“Best Of” Cybersecurity Awareness: Privacy and Anonymity

Originally published at Daveknology.wordpress.com on May 6, 2014

Last week [May 1, 2014] the White House released a report on Big Data and privacy, with some important recommendations for improving the privacy of citizens. Today [May 6, 2014], a story reported by NPR describes the new package of Internet control laws in Russia. To quote from the story:

“One of the leading sponsors of the law, Irina Yarovaya, made it clear what lawmakers are aiming for — an end to anonymity on the Internet in Russia. “In principle, anonymity is always deception,” she said in an interview earlier this year.

Many people however seem to confuse or conflate privacy and anonymity, when in fact they are different, and each is important for our freedom and our continued ability to integrate the internet into our daily lives. So, I will argue three things: 1. privacy and anonymity are different. 2. You care about both of them. 3. There are different solutions to ensuring each, and it is important that we support both.

I like the simple functional definitions of privacy and anonymity: Anonymity refers to control over knowledge about the originator of information, while privacy refers to control over uses of information. To see how they are different, imagine one of those 2X2 grids that management consultants prefer, with privacy along the bottom, and anonymity up the side.

Good examples

In the lower left quadrant, things such as blogs or other media publications are both public and generally attributed. We use legal mechanisms such as HIPAA, FERPA or IRS laws to protect privacy of certain types of information in the lower right quadrant. These are cases where the information has to be linked to a single known person, but the public interest (for participation in health care, schooling or taxes) dictates that the information be held in confidence. The most interesting quadrant may be the upper left, where the use cases for public anonymity are less readily apparent. But, online voting is a good case (we need to know the results, but not how each individual voted), as is the ability to conduct dissident political speech (the activity the Russian laws seek to regulate). The upper right quadrant is least obvious, but examples such as the church confessional or the collection of human intelligence do embody both anonymity and privacy.

In this scheme, things can go wrong of course, and many of our issues in this domain represent mismatches between the perception and reality along these axes. People initially perceived and desired that their online web and commerce-related behaviors be private, and as the knowledge that these activities are in fact commercially-trafficked information has spread, we are now seeing the results a la the White House Big Data report. Part of the reasoning in the Supreme Court’s Citizens United ruling on campaign finance was that public knowledge about the source of campaign donations would be sufficient to counterbalance any messaging…until a loophole rendered that reasoning meaningless. And often the government case against anonymity is that it enables criminal behavior, although the prescription for eliminating anonymity would also eliminate many activities we consider important in our democracy.

Bad examples

So, privacy and anonymity are different, and many things we care about require them to be treated independently. Can we solve this problem? Clearly with privacy the answer is yes, we have lots of precedent as cited above, and it is merely a matter of political will to improve those protections.

For anonymity, the answer is much more ambiguous, since it requires both political will and technical solutions. The political will is exactly the realization and support for the notion that anonymity is important, an unnatural act for governments who want to know the sources of criticism, even in open democracies. The technical solutions today are basically Tor, which obfuscates the source of internet traffic, some small solutions in browsers to not track users or disable cookies, and so forth. Perhaps the transition to the production internet (IPv6) provides an opening for a new embedded approach to anonymization that could build it into the fabric of the network itself rather than requiring later bolt-ons.

In the end we need both privacy and anonymity, controlled by users, to allow the internet to live up to its ultimate promise.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s