Sunday, January 22, 2006

Anonymity versus Liability

The internet offers many options to be anonymous. You can post anonymously to a blog. You can get yourself a Hotmail or Yahoo email account with some random name and send emails to whomever you want, and these emails will not contain information that says who you are. You can get free hosting and start a whole website without having to say who you are! In all these cases, the illusion of anonymity is only skin-deep, however. The server logs of any of these services will remember what computer accessed these services when all these things were done. They will at the very least remember your ISP, and then your ISP may or may not rat you out when asked (again highlighting the important of reading that privacy policy). So you're never really anonymous.

It used to be that many public computer networks - in public libraries, airports, coffee shops, and "free-wireless" places - could be accessed without any self-identifying information required. Now, though, most of them do log who used what computer when.

I think this is great. I think the only reason why you would ever want anonymity online is if you were up to no good, if you were doing you knew to be illegal or at least motivated by illegitimate and/or malicious purposes. If you and your actions have Right and/or the Law on your side, why would you want anonymity? A common theme in this blog will be "only the guilty have anything to hide".

I do accept that "free speech", protected by the first amendment of the US constitution, is a right, and might include the right to anonymous speech. However, I do not see why it is expected that people/institutions who have servers and sell (or give away) internet access ought to allow anonymous access. Many websites do not allow certain language, or the discussion of certain topics. Does that infring on the right to "free speech"? Many email providers (like Hotmail and Yahoo mail) limit the number of emails you can send in one day. Does that infring on the right to "free speech"? In other words, you cannot "speak freely" wherever the heck you want. A company who provides access to the internet has the right to demand that you not speak quite freely while using their services, by restricting your vocabulary, the subjects mentioned, or your ability to be anonymous. Sure, they may choose to allow you to be anonymous when you access the internet, if they feel that choice will bring in more users or something, but it is a choice.

Most importantly, I believe that if something wrong is done online, someone must be liable. I believe the ability to identify the person who did something wrong, or the computer from which the wrong thing was done, is important. Who sent all this spam? Who shared this copyrighted content? Who revealed this secret? Who is looking to make, distribute, or acquire child pornography? Who made these libelious statements? If a provider (be it a library, a cafe, or a wireless spot) allows users to be anonymous and the users do these things, is the provider liable?

I like the United Stated better than Brazil (where I was born and grew up) for a few reasons. The main one is that, when you do something wrong in the US, you are liable. You are responsible for the consequences of your actions. If something bad happens, someone is at fault and has to pay, usually. This to me is a sign of a highly civilized society: It's hard to get away with malicious stuff. In Brazil, anyone can get awya with all kinds of terrible things, and many people regularly do. Law enforcement is a joke, the police is corrupt, there is usually no hope of catching someone who committed a crime against you. Things are better in the US - it is harder to commit a crime and get away with it, and most importantly, there are few if any wrong things you can do and expect to get away with them. (As you may guess, I am also a fan of security cameras, and I think the UK is even more civilized than the US when it comes to a variety of things).

For example, take a look at the comments aboutthis blog post by Mark Evans (featured in SearchEngineWatch. The post is about Google sponsoring (i.e. "slowly taking over", probably) some wireless networks in parks in New York. People's comments emphasize their preference - rather, their expectation - for the ability to use these networks truly anonymously. A prime example of over-the-top "what I do is private, even if I do it through servers belonging to 3 different companies, and for free" thinking:

The last time I checked, the Bryant Park free wireless... put the public's interest first. They gave... truly anonymous access. You read the access policy, which states clearly that they intend to offer anonymous access because they think this serves a civic need. You click agree. That's it. No email registration or tracking or anything (unlike comments on this blog site).

If Google's sponsorship has somehow given them any kind of power over the network, then I'd much rather the NYC city taxes that I pay support this network and keep it free and anonymous, than have Google's Central Committee roll out their shady data mining activities and notoriously non-transparent governance. The City needs Bryant Park wireless as-is to prove irrefutably again and again what is possible. Pundits and planners continually assert that anonymous Internet access is impossible, but so far we can point to Bryant Park which has been running quite well since 2001 to show that yes, free anonymous speech on the Internet is sustainable. I, for one, value it greatly and consider it an important part of what our city stands for.


In the near future, I plan on dedicating a post to why Google's data mining is probably not evil (something especially relevant given the recent controversy over the Child-Online-Protection-Act-related subpoena). For now, I just want to say that the above comment does a great job at illustrating how many people

-think that anonymous internet access is a right,

-think Google's data mining is evil

These people are worried they will no longer be able to use the internet without being traced. Much more worrisome is the fact that over 5% of registered domains have phony information about the domain owners. From Slashdot:

According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. The report also found that measures to improve information about domain owners were not proving effective...

The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many whois sites on the net. The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields.


Now THAT is worrisome. Can you own a house or operate a business anonymously? No. Then why can you own and operate a domain anonymously?

Anonymous speech may be a right. But if I don't want it on my website or running through my server, can you blame me? Am I doing something fundamentally wrong by not allowing it on the computers I pay to operate? If something bad is done through these computers, the authorities will be knocking on my door, and they would get rightfully mad if I was not able to tell them who said what, who did what. It would be irresponsible of me, and would be a big inconvenience. I would almost say "Props to those providers who accept this risk and allow their users to speak anonymously", except these providers are opening the door to all kinds of mischief. Only the guilty have reason to hide behind the wall of anonymity.

(I bet all comments made to this post will be anonymous. Yeah, yeah, you show him!)

Have a good rest-of-the-weekend,

Bernardo

2 Comments:

Blogger Brian said...

Bernardo,

I agree with your conclusions, but not necessarily with your reasoning. People do talk about privacy as a right, regardless of who's systems they're using, who they're transacting with, or what they're doing. This is misguided and, in many cases, doesn't even reflect their behaviors once they're online (how many people complain about Google's data mining, for instance, but use their search engine - and implicitly its data mining technology - on a regular basis).

That being said, I don't think it logically follows that "only the guilty have something to hide." If I'm conducting a transaction with a party that says they will safeguard my privacy, then I expect them to honor that claim to the best of their abilities. I can envisage several scenarios where innocent people may only use a service if they receive a guarantee (not by right or by government decree, but by agreement with the other party) that they are acting in private.

9:25 PM  
Anonymous Bernardo said...

You're right. "Only the guilty have something to hide" does not logically follow. It's just something I think is true a lot of the time, and a thought that deserves a lot more attention (even if just because it causes people to think about when it is that they REALLY have a RIGHT to privacy, and when they just expect it for no real good reason).

And yes, the promise of privacy may and often does make a service more attractive. My problem is that people sometimes see that promise when it is not there, or expect they have a RIGHT to this kind of promise.

1:14 AM  

Post a Comment

<< Home