Let’s not panic about online identity

[Dave Birch] There’s an increasing moral panic about online identity underway, and it’s resulting in some very strange proposals for unenforceable legislation. I’ve been reading about one such example in the UK called “Clare’s Law”.

According to the Mail on Sunday, Theresa May, the Home Secretary, has indicated in a letter that she is considering the idea.

[From Government considers ‘Clare’s Law’ - Telegraph]

I didn’t really read the rest of it, but I assume the idea is that when you click on an online newspaper article at, let’s say, the Daily Mirror or the Daily Mail, then you are automatically connected to some kind of police database that will tell you whether the reporter has been arrested or imprisoned for phone hacking or whether, let’s say, Trinity Mirror or Associated Newspapers have been involved in any underhand news-gathering techniques. If I thought for one moment that implementing laws like this would actually stop women being murdered or children being bullied to death, then I would support it wholeheartedly. But they won’t. In fact, as far as I can tell from the statistics, widespread internet use in the UK has led to a reduction in the number of murders. Pointless knee-jerk legislation around poorly-understood technologically-uninformed debate is not solely a British phenomenon.

He recommended the introduction of an “Internet Driving License” in schools that would explain the dangers of Facebook

[From Germany considers banning wild Facebook parties | ZDNet]

Now it’s a bit harsh to pick on Facebook, but the truth is that teenagers (from my personal experience) understand perfectly well how Facebook works, so this is almost certainly unnecessary. But if there was an Internet Driving License that you had to use to log in to web sites, that would almost certainly make the situation far worse, since these website would now know exactly who you are, and this information would then be freely obtained by perverts, the secret police, News International or whoever else wants to pry. Why is this better than anonymity (which doesn’t exist anyway – look what happened to the not-Anonymous-at-all hackers). As I have posted at boring length and with tedious repetition, this is the wrong way to go.

Most websites don’t need or even want or need to manage the identities of their users—they simply want a way to reliably identify their users over time.

[From Facebook Wants to Supply Your Internet Driver’s License - Technology Review]

Indeed. So I could use my Facebook identity “Dixie Flatline” to do all the sorts of things I need to do online, and everything would work fine. Google could show me the right search results, The Telegraph could show me the right adverts. But wait…

He also talks about his decision to become the first outside investor in Facebook. The two things that stuck out for him about Facebook were: a) the fact that this was the first site where people logged in with their real identities, and so it had the potential to be an identity layer for the web

[From Peter Thiel: If I’d Known, I Would Never Have Started PayPal]

None of my Facebook identities are in my real name, so I’m not sure about this. And I’m absolutely not sure about the implicit judgement that only my “real” identity should be allowed or valued.

I remembered Gresham’s Law from my business school days explaining why ‘bad’ money drives out good money… It seems bad identity, like bad money, drives out good identity.

[From Why bad Identity drives out good identity | IdentitySpace]

Well, I’m not sure about this analysis either. They’re talking about using Facebook Connect to make it easy to log in to comment on various newspaper sites. I wanted to take advantage of the convenience of using Facebook to log in and comment in various places, so naturally I did what any normal person would do and I created a synthetic person. I made up a name, got an e-mail address, made up a few details—schools attended, that kind of thing—and hit OK. My synthetic person has, at the time of writing, got two friends already (I sent friend requests to everyone who attended the university that my imaginary person had pretended to go to, and two of them accepted, so I sent requests to their friends and now my entirely synthetic persona has five friends!).

Anyway, I’m quite happy having my “business” persona for commenting on things to do with work and a quite separate “citizen” persona for taking part in political debates, being rude about celebrities and asking questions on technical issues where I don’t want to reveal who I am. I’m not pretending to be someone else, which is a different issue entirely (and, of course, wrong).

Fouad Mourtada was arrested on 5 February on suspicion of stealing the identity of Prince Moulay Rachid, younger brother of King Mohammed VI… Mr Mourtada was convicted of “villainous practices linked to the alleged theft of the [prince’s] identity”.

[From BBC NEWS | World | Africa | Jail for Facebook spoof Moroccan]

My synthetic identity isn’t really anonymous. If I used that identity to bully a schoolgirl to death, then I would hope that it wouldn’t take the police more than five minutes to get a warrant to find out from Facebook what e-mail address is used, which IP addresses I’ve logged in from, and so forth. In a hour or two they would be knocking on the door to arrest me.

Randi Zuckerberg wants to eliminate the freedom to post anonymously online. “I think people hide behind anonymity and they feel like they can say whatever they want behind closed doors,” Randi said.

[From Facebook’s Randi Zuckerberg Wants to End Online Anonymity: Free Speech or Real Names? - Page 2]

Either Peter or Rachel must be wrong, but whatever. Either Facebook uses real names as Peter says, or it doesn’t, as Rachel says. But “real names” in any case are a useless “pointer” to a real person.

Mark S. Zuckerberg, an Indianapolis bankruptcy attorney, might not consider Facebook founder Mark Zuckerberg to be a friend. That’s because the world’s largest social networking website has shut down the lawyer’s personal Facebook account… “I was originally denied an account with Facebook two years ago because of my name, and I had to send them copies of my driver’s license, birth certificate and Indianapolis Bar Assn. license just to get them to believe that I exist and to allow me to set up my page,” Zuckerberg told the TV station in a statement.

[From Facebook reportedly disables account of attorney Mark S. Zuckerberg [Updated] | Technology | Los Angeles Times]

That doesn’t sound like a terribly cost-effective identity management system to me, so I don’t know that an Internet Drivers License based on Facebook will necessarily sweep the web (although that’s not to say that Facebook couldn’t be a useful Identity Providers in an NSTIC structure). So what’s the deal with the “anonymity” that doesn’t actually exist? You’d have to be a pretty stupid criminal to use Facebook to commit a crime.

Ashley Mitchell, 29, broke into the Zynga mainframe, stole the identity of two employees and transferred chips said to be worth more than £7m to himself… the company became aware in August 2009 that large amounts of chips were vanishing and suspected the two employees whose identities Mitchell had adopted. However, investigators then realised the system had been hacked and narrowed the search to Paignton. Mitchell’s neighbours had their computers seized because he was “piggy-backing” on their unsecured Wi-Fi connections.

[From British hacker jailed over £7m virtual gaming chips scam | Technology | The Guardian]

This is part of the plot of a novel that I’m writing that involves a guy taking revenge on a love rival by downloading child porn to the rival’s laptop. It’s the perfect crime, because the love rival gets arrested and his life is ruined even though he is never charged with anything. In my novel, the protagonist gets away with it, but in real life…

Mitchell was eventually identified because he used his own Facebook profile during one of his attempts to hack into the system.

[From British hacker jailed over £7m virtual gaming chips scam | Technology | The Guardian]

Doh! You’d get caught whether you used your real name or not, but even so it’s pretty dumb to use your real name. Perhaps Facebook’s addictive qualities will turn out to be a net benefit to law enforcement.

The victim later noticed that the intruder also used her computer to check his Facebook status, and his account was still open when she checked the computer.

[From Burglar leaves his Facebook page on victim’s computer - journal-news.net | News, sports, jobs, community information for Martinsburg - The Journal]

For all sorts of reasons, then, it doesn’t make any difference whether you use your real name or not, and the whole discussion about real names on Facebook and the connection between real names and crime and other unwanted behaviour is, to my mind, limited.

A Facebook spokesperson said the website does not comment on individual accounts, but said it believes a “real name culture” creates more accountability and a safer and more trusted environment.

[From Facebook’s ‘real name’ policy attacked by Chinese blogger | World news | The Guardian]

So is it good or bad that people can say whatever they want online? If you want to complain about Big Brother (or indeed her little brother, Mark Zuckerberg of Facebook fame) should you be able to do so anonymously? In George Orwell’s 1984, the state had a two-way TV screen installed in all homes so that it could both control the discourse, and thus shape people’s opinions—Goebbels said that successful propaganda was that that left people unaware of the source of their convictions—and spy on everyone at the same time. When he was writing, in the 1940s, he could never have imagined that not only would we buy Big Brother’s screens and carry them around with us at all times but that we would voluntarily sign up to be monitored! We’ve already seen how government agencies from despicable regimes use social media to spy on dissidents: forcing everyone to use their real name would make it so much easier for them.

we are all being tracked in ways we probably won’t like, not only by commercial concerns but by Governments and other political interests. Web 2.0 and its social networks makes this scarily easy

[From Why the world’s secret police want you to join Facebook .. « mick’s leadership blog]

There are genuine issues to be dealt with here. Bad things do happen, and the public and politicians want something to be done. By all means go ahead and send me abusive Facebook messages in bogus names – I will just block them and move on. And to be honest, if someone is going to send me death threats, I’d rather it was via Facebook so that they can be tracked down and caught.

So many high-profile incidents in such a short time has sparked a storm of public outrage, with Premier Anna Bligh personally penning a letter to Facebook founder Mark Zuckerberg, while Prime Minister Kevin Rudd said he would consider appointing an online ombudsman, describing cyber crime and internet bullying as “frankly frightening”.

[From Dealing with the dark side of Facebook]

Whether Facebook bullying is more or less of a problem than regular bullying, I couldn’t say as I don’t have the expertise. But then, nor do any of the people in government who are dreaming up legislation on the topic. In fact, I don’t know what the government, regulators, legislators, lobbyists actually want since as a society we don’t have a coherent strategy for identity in the online world.

I won’t dwell on the irony that the government that’s keen to protect you from privacy-violating Web trolls also wants the Web’s plumbing retrofitted to make wiretapping easier. But the last organization I want designing my Web browser is the federal government.

[From If you want Web privacy, stop being such a freeloader. Pay for it. - By Jack Shafer - Slate Magazine]

I don’t think they’re quite suggesting that just yet, but I understand the sentiment.

Slate technology columnist Farhad Manjoo likes my argument but says: “I doubt there’s a market for such a browser. People don’t care about privacy. They just say they do. If they did, they wouldn’t use Facebook.”

[From If you want Web privacy, stop being such a freeloader. Pay for it. - By Jack Shafer - Slate Magazine]

I feel this is too simplistic. It’s like saying that people don’t care about road safety because some of them get run over. But hey, I’m a parent as well as a consultant so if someone offered me a magic wand that would stop kids from getting run over, it would be very tempting to take it. Since there isn’t a magic wand to stop people from being horrible to each other on the Internet, and forcing people to give their real names will not only not stop the problem but will also be dangerous, we have to go down another path involving trusted intermediaries.

Some day, not so far out in the future, there will be a parallel web that you can only enter by signing up with some form of id, a credit card for example, a verified by Visa web.

[From Editorial: Facebook, single identities, and the right to be anonymous—Engadget]

I don’t doubt that this is true, although I think a Virgin Media web and a Sky web and a TalkTalk web are more likely than a Visa web. This is, in essence, the same idea that I wrote about last year.

On the red, open, internet people and organisations will exchange encrypted data across an untrusted network. Some people may choose not to connect to the red internet at all and only crazy people (and organisations) will send unencrypted data to unauthenticated counterparties.

On the blue, closed, internet you will need to authenticate yourself before you are allowed to access anything and a digital identity infrastructure will deliver privacy (and in some cases anonymity) through cryptography, not through data protection registrars or privacy ombudsmen.

[From Digital Identity: Red army]

Now, I would ague that the with proper technology, implemented in privacy-enhacing ways to support sensible business models, then as an individual I will have more privacy using a bank-provided pseudonym across an encrypted VPN (the blue Net) than I will have using the red Net. In other words, privacy and anonymity are not the same thing at all. Get rid of anonymity wouldn’t necessarily end privacy and more privacy doesn’t necessarily mean more anonymity.

Who you are, though, is just one aspect of the overall conversation about the future of privacy. At a public hearing organised by the FCC and the FTC,

the industry participants by and large thought privacy concerns about location services were overblown. Consultant Brandt Squires went so far as to say, “I’d like to think privacy is a thing of the past, but it’s not necessarily so.”

[From Mayor of Starbucks Today, Local Hero Tomorrow: The Power and Privacy Pitfalls of Location Sharing | Center for Democracy & Technology]

I wouldn’t like to think that at all. I’d like to think that it’s a matter of control. If I’m posting comments that are against, say, the Syrian government under the nom de plume John Doe, then I still don’t want Syrian government secret service agents to track me down and blow me up, even if they don’t know my real name. Piecemeal panic about anonymity isn’t going to get us anywhere. We need to develop a proper policy toward privacy and then use that policy to set strategies for commerce, crime and chat. Let’s not put the cart before the horse no matter how great the panic.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

 

These are the personal opinions of Consult Hyperion and its guests and should not be misunderstood as representing the opinion of its clients or suppliers. To discuss how any of the technologies discussed in this post can benefit your business, please contact Consult Hyperion.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>