[HACK] backdoor policial en anonimizador aleman

Thu Aug 28 12:11:54 CEST 2003

(jesus,  ya  se  que  no se pueden enviar forwards pero esto me parece
bastante preocupante y no tengo el cuerpo para traducirlo. Esta sacado
de los boletines de GILC y EDRI-Gram. Tu mismo :)

==============================================================
[4] German court ruling curbs Internet anonymizing software
==============================================================
A decision by a local court in Germany may make it more difficult
to engage in anonymous free speech online.

A trial court (Amtsgericht) in Frankfurt am Main has ruled that
anonymisers without backdoors for law enforcement purposes are
illegal. The case involved the AN.ON anonymizing service, which
utilizes a Java Anonymizing Proxy (JAP) from TU Dresden. The German
Federal Office of Criminal Investigation Office (BKA) required
workers at the research project AN.ON to store information collected
regarding a user (as identified through that person's Internet
Protocol address) for a certain period and to turn over that data
for law enforcement purposes. 

The independent national data security center in Schleswig-Holstein
objected to this procedure. Helmut Baeumler, the national
data-security commissioner in Schleswig Holstein, said that the
Office's actions were "obviously illegal."  Although the court threw
out the center's complaint, the decision has been challenged and
might be overturned by a higher court.

Not surprisingly, cyberliberties experts have expressed anxiety
over these developments. A spokesperson from Stop1984 (a GILC
member) explained that her group simply did "not agree" with "the
idea of an anonymizer being used for surveillance. Privacy,
especially in times when it is so easy to grab data and personal
information, should be essential and a service providing this
privacy should not be forced into tricking their customers into
thinking they are private when they are not." Stop1984 has since
created a list of 73 public proxies which are known to be compatible
to JAP in order "to help people to regain their privacy." 

An AN.ON press release regarding these developments is available at
http://www.inf.tu-dresden.de/~hf2/anon/presseinfoANON.html

An English-language version of this release is posted under
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

For further background information about AN.ON, click
http://anon.inf.tu-dresden.de/

For more details about Stop1984's list of alternative anonymizing
proxies, click 
http://stop1984.com/index.php?lang=en&text=japstop.txt

See Christiane Schulzki-Haddouti, "Nicht mehr ganz anonym:
Anonymisier-Dienst JAP protokolliert Zugriffe," Heise Online, 18
August 2003 at
http://www.heise.de/newsticker/data/uma-18.08.03-001/

----------------------8<------------------------------------

==================================================================
1.SUCCESSFUL APPEAL AGAINST BACK-DOOR IN GERMAN ANONYMISER
==================================================================

Yesterday, an appeal-court in Germany suspended an earlier order to
build
a backdoor into Germany's most famous anonymising service. The
backdoor
was removed immediately. According to the original court-order, the
IP-addresses of all visitors to a certain website had to be logged
and
handed-over to the federal criminal police office. This vital
information
was not disclosed by the developers, but discovered by an attentive
user
of the service who close-read the open source.

The AN.ON-service enables its users to surf anonymously via a
Java-webproxy, disguising traces through a network of
'Mix'-computers. The
software was developed by experts from the universities of Dresden
and
Berlin, in collaboration with the independent regional data
protection
authority of Schleswig-Holstein.
According to the data protectioners, they were constitutionally
forbidden
to communicate this privacy-breach to their customers. Only after
great
public upheaval they felt free to give their opinion on the case,
stating
the court-order was illegal to begin with, since telecommunication
service
providers should only hand-over data they are regularly obliged to
retain.
Obviously, the anonymiser did not regularly store data that are
traceable
to individual users. The developers launched a formal legal protest
against the order, but since that did not have a suspending
function, they
felt forced to create the backdoor.

Erster Teilerfolg fuer AN.ON (27.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip2.htm

AN.ON still guarantees anonymity (19.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

Information about AN.ON in English
http://anon.inf.tu-dresden.de/index_en.html