About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« July 2009 | Main | September 2009 »

2 posts from August 2009

The right to moan

By Dave Birch posted Aug 28 2009 at 6:26 PM

[Dave Birch] I've been following a few discussions about online anonymity, triggered by a couple of stories about bloggers identities being disclosed for one reason or another. One of them was the ridiculous story about an outraged model.

Of course, pretty much no one would have seen such a blog if Cohen hadn't gone legal about it, claiming (with no proof) that she was losing jobs because of it (which seems difficult to believe).

[From Outed Blogger Plans To Sue Google; Skank Model Mess Gets Messier | Techdirt]

This what they call on the interweb the "Streisand effect", but of course in these knowing post-modern times it could all be a clever publicity stunt and the model is not being stupid by cynically wasting taxpayers money to attract attention. Anyway, the point is that this story got yet another discussion about internet anonymity going. The general tone of the discussions in the media appears to be the usual unthinking "if you've got nothing to hide...".

I take a different view. Most people do not have anonymity, it's a myth. If I log on to The Guardian's "Comment is Free" and post something about the destruction of the public finances under the name "General Wolfe of Quebec", I am not really acting anonymously because it is trivial (as the recent headline stories have proved) to determine the IP address that the post came from and then go to the ISP to get the account. So although the Internet seems anonymous to people who don't understand it (eg, models, politicians), it isn't. And it's not obvious whether that is good or bad. If you're trying to track down someone posting child pornography (the usual short-circuit for the argument) then it's bad, but if you're trying to complain about the treatment of political prisoners in your country, then it's good. And what's more, whether your blogging is anonymous or not depends on the technology, not on the constitution or the judiciary.

As Ben Laurie has so clearly pointed out, unless the connection layer is anonymous, nothing else matters.

[From Digital Identity Forum: Internet]

I think that at a minimum bloggers should have conditional anonymity: that is, they should be able to use a pseudonym that is only connected to them on the production of a court order. This cannot be achieved by depending on the service providers: even if they operate with good will,

Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease.

[From SSRN-Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization by Paul Ohm]

What this, I think, implies is that there will be blogging platforms that spring up in the US to operate under the provisions of protected free speech legislation and beyond the vagaries of UK libel laws and, over time, the most interesting and valuable blogs will migrate in that direction. Those platforms will provide authenticated pseudonymous identities (using, as I repeatedly wish for, 2FA OpenID or something similar) that are contingent on cryptography. How is the nurse going to blow the whistle on a drunk surgeon without pseudonymity?

Continue reading "The right to moan" »

No-one should think this stuff is easy

By Dave Birch posted Aug 25 2009 at 5:38 PM

[Dave Birch] I've repeatedly said that I want the laws of mathematics and physics to protect my personal data, not to rely on the laws of the UK (or anywhere else). This is for two reasons. For one thing, I'm not confident that the people making the laws know what they're doing (they tend to be lawyers and politicians rather than engineers or scientists). For another thing, there's no reason to expect that the cold, hard distinction between 1s and 0s that builds the virtual world is suitable to manage the ambiguities of the legal world. Thus, even if a law is set out correctly, that doesn't mean that it will never be replaced or altered in a perverse way. The oldest law still on the books in our United Kingdom is the Distress Act of 1267 (which outlawed private feuds, forcing people to go to court for redress in civil disputes) but not many laws have made it through eight centuries. Things change. But even if the law is right and on the books, that doesn't mean it will be interpreted as intended. At the eema European eIdentity conference, I noticed that the Chief Privacy Officer for the Department of Homeland Security referred to the US Privacy Act of 1974 as one of the inputs to their policy. But,

The Privacy Act of 1974—the law designed to protect your rights as the government collects, uses, and shares your data—fails to consistently protect of citizens’ privacy because circuit courts disagree on how to interpret its language.

[From PolicyBeta - Blog Archive - A Remedy for Every Wrong? Why We Need a Consistent Privacy Act]

This illustrates my point. My personal data should be protected by cryptography, not by the vagaries of judicial interpretation.

Continue reading "No-one should think this stuff is easy" »