Filed Under: People, Social Media and Organisations

The battle of the internet security experts

Leave a Comment

[Dave Birch] A very entertaining spat has broken out in ranks of the governing classes. Broadly speaking, it’s between the “Real Names Randi” Zuckerberg school and the people who know something about the issue school. The trouble started when noted internet security expert Andy Smith gave some sound advice to the nation.

Andy Smith, internet security chief at the Cabinet Office said real names and addresses could increase security concerns. He advised users to submit “fake” details as this was a “sensible thing to do”.

[From Whitehall official: ‘Give fake details to protect online identity’ – Public Service]

Andy is spot on, although possibly unaware that providing fake details is in direct violation of Facebook’s policy. His advice will indeed lead to less identity theft, and we don’t have to guess at that because (as I will discuss later) we have the data. Still,

Simon Milner, Facebook’s head of policy in the UK and Ireland, was not particularly happy at Smith’s comments. He apparently had a “vigorous chat” with the Cabinet Office official afterwards to persuade him to revise his view.

[From Top civil servant calls for Brits to fake online identity – Cabinet Office says it’s the only way to be safe | TechEye]

However vigorous Mr. Milner’s chat might have been, there are almost no circumstances where it is necessary to use real names and we only use them now because we lack a proper identity infrastructure. By and large, we use the real name as a proxy to the attributes that are actually needed to execute a transaction. Andy’s comments elicited an immediate and vituperative response from noted internet security expert Helen Goodman MP.

Ms Goodman, shadow culture minister, told BBC News: “This is the kind of behaviour that, in the end, promotes crime.

“It is exactly what we don’t want. We want more security online. It’s anonymity which facilitates cyber-bullying, the abuse of children.

“I was genuinely shocked that a public official could say such a thing.”

[From BBC News – Give social networks fake details, advises Whitehall web security official]

Ms. Goodman’s confused opinions on security and privacy — and the false dichotomy implicit in the security vs. privacy paradigm she draws on — are representative of the shallow thinking and lack of informed discussion in this area.

How Helen Goodman voted on key issues: Voted very strongly for introducing ID cards.

[From Helen Goodman MP, Bishop Auckland – TheyWorkForYou]

I wasn’t able to assess her background in online security and identity management from her online biography, but I’m sure her opinions must be founded on some knowledge of the field.

Helen… went to Somerville College, Oxford, where she read Politics, Philosophy and Economics. After leaving Oxford, Helen’s first job was as a researcher for Philip Whitehead MP. She became a civil servant at the Treasury in 1980 and rose to become Head of the Central Strategy Unit in 1995… From 2002 until entering Parliament, she was Chief Executive of the National Association of Toy and Leisure Libraries.

[From Biography » Helen Goodman MP – Working hard for all in Bishop Auckland]

In an age where government seems more and more to be about sentiment and sensitivity rather than evidence and knowledge, I suppose her comments are unsurprising. I’m not for one moment suggesting that Ms. Goodman’s concerns are not wholly real and heart felt. I’m sure they are.

Mrs Goodman, MP for Bishop Auckland, in the North-East of England, said she had been contacted by constituents who have been the victims of cyber-bullying on major social networking sites by people hiding behind fake names.

[From BBC News – Give social networks fake details, advises Whitehall web security official]

I don’t doubt that this is true. But so what? People bully under their real names too, and it doesn’t make any difference. If they have broken the law, they can easily be traced, since the interweb tubes will lead the plod directly to them. Or, indeed, directly to the plod.

A man arrested over claims that he tormented a mother with abusive online messages is a serving police officer.

[From Police Officer Arrested Over Internet Troll Abuse Of Woman, Nicola Brookes]

I’m not picking on Ms. Goodman here, just using her to illustrate a point. After all, her fellow old Oxfordian and noted internet security expert The Honourable Edward Vaizey MP agrees with her that the Cabinet Office’s advice is incorrect, leaving us none the wiser as to the government’s actual policy on this (hint: it doesn’t have one).

Culture minister [The Honourable Edward] Vaizey said he had not seen Mr Smith’s remarks but told the BBC that he “wouldn’t encourage people to put false identities on the internet”.

[From BBC News – Give social networks fake details, advises Whitehall web security official]

The Honourable Edward’s plan to make it easier to track down people through interweb tubes may not be driven by commercial interests, but it certainly aligns with them.

Randi [Zuckerberg] and I share a passion to end cyber bullying and protect kids online. However, our approaches to online safety differ greatly.

Randi Zuckerberg wants to end online anonymity.

[From Facebook’s Randi Zuckerberg Wants to End Online Anonymity: Free Speech or Real Names?]

Look, I’m not here to shill for Andy Smith. Andy and I have disagreed about things before, and while I make not comment on whether he is an Epic F***ing Secure Hero or not, he certainly is an internet security expert. His comments were informed and relevant and exposed the lack of policy integrity. I don’t know why politicians don’t take the time to think this through. They always reach for the same knee-jerk response: some sort of internet passport or driving licence so that you can tell who is posting abuse about government minister on The Daily Telegraph web site (hint: me).

if there was an Internet Driving License that you had to use to log in to web sites, that would almost certainly make the situation far worse, since these website would now know exactly who you are, and this information would then be freely obtained by perverts, the secret police, News International or whoever else wants to pry. Why is this better than anonymity (which doesn’t exist anyway – look what happened to the not-Anonymous-at-all hackers).

[From Let’s not panic about online identity]

Since I wrote this, incidentally, some pretty convincing evidence has come to light to support my view. South Korea has rescinded its “real names” law.

In 2007, South Korea temporarily mandated that all websites with over 100,000 viewers require real names, but scrapped it after it was found to be ineffective at cleaning up abusive and malicious comments (the policy reduced unwanted comments by an estimated .09%).

[From Surprisingly Good Evidence That Real Name Policies Fail To Improve Comments | TechCrunch]

In fact the results of the “real names” law were predictably perverse. Identity theft went up, because real identities were stolen from the thousands of web sites that now had to ask for them and store them. And since people became used to be asked for their real identity, it was easier for dodgy web sites to get them to hand them over!

if you make people smear their “real” identities all over the internet because of such a policy, thus delivering the “over–identification” noted above, then that will make identity theft worse.

[From Real names, real problems]

I fully expect The Honourable Edward Vaizey MP to begin drafting another law shortly. After all, if we are not allowed to mask our real  identities online, why should we be allowed to mask them offline either? In a country covered by CCTV cameras, it seems perverse that people should be allowed to, for example, wear masks of celebrities (or, indeed, anyone else) in public places. The steady advance of automated face recognition technology means an inevitable identity Chernobyl.

Any science fiction film that doesn’t show everyone wearing burkhas in public will look as dated as Soylent Green.

[From Never mind real names, what about real faces]

Look. I don’t mean to suggest that Ed and Helen are idiots. That’s clearly not true. But what I am suggesting is that we need a better-informed public discussion and debate to determine public policy and the balancing of interests between competing pressures needs to be made explicit. How should we determine whether Mumsnet or the EFF are right? In back rooms or in public consultation (by which I mean consultation in public, not with the public – I don’t really care what they think since they are almost completely uninformed).

We (the public) have no idea what we want. We want anonymity for Syrian dissidents but not for pedophiles. We want anonymity for hospital nurses blowing the whistle on incompetent surgeons but not for looters. We want anonymity for celebrities in some circumstances but not others. Most of all, and most paradoxically, we want the authorities to spy on other people but not on us.

[From We don’t know whether we want real names or not]

So what I want to know from the Honourable Edward Vaizey, Helen Goodman MP and the Cabinet Office is this: what is the policy, and what is the strategy to implement it? And if you’re short of an idea or two about a vision for online identity in the 21st century, why not put your feet up, get a cup of tea, and cop a load of this. The security vs. privacy balance is only for people who haven’t put any intellectual effort into this serious, important and urgent area of public policy. Joanna Geary sums up the situation very nicely in her “Comment is Free” piece today.

A Whitehall adviser has been slammed for telling people to make up data. But less anonymity doesn’t equal more security

[From Being wary of handing over personal details to websites isn’t ‘outrageous’ | Joanna Geary | Comment is free | guardian.co.uk]

Hear, as they say in Parliament, hear.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

One thought on “The battle of the internet security experts”

  1. Orleton@me.com' Erik Bloodaxe says:

    We’re *Oxonians” Dave. And some of us have a clue wink

    [Dave Birch] Clarification appreciated!

Leave a Reply

Your email address will not be published. Required fields are marked *