From: Josh Kolsky <jmk2118@columbia.edu>
  To  : <cpc@emoglen.law.columbia.edu>
  Date: Thu, 30 Mar 2006 15:44:43 -0500

Re: [CPC] Paper 1: The Danger of Absolute Internet Anonymity

It sounds like "relative anonymity" is not a distinct regime as I
had supposed, but that there are various levels of anonymity less
than absolute.  However, I question whether we have to choose
between two extremes: absolute anonymity or no anonymity.  Although
my understanding of Internet technology is imperfect, I suspect we
could design the technology and regulation to approximate what I
consider to be the ideal situation: Internet users are anonymous to
other users but ultimately identifiable to authorities meeting
certain conditions.
- Josh


Quoting Kenneth Canfield <ksc2103@columbia.edu>:

>
> Josh Kolsky wrote:
>
> Thanks for the detailed reply!
>
> <snip>
> > Your paper makes a good point about the value of anonymity that
> I
> > missed in mine: "Those with controversial views can communicate
> > without worrying about the repercussions."  I think this can be
> > accomplished with relative anonymity, without the need to allow
> > absolute anonymity.
>
> I agree that empirically, this is accomplished in today's world.
> So if
> we currently have relative anonymity, then it seems you would be
> correct.  And while our current system is far from
> forced-identity
> disclosure, how anonymous is it really, at least for the average
> individual who doesn't go out of his way to take precautions to
> become
> anonymous?  I realize this is what you might view as a good
> thing, i.e.,
>  "relative anonymity" as opposed to "absolute anonymity."
> However, I
> want to question the extent to which it is really is any
> anonymity at
> all, relative or absolute, unless one intentionally seeks it out.
>  A lot
> of collection about us is going on behind our backs, much of
> which we've
> discussed in the class, and which returns us Eben's continuing
> concern
> with why it seems no one cares about privacy.  We (as a
> population)
> certainly act as if we have even absolute anonymity, and then a
> few
> unlucky people (sometimes we might say deservedly so, if they've
> committed crimes) realize they don't.  Perhaps we are in some
> sort of
> equilibrium where those who link our identities to our pseudonyms
> online
> don't do so (maybe for commercial reasons they'd rather keep any
> such
> knowledge to themselves, or maybe they don't have the time to
> bother),
> but I'd think it might be an unsteady equilibrium, in that a
> little
> legislation can lead to a lot of identity disclosure and a big
> loss of
> anonymity/apparent anonymity.
>
> Putting my playing devil's advocate aside, though, I can see your
> point
> that our relative anonymity/apparent anonymity has functioned
> well
> enough to encourage most people to speak freely.  (Some of those
> same
> people seem to speak freely when they are intentionally
> disclosing their
> own identities (e.g., facebook, myspace), but it seems that we've
> come
> to an agreement that at least some people speak more freely when
> they
> believe their speech is anonymous.)
>
> >
> > On the other hand, I do think attempts to combat false speech
> can be
> > legitimate.  Defamation serves no useful purpose and only
> threatens
> > the quality of debate, so I would support measures that require
> > users to be ultimately identifiable on the Internet (even if
> they
> > do use psuedonyms).  So, they would not be identifiable to
> other
> > Internet users, but they would be trackable through their IP
> > address.  The NJ law you cited is interesting.  I think someone
> or
>
> Putting aside the issue that an IP address I think identifies a
> computer, or perhaps even a computer cluster, rather than a
> specific
> user (which is a major issue against using IP addresses as
> identification that perhaps should not be so easily tossed
> aside), is it
> really the case that users can "not be identifiable to other
> Internet
> users" but "trackable through their IP address"?  For email and
> newsgroup postings, you can identify someone's IP address by
> viewing
> full headers.  I think if you are hosting a website you can get
> IP
> addresses of your visitors.  While knowing that 123.45.67.890
> emailed
> you last Wednesday, visited espn.com, and posted to
> rec.sport.baseball
> might still not tell you who 123.45.67.890 is, if in any case the
> individual (assuming there is an individual behind the IP
> address)
> reveals once herself, then all her communications are no longer
> anonymous -- to other Internet users, not just the government.
>
> Though going back to reality, while normal Internet users may
> occasionally check headers--I've seen it happen to identify
> trolls who
> change their handles in newsgroups)--I have not seen them used to
> link
> back to a real person, just to link handle2 to handle1.  So if in
> our
> current state we are to believe that the ISPs are capable of
> identifying
> us for government when necessary, and even though normal people
> may be
> able to in some circumstances, they don't, perhaps it's a balance
> that
> we can accept.  It again gives us the apparent anonymity that
> seems
> enough to make many people feel they can speak freely.  (Though
> one
> might still be concerned about the companies like Google and
> Amazon
> collecting data like crazy.  To combat someone with great
> resources like
> Google, Amazon, and others, apparent anonymity is not enough.
> But that
> takes us away from the topic of suppressing speech and back to
> the
> data-mining privacy discussions.)
>
> <snip>
>
> >
> > Perhaps one way to draw the line would be to say that users
> should
> > be able to remain anonymous so long as their speech is
> > constitutionally protected.  But speech without such
> protection,
> > defamation or extreme harassment, would lose its right to
> > anonymity.  In order to remove the shield of anonymity, we need
> > some way of identifying Internet users through IP addresses.
>
> I think it's difficult to create such a situation.  I believe we
> are
> either tracked or we aren't tracked; our IP addresses are
> collected or
> they are not collected.  If we are tracked, the question becomes
> how
> much we trust the tracker to only use the tracking information
> when
> there is a legitimate reason to, like defamation or extreme
> harassment.
>  My instinct is that if we are to favor one technical reality
> over the
> other, it should be the one where we are not tracked.  I think we
> are
> currently in the one where we are tracked, except for those who
> intentionally take themselves out of it, but people act for the
> most
> part as if we are untracked.
>
> >
> > I guess in the end, I don't believe that having one's IP
> address
> > recorded will really deter any valuable (i.e., protected)
> speech.
> > Maybe I'm wrong though.
>
> I think you are right, just as most people seem not to care at
> all about
> the data-mining privacy issues.  People seem to be talking now as
> if
> they have absolute anonymity even though don't.  Perhaps a few
> highly
> publicized cases can raise people's concerns and change things.
>
> -----------------------------------------------------------------
> Computers, Privacy, and the Constitution mailing list
>
>



-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list