The Misconception that Internet Privacy Equals Anonymity Must be Dispelled if Cyberspace is to be a Secure and Safe Place…
In July 2014, a bill sponsored by Senator Dianne Feinstein of California, S.2588 – The Cybersecurity Information Sharing Act of 2014, was placed on the Senate’s legislative calendar. S.2588 requires that a number of Federal agencies, including the Office of the Director of National Intelligence and the Departments of Homeland Security (DHS), Defense and Justice develop procedures for the real-time sharing of classified and unclassified cyber threat indicators with private entities as well as non-federal government agencies and state, tribal, or local governments and also provides for making unclassified indicators publicly available.
S.2588 is in good company. A bill from the House of Representatives, sponsored by Representative Michael McCaul of Texas, H.R. 3696 – The National Cybersecurity and Critical Infrastructure Protection Act of 2014, requires the Secretary of Homeland Security to, among other things, share cyber situational awareness among federal entities and to ensure that DHS policies and procedures enable private sector critical infrastructure owners and operators to receive appropriate and timely cyber threat information. Additionally, the bill includes language specifying that the legislation does not provide DHS with any new regulatory authority.
There aren’t many who would argue that information sharing with respect to the looming, and growing, cyber threat is a good thing. Shared situational awareness has the benefit of amplifying the effects of mitigation efforts and may allow many targets to avoid the impact of the threat entirely. So why are these two bills stalled in the legislature?
Part of the answer can be found in communications from constituents and organizations opposing the bills. A few notable quotes:
“The collection of data and potential prosecution of civilians would bolster the distrust and resentment of the American people towards their government.” (Source)
“You won’t like what happens if you try to ruin our open and free Internet… You’re here to govern the United States from your district as elected, the Internet isn’t yours to regulate.” (Source)
“CISA presents many of the same problems as the failed Cybersecurity Information Sharing and Protection Act (CISPA) of 2012, which contained significant privacy concerns and other shortcomings. Privacy experts have pointed out how CISA would damage the privacy and civil liberties of users. Language in CISA, like CISPA, enables the automatic and simultaneous transfer of cybersecurity information to U.S. intelligence agencies like the National Security Agency.” (Source)
In a nutshell, there’s strong, bipartisan grassroots opposition to the idea of the Federal government collecting and disseminating data in an effort to enhance cybersecurity. Much, if not most, of this opposition stems from concerns about privacy and its protection. It’s both easy and tempting to jump on this bandwagon.
Unfortunately, many of the privacy grievances stem from the frequent conflation of privacy with anonymity. The two are qualitatively, and legally, different, but confusion about this likely comes from the Internet’s original architecture, which placed great value on the reliability and robustness of communications, but less emphasis on identity management and security. As a result, we are living under the mythos of entitled anonymous Internet communication and activity.
Privacy, according to the Merriam-Webster Dictionary, is “the state of being alone” or “the state of being away from other people.” It’s about being able to reach a place of sanctuary where one is free from unauthorized intrusion or public attention. The same resource defines anonymity as “the quality or state of being unknown to most people” or “the quality or state of being anonymous.” The two are clearly different. Privacy is the ability control what one discloses to whom and when, while anonymity is about one’s interactions with an environment of which one is part, but which one does not own or control.
Unsurprisingly, security, which is necessarily focused on maintaining a high degree of environmental and situational awareness, immediately runs afoul of concerns arising from the “privanymity” conflation. This collision is both unfortunate, as it prevents both industry and government from implementing effective cybersecurity measures, and based on a misperception of how anonymity and privacy interact. An example from the physical world may help to illustrate this point:
John leaves his home in the evening to visit his friend, Jane. Prior to leaving, John showers and dresses in the privacy of his home where he has a reasonable expectation of being free from unwanted observation. As he walks to Jane’s house, John takes a route where there are no streetlights. In the darkness, John is unobservable and unidentifiable to motorists and other pedestrians. As a result, he is anonymous. A week later, John takes the same route. As he walks, he discovers that streetlights have been installed on the route. John is no longer invisible or anonymous while he is on the public thoroughfare. His privacy, in those spaces where he has a reasonable expectation of being private, has not been impacted. Nobody has seen him dress, nobody has a prescient thought about his final destination and nobody knows whether he will play pinochle, eat a parfait or read Proust aloud when he gets to Jane’s house. On the other hand, John’s anonymity on a public street has been compromised as any passerby can now see him.
Other examples abound. All vehicles driven on public roads in the US have license plates. License plates uniquely identify both a vehicle and its owner, but the information necessary to correlate a given plate to a specific person is kept by a trusted third party. Moreover, this information is generally unavailable absent a compelling rationale (e.g., a law enforcement proceeding). Consequently, motorists’ privacy is protected, but without creating anonymity.
The rationale for protecting privacy while fostering a public environment that is, at best, neutral or, more generally, inimical to anonymity is simple: Transparency and accountability promote civil, courteous behavior. Anonymity tempts people to behave poorly, creating a culture of “if I can’t be identified, I can’t be caught.” One needs to look no further than profanity and vitriol laden chat boards for evidence. Behind a screen name, users feel empowered to use language and conduct interactions in a manner that would simply not occur were they personally identifiable.
Poor manners aren’t the only negatives promoted through anonymity. Cybercrime, hacktivism, cyber-terrorism and cyber-espionage flourish and proliferate behind an Internet architecture for which identity is a distinctly secondary concern.
From a technologist’s perspective, the combination of hand-wringing over an increasingly hostile cyber environment and cyber protection initiatives that have yet to gain political traction is frustrating. Technology is not the roadblock. Standards that would cause every communication sent across the Internet to bear the sender’s unique credentials have existed since at least 2005. The issues separating us from a safer and more secure cyberspace are political and cultural.
Technologies built around communications credential standards, much like a license plate, remove the element of anonymity from the global Internet commons without sacrificing privacy. Only a trusted third party has the capability to correlate the digital credential to a person and the credential itself is (generally) merely a large number. As a result, there is little or no information associated with the credential that can be directly tied to the user sending the communication. Moreover, the sender is free to encrypt the contents of the communication to ensure privacy.
So what’s the problem?
It comes down to responsible technical stewardship that emphasizes both security and privacy. And this includes an educational component. The popular misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.
Put another way, there’s no loss of privacy when an Internet service provider (ISP) is aware of the fact that a specific user sent an email to a specific destination, or that it can, when presented with a warrant, produce that information for use by law enforcement. On the other hand, the right to privacy is clearly threatened when the contents of that email are readily available to the ISP (or anyone else). This isn’t a technical problem. Solutions capable of implementing this paradigm have long been available.
The issue is cultural, and it’s not going to be solved until all stakeholders (e.g., users, developers, operators, political leadership, educators, etc.) take a moment to reflect, learn and understand that while anonymity does not equate to privacy, it does aid, abet and foster fear, mistrust, insecurity and hostility in cyberspace.