Let’s not panic about online identity
[Dave Birch] There’s an increasing moral panic about online identity underway, and it’s resulting in some very strange proposals for unenforceable legislation. I’ve been reading about one such example in the UK called “Clare’s Law”.
According to the Mail on Sunday, Theresa May, the Home Secretary, has indicated in a letter that she is considering the idea.
I didn’t really read the rest of it, but I assume the idea is that when you click on an online newspaper article at, let’s say, the Daily Mirror or the Daily Mail, then you are automatically connected to some kind of police database that will tell you whether the reporter has been arrested or imprisoned for phone hacking or whether, let’s say, Trinity Mirror or Associated Newspapers have been involved in any underhand news-gathering techniques. If I thought for one moment that implementing laws like this would actually stop women being murdered or children being bullied to death, then I would support it wholeheartedly. But they won’t. In fact, as far as I can tell from the statistics, widespread internet use in the UK has led to a reduction in the number of murders. Pointless knee-jerk legislation around poorly-understood technologically-uninformed debate is not solely a British phenomenon.
He recommended the introduction of an “Internet Driving License” in schools that would explain the dangers of Facebook
Now it’s a bit harsh to pick on Facebook, but the truth is that teenagers (from my personal experience) understand perfectly well how Facebook works, so this is almost certainly unnecessary. But if there was an Internet Driving License that you had to use to log in to web sites, that would almost certainly make the situation far worse, since these website would now know exactly who you are, and this information would then be freely obtained by perverts, the secret police, News International or whoever else wants to pry. Why is this better than anonymity (which doesn’t exist anyway - look what happened to the not-Anonymous-at-all hackers). As I have posted at boring length and with tedious repetition, this is the wrong way to go.
Most websites don’t need or even want or need to manage the identities of their users—they simply want a way to reliably identify their users over time.
Indeed. So I could use my Facebook identity “Dixie Flatline” to do all the sorts of things I need to do online, and everything would work fine. Google could show me the right search results, The Telegraph could show me the right adverts. But wait…
He also talks about his decision to become the first outside investor in Facebook. The two things that stuck out for him about Facebook were: a) the fact that this was the first site where people logged in with their real identities, and so it had the potential to be an identity layer for the web
None of my Facebook identities are in my real name, so I’m not sure about this. And I’m absolutely not sure about the implicit judgement that only my “real” identity should be allowed or valued.
I remembered Gresham’s Law from my business school days explaining why ‘bad’ money drives out good money… It seems bad identity, like bad money, drives out good identity.
Well, I’m not sure about this analysis either. They’re talking about using Facebook Connect to make it easy to log in to comment on various newspaper sites. I wanted to take advantage of the convenience of using Facebook to log in and comment in various places, so naturally I did what any normal person would do and I created a synthetic person. I made up a name, got an e-mail address, made up a few details—schools attended, that kind of thing—and hit OK. My synthetic person has, at the time of writing, got two friends already (I sent friend requests to everyone who attended the university that my imaginary person had pretended to go to, and two of them accepted, so I sent requests to their friends and now my entirely synthetic persona has five friends!).
Anyway, I’m quite happy having my “business” persona for commenting on things to do with work and a quite separate “citizen” persona for taking part in political debates, being rude about celebrities and asking questions on technical issues where I don’t want to reveal who I am. I’m not pretending to be someone else, which is a different issue entirely (and, of course, wrong).
Fouad Mourtada was arrested on 5 February on suspicion of stealing the identity of Prince Moulay Rachid, younger brother of King Mohammed VI… Mr Mourtada was convicted of “villainous practices linked to the alleged theft of the [prince’s] identity”.
My synthetic identity isn’t really anonymous. If I used that identity to bully a schoolgirl to death, then I would hope that it wouldn’t take the police more than five minutes to get a warrant to find out from Facebook what e-mail address is used, which IP addresses I’ve logged in from, and so forth. In a hour or two they would be knocking on the door to arrest me.
Randi Zuckerberg wants to eliminate the freedom to post anonymously online. “I think people hide behind anonymity and they feel like they can say whatever they want behind closed doors,” Randi said.
Either Peter or Rachel must be wrong, but whatever. Either Facebook uses real names as Peter says, or it doesn’t, as Rachel says. But “real names” in any case are a useless “pointer” to a real person.
Mark S. Zuckerberg, an Indianapolis bankruptcy attorney, might not consider Facebook founder Mark Zuckerberg to be a friend. That’s because the world’s largest social networking website has shut down the lawyer’s personal Facebook account… “I was originally denied an account with Facebook two years ago because of my name, and I had to send them copies of my driver’s license, birth certificate and Indianapolis Bar Assn. license just to get them to believe that I exist and to allow me to set up my page,” Zuckerberg told the TV station in a statement.
That doesn’t sound like a terribly cost-effective identity management system to me, so I don’t know that an Internet Drivers License based on Facebook will necessarily sweep the web (although that’s not to say that Facebook couldn’t be a useful Identity Providers in an NSTIC structure). So what’s the deal with the “anonymity” that doesn’t actually exist? You’d have to be a pretty stupid criminal to use Facebook to commit a crime.
Ashley Mitchell, 29, broke into the Zynga mainframe, stole the identity of two employees and transferred chips said to be worth more than £7m to himself… the company became aware in August 2009 that large amounts of chips were vanishing and suspected the two employees whose identities Mitchell had adopted. However, investigators then realised the system had been hacked and narrowed the search to Paignton. Mitchell’s neighbours had their computers seized because he was “piggy-backing” on their unsecured Wi-Fi connections.
This is part of the plot of a novel that I’m writing that involves a guy taking revenge on a love rival by downloading child porn to the rival’s laptop. It’s the perfect crime, because the love rival gets arrested and his life is ruined even though he is never charged with anything. In my novel, the protagonist gets away with it, but in real life…
Mitchell was eventually identified because he used his own Facebook profile during one of his attempts to hack into the system.
Doh! You’d get caught whether you used your real name or not, but even so it’s pretty dumb to use your real name. Perhaps Facebook’s addictive qualities will turn out to be a net benefit to law enforcement.
The victim later noticed that the intruder also used her computer to check his Facebook status, and his account was still open when she checked the computer.
For all sorts of reasons, then, it doesn’t make any difference whether you use your real name or not, and the whole discussion about real names on Facebook and the connection between real names and crime and other unwanted behaviour is, to my mind, limited.
A Facebook spokesperson said the website does not comment on individual accounts, but said it believes a “real name culture” creates more accountability and a safer and more trusted environment.
So is it good or bad that people can say whatever they want online? If you want to complain about Big Brother (or indeed her little brother, Mark Zuckerberg of Facebook fame) should you be able to do so anonymously? In George Orwell’s 1984, the state had a two-way TV screen installed in all homes so that it could both control the discourse, and thus shape people’s opinions—Goebbels said that successful propaganda was that that left people unaware of the source of their convictions—and spy on everyone at the same time. When he was writing, in the 1940s, he could never have imagined that not only would we buy Big Brother’s screens and carry them around with us at all times but that we would voluntarily sign up to be monitored! We’ve already seen how government agencies from despicable regimes use social media to spy on dissidents: forcing everyone to use their real name would make it so much easier for them.
we are all being tracked in ways we probably won’t like, not only by commercial concerns but by Governments and other political interests. Web 2.0 and its social networks makes this scarily easy
There are genuine issues to be dealt with here. Bad things do happen, and the public and politicians want something to be done. By all means go ahead and send me abusive Facebook messages in bogus names - I will just block them and move on. And to be honest, if someone is going to send me death threats, I’d rather it was via Facebook so that they can be tracked down and caught.
So many high-profile incidents in such a short time has sparked a storm of public outrage, with Premier Anna Bligh personally penning a letter to Facebook founder Mark Zuckerberg, while Prime Minister Kevin Rudd said he would consider appointing an online ombudsman, describing cyber crime and internet bullying as “frankly frightening”.
Whether Facebook bullying is more or less of a problem than regular bullying, I couldn’t say as I don’t have the expertise. But then, nor do any of the people in government who are dreaming up legislation on the topic. In fact, I don’t know what the government, regulators, legislators, lobbyists actually want since as a society we don’t have a coherent strategy for identity in the online world.
I won’t dwell on the irony that the government that’s keen to protect you from privacy-violating Web trolls also wants the Web’s plumbing retrofitted to make wiretapping easier. But the last organization I want designing my Web browser is the federal government.
I don’t think they’re quite suggesting that just yet, but I understand the sentiment.
Slate technology columnist Farhad Manjoo likes my argument but says: “I doubt there’s a market for such a browser. People don’t care about privacy. They just say they do. If they did, they wouldn’t use Facebook.”
I feel this is too simplistic. It’s like saying that people don’t care about road safety because some of them get run over. But hey, I’m a parent as well as a consultant so if someone offered me a magic wand that would stop kids from getting run over, it would be very tempting to take it. Since there isn’t a magic wand to stop people from being horrible to each other on the Internet, and forcing people to give their real names will not only not stop the problem but will also be dangerous, we have to go down another path involving trusted intermediaries.
Some day, not so far out in the future, there will be a parallel web that you can only enter by signing up with some form of id, a credit card for example, a verified by Visa web.
I don’t doubt that this is true, although I think a Virgin Media web and a Sky web and a TalkTalk web are more likely than a Visa web. This is, in essence, the same idea that I wrote about last year.
On the red, open, internet people and organisations will exchange encrypted data across an untrusted network. Some people may choose not to connect to the red internet at all and only crazy people (and organisations) will send unencrypted data to unauthenticated counterparties.
On the blue, closed, internet you will need to authenticate yourself before you are allowed to access anything and a digital identity infrastructure will deliver privacy (and in some cases anonymity) through cryptography, not through data protection registrars or privacy ombudsmen.
[From Digital Identity: Red army]
Now, I would ague that the with proper technology, implemented in privacy-enhacing ways to support sensible business models, then as an individual I will have more privacy using a bank-provided pseudonym across an encrypted VPN (the blue Net) than I will have using the red Net. In other words, privacy and anonymity are not the same thing at all. Get rid of anonymity wouldn’t necessarily end privacy and more privacy doesn’t necessarily mean more anonymity.
Who you are, though, is just one aspect of the overall conversation about the future of privacy. At a public hearing organised by the FCC and the FTC,
the industry participants by and large thought privacy concerns about location services were overblown. Consultant Brandt Squires went so far as to say, “I’d like to think privacy is a thing of the past, but it’s not necessarily so.”
I wouldn’t like to think that at all. I’d like to think that it’s a matter of control. If I’m posting comments that are against, say, the Syrian government under the nom de plume John Doe, then I still don’t want Syrian government secret service agents to track me down and blow me up, even if they don’t know my real name. Piecemeal panic about anonymity isn’t going to get us anywhere. We need to develop a proper policy toward privacy and then use that policy to set strategies for commerce, crime and chat. Let’s not put the cart before the horse no matter how great the panic.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
The English language version of this work is licensed under Creative Commons Attribution-ShareAlike 3.0 Unported License. If you wish to acquire the rights to make a foreign language translation of the work, please contact Consult Hyperion.
Please note that by replying in this Forum your comments become the property of Consult Hyperion and you assign all rights in your comment to us. Your comments may be edited for length and used online and in print but will always be attributed.
Meet us at:
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010