www.flickr.com

Why Anonymity Should be Protected in Cyberspace

An individual’s ability to operate anonymously in cyberspace must be protected. Anonymity is fundamentally linked to free speech, privacy and personal security. Instances where an individual might seek anonymity include communication, political action, research, and shopping. Anonymity/pseudonymity provides protection from persecution and creates a measure of physical safety. This paper explores why anonymity is necessary, how it can be compromised, the debate surrounding anonymity and cybercrime, and whether anonymity on the Internet is really possible.

With continuing low barriers to entry, the Internet provides a forum where many people can speak and be heard on bulletin board systems, personal websites, blogs, and wikis. With the availability of public terminals and the development of user-friendly interfaces, access is no longer restricted to those with financial means and technological resources. Principles of universal access means that marginalized groups who have historically faced challenges to being heard have opportunities on the web where their perspectives can receive as much attention as mainstream media. Because a group’s lack of access to traditional media is related to their vulnerability to legal prosecution[1] there is an increasing need for accessible tools that allow individuals to operate anonymously.

Anonymity allows an individual to speak freely, saying things they may not otherwise be able to say. This issue is particularly relevant in the case of corporate or political whistleblowing. Reporting illegal or immoral activities of those in power is a public service and beneficial to the community. Protecting anonymity contributes to information sharing, which in turn increases corporate and political accountability. Without anonymity individuals would be less willing to share information. Threats of persecution, including disappearance and death, make people wary of voicing political criticism. Because of the global nature of the Internet, marginalized groups have greater potential to receive a wider and more potentially more receptive audience than they would in their own country alone. Anonymity helps shield these individuals from the brutal risks inherent in political criticism by providing a safer channel for voices living under oppressive governments.

Anonymity allows an individual to seek online information, resources and support without jeopardizing their public reputation and relationships. Fear of discrimination might prevent an individual from seeking help. Anonymity allows information gathering about issues like addictions to alcohol, gambling, drugs or sex; sexual identity, where identifying as non-heterosexual could cause problems at work or home; testing or treatment options for illnesses like AIDS; or information about birth control or sexually transmitted infections. Especially for youth, the ability to search anonymously allows individuals to make informed and responsible choices with information they may not have been able or willing to locate had they been forced to disclose their identities. Society benefits when people are not afraid to seek help. Individuals have the right to be left alone, in this case to not be persecuted for challenging societal norms and this is facilitated by the opportunity to operate anonymously in cyberspace.

Individuals often want to operate anonymously while making purchases. The ability to shop online creates an environment where individuals can shop in private. With appropriate encryption in place, medication, health products, gifts, and toys can all be purchased with the details of the transaction passing only between the individual and the merchant. This allows greater freedom and autonomy for public figures and others whose behaviour is scrutinized by the public. Respecting anonymity in these cases offers confidentiality to individuals whose privacy is already jeopardized.

The use of a real identity invites social ostracism, discrimination, harassment, and jeopardizes an individual’s privacy[2]. With the option of anonymity individuals can choose whether or not to identify themselves. Providing personal details on the Internet compromises an individual’s safety by removing their privacy. Small clues to an individual’s identity can quickly lead to much greater disclosure. For example a phone number, a reverse directory, a workplace name, and a search engine combined can often reveal a physical address, placing an individual and their family and property at potential risk of interference or harm. Anonymity therefore creates greater protection for users. Currently in China, bulletin board systems at sixty-five universities require registration with personal data including name, gender, age, major and student number[3]. It is said that this protects the copyright and intellectual property of the students. However if intellectual property became an issue, a student could choose to identify themselves at that time and prove copyright through their electronic trail. It is suggested that full identification will force students to be responsible for their actions. That this will create a “cleaner cyber environment”[4] is naïve. Identification limits the range of issues students are willing to discuss and also removes an effective way for administration to hear the thoughts of students.[5] This may remove criticism from bulletin boards but ultimately, registration by identity is simply another means of removing autonomy and limiting personal freedom. By requiring students to register with personal data the Chinese government prevents free speech by preventing anonymous posts.

Anonymity can be compromised through governance and through technology. In the case of the Chinese colleges there is a government regulation which prevents anonymity. Legal motions of the courts (subpoenas in the US) to Internet service providers (ISPs), or physical confiscation of hard drives can also uncover the identity of an anonymous user. Examples of ways that technology can disclose an identity include the use of key loggers, cookies, spyware, or sniffers; or by intercepting proxies or email. Because every user leaves behind an “electronic footprint”[6] it is possible, with enough time and resources, to uncover a user’s identity. These technologies also allow information regarding frequency of communication, as well as duration and length of messages transmitted and received[7] to be collected. Because of these methods of discovery, tools for creating and protecting anonymity are becoming increasingly complicated.

Simple methods of creating anonymity begin with choosing and using a pseudonym. An individual’s repeated use of this identity combined with a digital signature can allow an individual to build a reputation that is knowledgeable and trustworthy[8]. Busy public computer labs like libraries, university campuses, or cybercafés that do not log users and dynamic IP addresses also offer some anonymity. Superior methods of protecting anonymity require advanced knowledge, greater effort and additional time to implement, with the onus remaining on the user. Proxies, remailers, and cryptography offer alternatives for users but also foster dependence on technology. Proxies centralize information making them targets for interception, leaving users vulnerable. Remailers can carry time lags from hours to days depending on the number of nodes that data passes through before arriving at its destination. Urgent information can suffer from these delays. The use of cryptography is legally restricted in some countries[9] because there is a sense that encryption will be used by ‘terrorists’, compromising national security. Individuals in real life perpetrate crimes on a regular basis without attempting to mask their identities which makes it also likely that prohibiting anonymity will make little difference in the number of crimes committed, although it will greatly impact individuals’ right to free speech.

But is there ever a time when anonymity should not be respected? A principle of ethics states that attackers should not be allowed to hide behind anonymity[10]. Cases of ‘cybersmear’ or defamation often result in corporations seeking motions to uncover the identities of individuals who have made negative comments on bulletin boards or websites. Although hurtful, these comments are often opinions, not facts and therefore not punishable crimes. In the case of cyber-trespass it is first required that plaintiffs show damages caused by defendants. Safeguards ensure that anonymity is protected until proof of a crime exists. These safeguards prevent an ISP from providing a “subscriber’s personal information without the subscriber’s knowledge and consent, except in certain specified circumstances.”[11] These circumstances include confirming that the defendant exists as a person or entity that could be sued, that other steps have been taken to locate the defendant, and that the case could “withstand a motion to dismiss.”[12] Following all this, a motion/subpoena is issued to an ISP at which time they must notify the subscriber who can then seek legal advice before responding. This protects freedom of speech while maintaining that individuals must face the consequences of their speech, however it awards a government power to determine whether anonymity is to be respected. This suggests that plaintiffs who have the resources to influence a court have a greater chance of pleading their case than defendants with meager resources. In this case, anonymity becomes a privilege, not a right.

Further safeguards to anonymity include making identities unknown to ISPs[13] or increased use of emerging friend-to-friend filesharing networks in place of the Internet. In countries with limited access to the information of the World Wide Web and for those who have a history of prosecuting users who exercise their right to anonymity, resources like Freenet[14] offer an opportunity for freedom of speech. Building a system that protects absolute anonymity (like remailers and Freenet) ensures a method for reporting whistleblowing and brutality that might otherwise find no forum.[15]

[1] Hilden, Julie. “The Legal Debate Over Protecting Anonymous Speakers Online.” Doug Isenberg’s GigaLaw.com. Feb 2001. http://www.gigalaw.com/articles/2001-all/hilden-2001-02-all.html. (15 August 2005)

[2] Smith, Bruce. “American Bar Association Forum on Communications Law.” 2000. American Bar Association. http://www.abanet.org/forums/communication/comlawyer/fall00/smith.html. (15 August 2005)

[3] “Real Name Angst.” 2005-08-14. Shanghai Star. http://www2.chinadaily.com.cn/english/doc/2005-08/14/content_468833.htm. (15 August 2005).

[4] Hu. Quoted in “Real Name Angst” 2005-08-14

[5] Shilin, Zhao. Quoted “Real Name Angst” 2005-08-14

[6] Corn-Revere, Robert. “Courts’ Discovery Rulings Protect Anonymous Online Speech.”.2002. Media Institute. http://www.mediainstitute.org/ONLINE/FAM2002/Online_L.html. (14 August 2005)

[7] Webb, Steve “Anonymity Issues in Peer-to-Peer Systems” 2004. Georgia Tech. http://home.cc.gatech.edu/webb/uploads/10/MiniProject2.pdf. (14 August 2005).

[8] Clarke, Ian et al. “Protecting Free Expression Online With Freenet.” 2002. IEEE Internet Computing. http://freenet.sourceforge.net/papers/freenet-ieee.pdf. (15 August 2005).

[9] Zuckerman, Ethan. “A Technical Guide to Anonymous Blogging – A Very Early Draft.” April 13 2005. http://cyber.law.harvard.edu/globalvoices/?p=125. (14 August 2005)

[10] Overholser, Geneva. “Reporter’s Privilege and the Novak Case.” 12 Feb 2004. Journalism Junction. http://www.poynter.org/column.asp?id=54&aid=60845. (14 August 2005)

[11] Homsi, M. and A. Kaplan-Myrth. “Online Anonymity and John Doe Lawsuits.” 19 Jan 2005. University of Ottawa Canadian Internet Policy and Public Interest Clinic. http://www.cippic.ca/en/faqs-resources/online-anonymity/. (14 August 2005).

[12] Smith. 2000

[13] Hilden. 2001

[14] The Free Network Project. http://freenet.sourceforge.net/. (15 August 2005)

[15] McCullagh, Declan. Quoted in “Larry Lessig on Ending Anonymity Through Identity Escrow.” 2003. Virus. http://lists.virus.org/cryptography-0312/msg00016.html. (15 August 2005)

1 comment:

  1.  

    [...] author of this piece, BloggingIsHard, is an anonymous gay atheist. You can find him on [...]

     

Write a comment: