[Dave Birch] I have a vague memory — which five minutes googling cannot substantiate and I'm too lazy to go and find the book in the other room — that somewhere in the Gulag Archipeligo by Aleksandr Isaevich Solzhenitsyn there is mention of Stalin's desire to have a more revolutionary telephone system where all calls had to go through a central exchange and be encrypted so that Stalin could listen to everyone else's calls but his would be encrypted to remain secret. The prisoners with relevant skills were supposed to be designing this while in the gulag. It never worked, of course, and the Soviet Union had appalling telecommunications infrastructure as a consequence because the communications revolution was halted by the dictatorship of the proletariat: there's some deep incompatibility between innovation and centralisation. I couldn't help thinking of this when I read about the calls by Eugene Kaspersky to have a more Stalinist internet:

The CEO of Russia's No. 1 anti-virus package has said that the internet's biggest security vulnerability is anonymity, calling for mandatory internet passports that would work much like driver licenses do in the offline world.

[From Security boss calls for end to net anonymity • The Register]

What he means by this is that he wants a technologically complicated and expensive solution to be implemented so that ordinary people are inconvenienced to the maximum while criminals can roam free (which is what would happen). Creating such an asymmetric solution is not the way forwards: for one thing, who would decide what to censor?

A little local controversy involving the Church of Scientology and its critics could lead to curbs on the right to anonymity of anyone using the web.

[From Scientology seeks to squash anonymity • The Register]

We already have experience of this "solution" in the UK. Laws giving a wide variety of bodies the ability to monitor CCTV, the internet, phone calls and everything else which were supposed to save us from international terrorism are used by local councils to stop people from trying to get their children into better schools and to check that people are recycling enough of their rubbish. I'm sorry, but creating a world in which anyone can read anyone else's e-mail, track anyone else's web browsing, see what anyone is reading is not the way stop Russian virus writers from taking over everyone's PCs. We need an identity infrastructure.

Why are these knee-jerk calls for Internet passports wrong? More to the point, why don't the proponents argue for CCTV cameras in all living rooms, policemen standing at all ATMs (oh, wait…) and the abolition of envelopes forcing all the post onto postcards (after all, if you've got nothing to hide…). There's a paradox at the heart of the calls for internet monitoring and control.

But people generally want anonymity for themselves, not for drug-dealing nazi child pornographers. Therefore people won't accept anonymous infrastructure: they expect "the authorities" to be able to track down miscreants… So if people don't want anonymity for other people, but do want it for themselves, then some form of conditional anonymity, pseudonymity or escrow must form the only acceptable compromise.

[From Digital Identity Forum: Anonymity as substrate]

As has been consistently pointed out (by Ben Laurie in particular) the internet isn't anonymous enough as it is, but unless it is anonymous then anything you want to put on top of it can be folded, spindled and mutilated. There is a better way: an anonymous internet with pseudonymous identities interacting on top of it.

It should be entirely reasonable for someone to have a portfolio of identities that they use for different purposes. The essence of the "little sister" society (in stark contrast to the "big brother" society) is that you should be able to do what you like with your identities, but if you get up to no good then "little sister" will tell.

[From Digital Identity Forum: Chinese whispers]

Hard cases make bad law, as the saying goes. The fact that some people do bad things because they are anonymous does not mean that removing anonymity will make things better. I'd like to be able to set my e-mail to reject all messages that are no digitally-signed with a certificate that I am happy to accept: this is not the same as saying that I need to know who everyone who emails me is. You could send me an email saying that you are Donald Duck, signed with a Citibank certificate. I'd be happy to accept this: I don't know who you are, but I know that Citibank do, and I trust them. There's a difference between someone knowing who you are, and everyone knowing who you are (which is the same as the government knowing who you are).

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: