[Dave Birch] Should people be allowed to have “anonymous” prepaid mobile phones (well, SIMs) or not? It’s a simple question, but a complicated subject. And it’s worth exploring because it helps us to have a real, focused discussion about practical privacy and security issues. The subject came up because of one of the current hot topics in the UK, which is the government’s proposed “crackdown” (although “crackup” might be a better description) on the authorised copying of copyright material. Once the government has disconnected most broadband users in Britain through the “three accusations and you’re out” policy, many desperate internet addicts will be driven to using mobile connections to continue online banking, reading about “I’m a celebrity get me out of here” behind the Murdoch paywall and playing World of Warcraft. At which point, the mobile operators will come under pressure to start disconnecting people as well. But as the always spot-on mobile industry analyst and Forum friend Dean Bubley notes

“On one hand, the government’s trying to encourage internet connectivity — bridging the digital divide — but a lot of people in lower socioeconomic groups are on prepay, and the vast majority are anonymous,” Bubley said

[From Mobile industry ‘cannot identify pirates’ – ZDNet.co.uk]

So the mobile operator won’t be able to turn over the name and address of the supposed copyright pyrate. When the letter from Apple Corporation arrives at Vodafone asking them to turn over the name and address of the person who downloaded “Love Me Do”, Vodafone won’t be able to tell them (so presumably Vodafone will then be found in contempt of court or something and their internet access will be turned off).

So what to do? Well, one approach (followed in many countries) is simply to force all prepaid phones to be registered with the authorities. In the UK, the government might use its splendid new national identity register, for example, to ensure that all prepaid phones have a passport or national identity card connected to them them. And, as in Spain, take immediate action against those terrorists, money launderers, child pornographers and criminals who refuse to do so.

Spanish mobile operators last night cut off an estimated three to four million pre-pay mobile phones whose owners had not followed government instructions to register their devices.

[From Spain cuts off 3m pre-pay mobiles • The Register]

I can see exactly why law enforcement and government agencies object so strongly to anonymous mobile phones (although they still allow people to post letters anonymously) but I think they are wrong to react in this way. The truth is, the criminals will just use other peoples’ phones and will be even harder to track and trace than they were before.

Consider the most prosaic of examples. Where I live, in a deprived part of Europe called “Surrey”, a window in the house opposite to ours was smashed by a gang of feral youths. Sadly, we didn’t see this happen so we unable to assist the local constabulary. But suppose I had seen it happen? I have, currently, four prepaid mobile phones about my person (they are used for various demos and experiments for work) so I would have just picked up one of these phones and called the police with the details of the incident and a description of the yobs.

But now suppose that my prepaid phones were now connected to me through the national identity register? Now there’s no chance that I will pick up one of them and report the crime, because I’d be worried that my name and address would get (via the police or the database) to the gang in question.

This may be a silly example, but from battered women to corporate whistleblowers there are plenty of good reasons for allowing anonymity. We need this to be part of the infrastructure.

All this does prove, though, that there is a legitimate place for digital anonymity, and I hope that any identity management system required by the US government and others will allow anonymity and not prevent it.

[From Tech and Law: Technology, domestic violence, anonymity]

Note the important qualification here: there is a legitimate place for “digital anonymity”. I would go further than that and say that without digital anonymity, we are creating the wrong kind of infrastructure for a successful and prosperous society. Now, your web site may choose to allow or decline access by digitally known, pseudonymous or anonymous identities. If you are a web site discussing Iranian democracy, you may well insist on the latter. If you are government department, you may insisit on the former. The infrastructure must cope with both.

The example of prepaid mobile phones may well be one of those cases where the simple, “common-sense” response is just plain wrong. Here’s what I mean. Suppose that I am a terrorist. The police tap my mobile phone and hear that I am discussing blowing up Parliament (not an entirely unlikely contingency if I happen to be listening to Radio 4’s Today programme at the time). Now, because my mobile phone is anonmyous.

Now take the other case: mobile phones are not anonymous. So I will simply kill someone and steal their phone, or I will pay some witless dupe to get a phone for me. You won’t stop me from getting the phone, although you will cause me to commit more crimes. Or I’ll just carrying on using the phone but call a redirection box, or use a code when I’m speaking, or whatever.

There are circumstances where forms of anonymity are social goods, and I think I will make it one of my missions for 2010 to try and help to spread the word on this: anonymity isn’t a bad thing. On the contrary, sometimes it is desperately important. But why is it so hard to spread this meme? I wonder if it might be because the digital model of anonymity has at its core an active concept of privacy: you don’t remain anonymous by being ignored but by actively being anonymous, if you see what I mean.

Digital immigrants tend to think about privacy as the ability to conceal information from others. Digital natives instead share information within certain contexts, and with granular privacy controls on that information.

[From Is Online Privacy a Generational Issue? | GeekDad | Wired.com]

I’m involved in some customers meetings looking at new proposition in the identity field over the next few days and these will give me an opportunity to think through these issues in a more commercial context, so I will be bck posting on this key topic again soon.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d
Verified by MonsterInsights