From caf-talk Caf Jun 8 19:52:43 1992 Newsgroups: comp.society Subject: Anonymity and privacy on the network Message-ID: 92083.072152SOCICOM@auvm.american.edu Date: 23 Mar 92 12:21:52 GMT Organization: The American University - University Computing Center Lines: 759 Approved: SOCICOM@AUVM
Moderator's note: The following article is a lengthy excerpt from a recent issue of FIDONEWS concerning individual privacy and the use of aliases or handles in computer-based communications. It was submitted by a comp.society reader who used a handle; because the excerpt is a cross- post from another electronic publication, I have taken the liberty of viewing the use of a handle by sender as a request for privacy and anonymity similar to the request a newspaper editor might receive in a letter to the editor. Thus, while reprinting the submission, the name and address of the sender are "withheld upon request." The article raises a number of good points; the submission by a reader using a handle to preserve anonymity makes a point; and the editorial action of submitting the reader's posting anonymously makes the question current. What are the implications of using aliases on the net?
Greg Welsh, moderator, comp.society Internet: Socicom@american.edu Bitnet: Socicom@auvm.bitnet
[begin excerpt] F I D O N E W S – | Vol. 9 No. 9 (2 March 1992)
The newsletter of the | FidoNet BBS community | Published by: _ | / \ | "FidoNews" BBS /|oo \ | (415)-863-2739 (_| /_) | FidoNet 1:1/1 _`@/_ \ _ | Internet: | | \ \\ | email@example.com | (*) | \ )) | |__U__| / \// | Editors: _//|| _\ / | Tom Jennings (_/(_|(____/ | Tim Pozar (jm) |
—————————-+————————————— Published weekly by and for the Members of the FidoNet international amateur network. Copyright 1992, Fido Software. All rights reserved. Duplication and/or distribution permitted for noncommercial purposes only. For use in other circumstances, please contact FidoNews.
Paper price: . . . . . . . . . . . . . . . . . . . . . . . $5.00US Electronic Price: . . . . . . . . . . . . . . . . . . . . . free!
For more information about FidoNews refer to the end of this file.
The Joy of Handles Mahatma Kane Jeeves 101/138.8 David Lescohier 101/138.0
THE JOY OF HANDLES ------------------ or: EVERYTHING YOU ALWAYS WANTED TO KNOW ABOUT ME (but have no right to ask) --------------------------
We should never so entirely avoid danger as to appear irresolute and cowardly. But, at the same time, we should avoid unnecessarily exposing ourselves to danger, than which nothing can be more foolish. [Cicero]
Do you trust me?
If you participate in computer conferencing, and you use your real name, then you'd better.
"Why?", you ask. "What can you do with my name?" To start with, given that and your origin line, I can probably look you up in your local phone book, and find out where you live. Even if you are unlisted, there are ways to locate you based on your name. If you own any property, or pay any utility bills, your address is a matter of public record. Do you have children in the public schools? It would be easy to find out. But that's just the beginning.
Former Chairman of the U.S. Privacy Protection Commission David F. Linowes, in his book "Privacy in America" (1989), writes of New York private investigator Irwin Blye:
"Challenged to prove his contention that, given a little time and his usual fee, he could learn all about an individual without even speaking with him, Blye was presented with a subject -- a New Jersey newspaperman.... The result was a five-page, single- spaced, typed report which documented, though not always accurately, a wide sweep of the journalist's past, and was detailed to the point of disclosing his father's income before his retirement."
Who am I? If I don't post, you might not even know I exist. I could be on your local Police Department, or an agent working with the IRS, or some federal law-enforcement agency. I could be a member of some fanatical hate group, or criminal organization. I might even be a former Nixon White-House staffer!
I could be that pyromaniacal teenager you flamed last weekend, for posting a step-by-step description of how he made plastic explosive in his high-school chem lab. He seemed kind of mad.
But you're an upstanding citizen; you have nothing to hide. So why not use your name on the nets? Trust me. There's nothing to worry about.
WHAT'S ALL THIS BROUHAHA? -------------------------
Stupidity is evil waiting to happen. [Clay Bond]
Not long ago in Fidonet's BCSNET echo (the Boston Computer Society's national conference), the following was posted by the conference moderator to a user calling himself "Captain Kirk":
"May we ask dear Captain Kirk that it would be very polite if you could use your real name in an echomail conference? This particular message area is shared with BBS's all across the country and everyone else is using their real name. It is only common courtesy to do so in an echomail conference."
One of us (mkj) responded with a post questioning that policy. Soon the conference had erupted into a heated debate! Although mkj had worried that the subject might be dismissed as trivial, it apparently touched a nerve. It brought forth debate over issues and perceptions central to computer communications in general, and it revealed profound disparities in fundamental values and assumptions among participants.
This article is a response to that debate, and to the prevailing negative attitudes regarding the use of handles. Handles seem to have a bad reputation. Their use is strangely unpopular, and frequently forbidden by network authorities. Many people seem to feel that handles are rude or dishonest, or that anyone wishing to conceal his or her identity must be up to no good. It is the primary purpose of this article to dispel such prejudices.
Let us make one thing perfectly clear here at the outset: We do NOT challenge the need or the right of sysops to know the identities of their users! But we do believe that a sysop who collects user names has a serious responsibility to protect that information. This means making sure that no one has access to the data without a legal warrant, and it certainly means not pressuring users to broadcast their real names in widespread public forums such as conferences.
SO YOU WANT TO BE A STAR? -------------------------
John Lennon died for our sins. [anonymous]
Andy Warhol said that "In the future, everyone will be famous for fifteen minutes". The computer nets, more than any other medium, lend credibility to this prediction. A network conference may span the globe more completely than even satellite TV, yet be open to anyone who can afford the simplest computer and modem. Through our participation in conferencing, each of us becomes, if only briefly, a public figure of sorts – often without realizing it, and without any contemplation of the implications and possible consequences.
Brian Reid (reid@decwrl.DEC.COM) conducts and distributes periodic surveys of Usenet conference readership. His statistical results for the end of 1991 show that of the 1,459 conferences which currently make up Usenet, more than fifty percent have over 20,000 readers apiece; the most popular conferences are each seen by about 200,000 readers! Mr. Reid's estimate of total Usenet readership is nearly TWO MILLION people.
Note that Mr. Reid's numbers are for Usenet only; they do not include any information on other large public nets such as RIME (PC-Relaynet), Fido, or dozens of others, nor do they take into account thousands of private networks which may have indirect public network connections. The total number of users with access to public networks is unknown, but informed estimates range to the tens of millions, and the number keeps growing at an amazing pace – in fact, the rate of growth of this medium may be greater than any other communications medium in history.
The special problems and risks which arise when one deals with a large public audience are something about which most computer users have little or no experience or understanding. Until recently, those of us involved in computer conferencing have comprised a small and rather elite community. The explosion in network participation is catching us all a little unprepared.
Among media professionals and celebrities, on the other hand, the risks of conducting one's business in front of a public audience are all too familiar. If the size of one's audience becomes sufficiently large, one must assume that examples of virtually every personality type will be included: police and other agents of various governments, terrorists, murderers, rapists, religious fanatics, the mentally ill, robbers and con artists, et al ad infinitum. It must also be assumed that almost anything you do, no matter how innocuous, could inspire at least one person, somewhere, to harbor ill will toward you.
The near-fatal stabbing of actress Theresa Saldana is a case in point. As she was walking to her car one morning near her West Hollywood apartment, a voice behind her asked, "Are you Theresa Saldana?"; when she turned to answer, a man she had never seen before pulled out a kitchen knife and stabbed her repeatedly.
After her lengthy and painful recovery, she wrote a book on the experience ("Beyond Survival", 1986). In that book she wrote:
[pg 12] "... Detective Kalas informed me that the assailant, whom he described as a Scottish drifter, had fixated upon me after seeing me in films."
[pg 28] "... it was through my work as an actress that the attacker had fixated on me. Naturally, this made me consider getting out of show business ..."
[pg 34] "For security, I adopted an alias and became 'Alicia Michaels.' ... during the months that followed I grew so accustomed to it that, to this day, I still answer reflexively when someone calls the name Alicia!"
Or consider the fate of Denver radio talk show host Alan Berg, who in 1984 died outside his home in a hail of gunfire. Police believe he was the victim of a local neo- nazi group who didn't like his politics.
We are reminded of the murders of John Lennon and Rebecca Shaffer; the Reagan/Hinckley/Foster incident; and a long string of other "celebrity attacks" of all sorts, including such bizarre events as the occupation of David Letterman's home by a strange woman who claimed to be his wife! There is probably no one in public life who doesn't receive at least the occassional threatening letter.
Of course, ordinary participants in network conferencing may never attract quite the attention that other types of celebrities attract. But consider the following, rather less apocalyptic scenarios:
conference defending an unpopular or controversial
viewpoint. On Monday morning your biggest client cancels a major contract. Or you are kept up all night by repeated telephone calls from someone demanding that you "stop killing babies"!
modem. Sometime later you find your lawn littered
with beer bottles and dug up with tire marks, or your home vandalized or burglarized.
are all these strange people on TV claiming to be
your friends? How did that fellow know your position on abortion? Your taste in GIFs?
Celebrities and other professional media personalities accept the risks and sacrifices of notoriety, along with the benefits, as part of their chosen careers. Should computer conference participants be expected to do the same? And who should be making these decisions?
OTHER MEDIA -----------
When thou art at Rome, do as they do at Rome [Cervantes]
Older media seem to address the problems of privacy very differently than computer media, at least so far. We are not aware of ANY medium or publication, apart from computer conferencing, where amateur or even most professional participants are required to expose their true names against their will. Even celebrities frequently use "stage names", and protect their addresses and phone numbers as best they can.
When a medium caters specifically to the general public, participants are typically given even greater opportunities to protect their privacy. Television talk shows have been known to go so far as to employ silhouetting and electronic alteration of voices to protect the identities of guests, and audience members who participate are certainly not required to state their full names before speaking.
The traditional medium most analogous to computer conferencing may be talk radio. Like conferencing, talk radio is a group discussion and debate medium oriented toward controversy, where emotions can run high. Programs often center around a specific topic, and are always run by a "host" whose role seems analogous in many respects to that of a conference moderator. It is therefore worth noting that in talk radio generally, policy seems to be that callers are identified on the air only by their first names (unless of course they volunteer more).
Finally, of course, authors have published under "pen names" since the dawn of publishing, and newspapers and magazines frequently publish letters to the editor with "name and address withheld by request" as the signature line. Even founding fathers Alexander Hamilton, James Madison and John Jay, in authoring the seminal Federalist Papers in 1787 for publication in the Letters columns of various New York City newspapers, concealed their identities behind the now-famous psuedonym "Publius".
What would you think if someone called a radio talk show demanding to know the identity of a previous caller? Such a demand would undoubtedly be seen as menacing and inappropriate in that context. Yet that same demand seems to arise without much challenge each time a handle shows up in a computer conference. The authors of this article feel that such demands should always be looked upon as suspicious, and that it would be beneficial for moderators to take upon themselves the responsibility of making sure that besieged handle-users are aware of their right to refuse such inappropriate demands.
It is reasonable to assume that privacy policies in traditional media are the result of hard-won wisdom gained from long experience. Are we so arrogant that we cannot learn from others? It is not hard to imagine the sorts of problems and experiences which shaped these policies in the old media. Will we have to wait for similar problems to occur on the computer networks before we learn?
PRIVACY AND SURVEILLANCE ------------------------
In an effort to identify people who fail to file tax returns, the Internal Revenue Service is matching its files against available lists of names and addresses of U.S. citizens who have purchased computers for home use. The IRS continues to seek out sources for such information. This information is matched against the IRS master file of taxpayers to see if those who have not filed can be identified. [COMPUTERWORLD, Sept. 1985]
Date: Thu, 23 May 91 11:58:07 PDT From: firstname.lastname@example.org Subject: The RISKS of Posting to the Net - I just had an interesting visit from the FBI. It seems that a posting I made to sci.space several months ago had filtered through channels, caused the FBI to open (or re-open) a file on me, and an agent wanted to interview me, which I did voluntarily... I then went on to tell him about the controversy over Uunet, and their role in supplying archives of Usenet traffic on tape to the FBI... [RISKS Digest]
Also frequent are instances where computers are seized incident to an unrelated arrest. For example, on February 28, 1991, following an arrest on charges of rape and battery, the Massachusetts state and local police seized the suspect's computer equipment. The suspect reportedly operated a 650- subscriber bulletin board called "BEN," which is described as "geared largely to a gay/leather/S&M crowd." It is not clear what the board's seizure is supposed to have accomplished, but the board is now shut down, and the identities and messages of its users are in the hands of the police. [CONSTITUTIONAL, LEGAL, AND ETHICAL CONSIDERATIONS FOR DEALING WITH ELECTRONIC FILES IN THE AGE OF CYBERSPACE, Harvey A. Silverglate and Thomas C. Viles]
Most of us have been brought up to be grateful for the fact that we live in a nation where freedom is sacred. In other countries, we are told as children, people are afraid to speak their minds for fear they are being watched. Thank God we live in America!
It would surprise most of us to learn that America is currently among the premiere surveillance nations in the world, but such, sadly, is indeed the case. Our leadership in technology has helped the U.S. government to amass as much information on its citizens as almost any other nation in history, totalitarian or otherwise. And to make matters worse, a consumer surveillance behemoth has sprung up consisting of huge private data-collection agencies which cater to business.
As Evan Hendricks, editor of "Privacy Times" (a Washington D.C.-based newsletter) has put it: "You go through life dropping bits and pieces of information about yourself everywhere. Most people don't realize there are big vacuum cleaners out there sucking it all up." [Wall Street Journal, March 14, 1991].
To get an idea of how much of your privacy has already been lost, consider the bits and pieces of information about yourself which are already available to investigators, and how thoroughly someone might come to know you by these clues alone.
A person's lifestyle and personality are largely described, for example, by his or her purchases and expenses; from your checking account records – which banks are required by law to keep and make available to government investigators – a substantial portrait of your life will emerge. Credit card records may reveal much of the same information, and can also be used to track your movements. (In a recent case, "missing" Massachusetts State Representative Timothy O'Leary was tracked by credit-card transactions as he fled across the country, and his movements were reported on the nightly news!)
Then there are your school records, which include IQ and other test results, comments on your "socialization" by teachers and others, and may reveal family finances in great detail. Employment and tax records reveal your present income, as well as personal comments by employers and co- workers. Your properties are another public record of your income and lifestyle, and possibly your social status as well. Telephone billing records reveal your personal and business associations in more detail. Insurance records reveal personal and family health histories and treatments.
All of this information is commonly accessed by government and private or corporate investigators. And this list is far from exhaustive!
Now consider how easily the computer networks lend themselves to even further erosions of personal privacy. The actual contents of our mail and telephone traffic have up to now been subjected to deliberate scrutiny only under extraordinary conditions. This built-in safety is due primarily to the difficulty and expense of conducting surveillance in these media, which usually requires extended human intervention. But in the medium of computer communications, most surveillance can be conducted using automated monitoring techniques. Tools currently available make it possible and even cost-effective for government and other interests to monitor virtually everything which happens here.
Why would anyone want to monitor network users? It is well documented that, throughout the 1960s and 1970s, the FBI and other agencies of government, in operations such as the infamous COINTELPRO among others, spent a great deal of time and effort collecting vast lists of names. As Computer Underground Digest moderators Jim Thomas and Gordon Meyer recalled in a recent commentary (CuD #3.42):
"A 1977 class action suit against the Michigan State Police learned, through FOIA requests, that state and federal agents would peruse letters to the editor of newspapers and collect clippings of those whose politics they did not like. These news clippings became the basis of files on those persons that found there way into the hands of other agencies and employers."
To get onto one of these government "enemies" lists, you often needed to do nothing more than telephone an organization under surveillance, or subscribe to the "wrong" types of magazines and newspapers. Groups engaged in political activism, including environmental and women's rights organizations, were commonly infiltrated. The sort of investigative reporting which uncovered these lists and surveillances back in the '60s and '70s is now rare, but there is little reason to assume that such activities have ceased or even slowed. In fact, progressive computerization of local police LEIU activities (Law Enforcement Intelligence Units, commonly known as "red squads") suggests that such activities may have greatly increased.
Within the realm of computer conferencing especially, there is ample reason to believe that systematic monitoring is being conducted by government and law-enforcement organizations, and perhaps by other hostile interests as well. In a recent issue of Telecom Digest (comp.dcom.telecom), Craig Neidorf (knight@EFF.ORG) reported on the results of a recent Freedom of Information Act request for documents from the Secret Service:
" ... The documents also show that the Secret Service established a computer database to keep track of suspected computer hackers. This database contains records of names, aliases, addresses, phone numbers, known associates, a list of activities, and various [conference postings] associated with each individual."
But the privacy issues which surround computer communications go far beyond the collection of user lists. Both government and industry have long pursued the elusive grail of personality profiling on citizens and consumers. Up to now, such ambitions have been restrained by the practical difficulty and expense of collecting and analyzing large amounts of information on large numbers of citizens. But computer communications, more than any other technology, seems to hold out the promise that this unholy grail may finally be in sight.
To coin a phrase, never has so much been known by so few about so many. The information commonly available to government and industry investi-gators today is sufficient to make reliable predictions about our personalities, health, politics, future behavior, our vulnerabilities, perhaps even about our innermost thoughts and feelings. The privacy we all take for granted is, in fact, largely an illusion; it no longer exists in most walks of life. If we wish to preserve even the most basic minimum of personal privacy, it seems clear that we need to take far better care on the networks than we have taken elsewhere.
Human beings are the only species with a history. Whether they also have a future is not so obvious. The answer will lie in the prospects for popular movements, with firm roots among all sectors of the population, dedicated to values that are suppressed or driven to the margins within the existing social and political order... [Noam Chomsky]
In your day-to-day social interactions, as you deal with employers, clients, public officials, friends, acquaintances and total strangers, how often do you feel you can really speak freely? How comfortable are you discussing controversial issues such as religion, taxes, politics, racism, sexuality, abortion or AIDS, for example? Would you consider it appropriate or wise to express an honest opinion on such an issue to your boss, or a client? To your neighbors?
Most of us confine such candid discussions to certain "trusted" social contexts, such as when we are among our closest friends. But when you post to a network conference, your boss, your clients, and your neighbors may very well read what you post – if they are not on the nets today, they probably will be soon, as will nearly everyone.
If we have to consider each post's possible impact on our social and professional reputations, on our job security and income, on our family's acceptance and safety in the community, it could be reckless indeed to express ourselves freely on the nets. Yet conferences are often geared to controversy, and inhibitions on the free expression of opinions can reduce traffic to a trickle, killing off an important conference topic or distorting a valuable sampling of public opinion.
More important still is the role computer networks are beginning to play in the free and open dissemination of news and information. Democracy is crippled if dissent and diversity in the media are compromised; yet even here in the U.S., where a "free press" is a cherished tradition, the bulk of all the media is owned by a small (and ever- shrinking) number of corporations, whose relatively narrow culture, interests and perspec-tives largely shape the public perception.
Computer communication, on the other hand, is by its nature very difficult to control or shape. Its resources are scattered; when one BBS goes bust (or is busted!), three others spring up in its place. The natural resiliency of computer communications (and other new, decentral-ized information technologies such as fax, consumer camcorders and cheap satellite links) is giving rise to a new brand of global "guerrilla journalism" which includes everyone, and defies efforts at suppression.
The power and value of this new journalistic freedom has recently shown itself during the Gulf War, and throughout Eastern Europe and the Soviet Union, as well as within the U.S. Just think of the depth and detail of information available on the nets regarding the Secret Service's recent "Operation Sundevil" and associated activities, compared to the grossly distorted, blatantly propagandistic coverage of those same activities given to the general public through the traditional media.
Historically, established power and wealth have seldom been disposed to tolerate uncontrolled media, and recent events in this country and elsewhere show that computer media are sometimes seen as threats to established interests as well. To understand the role of handles in this context, it is useful to note the flurries of anti-handle sentiment which have arisen in the wake of crackdowns such as Sundevil, or the Tom Tcimpidis raid in the early 1980s. Although few charges and fewer convictions have typically resulted from such operations, one might be tempted to speculate that the real purposes – to terrorize the nets and chill freedoms of speech and assembly thereon – have been achieved.
In this way, sysops and moderators become unwitting accomplices in the supression of freedom on the networks. When real name requirements are instituted, anyone who fears retaliation of any sort, by any group, will have to fear participation in the nets; hence content is effectively controlled. This consideration becomes especially important as the nets expand into even more violent and repressive countries outside the U.S.
We must decide whether freedom of information and open public discussion are in fact among the goals of network conferencing, and if so, whether handles have a role in achieving these goals. As access to the networks grows, we have a rare opportunity to frustrate the efforts of governments and corporations to control the public mind! In this way above all others, computers may have the potential to shape the future of all mankind for the better.
A CALL TO ACTION ----------------
The move to electronic communication may be a turning point that history will remember. Just as in seventeenth and eighteenth century Great Britain and America a few tracts and acts set precedents for print by which we live today, so what we think and do today may frame the information system for a substantial period in the future. [Ithiel de Sola Pool, "Technologies of Freedom", 1983]
There was a time when anybody with some gear and a few batteries could become a radio broadcaster – no license required. There was a time when anyone with a sense of adventure could buy a plane, and maybe get a contract to carry mail. Those early technological pioneers were probably unable to imagine the world as it is today, but their influence is strongly felt in current laws, regulations and policies with roots in the traditions and philosophies they founded and shaped.
Today the new pioneers are knitting the world together with computers, and the world is changing faster than ever. Law and ethics are scrambling to keep up. How far will this growth take us? No one can say for sure. But you don't need a crystal ball to see that computer communications has the potential to encompass and surpass all the functionality of prior media – print, post, telegraph, telephone, radio and television – and more. It seems reasonable to assume that computer communications will be at least as ubiquitous and important in the lives of our grandchildren as all the older media have been in ours.
It will be a world whose outlines we can now make out only dimly. But the foundations of that world are being built today by those of us exploring and homesteading on the electronic frontier. We need to look hard at what it will take to survive in the information age.
In this article we have attempted to show, for one very narrow issue, what some of the stakes may be in this future- building game. But the risks associated with exposing your name in a computer conference are not well defined, and various people will no doubt assess the importance of these risks differently. After all, most of us take risks every day which are probably greater than the risks associated with conferencing. We drive on the expressway. We eat sushi. To some people, the risks of conferencing may seem terrifying; to others, insignificant.
But let us not get side-tracked into unresolvable arguments on the matter. The real issue here is not how dangerous conferencing may or may not be; it is whether you and I will be able to make our own decisions, and protect ourselves (or not) as we see fit. The obvious answer is that users must exercise their collective power to advance their own interests, and to pressure sysops and moderators to become more sensitive to user concerns.
To help in that effort, we would like to recommend the following guidelines for user action:
"Liberties are preserved by using them". Let your
sysop know that you would prefer to be using a handle, and use one wherever you can.
handles, and avoid those which don't.
always be irresponsible users on the nets, and they
will always use handles. It is important for the rest of us to fight common anti-handle prejudices by showing that handles are NOT always the mark of an irresponsible user!
NEVER argue or flame anyone about it).
To sysops and moderators: We ask you to bear in mind that authority is often used best where it is used least. Grant users the right to engage in any harmless and responsible behaviors they choose. Protect your interests in ways which tread as lightly as possible upon the interests of others. The liberties you preserve may be your own!
In building the computer forums of today, we are building the social fabric of tomorrow. If we wish to preserve the free and open atmosphere which has made computer networking a powerful force, while at the same time taking care against the risks inherent in such a force, handles seem to be a remarkably harmless, entertaining and effective tool to help us. Let's not throw that tool away.
[end of excerpt]
– David Collier-Brown, | davecb@Nexus.YorkU.CA | lethe!dave 72 Abitibi Ave., | Willowdale, Ontario, | He's so smart he's dumb. CANADA. 416-223-8968 | – Joyce Collier-Brown
From caf-talk Caf Jun 10 00:17:10 1992