Successful appeal against backdoor in German anonymiser

By EDRi · August 27, 2008

Yesterday, an appeal-court in Germany suspended an earlier order to build
a backdoor into Germany’s most famous anonymising service. The backdoor
was removed immediately. According to the original court-order, the
IP-addresses of all visitors to a certain website had to be logged and
handed-over to the federal criminal police office. This vital information
was not disclosed by the developers, but discovered by an attentive user
of the service who close-read the open source.

The AN.ON-service enables its users to surf anonymously via a
Java-webproxy, disguising traces through a network of ‘Mix’-computers. The
software was developed by experts from the universities of Dresden and
Berlin, in collaboration with the independent regional data protection
authority of Schleswig-Holstein.
According to the data protectioners, they were constitutionally forbidden
to communicate this privacy-breach to their customers. Only after great
public upheaval they felt free to give their opinion on the case, stating
the court-order was illegal to begin with, since telecommunication service
providers should only hand-over data they are regularly obliged to retain.
Obviously, the anonymiser did not regularly store data that are traceable
to individual users. The developers launched a formal legal protest
against the order, but since that did not have a suspending function, they
felt forced to create the backdoor.

Erster Teilerfolg fuer AN.ON (27.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip2.htm

AN.ON still guarantees anonymity (19.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

Information about AN.ON in English
http://anon.inf.tu-dresden.de/index_en.html