February 19, 2010

Future of the Internet IV

Part 5: A review of responses to a tension pair about the future of anonymity online

The future of anonymous activity online

Will it be possible to be anonymous online or not by the end of the decade?

Respondents were asked to explain their choice and “share your view about the future of anonymous activity online by the year 2020.” What follows is a selection of the hundreds of written elaborations and some of the recurring themes in those answers:

The pressures for authentication of internet users are growing and many are legitimate. New methods to accomplish that are being explored but it is not yet clear which ones will prevail in the marketplace.

“The privacy and civil liberties battles over the next decade will increasingly focus on the growing demands for identity credentials. New systems for authentication will bring new problems as more identity information will create new opportunities for criminals. Identity management companies will also go bankrupt and try to sell off their primary asset — the biometric identifiers of their customers.” – Marc Rotenberg, executive director, Electronic Privacy Information Center

“We’re moving into an increasingly authenticated and permission-based world. We’ll be known to others as a condition of doing what we want to do. That may not be all bad news – we’ll get loyalty points, after all – but we’ll have to ensure that traditionally anonymous political speech and criticism is somehow protected. When it comes to commerce, anonymity is over.” — Susan Crawford, former member of President Obama’s National Economic Council, now on the law faculty at the University of Michigan

“Anonymity online will gradually become a lot like anonymity in the real world. When we encounter it, we’ll take a firm grip on our wallet and leave the neighborhood as soon as possible — unless we’re doing something we’re ashamed of.” – Stewart Baker, internet legal specialist at the law firm Steptoe & Johnson

“The routine and pervasive corporate and governmental surveillance, tracking and ‘proviling’ (profiling) systems that are already much too widespread are certain to continue and expand. Those who are in positions of power – both corporate and governmental – ALWAYS want to know ever-more about everyone. Additionally, the minority of wrong-doers and ‘net-abusers’ will continue to fuel the reasons – and lame excuses – for government to pursue evermore surveillance, and be more and more demanding in prohibiting anonymous activities. (Except of course, for protecting the privacy of their own members and powerful friends. ;-)” — Jim Warren, longtime tech entrepreneur and activist

“Given the amount of communications monitoring governments already do, we’re likely already past this point. There will still be ways for determined individuals and groups to hide online, but only in their own corners. The decade and a half-long territorialization of the internet by governments will continue unabated, and probably accelerate.” — Anthony Townsend, research director, Institute for the Future

“I fully expect the pressures from both business and governance sectors to result in the widespread adoption of more reliable authentication for digitally enabled transactions. I don’t limit ‘pressures’ to threats and demands, as there will also be benefits associated with reliable identification. Anonymity will increasingly be associated with ‘antisocial’ behavior, and it will be moved to the boundaries or fringes of the net.” — Oscar Gandy, emeritus professor, University of Pennsylvania

“We expect opposite trends in matters of identification and anonymity on the Net. On the one hand, as e-commerce, e-administration, e-democracy or e-learning grow (and we definitely think they will), robust and fool-proof identification systems will become more and more usual and even normal in everyday life. We will grow used to real identification in many places and will be happy to, as the user experience will benefit from it: more personalization in services, less hazard of being the victim of cybercrime, more efficiency in online transactions, etc. The rise of the e-portfolio (academic or professional, personal or institutional) will have its multiplier effect in requiring more formal and frequent online identification. On the other hand, better search engines (absolutely pervasive in their web scanning), augmented reality and the blurring of online and offline life, and more surveillance by governments and criminal organizations (and especially when both collude in corrupt or non-democratic regimes) will demand an increased need for anonymity just for the sake of personal security.” — Ismael Peña-Lopez, lecturer at the Open University of Catalonia, School of Law and Political Science

“The question confounds “authentication” with “identification”. There are few market forces that would increase formal authentication of user identity. But even though Internet users may retain the perception that they are anonymous (and other users may not know who they are) advertising-funded service providers have enormous motivation to identify users, and are rapidly instituting monitoring capabilities everywhere.” – Larry Masinter, Principal Scientist and standards advocate, Adobe Systems

“Poor security–whether we are talking about hacking a credit card company for use data or unauthorized access to real-time drone images in Afghanistan—is already a major problem, and as I see it, the only real solutions will be biometrics in some form. Fingerprint, DNA and/or retinal scanners could protect consumers and industry, and they would seem to be a must for countries engaged in technological warfare.” – Jack Hicks, professor, University of California-Irvine

The law and new regulations will give people some privacy protections even though they are required to disclose more. There will be a reasonable logic to sorting out what can be done anonymously and what requires authentication online. “Pseudonymity” will be available to people. Confidentiality and autonomy will be preserved and strengthened by then.

“Even the Wild West was tamed with laws, schools, and societal norms. So too the web.” – Tom Wolzien, longtime telecommunications analyst, Chairman, Wolzien LLC

“’It will be an archipelago of named users, who get a lot of value from participating in that part of the ecosystem, but still set in an ocean of anonymity.” — Clay Shirky, professor, Interactive Telecommunications Program, New York University

“Electronic identification systems will be more routinely built in to online programs and services. Relevant policies and regulations will be developed to help preserve user privacy when needed. These identification systems will make it easier for users to make secure purchases, access information and services, archive data, and participate in proprietary online systems. It will also make it easier to monitor and protect users from electronic predators and rip-off artists who like to operate in the dark. Unfortunately, there will also likely be some loss of privacy with the growth of these built-in electronic identification systems, but I believe the potential benefits of these systems will outweigh the detriments.” – Gary Kreps, Chair of Department of Communications, George Mason University

“Authentication systems will be more prevalent to overcome security problems for activities that require identification. For many purposes, however, there will be no need to identify people and companies will have no interest in knowing individuals’ identities.” — Tom Lenard, President, Technology Policy Institute

“We still lack means by which an individual can selectively and gracefully shift from fully to partially anonymous, and from unidentified to identified — yet in ways that can be controlled and minimized (or maximized) as much as the individual (and others with which he or she interacts) permit. In fact, we’re a long way off. The main reason is that most of the “identity systems” we know put control on the side of sellers, governments, and other institutions, and not with the individual. In time systems that give users control will be developed. These will be native to users and not provided only by large organizations (such as Microsoft, Google or the government).” — Doc Searls, co-author of “The Cluetrain Manifesto”

“I think the choice is less one between anonymity and eponymity, but between anonymity and pseudonymity. I can’t see the pipe dreams of law enforcement agencies – taken to the extreme, biometrics in every device – come true any more than I can see users accept the intrusive copyright protection mechanisms which the music and movie industries would like to implement. Other than for law enforcement hardliners, the challenge is not to tie every online activity to a specific identified user, but simply to verify that the activity is carried out by (or at least on behalf of) an actual human being rather than by a spambot or other malicious and disruptive entity – and for this, verified pseudonymity is sufficient. This is where OpenID and similar verification systems come in, of course – and I think we’ll see increasing standardisation here. To require eponymity for all Internet activity ends up squeezing the life out of the Net, to allow unverified anonymity allows it to be overwhelmed with spam and identity theft – the only workable middle way is reliable, verifiable pseudonymity.” — Axel Bruns, Associate Professor, Queensland University of Technology

“The key here is ‘publicly disclosing’ — that is, folks can maintain anonymity in the basic sense, but there will be more technical ways to identify the user, even by associations and patterns as well as IP. That is, folks will continue to be able to choose to post things anonymously — more accurately, via pseudonym, where they have an ongoing identity, but not their identifiable real self — but there will also be more systems requiring identification.” Ron Rice, University of California, Santa Barbara

“Again I don’t totally agree with this point. Anonymity is important and will remain so for public involvement and participation. We will find ways to keep this balance between the need for anonymity in public settings and identifying ourselves in settings where it is critical to know who you are dealing with. Ironically, users themselves may well demand more and more that people identify who they are and authenticate. They often feel their privacy is threatened by people they don’t know who somehow ‘know them.” — Link Hoewing, Vice President, Information Technology, Verizon Communications

“There is a difference between anonymity to the state and anonymity to others. Not all information systems will be completely open and interoperable. Thus, people will still be able to post in one forum without it necessarily leaking to all forums, common on one blog without it leaking to other blogs. The state may be able to track the IPs of individuals on the network, but the average person will not be able to completely stalk or track another person. I think that confidentiality on the Internet is far more significant than anonymity. Who has -access- to what data is a far more important concern to me than whether data can be tied to an individual. For example, banking will never be anonymous, but it should stay confidential.” — Bernie Hogan, Oxford Internet Institute

“Anonymity will continue to have its place; that is the architecture of the web and it will be difficult to change that. Nonetheless, I believe that verified identity will come to be seen as an added value in transactions (including conversations) and as a way to recognize more value (reward in financial or ego terms).” — Jeff Jarvis, prominent blogger, professor, City University of New York Graduate School of Journalism

“The 3D mobile media cloud will be a safe cloud, not the bizarre unsafe mess that today’s computing and emailing is. Anonymity as such will be reduced, and we will have something new as well: partial anonymity, using partial identities. This means: I stay anonymous, but I hand out a trusted and checked piece of information, stating e.g. that I am a male, or that I am under 18, or both.” — Marcel Bullinga, Dutch Futurist at futurecheck.com

“We’ll see a wide range of online identity options, from anonymity, to different levels of reasonably verified identity. Whistleblowers, for example, need anonymity. Public discussion boards need some modest level of verified identity, whereas home banking needs strong authentication.” — Craig Newmark, founder Craig’s List

With some extra work, though, users will still be able to move around online without being known. There are still good reasons for people to want to be anonymous online.

“Identity and attribution will be important in many specific contexts, and non-anonymous enclaves may emerge to support that. Domains that do support anonymity, and anonymous modes, with perhaps limited functionality, will exist. Continuous exhortation to have such capability or related innovation may be the keys.” Marjory S. Blumenthal, former director, Computer Science and Telecommunications Board

“The form of this question assumes that today, users can act without revealing their identity. This is an illusion. One has to work quite hard today to be truly anonymous. I think that ability will persist, but we will come to understand that the default expectation should be that folks know who we are.” – David Clark, senior research scientist for the Next-Generation Internet, MIT professor

“Online anonymity is under threat and is unlikely to remain substantially the same in the next decade. While there are excellent, compelling reasons to ensure that anonymous speech is possible on the internet, there’s a concerted effort to eliminate anonymity to address concerns about criminal behavior, fraud, spam and terrorism. Because there’s not an organized anonymity lobby, I fear this is a battle the anonymous will lose.” – Ethan Zuckerman, Global Voices

There are still sufficient “workarounds” that will allow people some measure of anonymity. The “semantic web” will help.

“The two alternatives really don’t work. Anonymity from the government or people with power will be hard. ‘Public’ anonymity will be easy, with screen names.” — Esther Dyson, longtime Internet expert and investor

“Emerging Semantic Web technologies may actually IMPROVE privacy by making it easier for people to control and protect sensitive personal information. Right now, your choice is simple: if you don’t want strangers to see pictures of your kids, don’t put them on Flickr. But imagine a more intelligent system that lets you control who sees what, depending on who they are, what their relationship is to you, and what it is they want to see. So, only your friends or family members can see those pictures. More to the point, a more intelligent Semantic Web will understand the sensitive nature of that information and work to protect it.” – Chris Marriott, Vice President, interactive marketing services, Acxiom Corporation

The rise of social media and all the personal disclosures that go along with online contributions are as much a challenge to anonymity as particular authentication requirements. New online amateur forensics trackers can hunt down people with relative ease. There will also be reasons people will want to disclose information about themselves in order to manage their reputations. A culture of “information responsibility” will emerge.

“By 2020, it will be MUCH harder for people to remain anonymous online, but that won’t necessarily be due to tightened systems of identification. The loss of easy anonymity is more likely to result from increased accessibility to and wider use of improved tools for amateur forensic-style tracking of individuals. For better or for worse, privacy is going by the wayside. – Mike Treder, managing director, Institute for Ethics and Emerging Technologies

“By 2020 online anonymity will be largely a thing of the past, but not because people have been forced into disclosing their identity by pervasive authentication technologies. Indeed, there will be a strong and substantial reaction against being required to prove who we are in order to read a book, watch a movie or buy a cup of coffee (much less should criticisms at the government). Opportunities, technologies, and legal license will continue to protect anonymity. However, many people will in most circumstances elect to assert their identity in order to protect their own interests. Online banking, personal websites and social networks, etc., require that a person protect his or her identity. Where authentication is voluntary, and clearly in the client’s interests, and non-pervasive, people will gladly accept the constraints. Just as they accept the constraint of using keys to lock the car and house door but have the prerogative to, if they wish, leave either unlocked.” — Stephen Downes, National Research Council, Canada

“The tension will continue and this one is more difficult. But online individuals will become more sophisticated, and thus more skilled in information management. A culture of information responsibility will grow where mismanagement of personal information will be a greater violation of cultural norms. Individuals will be empowered to challenge failed information management because historical errors will give cultural reference of the importance of proper information management.” — Robert Cannon, senior counsel for internet law at Federal Communications Commission

“I’m with Bruce Schneier on this one. The issue is less about anonymity, it’s about accountability. Even avatars will have reputations. There will be some things that require a person’s ‘name’ to be declared and validated, where the name could even be the last legal record in a series of deed polls. What is far more important is the accountability. That a person ‘identifiable’ by some pattern (the simplest form of which is the avatar of choice) has his/her actions associated with the avatar, an audit trail as it were; that the reputational feedback loops are also associated with that avatar; that preferences and similar elected characteristics are published by choice, while profiles and behavioural data are published as the norm.” – JP Rangaswami, Chief Scientist at BT and chair of Ribbit

“The right question has to do with maintaining autonomy, not anonymity. The way that the Internet treats identity must and will change. But, if the trust that makes the Internet serve our needs is to continue, then the users must own their identity outright. My identity is not your commodity. I must be able to tell my own story. This badly needs to be built into IP, and the phrase now used to describe the design problem, “user-centric digital identity,” is hideous!” – Garth Graham, Board Member, Telecommunities Canada

“I absolutely believe that online anonymity will be relatively rare in 2020. Not necessarily because of bio-markers or scans, but because models of data analysis will generate new fingerprints – ones behavioral in nature. I believe that a company like Google, that has access to a wide swath of behavioral data – search logs, email traffic, and web visits across many domains – can actually create a new ‘type’ of fingerprint, a data fingerprint. As a result of these new forms of identification, online anonymity will be severely curtailed.” — Fred Stutzman, School of Information and Library Science, University of North Carolina-Chapel Hill

Users are not really tuned in to debates about privacy and anonymity and their indifference will allow others to set the policies.

“Global trends are pointing more toward the former than the latter. However where we ultimately end up is not fixed. It depends on whether we pay attention and act. If we want the second option to become true, there is still time to make it so if we get off our behinds and lobby governments and global technical standards bodies, and push the services and platforms we use to make anonymity possible. Right now however the public is paying insufficient attention to these issues and a combination of law enforcement and advertising-driven business is carrying us blindly toward the former.” — Rebecca MacKinnon, Princeton Center for Information Technology Policy

Challenges to privacy come from different directions in different places. In democracies and advanced industrial nations, businesses demand to know who you are. In authoritarian regimes, the government wants to know.

“The battle over online anonymity is much like the tug-of-war between large copyright holders and online ‘pirates.’ It’ll never end. Several kinds of people feel they have too much at stake to let other people hide online: besides movie studios and record labels, that would include law enforcement officials, national security agencies and marketers of all descriptions. At least some of the time, bad behavior (or suspected bad behavior) will trump any rationale for hiding identities. On the flip side, many of us actually want to be tracked down online so we can give up enough privacy to be sold things that are just right for us. Digital technologies keep the game in motion. As soon as one side builds a better mousetrap, the other side will hack it and the cycle starts again. Ironically, I think anonymity will remain just as endangered in free-market democracies as in authoritarian regimes. That’s because in countries like Canada and the United States, we take it for granted that the State will not attempt to harm us or curtail our freedoms, online or offline – to say nothing of knee-jerk reactions to widely feared activities like terrorism. As for the marketers, they have a double advantage in using or circumventing ID systems. First, free-market economies are very forgiving of intrusive behaviors, if they can be construed as promoting growth or innovation. Second, and most importantly, the right to anonymity is a privilege of sophisticated and attentive citizens. The evidence may show otherwise, but I suspect that millions of mainstream onliners are too baffled or careless to remain vigilant about their privacy. Simply keeping up with the ever-changing rules on social networking platforms like Facebook is a task most people appear unwilling to take on.” — David Ellis, York University, Toronto

Final thought: The online world mirrors the offline world – and always will.

“Choice about whether or not to divulge personal information will not be substantially different from the physical world. One does not have to divulge one’s name to look in a store, but of course the store will want to know how they are to get paid. Nor does a newspaper (or website) have to publish content from unknown/unverifiable sources. And yes, there will be graffiti online as well as on walls. Why would one think it will be different – unless, of course both the physical world and the online worlds move in that direction in tandem because of other shared imperatives.” – Heywood Sloane, Managing Director, Bank Insurance & Securities Association