Yesterday, an appeal-court in Germany suspended an earlier order to build a backdoor into Germany's most famous anonymising service. The backdoor was removed immediately. According to the original court-order, the IP-addresses of all visitors to a certain website had to be logged and handed-over to the federal criminal police office. This vital information was not disclosed by the developers, but discovered by an attentive user of the service who close-read the open source.

The AN.ON-service enables its users to surf anonymously via a Java-webproxy, disguising traces through a network of 'Mix'-computers. The software was developed by experts from the universities of Dresden and Berlin, in collaboration with the independent regional data protection authority of Schleswig-Holstein. According to the data protectioners, they were constitutionally forbidden to communicate this privacy-breach to their customers. Only after great public upheaval they felt free to give their opinion on the case, stating the court-order was illegal to begin with, since telecommunication service providers should only hand-over data they are regularly obliged to retain. Obviously, the anonymiser did not regularly store data that are traceable to individual users. The developers launched a formal legal protest against the order, but since that did not have a suspending function, they felt forced to create the backdoor.

Erster Teilerfolg fuer AN.ON (27.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip2.htm

AN.ON still guarantees anonymity (19.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

Information about AN.ON in English
http://anon.inf.tu-dresden.de/index_en.html