San Diego Lance Cottrell, the CEO of Anonymizer.com, a La Mesa-based Internet service that masks the identities of its users while they are on the World Wide Web, wasn't always obsessed with online privacy. In fact, the San Diego native used to be much more interested in outer space than cyberspace.
Cottrell's transformation began in 1993, shortly after the Clinton administration unveiled a controversial plan to impose a national data-encryption standard on electronics manufacturers, one that would have allowed government agencies to monitor private communications.
The proposal outraged Cottrell, a self-described "moderate Libertarian," who was then a second-year Ph.D. student in astrophysics at UCSD. He responded by boning up on the issue as only a scientist could, poring over cryptographic algorithms and reading arcane academic journals. He also made contact through the Internet with the Cypherpunks, a loose group of programmers who saw themselves as champions of privacy in the Information Age and vehemently opposed to the Clinton plan.
"I was all fired up," Cottrell, now 30, says. "I'm not anti-government or anti-cop, but free speech and civil liberties are issues that are very important to me."
The Clinton plan for the so-called "Clipper chip" collapsed under industry opposition, but Cottrell's obsession with encryption lived on. He developed an e-mail program called MixMaster that allowed users to send and receive messages anonymously. And out of the program came a business and a career.
Today, Cottrell's popular Web portal, www.anonymizer.com, lets users visit 10 million pages a month without leaving too much information about themselves behind. All search-and-surf requests are processed through a series of proxy servers that, according to Cottrell, rewrite and hide all the information about the real user's identity and eat any "cookies" or code sent by the target website.
All target website operators know is that their pages were accessed from www.anonymizer.com; the visitor's real IP address, e-mail address, and browsing history are never known -- not even by Cottrell and the six employees who work in the company's suitably anonymous offices on La Mesa Boulevard. An annual subscription costs $49.99. (A free service is available, too, but regular users find the built-in delays -- designed to keep the servers open for paying customers -- annoying.)
Customers range from porn-lovers who want to visit hard-core adult sites to law-enforcement agencies conducting surveillance on porn lovers who visit hard-core sites. The company keeps no records on its clients, though it gets subpoenaed "a lot," Cottrell says, mostly because of customers who take advantage of the anonymous e-mail to settle grudges with ex-spouses and current bosses.
"We get a subpoena a month," Cottrell says, "mostly for minor harassment issues, you know, an employee sends a nasty note about his boss and cc's all his colleagues. But we don't have a database to turn over. If we're alerted to illegal activity or copyright violations or libel, we of course do something about it."
Cottrell, a 1987 graduate of Gompers, a computer magnet high school in Southeast San Diego, insists his service isn't just for paranoids or cranks. The threat to privacy is real on the Internet and growing as the Web becomes a commercial medium crawling with marketers and information brokers. Internet users who aren't careful today, he says, risk more than just unwanted e-mail solicitations. They could, Cottrell warns, find themselves denied health insurance or a job down the road.
"Data-harvesting on the Internet has become a high art," he says. "Your personal information is very valuable, and so some very smart people are spending a lot of time studying how to extract as much as possible from you as you pass through their websites. They want to know what you look at, how long you spend on each page, what search words you type in, which articles you read.
"And because advertisers like DoubleClick have banners across hundreds of different sites; they can correlate it not just across one site but across a large fraction of the sites you look at. And of course there's no law against them selling and exchanging this information.
"People often ask, 'Well, what do I have to hide?'" Cottrell says. "The individual pieces of information, in isolation, often appear trivial. But the collection of all this information into one searchable database is quite powerful and frightening. It gives very good information about your health, your investments, your political leanings. It's a tremendously detailed profile they're building up about you -- and there's no telling what will get done with it."
Beth Givens, project director of the San Diego-based Privacy Rights Clearinghouse, calls Cottrell's service "brilliant" and dismisses the notion that he is exaggerating the scope of the problem. "It's not paranoia," Givens says. "I've been doing this work since 1992, and every time somebody tells me, 'Oh, that will never happen,' or 'Oh, that will never be,' guess what? It happens.
"The more we interact with the Internet, the greater chance there is for a record to be created. I think Cottrell's service, the Anonymizer, is brilliant, and I'm pleased it's here in San Diego."
Cottrell's bona fides are so well established in the encryption and privacy communities that last month, when human-rights groups worried about the safety of Kosovar refugees using the Internet to report on Serb brutality, they turned to the San Diegan for help. "They were very concerned," Cottrell says, "that all of the information coming out was coming out in the clear, that people were sending [these e-mails] under their real names out of their standard ISP accounts.
"You know, the downside for you and me if our privacy is violated is that someone will have a profile of us or send us spam. The downside for the Kosovars is getting executed."
The result was the Kosovo Privacy Project, an emergency e-mail system that allowed eyewitnesses to report abuses over the Web -- and frustrated efforts by Serb authorities to hack into the transmissions.
"They wanted us to deploy something rapidly that was tailored to their needs," Cottrell says. "It had to be something that didn't require software downloads, it had to be easy to use for an Internet novice, and it had to provide security for them against active sniffing or monitoring.... We had it up and running that afternoon."