In 1994, Johan "Julf" Helsingius ran an online post office box that allowed people to anonymously share information over the Internet. But after secret religious documents belonging to the Church of Scientology found their way onto the server, Helsingius found himself in the midst of a multi-year legal battle with the Church that saw his name and face splashed everywhere from The New York Times to Time Magazine. 25 years later, he speaks with POWER PLAY's Ayden Férdeline about the state of Internet freedom in Finland today, the stress of this dispute, and the lessons he's learned from this battle.
Intro [00:00:07] You're listening to POWER PLAYS, the podcast hosting conversations between policymakers, engineers, business leaders and others who are influencing the Internet's infrastructure and institutions in ways that impact all of us today. Here's your host, Ayden Férdeline.
Ayden Férdeline [00:00:29] Welcome to POWER PLAYS, presented by Grant for the Web, I'm Ayden Férdeline. Today on the show, we have Julf Helsingius, a Swedish-speaking Finn, joining us from the Netherlands, who is a true Internet pioneer. And today we're discussing the time in the '90s that he was sued by the Church of Scientology claiming that someone was using a server he owned to unlawfully distribute their religious secrets. Julf, welcome to POWER PLAYS. Now, a question that I always ask guests on POWER PLAYS is an icebreaker, and that is, what is a contrarian thought that you have about business or culture that others might just disagree with you on?
Julf Helsingius [00:01:10] Well, it's actually a hard choice because as you might know, I'm getting to be a grumpy old man and I have so many contrary opinions, picking a suitable one is hard. But I think my favorite right now is really about how somehow we've gone from an Internet that was designed to be a peer to peer network of computers where the computers, of course, acting for people, accessing certain services all over the network. And it was kind of as long as everybody used the same protocols which are public, commonly agreed to protocols, you could pretty much talk to any application of any computer. And now we suddenly in this situation where we are using closed apps on closed devices, using some proprietary protocols, talking to some central cloud servers of a few handful of providers or some proprietary content distribution network. And it's, we really back into AOL kind of walled gardens here? And that kind of also relates to sort of the thing, how everything now has to be controlled by an app and has to be talking to a cloud. I mean, do I really need my kitchen stove to have Wi-Fi and talk to the cloud? And so having my doorbell not work because my Internet connection is down is just somehow wrong.
Ayden Férdeline [00:02:35] Is that a contrarian thought or maybe we just think of alike, Julf, because I feel the same way and I'm reminded of a tweet by James Ball recently where he was saying, the Internet is a decentralized network that we centralized by all using the same two to three services like AWS and Cloudflare to distribute our websites. It's the recentralization of decentralization. It's worrying.
Julf Helsingius [00:02:59] Yeah, yeah. I mean, I think it's contrary in the sense that I still see so many businesses who are more than happy to put all their stuff on the cloud. I see schools putting their stuff in the cloud. I see. And again, it's getting harder to harder to find devices that don't require cloud connectivity to work. And so I would like to be able to turn off something without having to start an app on my phone. But that's how people have decided to do it now.
Ayden Férdeline [00:03:27] So you live in Amsterdam now. But I want to go back to the early 90s, back when you were in Helsinki and as a side project, you're running a remail server. Anyone can email the server anonymously, and the server then forwards replies to the sender. Do I have that right?
Julf Helsingius [00:03:44] Yes, absolutely. So, again, yes, I was in Finland. I was running pretty much the first commercial ISP in Finland. But I've, completely as a hobby project, I set up this thing and that actually worked as a, let's say, virtual post office box where you could communicate both exchange email and communicate with newsgroups, back when we had Usenet postings in the midst of an identity that was just a post office box. So nobody needed to know where you were or who you were, but they could still communicate.
Ayden Férdeline [00:04:19] Who is using this virtual post office box and why do you think they were using it?
Julf Helsingius [00:04:26] Well, it actually surprised me a bit as well, because I first set it up just as a kind of feasibility study to show that, come on, on the Internet, anybody can be a dog. But then suddenly people started saying, actually keep this running because we really need it. And it was all over the world. Things like, of course, discussing sex, discussing religion, discussing politics in places where it's sort of sensitive. But I was also surprised by some really weird things, like the number of programmers who are asking questions using my server because they didn't want their boss to know that they didn't know how to do this. Of course, more obvious things was whistle blowing, things like good samaritans with their acts of suicide help line, political dissidents of course. My favorite example is Singapore, where you, at the time at least, couldn't criticize the Prime Minister without it being a major crime.
Ayden Férdeline [00:05:25] It's interesting that you mention Singapore. I guess I assumed it was only people in Finland that were using your remail server. Was it a bit more global than I realized?
Julf Helsingius [00:05:35] Oh, yeah. It was totally, totally global. There was users from all over the world. A lot of Americans, but of course, a lot of people from countries where there were some more repressive regimes, for example.
Ayden Férdeline [00:05:47] I'm just trying to wrap my head around how it all worked. So I would send an email to firstname.lastname@example.org. I'm sure I'm mispronouncing that I apologize, I would send that one email and then it would go to everyone that was subscribed to the mailing list or is a little more tailored and the message would only go out to subgroups or individuals or something like that?
Julf Helsingius [00:06:12] Yes, I mean something that's, going back to the nineties, that's when Usenet was still a big thing and Usenet was this and it still sort of exists, but nobody uses it anymore. But it was this enormous, totally distributed bulletin board where basically machines exchanged messages with each other. And you pretty much, you talk to one of the Usenet servers and we posted something in a group and there were hundreds of different groups and you posted something in a discussion group and it would kind of show up in that group on all those servers all over the world. So that was one of the major uses for the server to post in these groups. But of course, you could also just send the email to a specific user. And that user could, of course, be an email list or something.
Ayden Férdeline [00:07:03] Thanks. I think I understand it a lot better now. And in terms of the setup that you had, was it just one server? How much traffic was it getting? How many messages on a typical day would be exchanged, say, at the peak of your server's life?
Julf Helsingius [00:07:20] Well, at its peak, it was thousands of messages, which these days sounds like a tiny bit, but in those days was enormous, considering the machine started out as a 386, upgraded to something much more powerful, a 486. Yeah, it was a single piece here doing all this.
Ayden Férdeline [00:07:42] You said before that you started this as a feasibility study. So did you code it or it was a bit off the shelf? It was open source? What was the deal there?
Julf Helsingius [00:07:51] Well, I coded it. I coded the application itself completely by myself, basically using Unix tools, which were perfect for this, a lot of string processing and stuff like that. What I did use was some open source firewall toolkits and stuff for the security aspects of it. Something you learn very early on is don't invent your own security. Use something that's been properly peer tested.
Ayden Férdeline [00:08:16] Wise words, Julf, and why did you start it? I mean, I know you mentioned briefly that it was a feasibility study for you, but was that the main driver or was there something else? Was it a social good? You wanted to create this space for free speech?
Julf Helsingius [00:08:34] I wish it was that noble, but no, it was just bloody stubbornness and annoyance. This was the time when the Internet was transitioning from having been a university network, an academic network, to being also open to commercial users and commercial providers. And back in Finland, there was this of a university network system administrator who felt very strongly that, no, you have to, on the net, you have to according to their rules, you have to use your correct name and you have to be able to identify yourself. And I said, that's silly, because that's not how the Internet works. Anybody can forge a from line in an email. So the first cut of the server was just basically a couple of days of putting together a script to show that this is how you do it. And then somebody said, yeah, but yeah, yeah, yeah. But then you can't respond to those. And I said, well, hold my glass. I fixed that part in the code. After that, it was, yeah, OK, I kept it running for a while and then I started getting these mail saying thanks for running this. We need it for this kind of stuff. And I thought, yeah, I didn't think about that, but maybe there is an actual real use for it. And after that, it was mostly just work on performance enhancement just to make it scale because the volume started going up and of course making it easier to use. And I think that was the most important thing. I mean. Maybe it was easy to use, it wasn't the best. It wasn't the most secure. It wasn't this and that. It was an easy to use service that anybody could use.
Ayden Férdeline [00:10:14] How were people finding out about it? Was it word of mouth?
Julf Helsingius [00:10:18] Yeah, absolutely.
Ayden Férdeline [00:10:19] I know in the past that you have been reluctant to answer this question, but I'm going to ask anyway, where was the server physically located?
Julf Helsingius [00:10:29] For a long time, actually, under my desk in my home office. But then when the volume started getting bigger, it needed a faster Internet connection. So it was then in the machine room of the Internet Service Provider I was running.
Ayden Férdeline [00:10:43] Got it. And in terms of all the correspondence that was being sent, was it truly anonymous or if you really wanted to, you could see who was behind an email that had been sent?
Julf Helsingius [00:10:55] Well, that was the big weakness of the system that I was very clear about from the start. To be able to provide to two way communication, it had to know, really, an email address behind the post box. So there had to be a database in that computer that's mapped postbox numbers to actual email addresses. So, I mean, yes, I could have looked at it and in some cases I had to go for technical reasons when emails bounced. I had to go and see what's going on here. But I very, very clearly made the decision for myself that, no, I won't actually go and look at message content. I won't try to look up who's who. Because that's a slippery slope that once you go down that road, it's not going to end well.
Ayden Férdeline [00:11:52] Absolutely. It's all built on trust.
Julf Helsingius [00:11:55] Yes.
Ayden Férdeline [00:11:56] And you had a lot of users that were very happy and really enjoyed using the service. But you also had a few critics. From what I understand, you made some reforms to the remailer over time, like you restricted the ability to transmit images. But did that stop the criticisms coming in from these very vocal critics?
Julf Helsingius [00:12:14] Well, it stopped. I mean, there was there was a limit, and that's why you couldn't post any big pictures or any files that were big enough to contain pictures. And you couldn't post to the groups where people usually posted pictures. And that took care of the criticism about people said, oh, this will just be used for posting porn. Of course, it didn't deal with the criticism coming from people saying, well, it's being used, to say nasty things about our government. I said, yeah, sorry, that's legal in Finland.
Ayden Férdeline [00:12:47] One particular conflict that you had, so early 90s, you come under attack from the Church of Scientology as they claim that someone used your network to illegally publish church documents. Can you tell me a little bit about that incident?
Julf Helsingius [00:13:03] Sure. And something about the Church of Scientology, which is important to know, that they in their court documents themselves, they say that they are a commercial entity, legally incorporated as a church, and they make money by selling their training courses with their secret teachings. And of course, those training courses and the secret teachings are copyrighted. So they really use copyright to protect themselves. So when critics of the church posted some of those secret documents to show what kind of stuff it was, it was of course a copyright violation, and they said causing significant commercial damage. So in beginning of 1995, February 1995, they contacted me and told me that some documents had been stolen from their servers, proprietary closed systems at their headquarters, and whoever stole them then used my server to post that materials. And because it was stolen and they claimed it was probably burglary, they reported it to the L.A. police and the FBI. But they also asked me merely, can you help us? And I said, well, no, sorry, I need to see a Court warrant or something. Of course, which they didn't have in Finland. So they said, well, OK, thanks. So pretty much next day, the Finnish police got contacted by FBI and Interpol to sort of start the case because of this. And interestingly, there was a complication to it. Well, in my story, there will be some sort of interesting coincidences. I got contacted by the church representatives on a Thursday. On Friday, the Finnish police got a request from FBI and Interpol. On Monday, a major Swedish newspaper published a big story claiming the server was distributing child porn based on this investigation by this academic researcher at the University of Stockholm. And, of course, of all the Finnish press picked up on this sense of it became a big thing. So, of course, when I started looking into it, the claims were rather vague. So, OK, can we see any of the headers so I can see if it actually traveled to the server? Oh, we didn't actually, in our study, we didn't actually save the email headers. Well, can you show me the pictures? Oh, we didn't save those either. They did show a picture in the newspaper article, which was actually a stock photograph from a nudist camp. So I said, OK, have you at all looked at the possibility that this might have been whatever it was you saw posted, could have been forged to look like it came from my server? Oh, I never thought that was possible. So, yeah, rather weak arguments. What do you do in a situation like that? I've been accused of spreading child porn. I walked to my local police station and filed a police report against myself, and they investigated and said, yeah, you're right, you haven't actually done anything. The police cleared me. No problem. Of course, the media is always much slower in correcting their information. The next week, the Finnish police turn up with a search and seizure warrant to take the whole machine away based on the request from Interpol. So I sort of discussed with them and we reached a compromise where instead of taking the whole machine, the whole database basis, basically terminating the service and exposing everybody, we agreed that, OK, I will give them the two names that the court case asked for. So, again, funny enough, after I gave it to the Finnish police, the Church of Scientology lawyers had the information within an hour. And they immediately dropped the whole case. Yeah, that's a funny, funny twist to it. So that was the first round, but then after a while in '96, they had realized that this won't work again, that the Finnish police won't quite easily off assist them, if they get a request, they will actually look into whether there actually is any substance in the claims. So there was a new tactic. They actually, again, started a court case based on a copyright violation. But this time they subpoenaed me as a witness. And as a witness, of course, I had to reveal what I know, otherwise I'm in contempt of court. And the problem is that, the Nordic law, which is the Finnish law, is very literal. A judge can't really try to determine what the lawmakers might have possibly wanted to do. He has to look at what does the letter of the law say. And there was a telecommunications law that protected people like mailmen. The postman doesn't have to reveal what he knows about what he carried, he is protected. Same thing with a phone operator. But because the law listed things like surface mail, telegraph, telephone, almost smoke signals, but not Internet. The Internet is not protected, so e-mail is not protected. So sorry Julf, you have to reveal this information. So that's when I then decided that, OK, we don't have any legal protection for this database anymore. Anybody can come and basically sort of start a law case and that's where you get the information. So I had to basically shut down the server.
Ayden Férdeline [00:19:48] I wanted to jump back to something that you said before about how the media can sometimes be very slow to correct their misinformation. Or their errors, and sadly, I don't think that's improved even today, but I did read when I was doing a little bit of prep for our conversation, there was a story in a British newspaper that said your server was responsible in 1995, I think it was, for 70 percent of all of the child abuse imagery that was circulated worldwide. It's obviously false, but it sure sounded to me like something of a coordinated campaign to try to slander you in the court of public opinion.
Julf Helsingius [00:20:27] Yes, well, I of course, I would never publicly say anything that I don't have solid proof for, so, but there are just funny coincidences. So, yes, after the second court case, around three days after that, there was a big story in the British newspaper, a very, very famous English newspaper, pretty much having a picture of me and Clive Feather of Demon Internet on their front page. For him, the picture capture was the school governor who sells access to photos of child rape. And for me, the Internet middleman who handles 90 percent of all child pornography. You can expect that was a bit hard to explain to my grandmother. So, yeah, I mean, one of the claims there was this FBI agent had claimed that somewhere between 75 and 90 percent of all the child porn he sees is supplied through this remailer. Well, it turns out when we actually found the person, he wasn't FBI, he was just some San Bernardino local sheriff's office guy and he actually said no. I said the most child pornography posted newsgroups does not go through remailers. And he said actually, he thinks these kind of remailers are a great idea and he supports them. So somebody just totally made up the whole story.
Ayden Férdeline [00:22:04] And as you said, ultimately, you shut the remailer down. Was that an easy decision for you to make?
Julf Helsingius [00:22:11] No, it was a very hard decision because it kind of left a lot of users stranded. I mean, I gave a very short notice that if you want to establish alternate parts to communicate with whoever you're communicating with, do it now. I will be closing down this server and in a day or two later, closed it down. But it was very clear that I couldn't any more, in any way, guarantee their privacy because anybody who wanted information could just off start a lawsuit, subpoena me as a witness, and get the information. So it was, yeah, pointless at this point. As a result of this, Finland did change the telecommunication law to include Internet. But of course, legislation always takes a long time to fix.
Ayden Férdeline [00:23:02] Absolutely. It is a slow moving beast. Indeed, back in 1996, you were quoted in Time magazine as saying that "there's no real protection for free speech on the Internet in Finland". Do you feel this way today still or do you think legislation has caught up? Do you feel like if you were to create a remail server in Finland in 2021, if there was still demand for it, do you think that the legal system would protect you as the administrator of such a service?
Julf Helsingius [00:23:30] It would to a large extent, yes. I mean, they very quickly fix the law. Well, as quickly as you can fix a law and made it much more reasonable. But meanwhile, there's also been a very heavy pressure, for example, from the copyright lobby. So there are lots of exemptions. And copyright is one of the strong ones where you can sort of, seems to be something you can use to override privacy. But no, I mean, in general, I would say that the current Finnish legal climate is pretty good, but there are those exceptions and it's something we see everywhere.
Ayden Férdeline [00:24:06] After the service was shut down, what do you think happened to the people who used it? Where do you think they went to ask their questions anonymously?
Julf Helsingius [00:24:15] Well, I mean. That was also one of the reasons I felt reasonably OK, closing it down was that there were alternatives by then. This whole idea about anonymous remailers had sort of really caught on. And there was this very famous cypherpunks mailing list that contained a lot of the operators who produced these new kind of more secure, but unfortunately often harder to use systems. I mean, some of them were very secure and very hard to use. Some of them were trickier to use then my server, but also much more secure because by encrypting the database and doing all kinds of things and sort of exchanging encrypted message instead, you could sort of avoid some of the problems by complicating things for the users. But there were alternatives and there were more and more things coming up. None was as big as mine at the time, but there were alternatives that they could turn to by them.
Ayden Férdeline [00:25:23] What do you think was the impact of this entire incident on you personally and on your career? Did you become a bit more jaded about the Internet? What lessons did you take away from this incident?
Julf Helsingius [00:25:38] Well, of course, one thing I learned was to of be very careful with publicity and manage media and realizing it really needs to be managed. So it was a really good crash training in media management. But more importantly, it also really opened my eyes for the importance of being involved in the policy processes about Internet governance and Internet legislation. So it did get me into a lot of that. And of course, at the time, it was a great door opener. Oh, you ran that server? Well, sure. We want you in this working group. So, yeah, I mean, it was something that until then, yes, I had cared about Internet governance and legislation, but only to the extent that it affected running an ISP and suddenly I saw it as a much bigger issue that actually was worthwhile to look at on a bigger scale.
Ayden Férdeline [00:26:36] Absolutely. One more question and I will let you go, Julf. And it's just, what are you up to now? I know you were heavily involved in various Internet governance policy discussions.
Julf Helsingius [00:26:48] Well, yes, I mean, that sort of stuff was very long ago, so meanwhile, I had myself a corporate career and was in the management teams of major telcos and stuff, got away from the corporate environment. Lately, I pretty much only been well, apart from sort of hobby time spent on Internet governance. I mean, I'm still the co-chair of one of the major working groups in RIPE and stuff like that. But my main job is now sort of really being chairman of the board of an IoT company and doing a couple of other similar things. So it's a little bit of this, a little bit of that.
Ayden Férdeline [00:27:31] You're being a little bit modest, but that's OK. Well, Julf, this has been a fascinating conversation. Thank you so much.
Julf Helsingius [00:27:38] Thank you.
Ayden Férdeline [00:27:39] I'm Ayden Férdeline and this has been POWER PLAYS. Next week on POWER PLAYS, we speak with Lior Zalmanson, an assistant professor at Tel Aviv University, about his research into the business models that underpin online content.
Outro [00:27:52] This has been POWER PLAYS. POWER PLAYS is a production of ETUNU. The guests on this program speak only for themselves, and the views expressed do not necessarily align with those of ETUNU. Copyright 2021 ETUNU Corporation. All rights reserved.