As electronic communications technology becomes widespread among increasingly international populations of computer users, one of the most hotly debated questions is how to maintain the benefits of free discourse while simultaneously restricting antisocial communications and behavior on the Net. The debate is complicated by the international and intercultural dimensions of communications today; what is viewed as freedom in some parts of the world is perceived as license in other communities. Conversely, what are conceived by some as attempts to impose civility on international discourse are sometimes rejected as gross interference in freedom of speech by others.

At the heart of much of the debate over the advisability and possibility of imposing limits on behavior in cyberspace is the question of identity. Some of the most egregious abuse of cyberspace seems reasonably to be attributable in part to the ease of concealing identity; using no names or false names, malefactors can often escape almost all of the consequences of their actions. The FBI and other U.S. federal agencies consider identity theft a serious issue for law enforcement and national security: “Identity theft not only victimizes the individuals whose identity is stolen, but it can also pose a public safety and national security risk…. It is imperative that law enforcement know the true identity of the individuals they encounter while protecting our communities.”¹

Corporations and individuals can suffer serious damage to their interests from abuse of anonymous communications. For example, denial-of-service (DoS) attacks depend on concealing the origins of the streams of spurious data. The availability of anonymous, highly critical postings to discussion groups about specific companies has resulted in problems in hiring new staff and depression of stock prices.² Anonymous abuse of individuals can cause great personal distress; in 1997, for example, an Annapolis, Maryland, woman was mail-bombed after she warned other writers about extortionate fees from an author's agency; her name, phone number, and address were posted on alt.sex groups on the Usenet and resulted in floods of offensive phone calls.³ A woman in Atlanta was appalled when someone posted a photograph of an unknown anonymous woman with the victim's name and contact information; she received calls from men who told her the announcement claimed she was offering free sex. A victim of such anonymous harassment founded WHO@ (Working to Halt Online Abuse) to help victims fight this oppression.⁴ The CyberAngels, an offshoot of the Guardian Angels vigilante group, claim to be willing and able to help victims.⁵

In Florida, two students posted a picture of one of their high school classmates on a Web site. The boy was pictured dancing with his prom date—but the girl's head was replaced by the picture of one of their male teachers. An electronic voice on the site announced that the teacher “must die.” The student was profoundly disturbed by the intimations of homosexuality, as were the teacher and his colleagues. However, the state attorney's office reluctantly concluded that there is no valid state statute making it illegal for someone to publish libelous information anonymously on the Net. Although Florida does have a law forbidding “anonymous publication of material that holds a person up to ridicule or contempt,” legal experts concluded that such a limitation on speech is unconstitutional.

One of the biggest issues facing law enforcement is how to deal with cyber threats, especially anonymous threats. Many of the current laws, while similar in nature, are defused in court over technicalities by shrewd lawyers. It has been stated that new laws covering these new threats are sorely needed, but that the system is about five years behind the times.⁶

In an early case of cyber-harassment, an innocent Florida businessman, Bruce Hovland, was harassed in 1997 by thousands of phone calls from angry strangers who complained about junk e-mail that threatened to bill their credit cards for almost $200 in return for nonexistent pornographic videos they had never ordered and did not want. Hovland was the victim of a deliberate smear campaign, probably by a malefactor who had refused to pay rent at Hovland's marina and who had lost his boat in a seizure as a result. The anonymous malefactor spammed the Net in Hovland's name and suggested that people call his business number collect. Hovland guessed that he lost about two weeks of business because his phones were ringing off the hook. Hovland pointed out that his case was relatively minor; he imagined the mayhem if an emergency number were posted on the Net in such a fraud. The case illustrates the difficulty for victims in finding an agency willing to receive and follow up on complaints about such outrageous and dangerous attacks.⁷

Anonymity is fundamental to the abuse of the Net practiced by many spammers. Almost all spam contains forged headers in an attempt to escape retribution; in some cases the forgeries name real domains. One of the most significant early cases began in May 1997, when Craig Nowak, a college student, chose flowers.com at random as the fraudulent return address for his first attempt at junk e-mail.⁸ In so doing, he was merely following the suggestions of the unscrupulous purveyors of spam-distribution programs, who usually advise their naive users to forge the headers of their junk email. Unfortunately for his victim, flowers.com is a legitimate business whose owner received 5,000 bounced messages and plenty of abuse for supposedly spamming the world. The enraged owner of flowers.com, Tracy LaQuey Parker, launched a lawsuit for damages and was supported by the Electronic Frontier Foundation (Austin chapter) and the Texas Internet Service Providers Association. In late September 1997, the plaintiffs won a temporary injunction against Nowak and his company, preventing him from further use of the appropriated domain name. In November 1997, Judge Suzanne Covington imposed a fine of over $18,000 on the defendants and added a particularly significant passage in her judgment that clearly enunciates the damages caused by forgery of return addresses:

The Court additionally finds that the Plaintiffs have suffered, and will continue to suffer if [the defendant is] not enjoined, irreparable harm in the form of diminution in value of Plaintiffs' domain name; the possibility that Plaintiffs' reputation will be damaged forever by unauthorized use of a domain name associated with them in the controversial and hated practice of Internet spamming; and service disruptions. The potential harm to the Plaintiffs cannot be adequately valued in damages, and therefore the Plaintiffs have no adequate remedy at law…. The Court further finds that Plaintiffs … suffered actual damages from the unauthorized actions of the Defendants, including lost time, lost income, lost business opportunities and lost use of their respective computer systems.⁹

In light of the seriousness of these abuses of inadequate identification in cyberspace, system managers and others concerned with the continued success of the Internet as an effective communications medium should consider the reasons for abusive behavior of anonymous individuals. Is such abuse an aberration particular to cyberspace, or are there precedents in history and in other areas of life that can provide insights to shape public and corporate policy toward identification in cyberspace?

This chapter reviews some of the findings of social psychology that show how anonymity has generally been associated with antisocial behavior. It appears that anonymity on the Net will inevitably continue to spawn antisocial behavior in cyberspace and that we must somehow integrate this kind of abuse into plans for the further development of the Internet. The chapter then presents some practical ways system managers can encourage employees in their own organizations to use the Net responsibly. Some practical suggestions on how different degrees of tolerance for anonymity can be integrated into a cyberspace polity are discussed.

70.2 DEFINITIONS.

Before exploring anonymity in cyberspace, it is helpful to establish some common vocabulary. What is cyberspace? What are identity and its absence? What is pseudonymity?

70.2.1 Cyberspace.

In this chapter, “cyberspace” means the totality of electronic data storage and transmission; this chapter focuses on communications using the Internet. On the Internet, there are users of specific domains defined in the Domain Naming System (DNS), such as companies (those using addresses ending in .com), universities and other educational institutions (.edu addresses), U.S. government agencies and departments (.gov), the U.S. military (.mil), and network service providers (.net) among others.¹⁰ There are many geographical domain names, such as those ending in .de (Germany) or .uk (United Kingdom), which include users from commercial, educational, government, and military organizations. In addition, there are many Internet Service Providers (ISPs) in the .net and .com domains in the United States, and others throughout the world in geographical domains, whose members communicate through the Internet. Customers of value-added networks (VANs) such as America Online (AOL) and CompuServe (CS) communicate through the Internet as well as having restricted areas within their VANs where only members can post messages and files. All Internet users can post messages in public discussion lists on the Usenet or through remailing lists, which broadcast all inbound e-mail to participants. Henceforth, for convenience, “the Internet” or “the Net” will include any of these users. Users of direct-dial bulletin board systems and modem-to-modem direct links are explicitly excluded from this discussion.

70.2.2 The Real World.

As used here, “the real” world refers to the material, physical, atomic, and molecular world of everyday human interactions. Using “real world” in this way is not intended to imply that cyberspace is less significant, less useful, or even less real than the planetary level on which we interact; it is merely a convenient reference to distinguish the physical from the electronic.

70.2.3 Identity in the Real World.

The key meanings of the noun “identity” for our purposes are defined as:

The collective aspect of the set of characteristics by which a thing is definitively recognizable or known
The set of behavioral or personal characteristics by which an individual is recognizable as a member of a group
The distinct personality of an individual regarded as a persisting entity; individuality

70.2.4 Anonymity and Pseudonymity in the Real World.

Clarke summarizes the importance of personal identification in this way:

The purposes of the interchange of identification include

to provide a gesture of goodwill,
to develop mutual confidence, and
to reduce the scope for dishonesty;
to enable either person to initiate the next round of communications; and
to enable either person to associate transactions and information with the other person.¹¹

In line with these points, apparently ancient knights would tip their visor up for two reasons: for recognition as friend or foe, and out of respect for those being met.

“Anonymity” can be defined simply as being without a name or with an unknown name. “Pseudonymity” is the use of a false name. These terms are imbued in English with a negative connotation; nonetheless, anonymity has an honorable history in world philosophy and politics. In the United States, for example, the seminal Federalist Papers, which appeared in 1787 under the pen name “Publius,” is a publication held up as an outstanding example of anonymous contribution to political thought.¹²

Anonymity is protected in some government-sponsored monitoring programs such as those supported by the Occupational Safety and Health Administration (OSHA) of the U.S. Department of Labor, where regulations stipulate for example that “Completed NETS Cards [hazard reports] can be given to a department manager or deposited, anonymously, into one of the drop boxes located throughout the facility.”¹³

Clarke explores the concepts and history of human identity in a section of his paper on management and policy issues relating to human identification. Individuality has been a central concept in Western civilization since the Renaissance, says Clarke.¹⁴ However, individuals can adopt more than one identity; for example, some women use their husband's surname in private life but maintain their original family name in their professions. Some people have several identities; for example, novelists with different styles sometimes use various pen names. The Danish philosopher Sørren Kierkegaard wrote under 16 pseudonyms; Charles Dodgson wrote as Lewis Carroll; Eric Blair wrote as George Orwell. As the work of these writers illustrates, anonymity and pseudonymity are not inherently linked to antisocial behavior.

70.3 SOCIAL PSYCHOLOGY OF ANONYMITY.

Technological change can have profound consequences on social behavior. For example, the development of mass-produced automobiles made possible the development of suburban shopping malls in the United States, which in turn have led to an adolescent mall culture unimaginable in the 1920s.¹⁵ Most of us have observed that driving an automobile can alter a person's behavior from civility to incivility; in some cases, otherwise normal people become violent when they are behind the wheel of a car.¹⁶

It seems quite likely that the pervasive spread of the Internet will have equally profound effects on social organization and interactions. We should study what is already known about the effects of anonymity as we analyze anonymity in cyberspace. The sections that follow review some well-established information on anonymity and social behavior from the social psychology literature. The implications of these principles for individuals, corporate policy makers, ISPs, and governments are discussed in the final section.

70.3.1 Deindividuation Theory.

What do scientists know about the behavior of anonymous people? In general, the findings are not encouraging for the future of cyberspace unless we can somehow avoid the known association of antisocial behavior and anonymity.

Early work on people in groups focused on anonymity as a root of the perceived frequency of antisocial behavior.¹⁷ The anonymous members of a crowd show reduced inhibition of antisocial and reckless, impulsive behavior. They are subject to increased irritability and suggestibility. One wonders if the well-known incidence of flaming (rude and largely ad hominem communications through e-mail and postings on the Usenet and other public areas) may be traceable to the same factors that influence crowd behavior.

Later social psychologists formulated a theory of deindividuation¹⁸ in which they proposed that one's personal sense of identity can be overwhelmed by the sense of belonging to a group.

Zimbardo suggested that anonymity, diffusion of responsibility, and arousal contributed to deindividuation and antisociality.¹⁹ He noted that deindividuated people display reduced inhibitions, reduced reliance on internal standards that normally qualify their behavior, and little self-awareness.

70.3.1.1 Deindividuation and Technology.

As mentioned briefly earlier, there is some reason to suppose that technology can contribute to the deindividuation of its users.

Anonymity has been postulated to account in part for the strong contrast between normal behavior and the behavior of those who become aggressive and hostile when driving cars.²⁰ It seems intuitively plausible that being isolated in a tight personal space, a cocoon of glass and metal, gives some drivers a feeling of power precisely because of their (possibly temporary) anonymity. In addition, the anonymity of the other drivers may lead to a kind of dehumanization of the other. It would be interesting to study how many angry drivers refer to “that car” instead of “that driver” when they rail against some random act of road rudeness. Similarly, it may be that the isolation of an Internet user also may contribute to aggressivity; the object of wrath may, much like the driver of another car, be dehumanized. Sometimes it seems that e-mail flamers are engaged in their version of a video game; they give the impression of losing sight of the real human beings on the other end of their verbal aggression.

Writers of computer viruses and others in the criminal computer underground may also focus so intensely on the challenge of defeating machines that they lose sight of their human victims. Criminal hackers have expressed themselves as attacking systems, not people. At a hacker conference, comments were heard such as “Oh, I would never steal anything from a person, but if I found a radio in an office and it were labeled with a company sticker I wouldn't think twice about taking it.” A commonplace informal interpretation of the insouciance of hackers and virus writers is that they are subject to what is laughingly called the “video-game syndrome”: They seem to focus on their actions as if they were part of a game with only computers on the receiving end.

Chapter 12 of this Handbook provides more detail on deindividuation theory.

70.3.1.2 Anonymity and Aggression.

Sometimes, anonymous people go beyond verbal abuse and seem willing to inflict harm on others. Experimental work by Zimbardo suggested that anonymity can significantly increase aggression.²¹ For example, when women were asked to deliver electric shocks to victims, those who agreed to wear white lab coats and hoods administered what they thought were longer shocks to the supposed victims compared with women who wore their own clothes and nametags.

In a cross-cultural study, Watson analyzed the correlations between the ritual, anonymizing costumes and war paint of warriors and their style of battle and their postbattle treatment of prisoners.²² He found a strong positive relationship between anonymity and brutality.

Violent soccer fans seem to be disinhibited in part because of the anonymity of the crowd.²³ In a personal undercover investigation, a journalist found that anonymity and pseudonymity are integral components of the antisocial behavior of soccer hooligans.²⁴ These findings suggest that so-called dark-side hackers may be influenced significantly in their willingness to cause damage to computer systems and networks precisely because their very anonymity influences them to cross normal behavioral boundaries. These people may not be the permanently, irremediably damaged human beings they sometimes seem; they may, instead, be relatively normal people responding in predictable ways to the absence of stable identification and identity.

70.3.1.3 Anonymity and Dishonesty.

Does anonymity increase the likelihood that people will transgress rules and laws? Apparently yes.

In an experiment involving children, young trick-or-treaters were asked to take only one candy from a bowl and then left alone or in groups, supposedly unobserved. Those children who had given their names to adults were observed to be far less likely to take extra candy or to steal coins than those who had remained anonymous, even when the adults were apparently away.²⁵ (If these effects of anonymity on youngsters are consistent and widespread, they may contribute to the problems of system administrators who are under siege by underage hackers.)

70.3.1.4 Deindividuation and Self-Awareness.

Why does anonymity change people's normal inhibitions and influence them to behave abnormally? It seems that the deindividuation of anonymous people lowers their self-reflective propensities.

Exploration of the inner world of deindividuated people suggests that they are less aware of themselves and may even enter a state of altered consciousness.²⁶ Prentice-Dunn and Rogers studied the behavior of college men who, as in the work of Zimbardo cited earlier, were asked to administer what they thought were electric shocks to confederates of the experimenters who were masquerading as victims. Some subjects were subjected to dim lighting and loud background noise; their names were not used; and they were told that the levels of the shocks they gave would not be recorded. These subjects were thought to be deindividuated. Other subjects experienced bright lights in quiet rooms; they were called by name; and they were told that the shock levels they delivered would be monitored. The deindividuated subjects administered more severe shocks to their victims than did the individuated students.

These observations may tie into the work on autotelic experiences.²⁷ Autotelic experiences are deeply satisfying activities that result in a temporary loss of self-awareness; they typically occur in repetitive, challenging, feedback-rich activities such as programming (or perhaps virus writing) and criminal computer hacking. Csikszentmihalyi studied people in a variety of work environments and in their home life and hobbies. The subjects reported on their attainment of a state of timelessness, where the passage of time was insensible. Many who have programmed know how easy it is to forget to eat or to go home when deeply involved in work; similarly, writers and musicians can lose track of time. The research suggested that some of the key attributes of an activity that leads to this autotelic experience are rapidity of feedback (e.g., seeing an article grow as one writes or running an increasingly complex program under development) and being at the limits of one's abilities. In contrast, challenges that are too easy or too hard tend not to result in the loss of self-awareness that defines the autotelic state.

Several recent popular books dealing with criminal hackers have mentioned the ability of legendary hackers to stick to their hacking for hours on end as if they were entranced. Combine the autotelic nature of hacking with the deindividuation associated with anonymity, and we have a prescription for trouble.

70.3.1.5 Anonymity and Prosocial Behavior.

The picture is not necessarily all bad, however. Sometimes a different environment actually can liberate anonymous subjects from their counterproductive inhibitions. For example, in some cases, it can be shown that anonymity has an unusual effect: It increases prosocial behavior instead of increasing antisocial behavior.²⁸ Gergen, Gergen, and Barton put people into brightly lit chambers or in totally dark chambers and monitored the behavior of the strangers they had put together; in the dark room, there was much more uninhibited and positive expression of physical contact such as hugs and of emotional openness such as discussions of personal matters.²⁹ However, directionality of these effects may be affected by the demand characteristics of the situation. That is, the way the experimental objectives were described could cause significant differences in the subjects' behavior.

The constructive, supportive communications often seen in discussion groups dealing with substance abuse, abusive relationships, and other personal and interpersonal problems illustrate the possible benefits of anonymity in a positive context.

70.3.2 Identity in Cyberspace.

What exactly is meant by “identity” when using electronic communications? Is one's e-mail address an identity? Could a made-up name be an identity?

Identity on the Internet is primarily the e-mail address.³⁰ The e-mail address sometimes provides crude and unreliable information about affiliation (e.g., domain names .gov, .mil, .edu) and geographic location (e.g., .ca, .uk, .fr).³¹ Roger Clarke, a scholar with a long professional interest in questions of identity, identification, and privacy in cyberspace, has written an excellent introduction to these questions.³² For discussions of information technology, Clarke defines “identification” as “the association of data with a particular human being.”³³

70.3.2.1 Theory of Nymity.

There has been considerable discussion on the Net about the kinds of identity (sometimes called nymity in these discussions) that people assume in cyberspace. One of the best-known writers on this subject was “L. Detweiler.” It is still not known whether this is a real name. Detweiler suggested that identity on the Internet is amorphous and unstable because there is no one-to-one relationship between a person and an e-mail address. One person may use multiple e-mail addresses, and many people may share a single address.³⁴

Detweiler conducted a vigorous battle against what he perceived as a sinister and deceptive practice he called pseudospoofing. Pseudospoofing, in Detweiler's conception, is the use of multiple aliases by an individual or a conspiracy; these aliases allow the perpetrators to deceive observers into misjudging the number of people agreeing or disagreeing over specific positions.³⁵ One of the literary sources for such a practice is the science-fiction book Enders Game by Orson Scott Card.³⁶ Card posits a galactic political debate in which two individuals distort political debate by engaging in erudite polemics using pseudonyms; but they also invent subsidiary personae who agree or disagree with the main pseudonyms. These subsidiary personae lend credibility to the desired winning side by offering support for their chosen position or by deliberately posting poor arguments and attitudes to discredit the opposing side. The spurious numbers of these constructed personalities convinces politicians to pay attention to the debates.

A current illustration of the problems of pseudospoofing is the widespread difficulties experienced in online voting. The ease with which identity can be created, coupled with the ease of automatically scripting multiple votes, leads to unreliable tallies in almost all online polls. The only way to avoid such abuses is to enforce some tight coupling of real-world identity with the electronic identity registered for voting. Eventually, biometric identification may be the only acceptable form of authentication for voting online.³⁷

70.3.2.2 Types of Anonymity and Pseudonymity.

To understand the problem of anonymity and pseudonymity, it is useful to define varying degrees of the behavior. Froomkin distinguishes among four forms of imprecise or absent identification:

Traceable anonymity, Any anonymous remailer that keeps a record of the relation between the original message and the anonymized message allows tracing.
Untraceable anonymity. No record is kept or available showing the origin of an anonymized message.
Untraceable pseudonymity. A continuous identity or persona allows communication with a correspondent but there is no way to link the pseudonym to the correspondent's real-world identity.
Traceable pseudonymity. Someone, somewhere has the information required to complete the link between a pseudonym and a real-world identity.³⁸

The “anonymizing” remailer anon.penet.fi was actually a traceable pseudonym remailer. When a message was received by the server, its headers were stripped and it was assigned a fixed random pseudonym. In order to allow replies to the pseudonym to be forwarded to the original sender, every pseudonymous identity was linked in a table to the original e-mail address. When Finnish police ordered Johan Helsingius in 1995 to identify the pseudonymous poster of copyrighted Scientology texts on the Usenet, Helsingius felt obliged to reveal the link.³⁹ Traceable online anonymity allows people to maintain their privacy by using screen identities, but many ISPs will furnish the real-world identity to law enforcement officials with a warrant or to tort lawyers with a subpoena. AOL, for example, furnished subscriber details to the lawyers for a Caribbean resort considering a lawsuit for defamation based on postings by “Jenny TRR.”⁴⁰ All ISPs that charge money for access inherently provide traceable pseudonymity even when they permit false screen names.

Larry Lessig, David Post, and Eugene Volokh also distinguish between anonymity, pseudonymity, and traceability in their Internet course on cyberspace law.⁴¹ They emphasize that private organizations, such as Internet service providers, can freely set terms of service that allow or forbid anonymity, but they may be required in the United States to provide traceability if the courts require it for individuals.⁴² In general, it is difficult to see how the rule of law can apply to cyberspace without some form of traceability. Whether civil law or the criminal law is involved, the defendant must be found for court proceedings to have any effect. Untraceable anonymity and untraceable pseudonymity preclude justice for the aggrieved parties. Clarke points out that privacy interests are always to be balanced with other interests such as the public good, commercial interests, and the interests of other individuals.⁴³ For example, the desire to post anonymous libel (construed as privacy of personal behavior) conflicts with the desire of the victim to be free from libel; anonymity makes it impossible to use the civil law for redress.

70.3.2.3 Why Anonymity and Pseudonymity Are Commonplace in Cyberspace.

Surely anonymity and pseudonymity are possible using older means of communication: People have thrown rocks through windows, sent anonymous vituperation through the mail, and harassed people with anonymous phone calls for millennia, centuries, and decades respectively. Historically, such behavior has been of relatively minor importance. How is it that anonymity and pseudonymity seem so important in cyberspace?

One factor is the ease with which one can be untraceably anonymous in cyberspace. Many ISPs allow users to define screen names or aliases; some ISPs, such as AOL, have distributed millions of trial subscription disks that allow one to create an identity and then dispose of it after 50 hours online. Spammers often use disposable free accounts from such services as Hotmail, even defeating methods designed to stop them from abusing the services.⁴⁴

Anonymous remailers permit users to send e-mail to a central address where all identifying information is stripped, and the original text is then retransmitted to the desired destination. In the wake of the tragic events of September 11, 2001, when terrorists killed thousands of people in attacks on the World Trade Center in New York City and on the Pentagon in Washington, D.C., commentators expressed doubts about the future of anonymizing services. “Using anonymizers at all raises all sorts of red flags,” said John Young, operator of the Cryptome Web site (www.cryptome.org), which covers intelligence matters. Even before the terrorist attacks, the well-respected Freedom Network operated by Zero-Knowledge Systems had experienced financial difficulties; that service shut down on October 22, 2001.⁴⁵

Some moderated Usenet groups and e-mail–based mailing lists require a “real” name, but there is little effort or even possibility, as things currently stand, for authentication of such names. Unmoderated groups, by definition, do not require real names at all; such groups allow postings by anyone. Almost all contributions to countercultural or frankly criminal Usenet groups and distribution lists are anonymous or at best pseudonymous.

In addition, some people systematically forge the headers of their e-mail, often introducing completely false addresses for their origin but occasionally picking real addresses, whether by accident or design.⁴⁶ Forging e-mail headers can conceal the true origin of a message.⁴⁷ Junk e-mail almost always includes false return addresses. Another way to generate false header information is to compromise someone's e-mail account. If security on an e-mail address is compromised, messages can be forged with a false ID.

The other factor that makes anonymity and pseudonymity especially significant in cyberspace is the ease of replication of messages. An anonymous communicator could hope to reach at best a few dozen or hundred people in a day with the phone system or by mail; in most areas, each phone call or letter would cost something to send. In contrast, outbound electronic mail and postings to Usenet groups generally cost the originator nothing.

70.4 BALANCING RIGHTS AND DUTIES.

Is there a basis for evaluating the ethics of using anonymous and pseudonymous communications? Are these modes of communications protected by principles of privacy, for example?

70.4.1 Benefits of Anonymity and Pseudonymity.

Historically, anonymity has been recognized as a benefit for acts of charity for those wishing to remain nameless for political, social, or personal reasons. Maimonides, the great 12th-century rabbi, defined anonymous giving to anonymous recipients as the second-highest level of charity.⁴⁸

In discussions of whether society ought to restrict anonymity and pseudonymity, a common argument is that these modes of communication are necessary to fight tyrannical corporate and political institutions. Anonymity and pseudonymity are, in this view, expressions of the right to privacy. Abuses are the price society has to pay to preserve the benefits of these tools of expression. The next sections examine the concepts of privacy and the resulting benefits of anonymity and pseudonymity.

70.4.1.1 Privacy in Cyberspace.

If privacy rights are claimed to protect anonymous and pseudonymous communications, it is important to understand the concepts of privacy.

Clarke defines privacy as “the interest that individuals have in sustaining a ‘personal space,’ free from interference by other people and organizations.” He analyses the concept further, naming four dimensions of privacy:

Privacy of the person. Freedom from compulsory tampering with one's body
Privacy of personal behavior. Freedom in such matters as sexual preferences, religion, and politics
Privacy of personal communications. Freedom from routine monitoring of interpersonal communications
Privacy of personal data. Control over who can obtain and what can be done with personal information⁴⁹

Political discussion groups, resistance to totalitarian regimes, and discussions of socially embarrassing or traumatic problems are made easier for many people by the use of pseudonyms or of anonymity. Anonymity permits unrestricted political speech, whistleblowing with reduced likelihood of retaliation, and public or private discussions of potentially embarrassing personal problems.⁵⁰ Ubois writes:

Anonymous communications are helpful in many ways. They've long been a tool of suicide prevention hotlines, suggestion boxes, and personal ads. Anonymity assures privacy, confidentiality and security for individuals, but it also highlights the clash of interests between the individual and the community. Under a repressive government, it is a vital tool for keeping discourse alive. Just consider that Tom Paine would have landed in prison shortly after the publication of Common Sense if his identity hadn't been kept a secret.⁵¹

In chat rooms and multiuser dungeons, anonymity permits a flowering of imaginative departures from the strictures of a participant's real-world identity, social status, personality, gender and gender preferences, political affiliation, national origin, and religion. Multimedia environments such as WorldsAway (www.worldsaway.com/home.shtml) provide an imaginative pseudonymity by allowing players to select a name and a pictorial representation of themselves (an avatar) with amusing and fanciful features, such as various imaginary animal heads, skin colors, body shapes, and so on. Players adopt personae that can be quite different from their real-world identities, yet there is a consistent identity within the virtual world. Because of this consistency, social mechanisms have arisen in these worlds; for example, avatars can be invited to join parties if they are perceived as friendly or excluded and shunned if they have violated the norms of the imaginary world.

Anonymous, invisible electronic personalities can escape some of the damaging effects of intolerance and prejudice.⁵² Everyone probably knows of Peter Steiner's famous New Yorker cartoon showing two dogs at a terminal, one of whom is saying “On the Internet nobody knows you're a dog.”⁵³ Another current example is the country music video “Online” by Brad Paisley in which he sings “I'm much cooler online” and boasts about completely illusory qualities.⁵⁴

For example, some professors may spend more time and effort in discussions with undergraduate students if they do not realize with whom they are corresponding.⁵⁵ At an intellectual level, stripping the authors of published materials of all details of their age, sex, race, national origin, and other attributes can reduce the effects of prejudice and focus discussion on substance. Absent such details, correspondents must perforce focus on the texts rather than on personalities.⁵⁶

In electronic commerce, anonymity is a prerequisite for successful implementation of some trading systems.⁵⁷ All electronic or digital cash schemes (e-cash) emphasize the value of anonymous transactions for safeguarding consumer privacy.

In a legal sense, anonymity and pseudonymity are analogous to limited liability—a concept familiar from the business world. In business, people pool their assets into a limited liability partnership or other form of collectivity to prevent seizure of all their private assets if their collective entity becomes liable for debts or penalties.⁵⁸ Perhaps cyberspace anonymity and pseudonymity can encourage collective publications in an analogous way; for example, Post and others have formed the Cyberspace Law Institute. Some members would be reluctant to participate if their real-world identities were known to the public.

Thus, anonymity and pseudonymity cannot reasonably be forbidden without the loss of important benefits to individuals, corporations, and society at large.

70.4.2 Privacy and Freedom in Virtual Worlds.

With the increasing growth of global access to the Internet, millions of people have joined virtual communities or virtual worlds where they can interact—often anonymously or pseudonymously. At the time of writing (July 2008), one list of virtual worlds included summary details of 28 of the most popular platforms for electronic social interactions for participants from young children through adults:

images

As of June 2008, there were an estimated 137 million users of virtual worlds; by 2017, according to some industry analysts, there would be a billion users.⁶⁰

The freedom from discrimination based on physical, cultural, gender, and sociological attributes has proven liberating for many members of these virtual worlds; many participants have formed strong friendships that may even extend into the “real world.”⁶¹

70.4.2.1 Defeating Dataveillance.

Another area where anonymity and pseudonymity have marked benefits is in preventing intrusive monitoring of individual behavior in cyberspace. Clarke has defined dataveillance as surveillance using electronically compiled information about a person.⁶² The growth of some kinds of electronic commerce will increase pressures for strong identification and authentication;⁶³ anonymity serves to protect privacy in a world of electronic commerce. For example, without anonymous digital cash, it would be easy to accumulate detailed records of every electronic purchase made by an individual. Complete knowledge of purchasers' interests can be unfair for customers; for example, knowing that a user is addicted to fantasy simulation games, a retailer may neglect to offer that person a discount—or may even increase the price of the next game.⁶⁴ Froomkin summarizes the issues well in his magisterial review of the challenges of anonymity in cyberspace:

Anonymity lies at the heart of three interrelated problems arising from computer-aided communications over distributed networks (which I will call “the Internet” for short). First, communicative anonymity is an issue in itself: the Internet makes anonymous communication easy, and this has both good and bad consequences….

Second, the availability of anonymous electronic communication directly affects the ability of governments to regulate electronic transactions over the Internet (both licit and illicit).

Third, anonymity may be the primary tool available to citizens to combat the compilation and analysis of personal profile data, although data protection laws also may have some effect. The existence of profiling databases, whether in corporate or public hands, may severely constrict the economic and possibly even the political freedoms of the persons profiled; although profiling may not necessarily change the amount of actual data in existence about a person, organizing the data into easily searchable form reduces her effective privacy by permitting “data mining” and correlations that were previously impossible.⁶⁵

Froomkin discusses digital cash as an application of electronic anonymity and emphasizes the potential for abuse by “the Argus State” if anonymity is not guaranteed for readers. For example, he points out, in the absence of anonymous digital cash, reading texts on the Internet using micropayments for each access could provide a traceable record of a person's interests. Such records would be a gold mine for repressive regimes worldwide.

Again, trying to ban anonymity and pseudonymity would have serious disadvantages for everyone, not just the benefits of impeding abuse by a minority of antisocial users.

Finally, police forces and intelligence agencies always recognize anonymity and pseudonymity as potentially important tools in specific investigations. Undercover or covert operations and agents can provide critically important evidence in anticrime and antiterrorist work. Even organizations such as the FBI-sponsored InfraGard recognize the value of anonymized information-sharing about attacks on computer systems.⁶⁶

70.4.3 Disadvantages of Anonymity and Pseudonymity.

Several commentators have reviewed the abuses of anonymous and pseudonymous modes of communication.

In considering the benefits of having a professor communicate with an anonymous student, misrepresentation of identity by such an undergraduate in one sense manipulates a professor into a decision based on a falsehood.⁶⁷ Contrary to the beliefs of many supporters of anonymity, social interactions are not necessarily equivalent to isolated streams of data interchange; conversing with a student can be enriched by having a sense of previous conversations, a picture of shared knowledge based on a relationship. Anonymity strips interactions of the deeper communication that is enhanced by such relationships.

Widespread use of untraceable e-cash may lead to increased fraud, tax evasion, money laundering, extortion, blackmail, and kidnapping.⁶⁸ Some crimes where solicitation leads to potential blackmail—for example, hiring a murderer—may become easier with anonymity and untraceable e-cash. Industrial sabotage by anonymous publication of trade secrets can damage organizations; for example, the publication of RC4 encryption algorithms from the respected company RSADSI has lowered the monetary value of the algorithm. Froomkin writes, “[The] inability to redress legitimate claims is, I believe, the strongest moral objection to the increase in anonymous interaction.”

Jurisprudence in the United States has generally supported claims to a right of anonymity in political speech. However, there have been several precedents where anonymity used to cloak socially harmful acts has been stripped from the perpetrators. Perfect (untraceable) anonymity prevents society from bringing sanctions to bear on malefactors.⁶⁹ Detweiler suggested “that Internet anonymity is a bad thing [and] that all user accounts should lead back to real users in the hopes of improving online behavior, especially in chat systems and the like.” He responded to critics who claimed that “anonymity is an important part of life and ought to be part of the Internet as well” by pointing out that in real life, anonymous people cannot engage in such activities as opening a bank account, getting a driver's license, getting telephone service, or buying insurance coverage. He concluded, “So grow up and accept responsibility for what you do on the Internet.”⁷⁰

Rose, well known in cyberspace law circles, writes scathingly of the seamier applications of online anonymity:

People can anonymously transmit all sorts of illegal and injurious materials into public areas: copyright infringements, obscenity, stolen credit information, lies and slander, and so on. Individuals with a bone to pick against anyone else can get their licks in without fear of reprisal. Anonymous remailers are great for cowards. People who want to spread messages of hate and misunderstanding, but are unwilling to stand behind their views in public, can operate behind a wall of complete anonymity and inject a strong dose of thought pollution into the public arena.⁷¹

Another argument supporting disclosure of the origins of speech is quoted by Froomkin, ironically from an anonymous author: “‘Disclosure advances the search for truth,’ because when propaganda is anonymous it ‘makes it more difficult to identify the self interest or bias underlying an argument.’”⁷² Libel on the Internet is particularly pernicious, since once anything has been circulated via the Net, it becomes impossible in practice to destroy all, or even many, of the copies that may reside on numberless computers around the world.

The imaginary Good Times virus supposedly destroys hard disks as soon as the victim reads an e-mail message; Craig Shergold was once a sick child in England who asked for postcards—and is now heartily sick of the bagsful of cards he receives daily; and the “Jessica Mydek” hoax claims to be an appeal on behalf of an unfortunate girl, but she never existed.

The resurgence of hoaxes and rumors such as the Good Times virus⁷³ and the pathetic stories of Craig Shergold⁷⁴ and Jessica Mydek⁷⁵ illustrate the persistence of undated, unsigned, and untrue messages in Cyberspace. These unfounded, exaggerated, or obsolete stories, threats, and appeals circulate endlessly among the gullible on the Net. There is no reason to suppose they will ever stop.

One of the significant lessons from e-mail hoaxes and chain letters is that unsigned, undated correspondence is always to be treated with skepticism. This principle of devaluing anonymous or pseudonymous communications will be used later in this chapter in a model for categorizing and sequestering communications as a function of their traceability.

70.5 SYSTEMS ANALYSIS OF ANONYMITY.

Why can the usual protections of the criminal and civil law not deal with anonymous and pseudonymous communications? This problem is addressed by David Post and David Johnson.

Post and Johnson argue that geographically defined nation-states cannot reasonably cope with a virtual, boundaryless communications medium.⁷⁶ In the real world, geographical clustering combines with basic concepts of consent of the governed through some form of representation to legitimize the exercise of state power. Without the consent of the governed, state power fades insensibly into state tyranny. In their requirements analysis of possible systems of governance of cyberspace, they add that wherever possible, those affected by the conduct to be regulated have some say in framing the regulations.

However, in cyberspace, argue Post and Johnson, there is no geographical clustering. There is no “here” or “there” in cyberspace. “Location is indeterminate because there is no necessary relationship between electronic addressing… and the location of the addressee (machine or user) in physical space.”

Post and Johnson applied the work of the scientist Stuart Kauffman on self-organizing systems to study the nature of rule-making in a complex system that can model the interactions among users in cyberspace.⁷⁷ Research on self-organization of complex systems suggests that optimum configurations of constraints (regulations) can evolve when there is some degree of aggregation (they refer to “patches”) in the population. These aggregates represent groups where individuals sacrifice some of their preferences in return for overall improvement in the way the whole society works. Members of a patch share responsibility for governing their behavior.

One of the most striking findings of Post and Johnson's research is that systems where most of the effects of an individual's actions are felt by others, outside its decision-making unit, lead to chaos or to suboptimal configurations of rules. Contrariwise, a balance between bringing consequences to bear on individuals in a “patch” and allowing effects to propagate through the larger population leads to more optimal results in the system.

As a result of the experiments, Post and Johnson suggest that one of the most powerful tools for rebuilding comity in cyberspace is grouping users by their Internet Service Providers. Each ISP can develop its own rules governing the behavior of members; sanctions for transgression of these local rules would include banishment from the ISP.

The authors examine the case of unsolicited commercial e-mail (“spam”). As long as each ISP enforces technical measures against allowing fraudulent origination addresses, everyone in cyberspace can decide whether to filter out messages from any given ISP or not. ISPs that allow behavior judged harmful by others will limit the range of communication of their members.

Those that are viewed as restrictive will self-select their own members accordingly. Thus without any global legislation, simply allowing individuals to choose ISPs that have published rules they like could lead to an effective self-regulation of communications. In essence, loudmouthed rumormongers would end up talking only to each other; junk e-mail could be identified simply from its provenance; and even copyright violations could be punished by collective banning of communications from the offending ISPs.

Such a model is an instance of the ideal “market of ideas” in that objectionable ideas are not forbidden, they are just ignored. Of course, admirable and desirable ideas may also be ignored, but at least there is a choice involved. Access for communication becomes a form of currency in such a model—perhaps appropriate for the governance of cyberspace, the realm of electronic communications.

70.6 IMPLICATIONS AND DISCUSSION.

Any attempt to restrict anonymity on the Internet would inevitably affect pseudonymity as well.⁷⁸ Anonymity and pseudonymity make law enforcement difficult enough, but these difficulties are exacerbated by the jurisdictional problems caused by a thoroughly decentralized communications medium like the Internet; “[W]ho should be setting the rules that apply to this new global medium?”⁷⁹ What, then, are some of the practical measures we can individually and collectively take to preserve the benefits of anonymity and pseudonymity without suffering the consequences of abuse?

70.6.1 Individuals, Families, and Schools.

Absorbing and applying normative behavior begins in earliest childhood and continues throughout the development of the child's capacity for rationality and ethical judgement. Children should be taught that anonymity and pseudonymity are not acceptable under normal circumstances. The same methods that parents, teachers, and other adults use to teach children a visceral dislike of antisocial behaviors such as lying, cheating, stealing, and bullying should be applied to behavior in cyberspace.

It takes time to integrate morality into our technological universe. Twenty years ago, many drivers felt that driving under the influence of alcohol was adventurous. Today most people feel that it is stupid and irresponsible. Smoking in public is becoming rare. Many of us in northern cities have witnessed exiled smokers huddled together in the cold outside buildings where they once lit up with impunity.

Similarly, we need a consensus on good behavior in cyberspace.

Criminal hackers who break into computer systems and roam through users' private files should be viewed as peeping Toms. Criminals using computers to steal services should be recognized as thieves. Those who destroy records, leave logic bombs, and write viruses should be viewed as vandals. Hackers who smear obscenities in source code should be seen as twisted personalities in need of punishment and therapy. Government agencies proposing to interfere in electronic communications should be subject to scrutiny and intense lobbying.

Beyond such prohibitions and inhibitions of taboos, cyberspace needs the electronic equivalent of Emily Post. We need to discuss the immorality of virus writing, the ethical implications of logic bombs, and the criminality of electronic trespassing. We should teach children how to be good citizens of cyberspace, and not just in schools. We should sit down with computer-using youngsters and follow them through their adventures in cyberspace. Parents should ask their teenage whiz kids about hacking, viruses, software theft, and telephone fraud. We must bring the perspective and guidance of adult generations to bear on a world that is evolving faster than most of us can imagine.

The adolescent confraternity of criminal hackers and virus writers has already begun developing totems: the personae of Dark Avenger and Acid Phreak loom over youngsters much as Robin Hood once did for another generation.

What we need now are taboos to match the totems.⁸⁰

70.6.2 Ethical Principles.

How do people make judgements about a course of action when there are no explicit guidelines? There are several kinds of principles that people use in reasoning about a new situation (see Chapter 43 of this Handbook for a more extensive discussion of ethical decision making).

70.6.2.1 Rights and Duties (Deontology).

The concepts of rights (“Something that is due to a person or governmental body by law, tradition, or nature”) and duties (“An act or a course of action that is required of one by position, social custom, law, or religion,” according to the 1992 edition of the American Heritage Dictionary) should influence one's decisions.

Are any rights abridged by anonymity? For example, the right to know the source of a warning so that we may judge the motives and credibility of the statement is infringed when such a message is posted anonymously or pseudonymously.

Personal duties at issue in a decision on posting anonymous warnings about a competitor's product include notions of trust, integrity, and truthfulness, all of which are violated by such an act. We lower the trust of technical advice when we use anonymous postings; we damage the integrity of an entire profession; and we implicitly betray truthfulness by failing to identify the source of such information.

Professional duties or responsibilities also apply. We are expected to maintain appropriate professional relationships, but anonymous posting does not further a web of trust among colleagues. Posting anonymous messages casts doubt on the goodwill of all the innocent people who are perceived as possibly being the author of such messages. In terms of maintaining efficacy, anonymous postings reduce the flow of information among professionals by aborting the possibility of private communication with the authors of the anonymous messages.

70.6.2.2 Consequentialism (Teleology).

One approach to evaluating the ethical dimensions of a proposed act is to look at the possible consequences of the act. Does the action minimize actual and potential harm? Egoism looks at what is good for me or does the least harm to me. Anonymous posting of critical information about a competitor's product offers the potential of benefits to one's employer with minimal direct consequences. However, such behavior opens up the organization to less obvious consequences, such as the risk of blackmail, degradation of trust within the group, lowered morale, and departure of employees whose moral sensibilities are outraged by what they see as unethical behavior.

Utilitarianism views decisions in terms of what is good for the group or does the least harm for the group. The question here is the inclusivity of the “group.” If the group includes all users and potential users of the defective product, then posting the information serves a good purpose; the decision on whether to post anonymously resolves to the same questions as those raised in discussions of the consequences for an organization of having an employee post messages anonymously. The climate of trust, the credibility of warnings in general, and respect for the entire industry can be harmed by anonymous postings of warnings.

An altruistic approach to decisions accepts that what is good for all may be worth doing even if there is some harm to one's self. By this yardstick, posting a warning with full attribution is definitely the preferred way of communicating information about a problem. Another altruistic approach, however, would be to inform the competitor of the flaw in its product via private communications. The hope here is that such altruism will be reciprocated and that the industry as a whole can benefit from improvement in all products.

70.6.2.3 Kant's Categorical Imperative.

At a different level, Immanuel Kant's principles for judging the ethical dimensions of an act are immensely useful in all aspects of life. The principle of consistency asks, “What if everyone acted this way?” In our example, if everyone posted anonymous warnings, the credibility of all warnings would be damaged. In the absence of a mechanism of redress, unscrupulous people would contaminate the alerts with false information, making it difficult to trust any warning. Since some people would retaliate for fraudulent postings about their products by posting equally fraudulent attacks on their competitors, the system of alerts would collapse, causing harm to users and to producers.

Another principle Kant enunciated was that of respect: Are people treated as ends rather than means? The author of an anonymous message may not be thinking about the people affected by that message; they remain ciphers—amorphous, unknown entities of no importance. In contrast, an empathic and ethical person remembers that every group consists of individual human beings with pretty much the same range of feelings as anyone else. Using them as a means of increasing market share is not respectful.

70.6.3 Corporations and Other Organizations.

How can organizations contribute to the reduction of harmful anonymous or pseudonymous communications?

Every corporation, government department, nonprofit organization, educational institution, healthcare facility, banking or financial services organization, and so on should explicitly address the question of anonymity and forgery on the Net. Some practical guidelines to consider in setting organizational policy follow.

No user of a corporate user ID should ever forge headers or use pseudonyms when communicating using corporate resources.
Corporate firewalls should be configured to prevent all TCP/IP packets from passing outward through the firewall with forged IP addresses.
SMTP servers should be configured to prevent any e-mail from leaving a site with forged headers.
All corporate e-mail outbound from a site should be signed digitally by its author(s) to provide a basis, when necessary, for repudiation of unsigned and fraudulent e-mail.

In addition, discussions of the ethical framework for making decisions about the use of technology should be integrated into employee training at all levels. Managers, in particular, ought to be cognizant of the principles of ethical decision making so that they can fluently guide their staff in practical problem solving.

70.6.4 Internet Service Providers.

Because many users send e-mail or post to Usenet groups, through accounts with ISPs, these services have an obligation to become involved in preventing abuses of anonymity and pseudonymity. Except for some free services that are independently funded or that derive revenue from advertising rather than from user fees, ISPs must establish a relationship with their users in order to be paid; most use credit card accounts for this purpose. This method of billing inherently provides a link to the real-world identity of a user through the credit card issuers. Thus for most ISPs, it is possible to enforce traceable anonymity and pseudonymity. Faced with a subpoena, for example, most ISPs will be able to provide authorities with all the information needed to track down the person whose account was used to send a message. Whether the owner of the account is the author of a particular message depends on the security of identification and authentication mechanisms in use. Passwords, for example, are unlikely to be considered strong authentication because there are too many ways passwords can be compromised. Biometric authentication, however, may provide for strong authentication if error rates are considered sufficiently low to warrant the imputation of authorship based on biometrics.

One of the most interesting suggestions about the role of ISPs in governing anonymity and pseudonymity—and behavior in general—in cyberspace comes from Lewis.⁸¹ Lewis suggested that those interested in banning anonymity online could support ISPs requiring traceable identity for all their customers. Let individuals choose what kind of ISP they want to use, but control access to their communications according to the degree of strong identification and authentication in use by the ISP. This suggestion is remarkably close to Post and Johnson's work on model systems in that ISPs can play a pivotal role in determining the future of the Internet without having to involve governments.⁸²

Some practical suggestions for ISPs:

ISPs could automatically sign every outbound message using their Public Key Cryptosystem secret key.⁸³ With today's fast parallel processors, it should be possible to sign outbound traffic without inordinate interference with transmission speed and at acceptable cost.
Every e-mail message could be verified instantly as authentically coming from the specified ISP; forgeries would be practically impossible as long as the security of the ISPs secret keys was maintained.
The next step would be publication of every ISP's terms of service in a public forum, signed by its secret key; these summaries would allow ISPs to sort themselves out immediately according to how restrictive their policies on anonymity and pseudonymity were.
The SMTP would have to be modified to provide for verification of digital signatures, but given such changes, any ISP could automatically block incoming mail from ISPs whose policies were unacceptable.

For example, suppose the Truthful ISP insisted on maintaining records of exactly who was registered for any given ID and blocked outbound forged e-mail and unsolicited commercial e-mail. Truthful ISP might want to block mail from the CyberSleaze ISP, where forgeries and floods of spam were commonplace.

70.6.5 A Free Market Model for Identity in Cyberspace.

What might happen over time as a result of allowing communications only with selected ISPs, depending on their terms of service? Eventually there would likely be an equilibrium in which those users who wished to send and receive anonymous, untraceable e-mail could subscribe to those ISPs supporting that kind of communication. Others could automatically block e-mail from unwanted ISPs. Furthermore, individuals who wished to use anonymity or pseudonymity sometimes could subscribe to more than one ISP and take advantage of their different policies. Computer systems managers who wanted to deal only with other professionals at work could use a restrictive ISP; however, they also could use a different ISP to post and read messages in a highly charged, freewheeling discussion group about the politics of gun control, without having to reveal their real names or fear that they could ultimately be traced through a pseudonym.

As the forces of the marketplace continued to work on ISPs, there might be further evolution toward different degrees and types of communication blockage. ISPs with a reputation for harboring miscreants who libel and defame others without cause could find themselves being shut out of an increasing number of reputable communities of users. Those whose users exercised moderation and responsibility might find themselves being received by a widening circle of ISPs.

The advantage of this model is that individuals could exert power over their electronic environment by voting with their subscriptions, but no one would be censored by bureaucrats or tyrants. Just as Hyde Park in England allows both geniuses and crackpots to speak yet forces no one to listen, the electronic Hyde Park would provide a mechanism for shutting out the lunatics while letting the loonies talk to each other as they wish.

What this model would not permit is the imposition of unwanted communications on powerless victims. This model would spell the end of unsolicited commercial e-mail. If digital signatures indicating the source ISP from which executable code was first distributed became commonplace, the same mechanism could seriously interfere with the distribution of viruses and other harmful programs. ISPs that became known for harboring virus writers or distributors would see their credibility as communications partners eroded. This model does not require individuals to sign their product or messages; the only constraint is that the ISP do so.

What about individuals who own their own domain on the Net? The same principles would apply. The modified SMTP software would automatically sign all output from their sites. Any site that refused to provide digital signatures could be excluded by any ISP that chose to apply such an exclusionary rule.

70.6.6 Governments.

The role of governments in cyberspace is complex. On one hand, several governments—notably that of the United States—have contributed to the development of the Internet through legislation and funding. On the other hand, many governments, especially totalitarian regimes, are intolerant of unfettered communications. Under the communist regimes, most countries in the Soviet Union and its satellites made ownership of unregistered spirit duplicators, photocopiers, fax machines, and modems illegal. Today, Burma, in the grip of the tyrannical State Law and Order Restoration Committee, still does. See Chapters 51 and 52 in this Handbook for more details of government constraints on speech in cyberspace.

No matter how carefully crafted they are, attempts to apply legal constraints on anonymity in cyberspace will be undermined by inconsistent government regimes throughout the globe. The least restrictive geographical entities will subvert more restrictive jurisdictions.⁸⁴ If, say, Restrictopolis were to impose strictures on anonymous Internet use, its anonymity-seeking citizens might be able to use the ISPs in Liberalopolis, where the rules would be much freer.

On a less practical, more philosophic level, there are profound objections to any government regulation of the Internet. As Lewis writes: “We do not outlaw wig shops or Halloween masks just because some people use them for illegal or immoral purposes. We do not require caller-ID services for everyone just because some people make obscene or harassing phone calls. Nor should we strip the cloak of online anonymity from everyone, including those who legitimately need privacy, just to prevent sickos from abusing it.”⁸⁵

In the United States, the government would likely run up against strong constitutional guarantees of speech, especially political speech—and including anonymous political speech—if it tried to ban anonymity outright.⁸⁶ A particularly significant setback for government attempts to control anonymity in the United States came in June 1997. The case began in January 1997.⁸⁷ As Declan McCullagh described the judgment:

In Georgia, Judge Marvin Shoob ruled that a state law forbidding anonymity online is unconstitutional since it violates free speech and free association rights. The law is so broadly written, the judge indicated, that even America Online screen names could be considered illegal. Judge Shoob “understood clearly the very strong need for our plaintiffs to communicate anonymously,” the ACLU's Ann Beeson says. Both judges [in Georgia and in a similar case in New York] issued preliminary injunctions barring the state attorneys general from enforcing the laws….

Georgia's Judge Shoob, in a 21-page opinion, ruled that the law—that the Democrat-controlled legislature passed in haste last year to muzzle a dissident Republican representative—violated the First Amendment.

This echoes a recent Supreme Court case, McIntyre v. Ohio, in which the justices ruled that the right to anonymity extends beyond political speech; that requiring the author's name on a leaflet is unconstitutional; that writing can be more effective if the speaker's identity is unknown.⁸⁸

Democratic governments worldwide would do better to stay out of cyberspace and allow users to develop their own transnational solutions for governing behavior, including the use of anonymity and pseudonymity.

70.7 CONCLUDING REMARKS.

Readers of this brief review of anonymity and pseudonymity are urged to consider these key observations and recommendations:

Anonymous and pseudonymous communications are inherently associated with an increased incidence of antisocial behavior through deindividuation.
There are circumstances where anonymity and pseudonymity are useful tools in the defense of liberty and justice.
Anonymous and pseudonymous electronic communications have already been used to harass victims, damage commercial interests, and launch hoaxes and rumors into cyberspace.
The major problems of anonymity and pseudonymity in cyberspace can be avoided by the use of traceable identification.
Making ISPs responsible for enforcing their chosen level of strong identification and authentication will allow a nongovernmental, nonlegalistic approach to reducing abuse by anonymous and pseudonymous Internet users.
All electronic communications ought to be tagged with unforgeable authenticators of identity.
Individuals, families, and schools have a role to play in integrating cyberspace into the moral universe of children.
Corporations and other organizations ought to integrate ethical decision making into their management procedures.
Governments will continue to fail in their efforts to govern cyberspace because electronic communications networks are inherently divorced from geographical jurisdictions.

70.8 SUMMARY.

The growth of the Internet has increased the use of anonymity and pseudonymity in electronic communications. Internet users must be able to preserve the benefits of privacy while fighting the abuses of anonymous and pseudonymous people. In the real world, identity resides in the ways that individuals are recognized and held responsible for their actions; in cyberspace, identity is potentially just a user ID. Social psychologists have found that anonymity can contribute to deindividuation—a state of loss of self-awareness, lowered social inhibitions, and increased impulsivity.

This chapter suggests practical applications of these insights from social psychology for managers concerned with reducing abusive behavior by their own employees. In addition, the chapter addresses the wider problem that, given the social psychology of anonymity, abuses of the Internet are certain to continue. There must develop a collective response to incivility and irresponsibility, without falling into authoritarian strictures on speech. This chapter further suggests that a free market approach using accessibility to communications as a kind of currency may help the Net evolve toward a more civil society. By blocking e-mail from ISPs that fail to enforce acceptable standards for a given community of users, Net users can sort themselves into groups that tolerate or welcome different levels of anonymity and pseudonymity. No government intervention would be required under such a system.

In addition, this chapter suggests a framework for reaching into the early years of the educational system to help integrate cyberspace into the moral universe of children worldwide. In addition to being a moral imperative to support educational efforts on computer ethics, such programs are in the best economic interests of industry, academia, and government systems managers.

70.9 FURTHER READING

Boellstorff, T. Coming of Age in Second Life: An Anthropologist Explores the Virtually Human. Princeton, NJ: Princeton University Press, 2008.

Federrath, H., ed. Designing Privacy Enhancing Technologies: International Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, July 25–26, 2000. Proceedings. Springer.

Griffin, R. J. The Faces of Anonymity: Anonymous and Pseudonymous Publication from the Sixteenth to the Twentieth Century. New York: Palgrave Macmillan, 2003.

Nicoll, C., J. E. J. Prins, and M. J. M. van Dellen eds. Digital Anonymity and the Law: Tensions and Dimensions. Asser Press, 2003.

Robbins, S. and M. Bell. Second Life for Dummies. Hoboken, NJ: John Wiley & Sons, 2008.

70.10 NOTES

An asterisk (*) in notes marks a secondary reference drawn from D. G. Myers, Social Psychology, 4th ed. (New York: McGraw-Hill, 1993); R. A. Lippa, Introduction to Social Psychology, 2nd ed. (Pacific Grove, CA: Brooks/Cole Publishing, 1994); or D. O. Sears, L. A. Peplau, and S. E. Taylor, Social Psychology, 7th ed. (Englewood Cliffs, NJ: Prentice-Hall, 1991).

1. “Identity Theft Working Group Increases Federal Prosecutions: Maryland Crime Victims' Resource Center to Assist Victims,” U.S. Department of Justice, United States Attorney's Office for the District of Maryland, February 21, 2008; http://baltimore.fbi.gov/dojpressrel/pressrel08/ba022108.htm.

2.R. Abelson, “By the Water Cooler in Cyberspace, the Talk Turns Ugly,” New York Times, see http://query.nytimes.com/gst/fullpage.html?res=9F04E6D81039F93AA15757C0A9679C8B63

3. M. E. Kabay, “The INFOSEC Year in Review 1997” see: www2.norwich.edu/mkabay/iyir/1997.PDF.

4. WHO@ home page: www.haltabuse.org/.

5. CyberAngels home page: www.guardianangels.org/cyberangels.php.

6. R. D. Clifford, Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime, 2nd ed. (Carolina Academic Press, 2006).

7. J. Kornblum, “Net Crime Begs Questions: Who to Call?” C/Net News, August 5, 1997; http://news.cnet.com/2102-1023_3-202141.html.

8. J. Kornblum “Antispam Efforts Heat Up,” C/Net News, November 14, 1997; http://news.cnet.com/Antispam-efforts-heat-up/2100-1023_3-205363.html.

9. S. Covington, No. 97-06273 of the District Court of Travis County, Texas, 345th Judicial District; see: www.mids.org/nospam/judgment.html.

10. Internet Corporation for Assigned Names and Numbers (ICANN) “Top-Level Domains (gTLDs),” 2008, www.icann.org/tlds/.

11. R. Clarke, “Human Identification in Information Systems: Management Challenges and Public Policy Issues,” Information Technology & People 7, No. 4 (1994): 6–37; www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html.

12. A. M. Froomkin, “Anonymity and Its Enmities,” Journal of Online Law, 1995, article 4; www.wm.edu/law/publications/jol/95_96/froomkin.html.

13. OSHA, “Milliken & Company VPP Star Site.” OSHA Voluntary Protection Programs, Success with VPP, 2006; www.osha.gov/dcsp/success_stories/vpp/reg4_ss_milliken_elm.html

14. Clarke, “Human Identification in Information Systems.”

15. Froomkin, “Anonymity and Its Enmities.”

16. C. Free, “Make Their Day: Fury at the Wheel Turns Frustrated Drivers into Outlaw Dirty Harrys with a Rage for Revenge,” People Weekly 48, No. 9 (1997): 59.

17. G. Le Bon, The Crowd: A Study of the Popular Mind (New York: Macmillan, 1896).*

18. L. Festinger, A. Pepitone, and T. Newcomb, “Some Consequences of Deindividuation in a Group,” Journal of Abnormal and Social Psychology 47 (1952): 382–389.*

19. P. G. Zimbardo, “The Human Choice: Individuation, Reason and Order versus Deindividuation, Impulse, and Chaos,” in W. J. Arnold and D. Levine, eds., Nebraska Symposium on Motivation (Lincoln: University of Nebraska Press, 1970).*

20. Free, “Make Their Day” J. J. Russell, “The New Menace on the Road,” Good Housekeeping 224, No. 4 (1997): 100–110.

21. Zimbardo, “The Human Choice.”

22. R. I. Watson Jr, “Investigation into Deindividuation Using a Cross-Cultural Survey Technique,” Journal of Personality and Social Psychology 25 (1973): 342–345.*

23. J. H. Kerr, Understanding Soccer Hooliganism. Buckingham: Open University Press, 1994.*

24. B. Buford, Among the Thugs (London: Mandarin Paperbacks, 1991).

25. E. Diener, S. C. Fraser, A. L. Beaman, and R. T. Kelem, “Effects of Deindividuating Variables on Stealing by Halloween Trick-or-Treaters,” Journal of Personality and Social Psychology 33 (1976): 178–183.*

26. S. Prentice-Dunn and R. W. Rogers, “Effects of Deindividuating Situation Cues and Aggressive Models on Subjective Deindividuation and Aggression,” Journal of Personality and Social Psychology39 (1980): 104–113*; E. Diener, “Deindividualtion, Self-Awareness, and Disinhibition,” Journal of Personality and Social Psychology 37 (1979): 1160–1171.*

27. M. Csikszentmihalyi, Flow: The Psychology of Optimal Experience (New York: Harper & Row, 1990).

28. C. B. Spivey and S. Prentice-Dunn, “Assessing the Directionality of Deindividuation: Effects of Deindividuation, Modeling, and Private Self-Consciousness on Aggressive and Prosocial Responses,” Basic and Applied Social Psychology11 (1990): 387–403.*

29. K. J. Gergen, M. M. Gergen, and W. H. Barton, “Deviance in the Dark,” Psychology Today (October 1973): 129–130.*

30. L. Detweiler, “Anonymity on the Internet FAQ” (1993), www.webster.edu/~bumbaugh/net/anonfaq.html; L. Detweiler, “The Joy of Pseudospoofing” (1993), http://cypherpunks.venona.com/date/1993/10/msg01172.html.

31. Detweiler, “Anonymity on the Internet FAQ.”

32. R. Clarke “Introduction to Dataveillance and Information Privacy, and Definitions of Terms” (1999), www.anu.edu.au/people/Roger.Clarke/DV/Intro.html.

33. Clarke, “Human Identification in Information Systems.”

34. Detweiler, “Joy of Pseudospoofing.”

35. Detweiler, “Joy of Pseudospoofing.”

36. O. S. Card, Ender's game (New York: Tor Books, 1985).

37. For current resources on electronic voting issues, see the Electronic Privacy Information Center's files at http://epic.org/privacy/voting/.

38. Froomkin, “Anonymity and Its Enmities.”

39. Froomkin, “Anonymity and Its Enmities.”

40. C. Johnson, “Anonymity On-line? It Depends on Who's Asking,” Wall Street Journal, November 24, 1995, p. B1.

41. L. Lessig, D. Post, and E. Volokh (1997). Cyberspace Law for Non-Lawyers. Lesson 23—Privacy 11: Privacy: Self-Help: Anonymity, Part 1 (1997); www.ssrn.com/update/lsn/cyberspace/lessons/priv11.html.

42. L. Lessig, D. Post, and E. Volokh, Cyberspace Law for Non-Lawyers. Lesson 24—Privacy 12: Privacy: Self-Help: Anonymity, Part 2 (1997); www.ssrn.com/update/lsn/cyberspace/lessons/priv12.html.

43. Clarke, “Introduction to Dataveillance and Information Privacy.”

44. E. Mahyuni, “Gone in 6 Seconds: Hotmail CAPTCHA Hacked by Spammers,” Tech.Blorge, April 16, 2008; http://tech.blorge.com/Structure:%20/2008/04/16/gone-in-6-seconds-hotmail-captcha-hacked-by-spammers/.

45. W. Rodger, “Zero-Knowledge to Close Anonymity Service” (2001), www.securityfocus.com/news/262.

46. C. Pappas, “The A to Z of Internet Sleaze,” Home Office Computing 15(8): 70.

47. Detweiler, “Anonymity on the Internet FAQ.”

48. “Maimonides' Eight Levels of Charity.” Mishneh Torah, Laws of Charity, 10: 7–14. Chabad.org Library, www.chabad.org/library/article_cdo/aid/45907/jewish/Eight-Levels-of-Charity.htm.

49. Clarke, “Introduction to Dataveillance and Information Privacy.”

50. Froomkin, “Anonymity and Its Enmities” A. M. Froomkin, “Flood Control on the Information Ocean: Living with Anonymity, Digital Cash and Distributed Databases,” University of Pittsburgh Journal of Law and Commerce 15 (1996): 395; http://osaka.law.miami.edu/~froomkin/articles/ocean1.htm.

51. J. Ubois, “Anonymity Has Its Place,” MIDRANGE Systems 8, No. 8 (1995): 28.

52. Detweiler, “Anonymity on the Internet FAQ.”

53. P. Steiner, “On the Internet, Nobody Knows You're a Dog.” New Yorker, July 5, 1993; www.cartoonbank.com/item/22230.

54. B. Paisley, “Online” (2008), YouTube video of performance in Nashville: www.youtube.com/watch?v=W7RDTVZ1NWs.

55. Detweiler, “Anonymity on the Internet FA.

56. Froomkin, “Flood Control on the Information Ocean.”

57. Froomkin, “Flood Control on the Information Ocean.”

58. D. Post, “Knock Knock, Who's There?: Anonymity and Pseudonymity in Cyberspace” (1995), www.cli.org/DPost/X0012KNOCK.html

59. Virtual Worlds Review: www.virtualworldsreview.com/.

60. Anonymous (2008). “Interview: Strategy Analytics' Barry Gilbert—137M Virtual Worlds Users Now; 1B by 2017,” Virtual Worlds News, June 3, 2008; www.virtualworldsnews.com/2008/06/strategy-analyt.html.

61. G. Stringer, “The Internet” course notes, Creative Media and Information Technology course MIT 2114/2214, 2005. University of Exeter (UK), Chapter 8: Virtual Communities, www.services.ex.ac.uk/cmit/modules/the_internet/webct/ch08.html#d0e4833.

62. Clarke, “Introduction to Dataveillance and Information Privacy.”

63. Detweiler, “Anonymity on the Internet FAQ.”

64. Froomkin, “Anonymity and Its Enmities.”

65. Froomkin, “Flood Control on the Information Ocean.”

66. InfraGard home page: www.infragard.net/.

67. Detweiler, “Anonymity on the Internet FAQ.”

68. Froomkin, “Anonymity and Its Enmities.”

69. Post, “Knock Knock, Who's There?”

70. Detweiler, “Anonymity on the Internet FAQ.”

71. L. J. Rose, NetLaw: Your Rights in the Online World (New York: Osborne/McGraw-Hill, 1994), pp. 183–184.

72. Froomkin, “Flood Control in the Information Ocean.”

73. Good Times Virus Hoax FAQ: www.cityscope.net/hoax1.html; but see also the satirical version at http://ifaq.wap.org/computers/goodtimesfaq.html.

74. B. Mikkelson, “Craig Shergold,” Snopes.com (2007): www.snopes.com/inboxer/medical/shergold.asp.

75. B. Mikkelson, “American Cancer Society Hoax.” Snopes.com (2006); www.snopes.com/inboxer/medical/cancer.asp.

76. D. Post and D. R. Johnson, “The New Civic Virtue of the Net: Lessons from Models of Complex Systems” (1997), www.cli.org/paper4.htm.

77. Post and Johnson, “New Civic Virtue of the Net” S. A. Kauffman, The Origins of Order: Self-Organization and Selection in Evolution (Oxford: Oxford University Press, 1993).

78. Post, “Knock Knock, Who's There?”

79. Post and Johnson, “New Civic Virtue of the Net.”

80. M. E. Kabay, “Totem and Taboo: Civility and Vandalism in Cyberspace.” Proceedings of the 17th National Computer Security Symposium, Baltimore, MD, October 11–14, 1994. Reprinted in NCSA News (June 1995): 4; online at: www2.norwich.edu/mkabay/ethics/totem_taboo_cyber.pdf.

81. P. Lewis, “Cloaks and Daggers: Online Anonymity Is a Blessing and a Curse,” Home Office Computing 14, No. 7 (1996): 133.

82. Post and Johnson, “New Civic Virtue of the Net.”

83. See Chapters 7 and 37 in this Handbook.

84. Froomkin, “Anonymity and Its Enmities.”

85. Lewis, “Cloaks and Daggers.”

86. Lessig et al., Cyberspace Law for Non-Lawyers, Lesson 24.

87. D. McCullagh, “Brick by Brick,” The Netly News (editorial), 1997.

88. D. McCullagh, “Courts Strike Down New York and Georgia Net-Censorship Laws,” sent Friday, June, 1997, 13:49:06 -0700 (PDT), on [email protected] mailing list.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for CHAPTER 70: ANONYMITY AND IDENTITY IN CYBERSPACE

Create new playlist

Sign In

Sign Up

CHAPTER 70

ANONYMITY AND IDENTITY IN CYBERSPACE

70.1 INTRODUCTION.