Who thinks pseudonymity isn’t important?

OK, at the extreme risk of boring everyone to tears, let’s ask the same old question again: should you be allowed to do things on the Internet without giving away your “real” identity? Remember this was something that was discussed here a little while back, using the simple case of newspaper comments as an example. Someone has come up with an interesting way of solving for two problems simultaneously: paying for news online and making people responsible for their comments…

However, he recently went back and was surprised that, in order to comment you need to hand over your credit card, and the paper will charge you $0.99. Obviously, this is more to prove that you are who you say you are, but it does seem a bit distorted when the newspaper wants to charge people just to comment. Also, once charged, your name and hometown are automatically associated with your comments.

[From Newspaper Wants You To Pay To Comment | Techdirt]

Interesting. I think the idea of paying to comment is very interesting. I might be tempted to do that in some cases. But paying to give up your real name? I’m not so sure. I might well want to comment on something without that kind of disclosure. Back to “real names” again. The discussion goes on and on.

Why does a comment with a real name have so much more value?

[From The Real “Authenticity Killer” (and an aside about how bad the Yahoo brand has gotten) — Scobleizer]

This isn’t always true. A nurse at a hospital, forced to comment with her real name, is highly unlikely to post anything critical of a doctor. There’s a difference between an authenticated persona (so that the web site can be sure she really is a nurse at the hospital) that may be based on a pseduonym (or even a cryptographically strong unconditionally unlinkable anonym) and an authenticated identity. There may be many reasons why the latter is undesirable.

Mexico announced a plan Monday to reward people who report suspected money laundering, under a program that will allow them to get up to one-quarter of any illicit funds or property seized. Under the new plan, people can file reports in person, by telephone or by e-mail. The exact percentage of individual rewards will be determined case by case by a special committee.

[From Mexico sets rewards for reporting money laundering | ajc.com]

Would you e-mail in a tip about a suspected money launderer and expect to pick up the reward? It seems to me that this is a good example of system that demands real names for integrity but real names mean it can never work. (Although, and it’s outside the scope of this piece, it is entirely cryptographically possible to enable the payment of rewards to anonymous people).

Public servants, law enforcement and banking system employees will not be eligible for the rewards, in part because it is already their duty to report suspicious transactions.

[From Mexico sets rewards for reporting money laundering | ajc.com]

Good luck to anyone who decides to report in person, or by telephone. SIM registration is mandatory in Mexico, which means that the money launderers will find you before the police do — don’t forget, they have more money than the police do. Come to that, they have more money than anyone does.

More shocking, and more important, the bank was sanctioned for failing to apply the proper anti-laundering strictures to the transfer of $378.4bn – a sum equivalent to one-third of Mexico’s gross national product – into dollar accounts from so-called casas de cambio (CDCs) in Mexico, currency exchange houses with which the bank did business.

[From How a big US bank laundered billions from Mexico’s murderous drug gangs | World news | The Observer]

Given the stringent anti-money laundering (AML) regulations in place around the globe — which meant it took me 15 minutes to put a few quid on my Travelex prepaid card at Heathrow, something I will never do again — I’m surprised that this could have happened, but there you go. Perhaps instead of hassling people trying to load low-value prepaid payment accounts, the authorities could focus on the counterparties in larger electronic transfers. Hence the discussions about Legal Entity Identifiers (LEIs) that have been going on recently. Many interbank payment messages have account identifiers only — you could send money to my account with the name Carlos Tevez and it would still get to me because it’s only the account stuff that matters — and the some law enforcement agencies want to stop this and have banks validate the names as well (it will help to track funds to and from suspects I guess).

LEI will be assigned at the over all corporate entity level and also at subsidiary levels. Its usage will be standardized Internationally. My immediate thought was, never mind systemic risk, this is the perfect means to route B2B transactions across a myriad of financial systems and payment schemes worldwide!

[From Reflections on NACHA Payments 2011 — Payments Views from Glenbrook Partners]

I’m sure I’d heard somewhere before, possibly at IPS 2010, that the plan was to use the SWIFT business identifier codes (BICs), but apparently that’s no longer the case.

Vandenreydt said SWIFT is changing its tune due to a recent meeting of the International Standardization Organization’s Technical Committee 68, where SWIFT has a seat. At the meeting, participants concluded that developing a new code would help avoid ambiguities that might be involved if existing codes are used. “[The committee] wants a pure number without country or other information,” Vandenreydt added. The BIC is made up of eight to 11 alphanumeric characters with four letters for the bank, two letters for the country, two digits for the location, and three digits for the specific branch.

The utility is still working with ISO on what the identifier would look like. Vandenreydt said that process could take up to three months, though he expects a decision to be made sooner. He noted the proposal also depends on other details about the initiative that haven’t been specified by OFR, such as how long the registration authority would have to ramp up the system, whether IDs will be assigned or requested, and how many codes are expected.

[From SWIFT Retools Legal Entity Identifier Proposal]

So here’s a positive suggestion. Forget about the 1960s notion of an identifier as a unique alphanumeric code and instead make the identifier a pseudonym attested by a bank. So we become consult.hyperion!barclays.co.uk or something similar. It doesn’t matter whether the sender, or anyone else, knows who Consult Hyperon is, because the identifier tells them that Barclays does. And for 99% of real-world transactions, that’s enough. What’s important is that we are always consult.hyperion!barclays.co.uk in all relevant linked transactions. Then, if consult.hyperion!barclays.co.uk is found to be sending money to Osama bin Laden on a regular basis, the appropriate law enforcement agencies can provide Barclays with a warrant and Barclays will disclose. For general commerce, the persistence is the critical foundation. The always-accurate Eve Maler pointed this out a while back:

The neat thing is, we do this all the time already. When you meet someone face-to-face and they say their Skype handle is KoolDood, and later a KoolDood asks to connect with you on Skype and describes the circumstances of your meeting, you have a reasonable expectation it’s the right guy ever after. And it’s precisely the way persistent pseudonyms work in federated identity: as I’ve pointed out before, a relying-party website might not know you’re a dog, but it usually needs to know you’re the same dog as last time.

[From Tofu, online trust, and spiritual wisdom | Pushing String]

Quite. But there’s another point. You don’t need to be a “real” persistent identity to have a reputation, as should be obvious. A useful reminder of this came at the end of 2010, when an anonymous critic was named the Village Voice’s “Music Critic of the Year”.

Twitter spokesperson Matt Graves called it a “milestone”; whether he’s serious or not, (“dead serious,” he later said) @discographies certainly carries a certain seriousness throughout today’s interview in the Village Voice. “Twitter,” the account holder says, “may be the first mass communications system that also functions as a meritocracy: it actively promotes good ideas and good content, regardless of where they come from.”

[From Anonymous Twitter Account Named Music Critic of Year by Village Voice]

I’m not sure that meritocracy is the right word, but I think the sentiment is accurate: you have to earn reputation to attach to your identifier, and once it’s been earned it’s hard to replicate (unlike intellectual property). So I might want to send money to @discographies without knowing or caring whether @discographies is a roomful of students or an internationally-known music critic. (And, over on Digital Money, I will point out that I want to send money to @dgwbirch — which is an entirely unique Twitter identifier — by MasterCard, PayPal, WebMoney, M-PESA or anything else, but that’s another point entirely.) Why can’t @discographies be mutated into discographics!wellsfargo.com or whatever?

It’s an entirely plausible model: banks managing reputation, because it’s more important than money. The presence of banks legitimises the market, so knowing that a bank has carried out some KYC on @discographies means that other players can treat the reputation attached to it seriously without being concerned about the “real” identity.

Two-faced, at the least

The end of privacy is in sight, isn’t it? After all, we are part of a generation that twitters and updates its path through the world, telling everyone everything. Not because Big Brother demands it, but because we want to. We have, essentially, become one huge distributed Big Brother. We give away everything about ourselves. And I do mean everything.

Mr. Brooks, a 38-year-old consultant for online dating Web sites, seems to be a perfect customer. He publishes his travel schedule on Dopplr. His DNA profile is available on 23andMe. And on Blippy, he makes public everything he spends with his Chase Mastercard, along with his spending at Netflix, iTunes and Amazon.com.

“It’s very important to me to push out my character and hopefully my good reputation as far as possible, and that means being open,” he said, dismissing any privacy concerns by adding, “I simply have nothing to hide.”

[From T.M.I? Not for Sites Focused on Sharing – NYTimes.com]

We’ll come back to the reputation thing later on, but the point I wanted to make is that I think this is dangerous thinking, the rather lazy “nothing to hide” meme. Apart from anything else, how do you know whether you have anything to hide if you don’t know what someone else is looking for?

To Silicon Valley’s deep thinkers, this is all part of one big trend: People are becoming more relaxed about privacy, having come to recognize that publicizing little pieces of information about themselves can result in serendipitous conversations — and little jolts of ego gratification.

[From T.M.I? Not for Sites Focused on Sharing – NYTimes.com]

We haven’t had the Chernobyl yet, so I don’t privilege the views of the “deep thinkers” on this yet. In fact, I share the suspicion that these views are unrepresentative, because they come from such a narrow strata of society.

“No matter how many times a privileged straight white male tech executive tells you privacy is dead, don’t believe it,” she told upwards of 1,000 attendees during the opening address. “It’s not true.”

[From Privacy still matters at SXSW | Tech Blog | FT.com]

So what can we actually do? Well, I think that the fragmentation of identity and the support of multiple personas is one good way to ensure that the privacy that escapes us in the physical world will be inbuilt in the virtual world. Not everyone agrees. If you are a rich white guy living in California, it’s pretty easy to say that multiple identities are wrong, that you have no privacy get over it, that if you have nothing to hide you have nothing to fear, and such like. But I disagree. So let’s examine a prosaic example to see where it takes us: not political activists trying to tweet in Iran or Algerian pro-democracy Facebook groups or whatever, but the example we touched on a few weeks ago when discussing comments on newspaper stories: blog comments.

There’s an undeniable problem with people using the sort-of-anonymity of the web, the cyber-equvalent of the urban anonymity that began with the industrial revolution, to post crap, spam, abuse and downright disgusting comments on blog posts. And there is no doubt that people can use that sort-of-anonymity to do stupid, misleading and downright fraudulent things.

Sarah Palin has apparently created a second Facebook account with her Gmail address so that this fake “Lou Sarah” person can praise the other Sarah Palin on Facebook. The Gmail address is available for anyone to see in this leaked manuscript about Sarah Palin, and the Facebook page for “Lou Sarah” — Sarah Palin’s middle name is “Louise” — is just a bunch of praise and “Likes” for the things Sarah Palin likes and writes on her other Sarah Palin Facebook page

[From Sarah Palin Has Secret ‘Lou Sarah’ Facebook Account To Praise Other Sarah Palin Facebook Account]

Now, that’s pretty funny. But does it really matter? if Lou Sarah started posting death threats or child pornography then, yeah, I suppose it would, but I’m pretty sure there are laws about that already. But astrosurfing with Facebook and posting dumb comments on tedious blogs, well, who cares? If Lou Sarah were to develop a reputation for incisive and informed comment, and I found myself looking forward to her views on key issues of the day, would it matter to me that she is an alter-ego. I wonder.

I agree with websites such as LinkedIn and Quora that enforce real names, because there is a strong “reputation” angle to their businesses.

[From Dean Bubley’s Disruptive Wireless: Insistence on a single, real-name identity will kill Facebook – gives telcos a chance for differentiation]

Surely, the point here is that on LinkedIn and Quora (to be honest, I got a bit bored with Quora and don’t go there much now), I want the reputation for work-related skills, knowledge, experience and connections, so I post with my real name. When I’m commenting at my favourite newspaper site, I still want reputation – I want people to read my comments – but I don’t always want them connected either with each other or with the physical me (I learned this lesson after posting in a discussion about credit card interest rates and then getting some unpleasant e-mails from someone ranting on about how interest is against Allah’s law and so on).

My identity should play ZERO part in the arguments being made. Otherwise, it’s just an appeal to authority.

[From The Real “Authenticity Killer” (and an aside about how bad the Yahoo brand has gotten) — Scobleizer]

To be honest, I think I pretty much agree with this. A comment thread on a discussion site about politics or football should be about the ideas, the argument, not “who says”. I seem to remember, from when I used to teach an MBA course on IT Management a long time ago, that one of the first lessons of moving to what was then called computer-mediated communication (CMC) for decision-making was that it led to better results precisely because of this. (I also remember that women would often create male pseudonyms for these online communications because research showed that their ideas were discounted when they posted as women.)

It isn’t just about blog comments. Having a single identity, particularly the Facebook identity, it seems to me, is fraught with risk. It’s not the right solution. It’s almost as if it was built in a different age, where no-one had considered what would happen when the primitive privacy model around Facebook met commercial interests with the power of the web at their disposal.

that’s the approach taken by two provocateurs who launched LovelyFaces.com this week, with profiles — names, locations and photos — scraped from publicly accessible Facebook pages. The site categorizes these unwitting volunteers into personality types, using a facial recognition algorithm, so you can search for someone in your general area who is “easy going,” “smug” or “sly.”

[From ‘Dating’ Site Imports 250,000 Facebook Profiles, Without Permission | Epicenter | Wired.com]

Nothing to hide? None of my Facebook profiles is in my real name. My youngest son has great fun in World of Warcraft and is very attached to his guilds, and so on, but I would never let him do this in his real name. There’s no need for it and every reason to believe that it would make identity problems of one form or another far worse (and, in fact, the WoW rebellion over “real names” was led by the players themselves, not privacy nuts). But you have to hand it to Facebook. They’ve been out there building stuff while people like me have been blogging about identity infrastructure.

Although it’s not apparent to many, Facebook is in the process of transforming itself from the world’s most popular social-media website into a critical part of the Internet’s identity infrastructure

[From Facebook Wants to Supply Your Internet Driver’s License – Technology Review]

Now Facebook may very well be an essential part of the future identity infrastructure, but I hope that people will learn how to use it properly.

George Bronk used snippets of personal information gleaned from the women’s Facebook profiles, such as dates of birth, home addresses, names of pets and mother’s maiden names to then pass the security questions to reset the passwords on their email accounts.

[From garlik – The online identity experts]

I don’t know if we should expect the public, many of who are pretty dim, to take more care over their personal data or if we as responsible professionals, should design an infrastructure that at least makes it difficult for them to do dumb things with their personal data, but I do know that without some efforts and design and vision, it’s only going to get worse for the time being.

“We are now making a user’s address and mobile phone number accessible as part of the User Graph object,”

[From The Next Facebook Privacy Scandal: Sharing Phone Numbers, Addresses – Nicholas Jackson – Technology – The Atlantic]

Let’s say, then, for sake of argument, that I want to mitigate the dangers inherent in allowing any one organisation to gather too much data about me so I want to engage online using multiple personas to at least partition the problem of online privacy. Who might provide these multiple identities? In an excellent post on this, Forum friend Dean Bubley aggresively asserts

I also believe that this gives the telcos a chance to fight back against the all-conquering Facebook – if, and only if, they have the courage to stand up for some beliefs, and possibly even push back against political pressure in some cases. They will also need to consider de-coupling identity from network-access services.

[From Dean Bubley’s Disruptive Wireless: Insistence on a single, real-name identity will kill Facebook – gives telcos a chance for differentiation]

The critical architecture here is pseduonymity, and an obvious way to implement it is by using multiple public-private key pairs and then binding them to credentials to form persona that can be selected from the handset, making the mobile phone into an identity remote control, allowing you to select which identity you want to asset on a per transaction basis if so desired. I’m sure Dean is right about the potential. Now, I don’t want to sound the like grumpy old man of Digital Identity, but this is precisely the idea that Stuart Fiske and I put forward to BT Cellnet back in the days of Genie – the idea was the “Genie Passport” to online services. But over the last decade, the idea has never gone anywhere with any of the MNOs that we have worked for. Well, now is the right time to start thinking about this seriously in MNO-land.

But mark my words, we WILL have a selector-based identity layer for the Internet in the future. All Internet devices will have a selector or a selector proxy for digital identity purposes.

[From Aftershocks of an untimely death announcement | IdentitySpace]

The most logical place for this selector is in the handset, managing multiple identities in the UICC, accessible OTA or via NFC. I use case is very appealing: I select ‘Dave Birch’ on my hansdset, tap it to my laptop and there is all of the ‘Dave Birch’ stuff. Change the handset selector to ‘David G.W. Birch’ and then tap the handset to the laptop again and all of the ‘Dave Birch’ stuff is gone and all of the ‘David G.W. Birch’ stuff is there. It’s a very appealing implementation of a general-purpose identity infrastructure and it would a means for MNOs to move to smart pipe services. But is it too late? Perhaps the arrival of non-UICC secure elements (SEs) mean that more agile organisations will move to exploit the identity opportunity.

Real-time identity

Naturally, given my obsessions, I was struck by a subset of the Real-Time Club discussions about identities on the web at their evening with Aleks Krotoski. In particular, I was struck by the discussion about multiple identities on the web, because it connects with some work we (Consult Hyperion) have been doing for the European Commission. One point that was common to a number of the discussions was the extent to which identity is needed for, or integral to, online transactions. Generally speaking, I think many people mistake the need for some knowledge about a counterparty with the need to know who they are, a misunderstanding that actually makes identity fraud worse because it leads to identities being shared more widely than they need be. There was a thread to the discussion about children using the web, as there always is in such discussions, and this led me to conclude that proving that you are over (or under) 18 online might well be the acid test of a useful identity infrastructure: if your kids can’t easily figure out a way to get round it, then it will be good enough for e-government, e-business and the like.

I think the conversation might have explored more about privacy vs. anonymity, because many transactions require the former but not the latter. But then there should be privacy rather than anonymity for a lot of things, and there should be anonymity for some things (even if this means friction in a free society, as demonstrated by the Wikileaks storm). I can see that this debate is going to be difficult to organise in the public space, simply because people don’t think about those topics in a rich enough way: they think common sense is a useful guide which, when it comes to online identity, it isn’t.

On a different subject, a key element of the evening’s discussion was whether the use of social media, and the directions of social media technology, lead to more or less serendipity. (Incidentally, did you know that the word “serendipity” was invented by Horace Walpole in 1754?) Any discussion about social media naturally revolves around Facebook.

Facebook is better understood, not as a country, but as a refugee camp for people who feel today’s lack of identity-forging social experience.

[From Facebook: the heart in a heartless world | spiked]

I don’t agree, but I can see the perspective. But I don’t see my kids fleeing into Facebook, I see them using Facebook to multiply and enrich their interpersonal interactions. Do they meet new people on Facebook? Yes, they do. Is that true for all kids, of all educational abilities, of all socio-economic classes, I don’t know (and I didn’t find out during the evening, because everyone who was discussing the issue seemed to have children at expensive private schools, so they didn’t seem like a statistically-representative cross-section of the nation).

Personally, I would come down on the side of serendipity. Because of social media I know more people than I did before, but I’ve also physically met more people than I knew before: social media means that I am connected with people who a geographically and socially more dispersed. I suppose you might argue that its left me less connected with the people who live across the street from me, but then I don’t have very much in common with them.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Put your game face on

[Dave Birch] Who are you? That’s an easy question to answer in cyberspace, because no-one knows you’re a dog, so you can be anyone you want to be. This means that you can do bad things, doesn’t it? Surely it would be better to make people disclose their “real” identities online.

Masters key

[Dave Birch] This whole internet thing is getting more and more complicated. I’m trying to work out what government policies toward the internet are, so that I can help our clients to develop sound long-term strategies with respect to digital identity. To do this, we need to understand how the security environment will evolve and what the government’s attitude to security is. Should people be allowed to send data over the internet without interference? The US government thinks so.

Since 2007, Congress has inserted a total of $50 million of earmarks into the State Department’s budget to fund organizations dedicated to fighting Internet censorship.

[From Rebecca MacKinnon: No quick Fixes for Internet Freedom – WSJ.com]

Uh oh. This cannot be popular with people in favour of internet censorship, such as U2’s boss.

U2 manager Paul McGuinness said that the only reason the music industry had tanked over recent years was not because outfits like U2 peddled the same boring crap that they did in the 1980s, but because of the introduction of broadband.

[From Comment: Broadband only useful for pirates – U2 manager screams blue murder | TechEye]

Setting aside the fact that the British music industry earned more money than ever before last year, U2 are totally wrong to expect the rest of society to pay to uphold their business model in face of all technological change. Bono is wasting his time calling for Chinese-style internet censorship in order to maximise record company profits, or at least he is if the US government is going to continue funding the opposition.

China syndrome

[Dave Birch] What should government policy on identity be? Not specifically our government, or EU governments, or any other government, but governments in general. Or, let’s say, governments in democratic countries. OK, that’s a very big question to tackle. Let’s narrow it down to make a point: what should government policy on the internet be? No, that’s still too big and perhaps to vague. Let’s focus down further on a simple internet question: should the government be allowed to see what is going through the internet tubes. Of course! One of their jobs is to keep me safe from drug-dealing Nazi terrorist child pornographers who formulate devilish plots with the aid of the web.

According to reports, the FBI is asking for the authority to require all Internet communications platforms build in a “backdoor” allowing law enforcement easy wiretapping access

[From Should Government Mandate “Backdoors” for Snooping on the Internet? | Center for Democracy & Technology]

In parallel, the FBI is talking to technology companies about how they could be making it easier for criminals to see your credit card details and for the government to read to your e-mail.

Robert S. Mueller III, the director of the Federal Bureau of Investigation, traveled to Silicon Valley on Tuesday to meet with top executives of several technology firms [including Google and Facebook] about a proposal to make it easier to wiretap Internet users.

[From F.B.I. Seeks Wider Wiretap Law for Web – NYTimes.com]

This, superficially, sounds likes a good idea. Who could object? We don’t want the aforementioned Nazi drug-dealing child pornographers plotting terrorist acts using the interweb tubes with impunity. No right-thinking citizen could hold another view. But hold on…

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

[From U.S. enables Chinese hacking of Google – CNN.com]

It’s not that simple, is it? If you create a stable door, then sooner or later you will find yourself bolting it long after the horse has had it’s identity stolen. What I can’t help but wonder about in this context is whether the content actually matters: suppose you can’t read my e-mail, but you can see that a lot of mail addressed to Osama bin Laden is coming from my house? Surely that would be enough to put me under suspicion and trigger some other law enforcement and intelligence activity?

Tripped up

[Dave Birch] Many people have a real problem with the apparently anonymous nature of the interweb. I say “apparently” because, of course, unless you work really hard at it and really understand how the internet works, and really understand how your PC works, and really plan it carefully, you’re not really anonymous in the proper sense of the word.

Our sense of anonymity is largely an illusion. Pretty much everything we do online, down to individual keystrokes and clicks, is recorded, stored in cookies and corporate databases, and connected to our identities, either explicitly through our user names, credit-card numbers and the IP addresses assigned to our computers, or implicitly through our searching, surfing and purchasing histories.

[From The Great Privacy Debate: The Dangers of Web Tracking – WSJ.com]

I’m surprised that politicians, in particular, who keep going on about how terrible internet anonymity is, don’t understand a little more about the dynamics of the problem. If they did, they would realise that anonymity isn’t what it seems.

You might think, after enough major stories about “IP addresses” hit the news wires, everyone in political life would be aware that “anonymity” on the Internet is limited.

But someone in Sen. Saxby Chambliss’ (R-GA) office didn’t get the memo. In the aftermath of this week’s failed vote on the military’s “don’t ask, don’t tell” policy, someone named “Jimmy” registered an account at the gay news blog Joe.My.God. just to say, “All Faggots must die.”

[From Outed! Senate staffers, anti-gay slurs, and IP addresses]

In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily Allen a a hereditary celebrity and copyright hypocrite (not my own views, naturally) then it’s not worth the state’s money to track you down. If Lily wants to spend her own money on tracking you down and taking a civil action for libel, then fair enough, that’s the English way of limiting free speech. If the newspapers want to spend their own money on it, fine. For issues of great national interest, such as spurious death threats to the nation’s sweetheart, Cheryl Cole, The Sun can step in.

Yesterday The Sun traced the sender of a chilling anti-Cheryl message that blasted her over Zimbabwean Gamu’s TV exit. Wannabe rapper Sanussi Ngoy Ebonda, 20, admitted penning the sinister rant, which accused Cheryl of “da biggest mistake of your life” and included a threat to attack other girls sharing her name.

[From Cheryl Cole boosts security at mansion | The Sun |Showbiz|TV|X Factor]

So even though there’s precious little anonymity, should we allow enonymity to be the norm? There are plenty of people who think not, and they’re not all English libel lawyers. Surely common sense is on their side? Isn’t it wrong to let people hide behind pretend names?

Let’s focus on a specific and straightforward example. The comment pages on newspaper, magazine and other media web sites. Many such sites require registration but are still essentially enonymous. Is it right that enonymous commenters can say bad things about celebrities, politicians, business leaders? Would people be as horrible about public figures if they were forced to identify themselves?

Would the online debate among commenters be stifled by requiring commenters to sign their real names?

[From What did you say your name was? | Analysis & Opinion |]

The Chinese government certainly hope so.

China is considering measures to force all its 400m internet users to register their real names before making comments on the country’s myriad chat-rooms and discussion forums, in a further sign of tightening controls on freedom of speech.

[From China to force internet users to register real names – Telegraph]

We already know this doesn’t work, incidentally, because the Chinese already tried this for Internet cafes, supposedly to deal with the problem of young people spending too much time in virtual worlds. The only result was an instant, and profitable, black market in ID card numbers, whereby kids would get the ID numbers of people who weren’t going to play in cybercafes (eg, their grandparents) and used them to log in instead of using their own. There was an alignment of economic incentives here, because the cybercafes would not make money by turning people away.

Cafés that did not ask for identification often still had a registration book at the front desk, in which staff members were seen to write apparently random identification numbers and names during their free time.

[From HRIC | 中国人权]

Incidentally, another large and well-known country closely associated with our economic future (albeit a virtual one) has just abandoned plans to try and force Chinese-style real-name registration after a revolt by citizens (well, subscribers):

Blizzard has reversed a controversial decision that would have forced thousands of Starcraft and World of Warcraft (WoW) players to use their real names on the company’s online forums

[From Blizzard stands down over forum controversy | TG Daily]

I simply would not allow my kids to log in with their real names. I’m happy for them to log in using one of their multiple e-mail addresses. They’ve had pseudonymous e-mail addresses since they were old enough to go online. This isn’t just paranoia about people grooming children for sexual exploitation (the UK takes this kind of thing very seriously) and such like. There are lots of really good reasons for not wanting to use your identity in online debate and comment. I wrote once before about being shocked by some hate e-mails I received when I once posted some comments in a discussion about interest rates (“interest is the work of the devil”, “we know how you are” etc etc). Now, I still enjoy participating in online debates, but do so pseudonymously: my friends know who I am.

That, incidentally, may not be much of a protection, because the mapping of social graphs can soon locate you within a group of friends even if none of those friends disclose who you are. A determined third-party can learn very interesting things from those graphs and, unless everyone is anonymous or pseudonymous under certain conditions, figure out who you are.

Iran appears to be in two minds about whether to embrace or stymie technological progress. On the one hand, Twitter accounts helped the opposition mobilise demonstrations in the wake of last year’s contested presidential election… On the other hand, by monitoring Twitter traffic, Tehran was able to identify who was organising the protests.

[From FT.com / FT Magazine – Who controls the internet?]

As I’ve said before, in cyberspace no-one knows you’re a dog, but no-one knows you’re from the FBI either. Thus our government, the US government and many others are caught in two minds, just as the Iranians are. On the one hand, they are supposed to be in favour of free speech, but on the other hand, well, you know Danish cartoonists, criminals, child pornographers, terrorists, enemies of the state, dissidents, apostates etc.

Now, maybe you don’t care. You’re “not doing anything wrong.” Well, Hoder wasn’t doing anything wrong when he went to Israel and blogged about it in Farsi. But he’s serving 20 years in jail in Iran.

[From Emergent Chaos » Blog Archive » AT&T, Voice Encryption and Trust]

But back to online commenting in our democracy. It’s not a simple issue, and “common sense” is not a good guide to anything in the virtual world, but it is clearly the case that in that virtual world some people behave inappropriately. You only have to read The Guardian newspapers online “Comment is Free” or Guido Fawkes, the UK’s top political blog, to see how appalling, disgusting, racist, misogynist, anti-semitic and just plain thick the general public can be. I am one of those old-fashioned liberals who thinks that the response to bad free speech should be more free speech, not less. I think we should be wary about limiting the anonymity of people who comment online, even if we could think of a way of doing so.

The Nazareth District Court has upheld the right of the Walla Web portal to refuse to hand over the IP addresses of commenters accused of defaming a journalist.

“The good of online anonymity outweighs the bad, and it must be seen as a byproduct of freedom of speech and the right to privacy,” Judge Avraham Avraham wrote in his ruling last week.

The court also said the critical remarks concerning Yedioth Ahronoth reporter Israel Moskovitz, posted online in 2008, were unlikely to harm his reputation since they were poorly written and appeared only once, and readers were not likely to take them seriously.

[From Uphold talkbacker’s anonymity in defamation trial, court says – Haaretz – Israel News ]

Actually, for journalists to complain about online comments, criticism and even abuse is a tiny bit worrying, since their business depends on such.

It doesn’t take long to find articles on CNN that quote anonymous officials. For them to rage against “cowards” who won’t stand behind what they say, and then to regularly quote “anonymous” sources, seems pretty damn hypocritical. Phillips claims anonymity online is “very unfair.” Phillips also attacks the media for “giving anonymous bloggers credit or credibility.” But again, CNN quotes all kinds of anonymous sources all the time.

[From CNN Claims ‘Something Must Be Done’ About Anonymous Bloggers | Techdirt]

On balance, then, I think a free society not only permits certain kinds of anonymity but actually depends on them, because we need informed and honest public debate to function properly. This was well-put in the Washington Post recently.

For every noxious comment, many more are astute and stimulating. Anonymity provides necessary protection for serious commenters whose jobs or personal circumstances preclude identifying themselves. And even belligerent anonymous comments often reflect genuine passion that should be heard.

[From Andrew Alexander – Online readers need a chance to comment, but not to abuse]

I couldn’t agree more. However, as the Post goes on to note, we have to recognise that people can be pretty horrible and we need a way to deal with that. Not banning anonymity, but managing the anonymousness (if there is such a word) in a better way.

The solution is in moderating — not limiting — comments. In a few months, The Post will implement a system that should help. It’s still being developed, but Straus said the broad outlines envision commenters being assigned to different “tiers” based on their past behavior and other factors. Those with a track record of staying within the guidelines, and those providing their real names, will likely be considered “trusted commenters.” Repeat violators or discourteous agitators will be grouped elsewhere or blocked outright. Comments of first-timers will be screened by a human being.

[From Andrew Alexander – Online readers need a chance to comment, but not to abuse]

This — in essence, baby steps toward a reputation economy — could be toughened up by using better identity infrastructure, but it’s not a bad place to start. But there are areas where the better infrastructure is more of a priority. Newspaper comments are one thing, but there are businesses that depend on online comments, and a good example is the burgeoning group review sector.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.