Today sending an anonymous email is easier than ever. Internet-based, military grade end-to-end encryption software and technology has developed rapidly. Everyday citizens can download an app or subscribe to an anonymous email account that offers the same sophisticated level of security that was once only available to intelligence services in the world’s most advanced nations.
Having the ability to keep our emails private, being able to surf the internet without intrusive monitoring or government snooping is under assault. Especially since the horrific terrorist incident that took place in Paris on November 13, close scrutiny of the ease of accessing this encryption technology that offers privacy to internet users is being reviewed by security agencies of numerous national governments.
You might wonder how a terrorist attack in France could have anything to do with your ability to have anonymous email.
As network news analysis continued in the aftermath of the Paris attacks, security experts interviewed by news anchors underscored their concerns about the ease that terrorists can privatize their communications. It is their ability to send anonymous email, obtain disposable mobile phones or cloaked, temporary cell numbers that gives them the capacity to plan and coordinate their attacks undetected by the intelligence services entrusted with protecting citizens from the harm they can inflict.
They use these encryption technologies to surreptitiously communicate with each other to coordinate their subversive illegal, activities right under the noses of the legal authorities. They’re using the same or similar software applications that the police and government security agencies also use to maintain secure, un-hacked communications.
And the police are complaining they can’t keep tabs on the terrorists to effectively interdict and prevent terrorist exploits. It’s too easy for two-bit extremists to employ the equivalent, first-rate electronic privacy networks as the law enforcement agencies use themselves. And a lot of these apps are perfectly free.
In recent interviews, security experts, high level consultants and spokespersons are questioning out-loud the universal, uncensored accessibility of encryption capabilities to the general public. They maintain that the ease of accessing encryption apps and anonymous email accounts by the bad guys makes the cop’s job of preventing terrorist incidents that much harder.
Let me ask you a question. “When was the right to privacy ever just optional”?
If you are an American citizen, you are protected by the 4th Amendment of the US Constitution from unreasonable search and seizure. It reads: “The right of the people to be secure in their persons, houses, papers, and effects against unreasonable search and seizures, shall not be violated”…
You could say that ever since the 9/11 attacks on the World Trade Center buildings in 2001, the American government has been re-defining or reinterpreting what is meant by that term “unreasonable”. Just look at what world travelers consider normal now when they go to catch their flights at any airport in the nation. Anyone who flies has experienced the TSA security checks that are mandatory before boarding your plane. Years ago this would have been thought an “unreasonable” intrusion on our privacy and freedom of movement.
Should we be subjected to the same level of scrutiny when we travel electronically on the internet? Should every email we send be routed through a gatekeeper’s spyware reminiscent of those TSA scanning machines that strip us naked before their electronic eyes?
It’s the old story. A few bad apples in the barrel spread rot to all the rest. A miniscule minority of maladjusted individuals feel it’s their right to inflict violence on an unsuspecting public.. Religious fanatics politicized by agents of revolutionary fervor get trained to perpetrate horrific murderous attacks against innocent victims. Suicide bombers, masked gunmen willing to be martyred for jihad shoot to kill innocent bystanders going about living their lives, minding their own business.
Those of us who witness such ignominy from a safe distance, remaining unmolested and alive, wonder at the brutality, callousness and seemingly total randomness of murder and mayhem striking at the very core of civil society.
How much Liberty? How much Security?
Incidents such as the Paris attacks can leave the rest of us feeling like survivors. It is our sense of shared humanity that bonds us to the victims and their bereaved families. People of Western democratic nations have erected impromptu memorials to the casualties of the atrocities. Social media posts express touching sentiments. Shared condolences from complete strangers arise spontaneously.
Iconic landmarks are draped in the tri-color of France’s red, white and blue.
Government leaders speak of the solidarity that exists between the United States and France. All of Europe including the UK holds hands with their continental neighbors. Patriotism tugs at our heart strings. Tears well up in the eyes of the mourners.
What we don’t know yet is how the government of France will respond to heightened concerns by their citizenry for increased security. Will they clamp down on the companies that provide free or easily purchased anonymous email accounts? Will vpn (virtual privacy network) services be forced to submit to enhanced security restrictions or regulatory efforts in an attempt to put further constraints on the terrorists using these types of applications that all private citizens now freely enjoy?
What fallout will we witness as governments grapple with the populace clamoring—on the one hand– for increased security measures while on-the-other, right-to-privacy advocates demand that government institutions respect the traditional boundaries established by constitutional restraints on invasive search and seizure policies and practices.
Constitutional guarantees afforded to citizens’ protections of their rights to privacy are under intense pressure. Americans in ownership of the US Constitution probably enjoy the greatest protection of something as small as the uninterrupted, non-denial of service that permits us to send an anonymous email. Without government interference and uninvited spying.
It will be interesting to see what happens to our French, English and European counterparts. How will these recent atrocities impact the free movement of peoples across national borders? How will electronic surveillance and monitoring of communications by government attempts to clamp down on political radicals and religious zealots impinge upon the rest of the law abiding citizens?
The Coordinated Cyberattacks on a Swiss based provider of Anonymous Email Accounts
Perhaps in a totally unrelated event, perhaps not, a secure, end-to-end encrypted provider of free anonymous email accounts whose servers are based in Switzerland was victimized by cyberattack that took their servers off line for several days.
This occurred only a few days prior to the vicious attacks on the Paris concert hall audience.
I found out there was something wrong when I tried to log in to my email account. The site was down. And the next day when I could finally log in there was a post informing subscribers that they (the email provider, Protonmail.com) had experienced an intense cyberattack in the form of a DDOS (Distributed Denial of Service). This is comparable to a massive traffic jam which causes gridlock. In this instance, instead of cars, a huge amount of data gigabits are propagated against the network’s lines. This directly attacks the infrastructure of their upstream providers and the datacenter itself. So much data bits are generated it results in broadband overload.
The coordinated assault on their ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where the ISP has nodes. These attacks apparently overwhelmed the network infrastructure and took ProtonMail offline making it impossible for customers to access their anonymous email accounts. Protonmail states that the attacks did not breach the security of their database.
ProtonMail has since learned that it was attacked by at least two separate groups. The first attacker, the Armada Collective, a group of criminals who had been identified as being responsible for a string of DDOS attacks across Switzerland in prior weeks demanded a ransom just prior to launching the first attack. The Armada Collective denied responsibility for the second attack.
The second group caused the vast majority of the damage, including the downing of the datacenter and crippling of upstream ISPs, exhibiting capabilities more commonly possessed by state-sponsored actors. They never contacted Protonmail administration to make any ransom demands. Their sole objective was to take a robust and secure provider of sending anonymous email offline, at any cost, with no regards for collateral damage, and to keep them offline for as long as possible. They have still not been identified.
This sophisticated DDoS episode represents the largest and most extensive cyberattack ever to occur in Switzerland, with hundreds of other companies also hit as collateral damage. The main attack began on Wednesday, November 4th, and it was not until the evening of Saturday, November 7th that the situation was brought under control.
There is no doubt that the purpose of the attack was to keep ProtonMail offline for as long as possible. In doing so, the attackers wanted to deny email privacy to nearly a million people worldwide.
The Stark Implications of this attack on the privacy community
At this juncture, public release of information specifically identifying the source of this (second) attack has not been made. As already noted, the level of technical sophistication required to create a DDOS of this magnitude suggests that the attackers possessed capabilities more commonly possessed by state-sponsored actors.
It is only speculation, but we can pointedly ask if we have witnessed an assault coordinated by agents and/or authorities who may have acted at the instigation of official governmental bodies who have already confessed on camera their frustration and inability to track and monitor terrorist clandestine activity. Was this attack an effort to reduce universal access to anonymous email service providers and thus clamp down on the free exchange of electronic information affecting not just potential terrorists but free thinkers everywhere?
It is an unfortunate happenstance that the same privately secured networks used by law-abiding and civic-minded citizens can also be used by the murderous and cunning terrorist groups as well.
We might wonder about the motivations of the attackers. What advantage could extremist organizations possibly have in attempting to destroy anonymous email providers which they themselves rely on to conduct their subversive anti-state, anti-social, activities undetected?
It is well known that virtual privacy networks and anonymous email services provide non-surveilled, non-censored, communication avenues to activists of every description, journalists, whistleblowers, and other “at risk” groups. These types of cyber secure services provide anonymity to people who may be classified as dissidents or protesters who disagree with officially sanctioned government policies. In a free, democratic and pluralistic society channels by which civil disobedience/protesting and redress of grievance may be expressed under protections of the law are hallmark signs of an open society in which justice can be administered. . Minority groups need a platform to voice dissenting opinions when disagreements arise between competing political interests and the ways in which laws are enforced affect the broad public.
Unfortunately, there are powerful groups out there determined to oppose the unhindered free access to privacy networks which have a pivotal role in contributing to the modern means for the continued expression of free speech.
The attackers hoped to destroy a community which shares a common cause and vision for an Internet that respects privacy and freedom in which even the most unpopular or disenfranchised can assert their voice without fear of harassment or banishment.
The consumer/citizens ability to obtain the services of providers that bring anonymous email services and virtual privacy network functionality to the internet must be preserved and protected by statutory law that guarantees the to the exercise of free speech.