On anonymity and the Internet

I read a story recently that claimed that protecting the anonimity of users of the Internet could no longer be justified - anonimity, it said, is just too dangerous. It cited the numerous cases of armies of remote PCs that have been over via viruses and turned to nefarious uses. Following its logic, to protect the innocent anonimity must be tossed to the wind and all internet addresses and hence all packets on the big bad Internets (yes, both of them - see link) could be tracked down to a verified identity, presumably to bring the full force of law and economic retribution to them in return for any errant behaviour. I guess the idea is that when you no longer have anonymity you'll no longer do something irresponsible like launching a virus, spaming millions of AOL users, infringing copyrights by sharing movies and MP3s, or maybe ratting out your employer or government for selling drugs that kill people (I wonder how many people died from government approved legitimate drugs last year vs. illegal ones?)

In general I have to say I'm actually, shock horror, in favour of this - but there are caveats. What should happen is a great big schism of the Internet into the Anonynet and the Identinet to deliver an Internet with guaranteed anonymity and one with guaranteed identity. It should have been built into IPv6 (perhaps it was, its been about six years since I last read a book on IPv6 but I don't recall anything other than encryption and quality of service being builtin) but really I don't see why it can't be handily layered on top as an afterthought.

Here's how it works - on the Anonynet all packets are anonymous - its not an option, its an inherent feature. You can voluntarily tell someone on the Anonynet who you are, but even then there is no way to prove or disprove that fact based on the Anonynet protocols. Basically the Anonynet becomes the true "Wild West" style Internet that we briefly had after it broke free from the DoD and before the government and its cabal of identity busting media corporations got interested in it. Users of the Anonynet will intereact with each other based on trust - the generally supposition is that incoming packets from it are armed and dangerous, and that they can be responded to in like kind.

Over on the Identinet all packets will come from an inherently identified source - a truple of user, software agent, hardware device. The user and the vendors of the software agent and hardware will be legally responsible for packets originating from that tuple. Various protocols will be available, most likely based on existing privacy protocols, that would allow the user to give up information about their true name, age, geographic location etc. as they see fit. Those same protocols could be used on the Anonynet, however the difference is that on the Identinet such information could be inherently verifiable i.e. there would be no way to fake a packet from someone else.

So what happens then is all the hard-core (no, I'm not talking about pr0n hard-core) Internet users who know what they are doing connect to the Anonynet and establish identity as needed based on trust and whatever protocols they choose to use. Sure their IP address gets to deal with all kinds of random inbound junk packets, and they put up a firewall just like anyone does now. But at least they know what they are getting into and they do not expect to ever persecute the senders, just as they do not expect to be persecuted themselves. Can anything useful be done on the Anonynet? Well I think you'd be surprised - probably a great deal of the "underbelly" of current Internet activities would voluntarily migrate over to it and do whatever underbelly denizens do.

Quite likely some very rich flora and fauna would evolve there, but considering all concerned connecting to it are voluntarily accepting anonymity then that's up to them. Its the equivalent of saying "if you don't like X-Y and Z shows on TV then don't watch them!" - by giving such users, content and what have you a legitimate place to go you can preserve free speech, anonymity and a lot of good things while create a safe playground for those who are inherently distrustful of everyone and everything.

Joe Public only gets onto the Identinet and voluntarily plays by its rules, and interacts with identifiable entities to buy beer, pizza and lottery tickets, sell their baseball cards and chotskies, and gossip with their colleages about last nights episode of Survivor. Kiddies are legally (by not physically) protected from harmful content because they lack the identity credentials to access it legally and governments will be able to enforce a "border patrol" that prevents access to nodes outside of its geographic locations based on whatever credentials it deems fit. Access to the anonynet by minors or even those of the age of majority may well be made illegal in some countries - as it pretty much is in many countries now anyway. The existance of the Identinet will make it much easier for some governments to do better than wholesale banning of Internet access, or ineffectual filtering of content based on some arbitrary set of filters. Entities will be able to use the identity protocols to establish the geographic location of clients they are interacting with and apply their own filtering and access control at source.

So the Identinet will become sanitized and full of bureacracy and government control by laws and such, but really I'm afraid that is something that governments need and will get one way or the other eventually. Stuff like Sender ID for email will be trivial to implement - users will be able to have spam free email by blocking senders based on identity or other criteria they choose to establish. Maybe they wont accept email from anyone they don't already know, maybe they wont accept email from anyone outside of their country, maybe they will only accept personal email vs. that originating from a business entity etc. etc. The same applies to hits on your website and such - you can filter inbound traffic by identity and web surfers can filter what content they see based on the criteria used by websites to serve it. I.e. a parent could say "If this website doesn't filter users by age I wont let any minor on this machine see it", and a school could say "If this website doesn't restrict its access to only academic users then I wont allow students on this machine to see it". By opening up the identity protocols all kinds of cliquey subcultures could be formed on the Identinet - all the X-ist Extremists could self identify and for their own subnets restricted to outsiders. However within that clique identity would be assured.

Over on the Anonynet the same kind of "identity subnetting" could occur but identity would be based on trust and external identity systems not inherently part of the network layer protocols. Its like the difference between encrypting your email with something like PGP and sending it vs. sending plaintext over an inherently encrypted connection. Some people will actually prefer the former over the latter since they can control what tools they use to do the encryption but may not necessarily be able to choose the encryption of the underlying layers.

Personally I think that guarantees of anonymity and identity are equally important and that the two are not mutually exclusive on the Internet. A good number of corporations and governments would like their customers and citizens to believe they cannot have identity without losing anonymity and cannot presrve anonymity without losing all hopes of identity. This is convenient for them - they can collect information on you and correlate it to your spending habits or your reading habits (etc. etc. - insert your worst fears of being spied on here).

In one narrow area - financial transactions - this assertion was long ago proved demonstrably false. Anonymous yet verifiable and non-repudiatable transactions can be carried out using modern encryption techniques. So A can sell to B, be guaranteed payment because neither party can refute it entered into the transaction, and neither A nor B has to know each other. If it can work for financial transactions then I don't see why it can't work for all transactions of information too. Unfortunately for proponents of such anonymous transaction systems they are fighting governments desire to have cash disappear. For them the sooner the relative anonymity of cash goes away the better. When every penny spent in their economy goes through a "trusted" third party which is a bank (that's exactly what happens when you use your credit card, check book or debit card) the better. Remember that without the anonymity of cash most black markets would be forced to rely on barter. Drug dealers would have to trade hard goods for all transactions, more to the point since they couldn't spend any money without leaving a paper trail for the IRS and FBI they would also have to get all their wants and needs via barter. No more stuffing a roll of 20's down your pants when you have to barter CDs, gas, and groceeries on the street. You'll even have to persuade some of your clientel to pay your rent and electricity bill for you since there will be no wondering into PG&E with cash either. How is that going to work? Lets face it, in the absence of a State provided legal tender the black market will mint its own - the black dollar - and possessing it will be a high crime.

So remember, when you give up anonymity on the Internet under the guise of protecting yourself or your kids you give up a whole lot more. Although I've outlined a few bad things that will go away or at least become almost impossible to transact effectively, there is naturally a whole laundry list of good stuff that will go away. Indeed the Supreme Court in its wisdom has determined that the First Amendment protects peoples right to associate and comminicate anonymously. So far, many courts have agreed that the Internet is no different - even the RIAA was slapped down by the Supreme Court when it tried to claim the DMCA gave it the right to reveal identities before a case of copyright had been proved.

While I believe that the Anonynet is technically feasible, and that useful transactions and interactions can take place on it, I also think that in the USA at least such a network would be deemed prohibited by the constitution since it would also prevent prosecution of non-First Amendment protected speech. That's an interesting problem, but I think just like P2P, the harder the screws come down on preventing free association and speech, the more likely such a clandestine "alternet" is to be created layered on top of whatever communications networks are available. Its only a matter of time (if it hasn't already happened) before tools become widely available to make it easy to participate via radio, telephony, steganographic message interchange etc. etc.

For instance, did you ever notice those random strings of text at the end of spam designed to defeat spam filters? What if those weren't actually random at all... what if hackers the world over are already accessing and distributing MP3 files via fake spam?

Where there is speech, freedom will find a way...