say my name(s) – anonymity & pseudonymity at #rightscon
The RightsCon summit presented by digital human rights champions Access, included an inspiring range of panels and panelists. I liveblogged a handful of sessions, including “Anonymity, Pseudonymity, and Freedom of
Expression,” which had an extraordinary concentration of brainpower. These notes are not perfect, but capture many of the smart and instructive points the group made.
Colin Crowell, who leads on public policy at Twitter, led off by introducing all the session panelists. aestetix, co-founder of NymRights, is a policy advocate, technologist, speaker, and researcher working in the identity “ecosystem.”
Crowell praised Vince Sollitto from Yelp for his “sterling” communications policy background in business and the private sector. Vince began on Capitol Hill and also served as spokesman to under Governor Arnold Schwarzenegger.
Eva Galperin from EFF stepped in for Karen Reilly of the Tor project, who was unable to join. Eva worked on the real name policies at Google+ and Facebook and trains journalists, activists and potential leakers in protecting their anonymity online.
To offer some working definition of terms, aestetix left the word “anonymous” aside and focused on the question of pseudonyms and what he called “autonyms.” An autonym is a name that you give yourself, such as the name Francis, chosen by Jorge Mario Bergoglio when he was elected the current Pope. A pseudonym, said aestetix, can be defined as a “name that covers a base name.” So, in effect, if you have a pseudonym you by definition have two names.
He added that the name of his own group, NymRights, came out of debates over naming guidelines now called the NymWars (a term it turns out was coined by fellow panelist Eva). He joined with Khaliya Hamlin (@identitywoman) (who was also in attendance) to create NymRights, with a non-warlike focus on “educating and empowering people.”
Crowell noted that currently the U.S. doesn’t have a national ID system – despite the various IDs we use at state and national level like social security, passports, and drivers’ licenses. South Korea, he said, rationalized the real name rules that it put in place as a safeguard against the spread of false rumors and libel. But a Court later found that the law had not reduced such behavior. We heard much more about this from K.S. Park of OpenNetKorea.org, who is here from Seoul.
To kick off his comments, Charles Mok flashed his own national ID card from Hong Kong, noting that in some cultures it’s accepted as a fact of life that you would have such a card. To date, he said, the Chinese government has imposed real names online. (He added that often it is the NGOs who call for it, groups who work on behalf of young people, for instance.)
However, said Mok, in 2012, a committee of the People’s Congress declared a plan to issue a realname system, proposed to go into effect as of mid-2014. The ministry responsible for the TV and entertainment ministry also recently declared a plan to make people give real names when they upload media, e.g., video. In the past, efforts were made to impose real names on mobile phone and phonecard users, he said, but these were not effective. Similar attempts have been made for users logging on at Internet cafés, but these rules are not consistent across the different establishments. There is a requirement to register domains with your real name. Which, Mok said, is perhaps why GoDaddy withdrew from the China market.
Broadly speaking, Mok said, some governments may set real name rules for reasons other than the ones they advertise. “This is way that they want to try to limit speech on the internet,” he said, in the name of protecting people.
Johan Hallenborg said Sweden comes to this issue with a history of promoting human right and free expression both online and off. For some real history, Hallenborg said in 1766, Sweden passed the first ever constitutional freedom of expression law. On the down side, he said it also means that the right to privacy has been “somewhat overlooked” by Sweden. Normally Swedes “don’t pay much attention,” he said, and use their personal identity number everywhere, “even if that’s a bit naïve.”
“We have been criticized for not decriminalizing defamation, by the UN for example, said Hallenborg. “The government is now trying to find ways to strengthen the protection, however.” He said the fundamental issue is that people have a right to be anonymous online. And the Swedish government supports the development of software that protects people.
Crowell added that even though we talk a lot about international human rights as driver for anonymity and privacy, there are also important links to commerce, to whistleblower protection, to safety for victims of domestic violence.
Vince Sollitto said Yelp is designed as a research tool where consumer contributions inform other consumers’ decisions about restaurants or other small businesses. Most Yelp reviews are not anonymous, he said, but there are certainly situations where people may choose to be (such as clients of divorce lawyers or plastic surgeons), and the marketplace benefits from that and the law protects it in most cases.
Yelp was in the news just today, he noted, in an NYT blog post about its efforts to flag businesses that may have fake anonymous positive reviews.
On the legal side, Sollitto, described the case of Hadeed Carpet in the Washington D.C. area. The store had been repeatedly accused of “bait and switch” sales promotions where it promised prices it never offered. And the owner filed a defamation suit to find and punish the online reviewers.
Normally, said Sollitto, courts have said that without clear evidence of wrongdoing, anonymity cannot be reversed in such cases. Free speech does not protect defamation, but the real question is what is the threshold to unmask an anonymous person. Virginia, however, has a state law aimed at this precise issue, the court ruled was that “even the suspicion” of wrongdoing such as defamation is enough to reverse anonymity. Yelp has continued to pursue appeals on the ruling.
Galperin said we’ve talked about how companies or governments can manage and protect people’s identities, but asked, “What about people?” Every one of us manages our own identity every day. All of us have different personas we present. You’re not the same person at home as you are when you visit your in-laws, for example, or in your bar as you are in your library or your church.
“Unless your bar is your church,” said Crowell.
“If your bar is your church,” said Galperin, “I am going to that church.” But somehow online, she went on that basic expectation of the freedom to be different selves seems to be going away. Facebook maintains a real names policy and makes it a violations of its Terms of Service to us a different name than the one on your official identification. “And that is a very serious problem.”
When Google Plus launched, she said, it not only barred pseudonyms, it actually wrote an algorithm to detect them an automatically block them. This practice later evolved, in part due to discussions with EFF.
We also need to be careful in this discussion, Galperin said, to keep different cultures’ ways of naming people in mind, and reach past an “American, Western, Silicon Valley, white middle class view of what names themselves are able to look like.”
She asked, Who here has had something bad said about them online? Many of us raised our hands. You can in fact file a defamation lawsuit for speech on third-party systems, she told the group, “because most people don’t use Tor.”
Tor allows you to decouple your IP address from your identity as you browse the web or use the internet. “You can Tor-ify just about anything you do online,” said Galperin. So, for instance, if someone comes to a web site with a subpoena for something that was said there, they cannot trace it back to you. You can circumvent internet censorship, by posting to or viewing a site that your country blocks. You can appear to be from elsewhere.
When people use the dramatic, somewhat conspiratorial term “The Dark Web, or Deep Web,” said Galperin, they are referring to sites that can only be viewed using Tor. It allows people to engage in whistle-blowing, for instance, or to maintain their anonymity against a range of hostile actors.
But, she continued, this also means that criminals use Tor, “because the math works, the encryption works.” Because of that, Tor and the Dark Web have a reputation for being a community of child pornographers or drug peddlers. “These two things cannot be decoupled,” said Galperin. “There is no way to create a system that will provide anonymity for the good guys but not the bad guys.” Especially because many people are good guys to some and bad guys to others. In an oppressive regime, she said, “my dissident” may be “their criminal.”
To get the room involved, Crowell used a show of hands to narrow us down to the only two or three people who go by names other than the ones they were given at birth. For most people, he said, their name is “bequeathed to them,” by parents or other guardians.
Crowell also noted that, while the anonymity discussion is usually about protecting names to protect safety and privacy and to prevent the chilling effect that could suppress comments if the commenter can be identified, there other data fields that we should care about. Are the situations where you might need to mask your gender, for instance, or need to say you are somewhere that you are not?
Craig Vachon from AnchorFree says some women us there Hotspot Shield tool so they can upload videos to dating sites while making sure it could never be traced back to their actual location. Jon Fox from Access said that, for Facebook notably, our names and data are what can make them money. They want to link us to 1000 data points and your name is the starting point for that.
On Twitter, said Crowell, identity is based on your Twitter user name and from the public name you give yourself (e.g., you can name yourself “Bozo the Clown” then use the account name @bozo). This is in part so that users have identity and “addressability,” he said.
K.S. Park described at length the experience when protests were filed challenging the real name law in South Korea. He said in reversing the law that the court gave a few reasons. The primary one was based on the inspiring statement that the internet is good for democracy, as the only medium where all people speak to one another on equal footing regardless of race, gender or social status. “If you force real names you are throwing away the value of the internet,” he quoted the court as saying.
Two other rationales in the court ruling, Park said, were privacy and protection from government abuse of power. The court noted that the real names law would require companies to collect terabytes of personal data, and if it is stored it becomes vulnerable to theft. Companies also would then be able to release personal data directly to police or federal security forces, who in many countries can collect such data without a warrant. Imagine, he said, if Facebook had everyone’s passport data and police in some country could come get it.
You need to think about the privacy implications if you want implement real name policies, Park said. “Our love for free speech is not as strong as our love for privacy.” He added that there also are places in Korea where real name checks are still required – such as adult content sites and online games.
Crowell and aestetix discussed how there are some relationships and transactions where you want to be anonymous while there are others where you don’t care, and others where you prefer or need your real name to be used. Several people mentioned that this range of options ought to be available.
Galperin disputed the claim made by some that these issues will be resolved in time by “the marketplace.” Services like Facebook, Google, Yelp have come to function effectively as a public sphere, she said, which is dangerous when it is actually a sphere governed by Terms of Services drafted by private companies with specific business needs.
She also mentioned the need for greater civility as a common argument for requiring real names – that it makes people more accountable. But she said when the Google Plus team researched this, it turned out not to have the expected effect.
aestetix reminded the room, “Before we had cyber-bullies, we had bullies.” The technology doesn’t replace the humanity – it’s just a different form.
Josh Koltun, an attorney who has represented online commenters or journalists who chose to protect their anonymity, said you could consider it “an editorial choice” whether to be anonymous or not. If you do, and your credibility is diminished as a result, then that may be your choice.
Crowell said it was an ironic “O. Henry ending” for the South Korean real name rule that, as it turned out, the policy intended to guard against attack speech and preserve safety a) was not going to work, and b) could result in significant compromises of security.
Another participant described the EU landscape and the idea of “personality rights” as distinct from “the right to identity,” the fundamental right “to be unique” and to be oneself. Systems offering pseudonyms, he said, don’t usually take into account the multiple identities we each already have, the many roles and contexts we inhabit each day. Our civic identity, for instance, is different from our real name, from our actual self, from a name that is “imposed” by someone (like our actual name, or an online profile autocreated by a web site). Beloved Portuguese poet Fernando Pessoa coined the term Heteronym to construct multiple identities who related to each other in his work.
Crowell gave a shout-out to parody accounts on Twitter, satirical versions of celebrities or businesses, that give users a voice to poke fun at institutions.
Charles Mok closed with reminder that anonymity can be a matter of life and death. Many countries will pursue online users expressly for the purposes of persecution or retribution. These same governments will go to companies for the data they need, and there are plenty of companies willing to cooperate.
He added that, as we talk about identity on the web, we cannot forget about handhelds, apps, the geodata collected there, and all the contact information.