The conversation about where to draw the line between privacy and security is as old as society itself. I didn’t mean to so forcefully insert myself into the middle of that debate when I wrote about a Microsoft executive ruminating on the possibility of driver’s licenses for the Internet. Alas, here I am. That original blog post is already one of the 15 most-read of all time on the Curious Capitalist (it warms my heart that the top post remains “What if oil weren’t priced in dollars?”), and I am being assailed up and down the Internet for backing what one commentator calls a “web ID system that would outstrip Communist Chinese style net censorship”—at times even being personally threatened.
And yet here I go again. More thoughts on driver’s licenses for the Internet.
First, a recap: about a week ago I attended a panel discussion entitled “Securing Cyberspace.” Panelists included the CEO of a company that routes about 20% of all Web traffic, the head of the U.N. agency for information technology, a U.S. Senator and member of the Committee on Homeland Security, the CEO of a Swiss company that does security work for digital media, and Microsoft’s head of research and strategy. It was the sort of group you’d expect to be sure-footed on a topic like cyber security, and yet the panelists were visibly on edge. Cyber attacks—whether from individual fraudsters, organized cyber gangs, or nation-states undertaking espionage—are getting exponentially worse, they said. Protection, let alone retaliation, is incredibly complicated by the fact that even moderately sophisticated attacks can be difficult to impossible to trace. Yes, computers have IP addresses but crooks don’t use their computers, they remotely hijack yours.
Since the baseline anonymity of the Internet provides refuge to so much criminal activity and spying, one way of starting to tackle those problems, suggested Microsoft bigwig Craig Mundie, would be to take away some of that anonymity. Hence driver’s licenses for the Internet.
As careful readers can tell you, I did not endorse driver’s licenses for the Internet. I think it’s a fascinating construct, but the idea as expressed by Mundie and repeated by me is not much more than a sound bite. Call me old-fashioned, but I like to know the details and logistics of an idea before I come out with a strong opinion about it. I’ve been trying to get back in touch with Mundie to have that conversation—to have it explained to me how, exactly, licensure keeps my home computer and bank account safe from cyber criminals while at the same time preserving my civil liberties (not to mention those of Iranian dissidents). Unfortunately, we haven’t been able to catch up with each other and the best I’ve been able to do is peruse this Microsoft white paper (PDF) about establishing trust on the Internet. It says some comforting things—e.g., “Any regime should not only seek to provide greater authentication to those that want to provide it or consume it, but also provide anonymity for those who wish to engage in anonymous activities”—but leaves me with plenty of questions.
To be clear, I’m not saying that more Internet transparency is necessarily a bad idea either. One of the most jarring moments at that panel came amid a discussion about the possibility of international cooperation in going after cyber threats. Some U.S. officials in the room pointed out that a large stumbling block to any such effort would be the U.S.’s own intelligence agencies, which have a vested interest in the Internet’s anonymity. As my colleague Mark Thompson recently wrote:
What U.S. officials don’t like to acknowledge is that the Pentagon is hard at work developing an offensive cyber capability of its own… The Air Force wants the ability to burrow into any computer system anywhere in the world “completely undetected.” It wants to slip computer code into a potential foe’s computer and let it sit there for years, “maintaining a ‘low and slow’ gathering paradigm” to thwart detection.
Internet anonymity helps enable free speech, that is true. But it also helps enable plenty of other things, like espionage and crime. We’ve long talked about how mass anonymity online breeds a lack of civility. The tech-review site Engadget recently had to turn off its comments because the tone had grown so “mean, ugly, pointless, and frankly threatening.” Cyber bullying is another example of what anonymity inculcates. Here is a story about some kids who have killed themselves as a result.
My point is simply this: the issue of anonymity on the Internet has many dimensions. That’s why I was floored by the almost entirely one-note, vitriolic response to my original post. Yes, a few voices presented other opinions. One commenter said that more accountability would help keep our children safer. Another pointed out the benefits to honest commerce.
But overall the reaction was much closer to emotional than to reasoned, perhaps an example of what Net pioneer-turned-worry-wart Jaron Lanier calls hive thinking. Contemplating the extent to which the Internet should remain anonymous is, to me, a fascinating endeavor. But maybe the anonymous Internet isn’t the place to do it.