster-Remailing-Service, über den anonyme Bombendrohungen verschickt worden sein sollen. Bruce Schneier dazu: Bomb Threats As a Denial-of-Service Attack.
Riseup erklärt, dass die Beschlagnahmung eines Remailers, der per Design keinerlei Daten über seine NutzerInnen speichert, bei der Ermittlung der Bombendrohungen wenig Erfolg haben kann. Stattdessen werden viele politische und soziale Bewegungen beeinträchtigt. Auf dem Server lag u.a. die älteste italienische netzpolitischen Mailingliste („Cyberrights“), 300 E-Mail-Accounts, 50-80 Mailinglisten und Websites von Gruppen aus Lateinamerika, der Karibik und Afrika.
Devin Theriot-Orr, Sprecher von Riseup:
„Das FBI nimmt den Vorschlaghammer und schaltet Internet-Dienstleistungen von Hunderten von Menschen ab, um einen Unbekannten zu finden. Das macht vor allem deswegen keinen Sinn, weil es unwahrscheinlich ist, dass auf dem Server Informationen über die Quelle der Droh-Mails zu finden sind.
Wir bedauern die betroffenen Menschen an der Uni Pittsburgh, die seit Wochen mit der beängstigenden Bedrohung leben müssen. Wir lehnen diese Bombendrohungen ab. Die Beschlagnahmung des Servers wird die Bombendrohungen aber nicht verhindern. Die einzige Folge ist die Störung von E-Mails und Websites von tausenden Unbeteiligten. Das Netzwerk anonymer Remailer wird durch diese Beschlagnahmung nicht eingeschränkt.“
Die ganze Pressemitteilung im Original:
FBI seizes server providing anonymous remailer and many other services from colocation facility.
- Riseup Networks, Devin Theriot-Orr, 206-708-8740, email@example.com
- May First/People Link, Jamie McClelland, 917-509-5734, firstname.lastname@example.org
- ECN: Isole Nella Rete, email@example.com
Attack on Anonymous Speech
On Wednesday, April 18, at approximately 16:00 Eastern Time, U.S. Federal authorities removed a server from a colocation facility shared by Riseup Networks and May First/People Link in New York City. The seized server was operated by the European Counter Network (“ECN”), the oldest independent internet service provider in Europe, who, among many other things, provided an anonymous remailer service, Mixmaster, that was the target of an FBI investigation into the bomb threats against the University of Pittsburgh.
“The company running the facility has confirmed that the server was removed in conjunction with a search warrant issued by the FBI,” said May First/People Link director Jamie McClelland. “The server seizure is not only an attack against us, but an attack against all users of the Internet who depend on anonymous communication.”
Disrupted in this seizure were academics, artists, historians, feminist groups, gay rights groups, community centers, documentation and software archives and free speech groups. The server included the mailing list “cyber rights” (the oldest discussion list in Italy to discuss this topic), a Mexican migrant solidarity group, and other groups working to support indigenous groups and workers in Latin America, the Caribbean and Africa. In total, over 300 email accounts, between 50-80 email lists, and several other websites have been taken off the Internet by this action. None are alleged to be involved in the anonymous bomb threats.
“The FBI is using a sledgehammer approach, shutting down service to hundreds of users due to the actions of one anonymous person,” said Devin Theriot-Orr, a spokesperson for Riseup. “This is particularly misguided because there is unlikely to be any information on the server regarding the source of the threatening emails.”
“We sympathize with the University of Pittsburgh community who have had to deal with this frightening disruption for weeks. We oppose such threatening actions. However, taking this server won’t stop these bomb threats. The only effect it has is to also disrupt e-mail and websites for thousands of unrelated people,” continues Mr. Theriot-Orr. “Furthermore, the network of anonymous remailers that exists is not harmed by taking this machine. So we cannot help but wonder why such drastic action was taken when authorities knew that the server contained no useful information that would help in their investigation.”
The FBI purportedly seized the server because it was hosting an anonymous remailer called Mixmaster. Anonymous remailers are used to send email anonymously, or pseudonymously. Like other anonymizing services such as the Tor network, these remailers are widely used to protect the identity of human rights activists who place themselves and their families in grave danger by reporting information about abuses. Remailers are also important for corporate whistle blowers, democracy activists working under repressive regimes, and others to communicate vital information that would otherwise go un-reported.
The Mixmaster software is specifically designed to make it impossible for anyone to trace the emails. The system does not record logs of connections, details of who sent messages, or how they were routed. This is because the Mixmaster network is specifically designed to resist censorship, and support privacy and anonymity. Unfortunately, some people misuse the network. However, compared to the rate of legitimate use, the abuse rate is very low. There is therefore no legitimate purpose for the FBI to seize this server because they will not be able to obtain any information about the sender. This is plainly extra-judicial punishment and an attack on free speech and anonymity on the internet and serves as a chilling effect on others providers of anonymous remailers or other anonymous services.
In absence of any other leads, the FBI needs to show that they are making progress in this case, and this has meant seizing a server so they can proudly demonstrate they are taking some action. But what this incident shows is they are grasping at straws and are willing to destroy innocent bystanders for the sake of protecting their careers.
About the organizations involved
MayFirst/People Link (mayfirst.org) is a politically-progressive member-run and controlled organization that redefines the concept of “Internet Service Provider” in a collective and collaborative way. May First/People Link’s members are organizers and activists who elect a Leadership Committee to direct the organization. Like a coop, members pay dues, buy equipment and then share that equipment for websites, email, email lists, and other Internet purposes.
Riseup Networks (riseup.net) provides online communication tools for people and groups working on liberatory social change. Riseup creates democratic alternatives and practices self-determination by controlling our own secure means of communications.
ECN (European Counter Network – ecn.org) is the oldest independent service provider in Europe providing free email accounts, mailing lists, and websites to organizations, activists, and movements that are involved in human rights, freedom of speech and information in Italy and Europe. ECN is anti-fascist and works towards a just and equal society. Years ago, before sites like Youtube and Vimeo existed, ECN created a platform called NGV where people could upload and share independent video of human rights violations. Nowadays ECN works primarily with anti-fascist and anti-Nazi movements in all of Europe, providing space and resources to political and social centers.
Questions / further reading
Q: Doesn’t Mixmaster/anonymous remailers enable criminals to do bad things?
A: Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than mixmaster provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.
Mixmaster aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that.
Some advocates of anonymity explain that it’s just a tradeoff — accepting the bad uses for the good ones — but there’s more to it than that. Criminals and other bad people have the motivation to learn how to get good anonymity, and many have the motivation to pay well to achieve it. Being able to steal and reuse the identities of innocent victims (identify theft) makes it even easier. Normal people, on the other hand, don’t have the time or money to spend figuring out how to get privacy online. This is the worst of all possible worlds.
So yes, criminals could in theory use mixmaster, but they already have better options, and it seems unlikely that taking mixmaster away from the world will stop them from doing bad things. At the same time, mixmaster and other privacy measures can fight identity theft, physical crimes like stalking, and so on. (www.torproject.org/docs/faq-abuse.html)
Q: How does Mixmaster / Anonymous remailers work?
A: Anonymous remailers work by connecting to other anonymous remailers in a chain, and every one in that chain removes the mail header information making it impossible to find the real sender. The Tor project maintains a list of typical users of this and other anonymity systems, and the Mixmaster home page