This article was downloaded by: [ABO Akademis Bibliotek] On: 19 August 2011, At: 05:31 Publisher: Routledge

Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

The Information Society

Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/utis20

Internet Anonymity in Contexts

Christina Allen Available online: 29 Jul 2006

To cite this article: Christina Allen (1999): Internet Anonymity in Contexts, The Information Society, 15:2, 145-146 To link to this article: http://dx.doi.org/10.1080/019722499128600

PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and-conditions This article may be used for research, teaching and private study purposes. Any substantial or systematic reproduction, re-distribution, re-selling, loan, sub-licensing, systematic supply or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material.

Internet Anonymity in Contexts

Christina Allen
Director of Product Marketing, Electric Communities, Cupertino, California, USA

One approach to developing policy for Internet anonymity and pseudonymity is to focus on Internet identities. In this approach, policymakers in private and public spheres debate how much should be revealed about the real-life identities, locations, or attributes of users engaged in communication. Identity-focused approaches tend to discuss Internet anonymity as a monolithic issue a matter of homogeneous policy for the whole Internet. The arguments weigh privacy issues against those of responsibility and accountability. Another approach to policy deliberations is to focus on Internet contexts. With this approach, policymakers consider how much can or should be revealed about the real-life identity, location, or attributes of communicants given the context of engagement. By focusing on contexts, rather than solely on identities, policymakers can regulate Internet communications based on a demonstrated social or legal interest in the sorts of transactions that are occurring. Off-line societies have had centuries to develop the rules and norms of engagement in different social and professional contexts. Yet every geographical space and human interaction cannot reasonably be regulated. Much happens in private that is simply unavailable to scrutiny. Nonetheless, these private contexts are subject to regulation based on societal interests in certain types of activity. While individuals may seek to avoid regulation through secrecy, they leave traces (social, physical, informational, or technical) of their activities that allow others to investigate possible violations of laws and norms. How these traces may be investigated is legally regulated to balance the interests of society with the rights of individuals.

Similarly, the Internet has private spaces that increasingly are unavailable to scrutiny. As applications proliferate that place server-level functionality on PCs, and as encryption becomes more sophisticated, individuals and organizations can create secure, private networks that are dif cult to detect, let alone to regulate systematically. Therefore, attempts to create global anonymity regulations are likely to be dif cult or impossible to enforce especially if the violations of these global policies are mundane and unworthy of prosecution. A context-oriented approach does not, therefore, attempt to regulate anonymity in any global manner. Such regulation is not pragmatic in increasingly distributed systems. Nor does it abandon efforts to regulate anonymity on the Internet because of the complexity of the issues and technologies. Rather, borrowing from real-life experience, policies de ne those sorts of Internet-based contexts or interactions legal, social, or commercial that society wishes to regulate. For each of those contexts, different identity policies are constructed. It is required that the individuals or institutions engaged in those activities collect and manage the identity information required for legal participation. The conditions of release of identity are negotiated by policy, just as journalists, psychologists, lawyers, and the police have policies for managing anonymity in different circumstances. For example, online banking may require stable pseudonyms that can, in certain circumstances, be tied to real-life identities held in trust by third-party institutions. For each context, law or policy must determine the types of surveillance that may be used. The process of developing regulations for online anonymity can bene t from these steps: 1. Mapping on-line contexts to similar regulated offline contexts as a beginning point for policy de nition. 2. Developing policies and laws for on-line contexts based on off-line analogies.

Downloaded by [ABO Akademis Bibliotek] at 05:31 19 August 2011

Received 7 April 1998; accepted 17 November 1998. Address correspondence to Christina Allen, Ph.D., Director of Product Marketing, Electric Communities, 10101 N. De Anza Blvd., Cupertino, CA 95014, USA. E-mail: callen@communities.com The Information Society, 15:145146, 1999 Copyright c 1999 Taylor & Francis 0197-2243 /99 $12.00 + .00

145

146

C. ALLEN

3. Developing mechanisms for signaling, supporting, tracking, and enforcing policies and laws both for public interests and for use by private organizations. 4. Developing policies determining the conditions for surveillance, types of surveillance, and jurisdictions for adjudication. 5. Testing policies and mechanisms on a case-by-case basis in private and public jurisdictions. Key to the success of a context-oriented approach is developing technical mechanisms and social protocols for communicating about, and controlling the ow of, information and people over context borders. Current Internet contexts largely fail to signal to users the social and technical responsibilities and consequences of participation especially in light of novel aspects of Internet communication such as the widespread availability of good enough anonymity. In many instances, the failure comes from lack of knowledge (on the part of forum developers and operators) about what these responsibilities and consequences might be for an International Internet. Electric Communities is an Internet software company that has implemented certain mechanisms that exemplify such border controls. The software uses certi cates allowing ne-grained control of where and how code may be deployed in distributed systems. Context owners can determine which certi cates are required in order for a person or virtual object to enter. If a user tries to enter a context without the proper identity certi cates, the user will be turned away. Likewise, if a user tries to deploy code that is not properly certi ed, such as a virus or an unacceptable picture, the context will prevent the introduction of

Downloaded by [ABO Akademis Bibliotek] at 05:31 19 August 2011

the code and instruct the user of the norms with warning messages. Yet technical code controls do not solve all of the problems. Social cues tell users the conditions of participation on a context-by-context basis. In the Electric Communities software, contexts have watermarks in the upper left corner. These watermarks are clickable objects that convey the expected behaviors and requirements of that context. Some of these expectations may be a matter of private policy, and some may be a matter of law. Technical and social mechanisms can be tied together. For example, a context may claim to enforce child-friendly policies. A third-party agency may grant a certi cate to that context, based on its reputation for consistent enforcement. Parents may set their children s identities to demand the child-friendly certi cate before the child can enter. If the context has failed to maintain child-friendly standards, the context loses its certi cate and children can no longer visit. Or, a child-friendly-certi ed context may require that each participant present a certi cate stating that a thirdparty agency has the real-life identity information of the participant in escrow, to be released to authorities under certain conditions. With such policies and mechanisms in place, a contextfocused approach to regulating anonymity provides Internet users and organizations with assurances that personal identities will be required and revealed only according to agreements, policies, and laws. With such an approach, the Internet can evolve into a conglomerate of public and private spaces that develop reputations for their trustworthiness and civility based on the behaviors and accountability procedures they establish and maintain.