Anonymity and privacy in the time of encryption

“What’s in a name?” is a recent publication from Demos (full disclosure: many moons ago I was a founding trustee of Demos but I haven’t had much contact with them of late).

The Demos authors did a great job describing the conceptual differences between privacy, anonymity and encryption. They also acknowledged the interconnectedness of these ideas. However, they then decided to press ahead with a discussion about anonymity without really engaging with that interconnectedness in any depth. That was a grave error.

It wasn’t the only problem. Here is a sentence from the summary that makes no sense.

“We examine two identity systems – those of the Government Digital Service’s ‘Verify’ program and Facebook.”

I went through the Verify process recently. Quite a palaver.  It took several days although, to be fair, that could have been due to a lockdown-related surge in demand. Whatever the explanation, it was impressive and thorough.

You can create a phoney email address in seconds then proceed to open an account with Facebook. You could “borrow” someone’s mobile phone for a few minutes or use a burner and you’re in.

Back in 2013 Facebook acknowledged it was “powerless” to stop under age users from joining their platform. Data suggested more than a third of 9-12 year olds in the UK had a profile with them despite the specified minimum age being 13. Globally for the same demographic it was thought the proportion was around 25%.

In the intervening 7 years while Facebook has declined in popularity with that cohort another Facebook owned brand, Instagram,  has taken over and the proportion of under 13s  on it is thought to be higher. How can anything which allows that to happen be  dignified by describing it as an “identity system”?

Facebook collects usage data to sell targeted ads based on behaviourally driven algorithms. It’s not complicated. The fact that you can use your Facebook login to connect with other online services and these other services accept that as a “credential” is absurd.  Lies built on lies again hardly qualifies as an “identity system”, much less one which can produce any kind of anonymity worthy of the name.

Liberal Democracies

Another major problem arises when the authors speak about “liberal democracies” as if these could be addressed as a distinct group of nations that can be held to uncontested  standards unique to “liberal democracies”.

Just read the “Declaration of the Independence of Cyberspace” Remember the kind of thinking reflected there remains widespread in and around Silicon Valley, including among the highest levels of leadership of Big Tech as well as their acolytes and wannabes. External pressures, let’s call them “defeats”, might cause them to have to give ground from time to time but the underlying values, outlook and orientation remain.

The Declaration makes no distinction between “liberal democracies” or any other kind of government. It does, however, chime neatly with Ronald Reagan’s famous quote from ten years before the Declaration appeared. In 1986 he said

“The nine most dangerous words in the English language are ‘I’m from the Government, and I’m here to help’ “. I imagine when Reagan said that he was speaking about the Federal Government of the USA not the Politburo of the Soviet Communist Party.

Big Tech is a world  inhabited by people who think the absence of restraint means the same as “freedom” or “liberty”.   It is a world where “permissionless innovation” has the status of a deity guarded by a priesthood who take their job seriously. However, the only recognisable religion these notions really fit with is buccaneering free market economics.

It’s quite a marketing trick to make your business’s financial interests appear to be synonymous with intoxicating words like “freedom” and “liberty”. If they buy it, and many do, you neatly recruit free speech and free expression advocates as your infantry, sometimes without even having to hand them a dime but there’s lots of dimes available if needed to bolster their forward march or rearguard actions.

The democratic stakes

According to The Economist Intelligence Unit’s 2019 Democracy Index, the UK ranks 14th in the world democracy stakes. We are classed as a “Full Democracy.” The problem is a great many of the  “Declarationists” would laugh at the faintest hint of the UK being thought of as a “full democracy”. Alternatively they wouldn’t care whether it is or not. These dudes live according to their own lights. Because they can.

The ideologically driven exponents of tech freedom and liberty, as well as the money driven ones, might grudgingly admit there were some differences between Oslo (No.1) and Pyongyang (164th) but would not allow these  much if any relevance in a discussion about policy for the internet because all governments are evil or tend towards evil. If they aren’t evil today they could be, probably will be, tomorrow.

So  they go ahead and use strong encryption.  They seek to popularise it and spread it around as much as possible. The Rule of Law is a cute idea but only if the laws and the way they are administered meet with the approval of the priesthood.  See above.

Against this background, discussing how one might remain  un-named  when commenting on the Government’s  latest blunder seems …… I was going to write “trivial”, but it’s not. The ability to be anonymous sometimes can be important. Yet somehow being anonymous in a toxic sea seems a lot less important than some would make it out to be.

Do we need  a cyber equivalent of car number plates? Or something else?

 

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International, Technical Adviser to the European NGO Alliance for Child Safety Online, which is administered by Save the Children Italy and an Advisory Council Member of Beyond Borders (Canada). Amongst other things John is or has been an Adviser to the United Nations, ITU, the European Union, the Council of Europe and European Union Agency for Network and Information Security and is a former Board Member of the UK Council for Child Internet Safety. He is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Default settings, Internet governance, Regulation, Self-regulation, Uncategorized and tagged . Bookmark the permalink.