[Dave Birch] If you haven’t been over to Wikileaks, you should probably go and have a quick look before you read the rest of this post! There’s an article about it in a recent New Scientist, talking about how “onion routing” is used to provide anonymity. So people (eg, whistleblowers in large corporations) can obtain genuine anonymity online. I’m in favour of this, generally speaking, and it’s certainly necessary in a free society. But is it sufficient?

Suppose, for example, that I post a plausible-looking document that seems to show that the British Royal family are actually giant extraterrestrial bloodsucking lizards. How do you know whether it’s a genuine leak or a double-cross? If, for example, there’s a document purporting to be the Identity & Passport Service’s National ID Scheme Options Analysis, how can you be sure that it really comes from them (just to pick a mischievous example) or was made up by someone at No2ID? If we as a society agree that some from of whistleblowing is a social benefit — and yes, we must also accept that it means that some drug-dealing Nazi child pornographers will be able to take advantage of it too — then we should have systems in place to deliver it. And that doesn’t mean implementing anonymity.

The problem is more widespread than whistleblowing, although it’s a useful focus. I don’t want my kids using their real names in Internet chat rooms any more than I want hospital whistleblowers to have use their real names: a nurse, for example, ought to be able to send an e-mail (to report lax hygeine routines, perhaps) with a digital certificate that proves that she is a nurse but not who he/she is. It’s obvious why: if she reports a problem, then the information is of no value unless the authorities know that the leak really comes from a nurse. But if the nurse can be traced in any way, then he/she won’t report the problem, which is bad for society as a whole.

Fortunately, technologists understand this problem and how to fix it. One of the very best ways of fixing it — using clever cryptography — was developed by Forum friend Stefan Brands and his company, Credentica, was bought by Microsoft so will soon be in the mass market. I happened to be chatting to Stefan last week and can cheerfully report that he has yet to be assimilated…

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: