The Globe and Mail
Saturday, February 27, 1999

Caught on the Net: spying gets easier

Beware the messages you leave on the Net.
Your spouse, employer or kids may be watching.

by Julian Sher, jsher@journalism.com

The unwitting civil servant in Nova Scotia was delighted to discover he could use his office computer to send personal messages over the Internet to a Christian Bible chat group. He bared his soul in more than 250 written postings. He talked about his faith in God and Jesus and how the Ten Commandments are a sign of mankind's need for help.

What he didn't know was that others besides God and his fellow Christians were watching. Every posting could be easily traced according to its government return address and read by CBC journalists on an Internet training course in Halifax. The reporters were given a simple exercise: Track how provincial employees were using office equipment and time to carry on personal business on the Internet's public billboards and chat forums.

"I was appalled", said the man, who asked to remain anonymous, after learning his remarks had been meticulously catalogued on a highly popular Web site called DejaNews. "I had no idea anything like that was possible."

Call it the 11th Commandment: Watch what you say on the Internet.

Controversy over electronic privacy is nothing new. Seized electronic mail has figured prominently in sensational investigations ranging from the U.S. Iran-contra scandal to the current antitrust suit against software giant Microsoft Corp. Many office workers by now know that ostensibly private messages sent over corporate computers are considered company property, and that those messages are routinely backed up and stored to guard against data loss in the event of a network failure.

What makes the above case different is the ease with which people can now locate and read each other's public messages. Although the E-mail postings in question were not strictly private (intended, as they were, to be read by like-minded others in the Christian chat group), it's now possible for anyone with an Internet connection to pore over those public postings - indeed, over someone's entire chat history - with the click of a button. That's because companies with powerful Net-searching computers, most notably DejaNews and the search service AltaVista, have begun harvesting bulletin-board and chat-group messages and indexing them on their popular, advertiser-supported Web sites. Simply visit the free site DejaNews, type in someone's E-mail address and, instantly, you're presented with every public remark or question that person has left on the Net for up to several years.

The implications are staggering. Suspicious spouses can check if their partners have been seeking on-line romance in any of the Net's many singles chat groups. Suspicious employers can spy on disgruntled workers who may be spreading critical messages about the boss or company in, say, an environmental forum. Web-savvy children can spy on their parent's favourite hobbies and chat topics, and vice versa. Insurance companies can secretly monitor customer's lifestyle interests.

And private detectives can hunt down fugitives. Canadian Web sleuth Carla Edwards runs Datatrac, a tracing company out of Casper, Wyoming. Most of her clients are private investigators and bail-bond agencies. "Everyone who posts on the Internet leaves a trail that can be followed", Edwards said.

She uses DejaNews to track a person's interests, psychological profile, and even physical location. For example, "if a subject posts a vehicle for sale, often you will pick up details such as a telephone number in the body of the ad, in addition to the vehicle year and make", Edwards explained.

Most disturbing of all for a lot of people, perhaps, employers now can check out job applicants' travels on the Net. "We are frequently contracted to do background investigations on prospective short-list candidates for executive positions in the oil-and-gas and brokerage industries in Alberta", said Bill Fischer, who heads Electronic Countermeasures Inc. of Calgary, a security-management and consulting corporation. "We use DejaNews and other Web tools to verify hobbies, interests, and attitudes. A search can tell a lot about a person, good and bad."

DejaNews is the premier site for searching through the Internet's vast array of public forums. A privately-held company owned by several investors, including publishing giant Ziff-Davis, DejaNews makes its money by selling advertisements on a site visited by more than four million people every month. The site's main function is fairly benign: to provides visitors with a central information directory to more than 80,000 Internet discussion groups. Type in a keyword term - sewing or Toronto Blue Jays, say - and you will find a list of E-mail messages posted by other visitors with an interest in the topic. Point your mouse on the title of any message, click, and up pops the message. Another click and you can respond to the group with your own comment.

But click on an inconspicuous link labelled "author posting history" and you get that correspondent's complete message history: Everything he or she has written to any other public forum dating as far back as four years. Not just everything that person has written to the sewing chat group, but everything he or she has posted to every other chat group. You could find that your E-mail sewing partner, for example, has also been fraternizing with white supremacists or visiting one of the Net's ubiquitous pornography groups. You can also directly type in anyone else's E-mail address, such as your child's, and get the same kind of information.

Company spokesman Greg Wise says new technology and the falling price of electronic data storage has made it all possible. DejaNews has a remarkably large archive of more than 240 million E-mail messages, accumulated over the past four years. "We certainly try to do our part to make sure that users are aware all their messages can be traced", he said.

Indeed, DejaNews carries a disclaimer on one of its policy pages that few E-mailers unfortunately will ever bother to read: "Be careful what you say. Information posted to any forum can come back to haunt you."

Julian Sher is an internet trainer and the creator of JournalismNet, a web research site at http://www.journalismnet.com . He can be reached at jsher@journalism.com. When he is not surfing the web, he is a freelance producer for CBC-TV's the fifth estate.

Related Web sites

Electronic Frontier Canada
Electronic Countermeasures Inc.

How to Spy

Go to the DejaNews Web site (http://www.dejanews.com). In the main search window, type in the E-mail address of the person you want to spy on. A list of postings made by that author will appear. To view all the postings made by a particular person, click on the blue, underlined words: "author posting history".

Covering your tracks

Copies of Internet messages are usually stored in four places: your personal computer's hard drive, the recipient's hard drive, and one each on the large "server" computers that provide Internet service for you both. An internet service provider can keep copies of every message sent by its subscribers, sometimes for years. But there are ways to minimize your chances of being spied on:

Be vigilant:
DejaNews, the Web site through which many people post messages to public forums, offers a little-known way to prevent your E-mails from being archived. Simply begin the body of every message with "x-no-archive". You must do this for every message.
You can shield your identity to an extent by using one of the Web's many free E-mail services (such as Hotmail at http://www.hotmail.com or YahooMail at http://www.yahoo.com) and typing in an alias E-mail return address, such as neatguy@hotmail.com. Keep in mind this does not hide your identity from the people at hotmail or yahoo, and it only hides your real E-mail address, not the contents of the message, which may inadvertently identify you or be libellous. Should you make contentious remarks, you'd have no legal protection because a court could order Hotmail or Yahoo to divulge your identity.
This goes a big step beyond a simple pseudonym. Montreal-based Zero-Knowledge Systems (http://www.zks.net) has developed a program called Freedom that enables you to create a sophisticated digital pseudonym that hides your true identity - even from Zero-Knowledge. It also encrypts the contents of the messages you send, so that no one other than your recipients, not even Zero-Knowledge, will know what you've written. It will be available in June at a cost of $75 (which gives you five pseudonyms for one year).

Copyright © 1999 by All Rights Reserved. Reprinted with permission.