Seems like the Seven Laws were slashdotted over the weekend. I guess I could've guessed I was in for something when I received a very friendly note that included this post script: “P.S. I hope you have A LOT of bandwidth :)”. But I headed off to a remote lake on the precambrian shield anyway. Meanwhile, a whole lot of identity talk was going to take place all Saturday night and Sunday morning.
As you would expect, there were people involved representing the entire spectrum of ideas and backgrounds with respect to identity thinking. Some seemed quite familiar with the discussion we've been having here. Some were new to the laws but took the time to read the whitepaper before going nuts. Others bounced off the laws in point form – it being Saturday night and all – reeling off in all possible directions. Then there were a few who took any sign that people at Microsoft were thinking about identity as being a bad omen indeed. All in all, I've really found the discussion interesting.
Unfortunately my friends at MSDN had improved the web services area of the site sufficiently that my link to the browser version of the Laws of Identity pointed to… outer space. Truth is, it's my fault. I knew in my bones that I was taking a chance when I set up that link. I've now got my own version located here – and will stop using external links to important documents…
If you don't have time to read a few hundred entries… here's a medley:
Atlantis-Rising:
It obviously requires an identity layer? News to me. As a card-carrying member of the tinfoil hat brigade, I prefer anonimity.
Linus Torvaalds:
Then why are you posting as Atlantis-Rising and not as Anonymous Coward?
Identity and anonymity are not mutually exclusive. Slashdot has identified you as Atlantis-Rising. They need to identify you in order to provide you with your karma bonus, your custom homepage, and so on.
So long as an identity system is not required to link an identity to a particular real-world person, or with other identities shared by that particular person, it can support anonymity just fine.
I really liked that. Let's call it pithy. And it is exactly what I have intended through the laws. As a technical person it seems obvious that the null set is part of the set of identity sets. Right?
But talking later with my excellent friend and partner Adele Freedman, she pointed out in an irritated sort of way that in the non-digital world, identity and anonymity really are exclusive. Anonymity is “the quality or state of being unknown or unacknowledged.” But identity is, “the collective aspect of the set of characteristics by which a thing is definitively recognizable or known.”
So my takeaway is that we need to improve the way we talk about this. We want it to be crystal clear that one of the options an identity metasystem should support is for digital subjects to be anonymous. This, of course, does not imply that sites need to grant access to anonymous parties.
While a lot of discussion on slashdot involved a strong defense of the right to be anonymous, there were a number of voices echoing that of Anonymous Brave Guy:
You're entitled to your tinfoil-wrapped opinion, of course, but as I always point out in these discussions, there would be a lot of advantages to having some form of confirmed identity connected with Internet-based activity, even if it's generally concealed or only anonymously verifiable except to suitable authorities.
If everything could ultimately be tracked back to you eventually, things like spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours would be dramatically reduced. You could improve a lot of people's lives here.
Of course, you also have to identify “suitable authorities” who should get the right to access this information. That might be relatively easy in the West — we have court systems that most people would probably trust to issue such orders if and when necessary — but the Internet is international and what's free speech to you might be illegal anti-government propaganda in certain other places.
Personally, I think most of the supposed advantages of anonymity on the Internet are illusory anyway. Does anyone really believe that all these people in China are happily speaking freely on the Internet as it stands today anyway?
Hence, on balance, a reliable identity system gets my conditional agreement, subject to the devil in the details of course.
This view takes the introduction of identity as meaning the introduction of mandatory flesh-and-blood identification. What a huge leap – and yet a common one! I think this happens because many people are as fed up with “spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours” as Anonymous Brave Guy, and don't have the benefit of the kind of ongoing discussion which is necessary to work through all the potential outcomes of various proposed solutions.
The important thing is to move from draconian solutions to those in which different internet sites are able to decide what kind and level of identification is appropriate to their mission. It is unreasonable to think there is one answer for the entire Internet.
Some sites work fine with anonymous identities. Others may work better with pseudonomous identities – where flesh-and-blood identity is suppressed but can be used by those running the site to block those who break its code of behavior from reappearing under a new pseudonym. And so on ad infinitum, up to sites that require a real-world identity because they facilitate public real-world transactions.
Naturally the objections to Anonymous Brave Guy were many. For example kaens spoke for many about some of the ominous possibilities of Brave Guy's thinking when he said:
I honestly would not trust anybody with a position of political power to have the capability of tracking back everyone's online activities – there is too much of a chance that it would eventually get used for reducing more than just the harmful activities, it could get used for reducing the amount of people in the public that have dissenting opinons.
Also, even if the capability could be introduced, it would be cracked/spoofed/worked around somehow eventually, unless there was some sort of way to prevent computers from communicating with each other in the ways that they currently do, and some sort of way to prevent people from creating their own networks.
Subject to the devil in details, agreed. The thing is, who do you think would have control over what the details are? As it stands not you or I.
Planesdragon swooped in to argue that identification could therefore be optional (giving the user a smidgeon of control but not rejecting the draconian internet-wide edict of Brave Guy):
The easy answer is “make it optional.” Let folk stay anonymous if they want–you just don't need to give them anything.
Try buying something online without using ANYTHING that links back to you. After you do that, kindly tell me how you managed to violate the laws of physics so.
Anonymous Coward, who is of course a collective persona, counters:
If the wrong person found out the wrong thing about me and people like me, I'd be worried that I and the others who share my opionions might be made to “somehow go away”.
Never underestimate the danger of corrupted power.
Someone like him (a doppelganger in the sense of being another Anonymous Coward) then added:
I agree completely. As many seem to be too ignorant to see the case in an abstract argument – to those who are still not seeing it:
Imagine a world where your government (and your employer, which, through corruption and alot of money has access to the gov's data) has complete and correlated data about, among other things:
– your medical records or conditions (maybe you're a former drug drug addict?)
– sexual preferences (e.g. gay/lesbian, SM/fetishes in an intolerant community?)
– relationships and network of friends (detailed arguments with your girlfriend – from email monitoring?)
– your exact [political] opinion on every topic
Now, don't you see the potential some not-entirely-friendly entity has to squash you completely?
Of course many would say that Anonymous Coward is actually describing what is happening today… It is not action on the identity front that will lead to further problems, but lack of it.
An identity metasystem supporting directional (e.g. pairwise) identities (as proposed in law 4), and the use of strong cryptography and better design, is the only way to move us towards segregation of profile information, and cleaning up the data repositories which today are identity catastrophies-waiting-to-happen.
I would argue that both sides in the part of the slashdot discussion quoted above would be served by reading more about the laws and thinking about the problem at the more concrete level of how individual sites (and even networks of sites) can benefit from use of identity and pseudonymity, rather than leaping towards draconian conclusions and proposals.
More later on some of the ideas coming from my friends and new acquaintances at slashdot…