Plato redux

accountable for their actions
This essay originally appeared in Wired:
http://www.wired.com/news/columns/0,70000-0.html

We live in a world where the police and the government are made up of
less-than-perfect individuals who can use personal information about
people, together with their enormous power, for imperfect purposes.
Anonymity protects all of us from the powerful by the simple measure of
not letting them get our personal information in the first place.

Anonymity and Accountability

In a recent essay, Kevin Kelly warns of the dangers of anonymity. It’s OK in small doses, he maintains, but too much of it is a problem: “(I)n every system that I have seen where anonymity becomes common, the system fails. The recent taint in the honor of Wikipedia stems from the extreme ease which anonymous declarations can be put into a very visible public record. Communities infected with anonymity will
either collapse, or shift the anonymous to pseudo-anonymous, as in eBay,
where you have a traceable identity behind an invented
nickname.”

Kelly has a point, but it comes out all wrong. Anonymous
systems are
inherently easier to abuse and harder to secure, as his eBay
example
illustrates. In an anonymous commerce system — where the buyer
does
not know who the seller is and vice versa — it’s easy for one to
cheat
the other. This cheating, even if only a minority engaged in it,
would
quickly erode confidence in the marketplace, and eBay would be out
of
business. The auction site’s solution was brilliant: a feedback
system
that attached an ongoing “reputation” to those anonymous user
names,

and made buyers and sellers accountable for their actions.

And that’s
precisely where Kelly makes his mistake. The problem isn’t
anonymity; it’s
accountability. If someone isn’t accountable, then
knowing his name doesn’t
help. If you have someone who is completely
anonymous, yet just as completely
accountable, then — heck, just call
him Fred.

History is filled with
bandits and pirates who amass reputations
without anyone knowing their real
names.

EBay’s feedback system doesn’t work because there’s a
traceable
identity behind that anonymous nickname. EBay’s feedback system
works
because each anonymous nickname comes with a record of
previous
transactions attached, and if someone cheats someone else
then
everybody knows it.

Similarly, Wikipedia’s veracity problems are
not a result of anonymous
authors adding fabrications to entries. They’re an
inherent property of
an information system with distributed accountability.
People think of
Wikipedia as an encyclopedia, but it’s not. We all trust
Britannica
entries to be correct because we know the reputation of that
company,
and by extension its editors and writers. On the other hand, we
all
should know that Wikipedia will contain a small amount of
false
information because no particular person is accountable for accuracy

and that would be true even if you could mouse over each sentence
and
see the name of the person who wrote it.

Historically,
accountability has been tied to identity, but there’s no
reason why it has to
be so. My name doesn’t have to be on my credit
card. I could have an
anonymous photo ID that proved I was of legal
drinking age. There’s no reason
for my e-mail address to be related to
my legal name.

This is what
Kelly calls pseudo-anonymity. In these systems, you hand
your identity to a
trusted third party that promises to respect your
anonymity to a limited
degree. For example, I have a credit card in
<!– D(["mb","another name from my credit-card company. It\'s tied to my account, but it allows me to remain anonymous to merchants I do business with. The security of pseudo-anonymity inherently depends on how trusted that "trusted third party" is. Depending on both local laws and how much they\'re respected, pseudo-anonymity can be broken by corporations, the police or the government. It can be broken by the police collecting a whole lot of information about you, or by ChoicePoint collecting billions of tiny pieces of information about everyone and then making correlations. Pseudo-anonymity is only limited anonymity. It\'s anonymity from those without power, and not from those with power. Remember that anon.penet.fi couldn\’t stay up in the face of government.

In a perfect world, we wouldn\’t need anonymity. It wouldn\’t be
necessary for commerce, since no one would ostracize or blackmail you
based on what you purchased. It wouldn\’t be necessary for internet
activities, because no one would blackmail or arrest you based on who
you corresponded with or what you read. It wouldn\’t be necessary for
AIDS patients, members of fringe political parties or people who call
suicide hotlines. Yes, criminals use anonymity, just like they use
everything else society has to offer. But the benefits of anonymity —
extensively discussed in an excellent essay by Gary T. Marx — far
outweigh the risks.

In Kelly\’s world — a perfect world — limited anonymity is enough
because the only people who would harm you are individuals who cannot
learn your identity, and not those in power who can.

We do not live in a perfect world. We live in a world where information
about our activities — even ones that are perfectly legal — can
easily be turned against us. Recent news reports have described a

another name from my credit-card company. It’s tied to my account, but
it
allows me to remain anonymous to merchants I do business with.

Th
e
security of pseudo-anonymity inherently depends on how trusted that
“trusted
third party” is. Depending on both local laws and how much
they’re respected,
pseudo-anonymity can be broken by corporations, the
police or the government.
It can be broken by the police collecting a
whole lot of information about
you, or by ChoicePoint collecting
billions of tiny pieces of information
about everyone and then making
correlations. Pseudo-anonymity is only limited
anonymity. It’s
anonymity from those without power, and not from those with
power.
Remember that
anon.penet.fi couldn’t stay up in
the face of government.

In a perfect world, we wouldn’t need anonymity.
It wouldn’t be
necessary for commerce, since no one would ostracize or
blackmail you
based on what you purchased. It wouldn’t be necessary for
internet
activities, because no one would blackmail or arrest you based on
who
you corresponded with or what you read. It wouldn’t be necessary
for
AIDS patients, members of fringe political parties or people who
call
suicide hotlines. Yes, criminals use anonymity, just like they
use
everything else society has to offer. But the benefits of anonymity

extensively discussed in an excellent essay by Gary T. Marx —
far
outweigh the risks.

In Kelly’s world — a perfect world — limited
anonymity is enough
because the only people who would harm you are
individuals who cannot
learn your identity, and not those in power who
can.

We do not live in a perfect world. We live in a world where
information
about our activities — even ones that are perfectly legal —
can
easily be turned against us. Recent news reports have described a
<!– D(["mb","student being hounded by his college because he said uncomplimentary things in his blog, corporations filing SLAPP lawsuits against people who criticize them, and people being profiled based on their political speech. We live in a world where the police and the government are made up of less-than-perfect individuals who can use personal information about people, together with their enormous power, for imperfect purposes. Anonymity protects all of us from the powerful by the simple measure of not letting them get our personal information in the first place. This essay originally appeared in Wired: <http://www.wired.com/news/columns/0,70000-0.html>

Kelly\’s original essay:
<
http://www.edge.org/q2006/q06_4.html>

Gary T. Marx on anonymity:
<http://web.mit.edu/gtmarx/www/anon.html>

** *** ***** ******* *********** *************

Cell Phone Companies and Security

This is a fascinating story of cell phone fraud, security, economics,
and externalities. Its moral is obvious, and demonstrates how economic
considerations drive security decisions. According to “The Globe and
Mail”:

“Susan Drummond was a customer of Rogers Wireless, a large Canadian
cell phone company. Her phone was cloned while she was on vacation,
and she got a $12,237.60 phone bill (her typical bill was $75). Rogers
maintains that there is nothing to be done, and that Drummond has to pay.”

Like all cell phone companies, Rogers has automatic fraud detection
student being hounded by his college because he said uncomplimentary
things
in his blog, corporations filing SLAPP lawsuits against people
who criticize
them, and people being profiled based on their political
speech.

We
live in a world where the police and the government are made up
of
less-than-perfect individuals who can use personal information
about
people, together with their enormous power, for imperfect
purposes.
Anonymity protects all of us from the powerful by the simple
measure of
not letting them get our personal information in the first
place.

This essay originally appeared in Wired:
<http://www.wired.com/news/columns/0,70000-0.html>

Kelly’s
original essay:
<http://www.edge.org/q2006/q06_4.html>

Gary T.
Marx on anonymity:
<http://web.mit.edu/gtmarx/www/anon.html>