Written by Suppose, for example, that I post a plausible-looking document that seems to show that the British Royal family are actually giant extraterrestrial bloodsucking lizards. How do you know whether it’s a genuine leak or a double-cross? If, for example, there’s a document purporting to be the Identity & Passport Service’s National ID Scheme Options Analysis, how can you be sure that it really comes from them (just to pick a mischievous example) or was made up by someone at No2ID? If we as a society agree that some from of whistleblowing is a social benefit — and yes, we must also accept that it means that some drug-dealing Nazi child pornographers will be able to take advantage of it too — then we should have systems in place to deliver it. And that doesn’t mean implementing anonymity.
The problem is more widespread than whistleblowing, although it’s a useful focus. I don’t want my kids using their real names in Internet chat rooms any more than I want hospital whistleblowers to have use their real names: a nurse, for example, ought to be able to send an e-mail (to report lax hygeine routines, perhaps) with a digital certificate that proves that she is a nurse but not who he/she is. It’s obvious why: if she reports a problem, then the information is of no value unless the authorities know that the leak really comes from a nurse. But if the nurse can be traced in any way, then he/she won’t report the problem, which is bad for society as a whole.
Fortunately, technologists understand this problem and how to fix it. One of the very best ways of fixing it — using clever cryptography — was developed by Forum friend Stefan Brands and his company, Credentica, was bought by Microsoft so will soon be in the mass market. I happened to be chatting to Stefan last week and can cheerfully report that he has yet to be assimilated…
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
