Privacy and Anonymity

Last week the White House published a report on Big Data and privacy, with some important recommendations for improvements in privacy laws. Today, NPR ran a story on the new package of internet regulations in Russia. Quoting from that story:

“One of the leading sponsors of the law, Irina Yarovaya, made it clear what lawmakers are aiming for — an end to anonymity on the Internet in Russia. ‘In principle, anonymity is always deception,’ she said in an interview earlier this year.”

So how do we reconcile privacy and anonymity? Is one good and the other bad? I would argue that both are critical for our continued freedom and continued ability to trust (or, regain trust in) the internet to meet our expectations. To make this case we need to establish three things: 1. privacy and anonymity are different. 2. you care about both of them. 3. the technical solutions to providing both are different, and it is imperative that we implement both.

Let’s start with a simple definition: privacy relates to control over the uses of information. Anonymity refers to control over knowledge of the source or originator of information. We can use one of those 2X2 grids that management consultants love to highlight the distinction.

Good examples

In the lower left quadrant, things such as blogs or other media publications are both public and generally attributed. We use legal mechanisms such as HIPAA, FERPA or IRS laws to protect privacy of certain types of information in the lower right quadrant. These are cases where the information has to be linked to a single known person, but the public interest (for participation in health care, schooling or taxes) dictates that the information be held in confidence. The most interesting quadrant may be the upper left, where the use cases for public anonymity are less readily apparent. But, online voting is a good case (we need to know the results, but not how each individual voted), as is the ability to conduct dissident political speech (the activity the Russian laws seek to regulate). The upper right quadrant is least obvious, but examples such as the church confessional or the collection of human intelligence do embody both anonymity and privacy.

In this scheme, things can go wrong of course, and many of our issues in this domain represent mismatches between the perception and reality along these axes. People initially perceived and desired that their online web and commerce-related behaviors be private, and as the knowledge that these activities are in fact commercially-trafficked information has spread, we are now seeing the results a la the White House Big Data report. Part of the reasoning in the Supreme Court’s Citizens United ruling on campaign finance was that public knowledge about the source of campaign donations would be sufficient to counterbalance any messaging…until a loophole rendered that reasoning meaningless. And often the government case against anonymity is that it enables criminal behavior, although the prescription for eliminating anonymity would also eliminate many activities we consider important in our democracy.

Bad examples

So, privacy and anonymity are different, and many things we care about require them to be treated independently. Can we solve this problem? Clearly with privacy the answer is yes, we have lots of precedent as cited above, and it is merely a matter of political will to improve those protections.

For anonymity, the answer is much more ambiguous, since it requires both political will and technical solutions. The political will is exactly the realization and support for the notion that anonymity is important, an unnatural act for governments who want to know the sources of criticism, even in open democracies. The technical solutions today are basically Tor, which obfuscates the source of internet traffic, some small solutions in browsers to not track users or disable cookies, and so forth. Perhaps the transition to the production internet (IPv6) provides an opening for a new embedded approach to anonymization that could build it into the fabric of the network itself rather than requiring later bolt-ons.

In the end we need both privacy and anonymity, controlled by users, to allow the internet to live up to its ultimate promise.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s