Assessing AnonymousCommunication onthe Internet: Policy Deliberations
RobKling and Y a-chingLee Centerfor SocialInformatics, Indiana University ,Bloomington,Indiana, USA
Al Teich andMark S.Frankel AmericanAssociation for theAdvancement of Science,W ashington,DC, USA
same time,anonymity can facilitate socially unaccept- Anonymouscommunication on theInternet offers new opportu- ableor even criminal activities because of the dif® cul- nitiesbut hasill-understood risks. This articlehelps to ground the tiesin holding anonymous users accountable.Because of policydebates by examining some fundamental aspects of anony- thecomplex interaction of social conventions, legal tra- moussocial behavior and currentcontroversies over anonymous ditions,and technological designs the policy issues asso- communications.It is a companionto the article in thisissue, ciatedwith the regulation of anonymous communications ªAnonymousCommunication Policies for the Internet: Results ontheInternet have some importantnuances. This article and Recommendationsof theAAAS Conference.ºIt examinesthe examinessome ofthenuances behind the policy debates. socialcharacter of anonymouscommunication and theways that anonymouscommunication has played important roles for profes- sionalssuch asjournalistsand thepolice. It alsoexplains some of the AAASPROJECTON ANONYMOUS new technologicalsupports for anonymous communication on the COMMUNICATIONON THEINTERNET Internet.The openness,decentralization, and transnationalchar- TheAmerican Association for the Advancement of Sci- acterof the Internet challenge the ef® cacy of traditional control ence(AAAS), with funding by theNational Science Foun- mechanismsand haveraised issues related to accountability,law dation(NSF), conducted a projectto examineonline ano- enforcement,security and privacy,governmental empowerment, nymityand identify criteria for judging the desirability and e-commerce.Y et,to ban orrestrict all anonymous communi- 1 cationonline because of theharms it could bring would denyits ofanonymousand pseudonymous communications. The bene® tsto those people who maylegitimately gain from it. This goalsof theAAASprojectwere to developan understand- articlehelps to understand how tobalance these positions. ingof anonymouscommunication on theInternet, to de- termineif and how it might be possible to facilitate so- ciallydesirable uses ofanonymouscommunication while Keywords anonymity,CMC, email,encryption, information policy, limitingundesirable ones, and to develop policy recom- Internet,privacy, professional communication mendationsfor implementing these ideas. Theproject consisted of fourcore activities: TheInternetprovides new opportunities for anonymous communicationÐopportunities to make political claims 1.AAAS conductedan online survey inthesummer of andnon-political comments, engage in whistle-blowing, 1997togather information from Internet users about performcommercial transactions, and conduct personal theirexperiences with anonymity and pseudonymity correspondencewithout disclosing one’ sidentity.At the online.2 2. Five focus groups wereconducted in the summer of1997to examine experiences and views regarding Addresscorrespondence to RobKling, Indiana University, School theuses ofanonymity in differentsettings off-lineÐ ofLibrary and Information Science, Main Library, 10th and Jordan, lawenforcement, journalism, counseling and sup- Room012, Bloomington, IN 47405-1801.E-mail: [email protected] portservices, whistleblowing, human rightsÐ and
TheInformation Society, 15:79± 90, 1999 Copyright c 1999T aylor& Francis 0197-2243/° 99$12.00 + .00 79 80 R.KLING ETAL.
tosee whatlessons mightbe learned for use DIMENSIONSOF ANONYMOUS online. COMMUNICATION 3.In November 1997, AAASconvenedan invitational GaryMarx (1999) enumerates seven elements of personal conference inIrvine,CA. Participantswere drawn identi®cation: fromthe computingindustry, including Internet ser- viceproviders, network administrators, and provid- 1. Legal name:Alegalname involves a person’strue ers ofªanonymizingºservices; thelegal community, identityand may be connectedto biological, social, includinglaw enforcement; professional societies; andother information. academicinstitutions; and human rights groups, to 2. Locatability :If aperson’saddress is known,he or discuss uses ofanonymous communication on the she canbe locatedand reached. Internet.3 Themeetingwas organizedin part around 3. Traceablepseudonymity or pseudo-anonymity : fourcommissioned papers that were intended to fo- Apersonusing a pseudonymthat can be linkedback cus andfoster conference discussions: tothat person or hisor her address underrestricted conditions.In the case ofInternetcommunications, · ªTechnicalDimensions, ºbyPeter W ayner, onlineservices actas anintermediary and allow par- ConsultingEditor, BYTE Magazine; ticipantsto use pseudonymsin BBSorchatrooms. · ªEthicaland Social Dimensions,º by Gary Theonline services retaina recordof eachperson’ s Marx,W oodrowWilson International Center identi®cation. forScholars and Director of the Center for 4. Untraceablepseudonymity :Apersonusing a pse- theSocial Study of InformationTechnology, udonymwhich cannot be linked back to that per- Universityof Coloradoat Boulder; sonor his or heraddress byintermediaries because · ªLegalIssues inAnonymity and Pseudo- ofprotective policies or the inability to trace. In nymity,ºbyMichael Froomkin, Associate thecase ofInternet communication, people using Professor ofLaw at the University of Miami pseudonymscan make their identities untraceable Law School; throughchain mailing and encryption remailer ser- · ªCommercialDimensions, ºbyDonna vices(e.g., Mixmaster). Hoffman,Associate Professor ofManage- 5. Patternknowledge :Apersoncan be identi® ed by ment,and Co-Director of Project 2000 at referenceto hisor herª appearanceor behaviorpat- theOwen Graduate School of Management, terns.ºPersons makinganonymous postings can be VanderbiltUniversity . knownby thecontent and style of theirmessages. 6. Social categorization :Apersoncan be identi®ed bysocialcategories, such as gender,age, class, em- Revisedversions of thesearticles appear in thisissue ployment,and religion. of TheInformation Society . 7. Symbolsof eligibility /non-eligibility :Apersoncan beidenti®ed byher possession of knowledge(pass- 4.Following the conference, in the summer andfall words,codes) or artifacts(tattoos, uniforms) as an of1998,AAAS staff,in collaboration with several eligibleor ineligibleperson. conferenceparticipants, developed and tested sev- eral case scenarios onanonymity /pseudonomityfor Anonymouscommunication is afeatureof socialrelation- educationaluse. The cases willsoon be postedon the shipsand encompasses severaldimensions: WorldWide W ebat http: //www.aaas.org /spp/anon/ 1. Relational:Anonymouscommunication is relatio- nalas itinvolves at leasttwo parties, sender(s) and Thisarticle distills and elaborates on the discussions receiver(s).There may or may not be anintermedi- atthe AAAS Conference,on data generated by the on- aryacting as alinkbetween these two parties, and linesurvey ,andon information gleaned from the project’s theintermediary may know or maynot knowthe true focusgroups. It begins by de®ning some keydimensions identi®cation of thesender (Marx, 1999). ofanonymityand then describes the technologies that en- 2. Con®dentiality :Anonymouscommunications, full ableanonymous communication on the Internet. This is orpartial, can be con® dential. Con® dentiality in- followedby an overview of the advantages and disad- volvesthe sharing of informationwith the expecta- vantagesof anonymous /pseudonymouscommunications, tionthat it will not be revealed to third parties, or asummaryof policy issues relatedto the regulation of thatit willbe revealedonly under restricted circum- suchcommunications, a comparativelook at the control stances (Marx,1999). Con® dentiality is aformof ofonline versus of¯ine communications, and a set of anonymity.Forexample, it is commonfor journal- conclusions. ists touse anonymousinformants. The identities of ASSESSING ANONYMOUS COMMUNICATION ONTHEINTERNET 81
theinformantsare con®dential, but are knownto the usedto gleaninformation about network communications, journalists. evenwhen the contents of thecommunicationsthemselves 3. Pseudonymity :Pseudonymouscommunication in- are encrypted(Dif® e &Landau,1998, p. 35± 38). For ex- volvesthe use ofapenname, symbol, or anickname. ample,if aremaileris knownto process incomingmes- Peoplewho use theInternet can have one or many sages andsend them on immediately,it isasimplematter pseudonymsthat allow for the continuityof identity toconnectthe source of agivenincoming message with andthe creation of anonlinepersonality (Froomkin, thedestination of the next outgoing message. Also,be- 1995a).Sometimes an individual can establish a rep- cause messages differin size,they can be tracedand dis- utationover time based on his or hercommunica- tinguishedby size (Cottrell,1996a). Traf® c analysisis par- tionswithout disclosing his or her actual identity ticularlyeffective when the identity of thecommunicants, (Froomkin,1995a). ratherthan the content of thecommunication, is desired.To 4. Pseudo-anonymity :Pseudo-anonymityresults counterthese methods of detection,certain remailers (e.g., whena personopens an account with a remailer Mixmaster)reorder the packets of networktraf® c andmake serviceprovider and chooses or isassigneda pseudo- themall the same size. 4 nym.Only theremaileroperator can link the pseudo- Theadvantage of usingchained remailers is thateach nymto theindividual.As longas theremailer opera- remaileronly knows a smallpart of the entire message torprotectsa person’srecordsand does not revealhis route,namely the precedingremailer and the next remailer orhere-mail address(es), privacyis secured.For an towhichthe message is tobe routedin thechain. Even if individualwishing to sendan e-mail message with- oneremailer in the chain is compromised,it is unlikely outdisclosinghis orheridentity, pseudo-anonymity thatany given message canbe connectedwith its sender isauser-friendlymeans ofdoing so, but it provides (Cottrell,1996a). less assurance ofanonymitythan use ofananony- mousremailer, as describedbelow (Bacard, 1996). Varieties ofAnonymous Communication Apersonis notanonymous in any absolute sense. ontheInternet Anonymityand pseudonymity are featuresof speci® c Thereare atleast four types of anonymous communica- relationshipsand communications. We will refer toall tionson theInternet: fourof these as anonymouscommunication, unless we wishto distinguishexplicitly between them. TraceableAnonymous Communication. In Internet communication,people can use anintermediary to con- veyinformation or messages withoutrevealing their true INTERNETTECHNOLOGY AND ANONYMITY identities.The senderis onlyidenti®able to theintermedi- ary(Marx, 1999). Traceable anonymous communication AnonymousRemailers occurswhen Alice asks Bob(who operates an anonymous Anonymousremailers were originally developed in 1988 remailer)to forwardan unencryptedmessage toEric.Bob toallowInternet users topostmessages tocertainUsenet keepsa recordof Alice’se-mailaddress and(perhaps) a newsgroupswithout disclosing their identities. T oday,they copyof theforwarded message as wellas Eric’saddress. allowInternet users, free ofcharge, to post anonymous WhenEric receives the message, hehas nowayof knowing messages tovirtually all newsgroups or tosendanonymous itis Alicewho sent the message becauseBob has removed e-mailto anyonethey wish (Edelsten, 1996). Alice’sidenti®cation and return address. However, if the Inits simplest form, an anonymousremailer works by contentof themessage violatesa law,a judgemay sub- acceptingan e-mailmessage froma sender,stripping off poenaBob and compel him torevealAlice’ sidenti®cation. theheaders that would serve toidentify the sender, and thenforwarding the message tothe intended recipient. ªUntraceableºAnonymous Communication. There Anonymousremailers have several vulnerabilities. First, are instancesin which an Internet user maywish to be remailerscan be compromised(e.g., the remailer server morecertain of remaining anonymous than a singlere- maybe brokeninto, or its®les maybe subpoenaed).Users mailerwill allow. One way in whichto accomplishthis is seekinga strongerguarantee of anonymitycan avoid this byusingª chainedremailersº (Froomkin, 1995a). Imagine vulnerabilityby chainingremailers (discussedbelow). thatAlice sends amessage toBobthe Remailer, encrypted Toadd further security, messages maybe encryptedusing withBob’ spublickey (i.e., only Bob can decrypt the mes- public-keycryptographic techniques. sage).The content of theencrypted message sentto Bob Asecondweakness is thatremailers, even chains of is anotherencrypted message (thistime encrypted with remailers,are vulnerableto traf® c analysis.Traf® c analy- Charlie’spublickey), along with instructions to sendthe sis, thestudyof patternsof communication,is atechnique message ontoCharlie. 82 R.KLING ETAL.
WhenCharlie receives the message fromBob, he de- UntraceablePseudonymity. Untraceablepseudony- cryptsit. The contentsof thisdecryptedmessage are yetan- mityworks much like untraceable anonymity (Froomkin, otherencrypted message (thistime encrypted with David’ s 1995a).The difference lies in the sender signing his or publickey), along with instructions to sendthe message on hername with a pseudonym.Alice can even sign with toDavid.When David receives the message fromCharlie, adigitalsignature to prevent any counterfeit (Froomkin, hedecryptsit, and ® ndsthe text of theoriginal message 1995a).Alice can use multipleencryption to make her- intendedfor Eric, along with instructions for sending the self unidenti®able, just as describedabove. At thesame message toEric. Each remailer decrypts its portion of time,Alice can maintain the continuityof herpseudonym. themessage, followsthe instructions, and sends therest Theultimaterecipient, Eric, cannot identify the originator ofthe (still encrypted) message onto the next remailer ofthemessage unlesshe isableto traceback through all (Cottrell,1996b). No singleremailer knows thefullpath of remailersin thechain. (Froomkin, 1995a). theother remailers handling the message. Inotherwords, Anonymouscommunication also results when remailer nosingleremailer can read the message toEricand con- operatorsmake no effortto verifythe identify of individ- nectit toAlice. However, each remailer in thechain will ualswho use theirservices. Users whorely on this for knowthe identity of the remailer from which the mes- anonymitymay still be identi®ed through traf® c analysis. sage came,and the identify of thenext remailer to which Eventhose who send anonymous mail from a free e-mail themessage willbe sent(Froomkin, 1995a). That means accountcan be traced with the aid of localor regionalInter- Alicecan still be traced, albeit with dif® culty. A judge netservice providers, unless they log into an openaccess canorder David to discloseCharlie’ sidentity,Charlie to computer,such as inapubliclibrary or universitylab. revealBob’ sidentity,and, ® nally,Bob to reveal Alice’ s identity. BENEFICIALAND HARMFULASPECTS Analternative way to achieve virtually untraceable OFANONYMOUSCOMMUNICATION anonymityis toopenan account on oneof the Web sites thatgives away free e-mailaddresses, suchas Yahoo! Peoplesay orwritethings under the cloak of anonymity Mail,MauiMail, 3Dmail, Busymail, Conk!mail, EMU thatthey might not otherwise say orwrite.Since anony- Mail,Flashemail, Hotmail, and Mail City. 5 People who mitytypically frees thesender of a message fromfear use theInternet can create an account without giving any ofretaliation or confrontation, it may encourage either personalinformation or by giving false information. honestyor dishonesty in communication, depending on Furthermore,ComputerMax Inc. now offers anonymous circumstances(Levmore, 1996). Because anonymityper- prepaidInternet service giving subscribers a randomly mitscommunication without retribution, it raises issues generateduser nameand password. The service is ex- ofaccountabilityand reliability ,andwhen and why iden- pectedto attract people who are lookingfor secured pri- ti®cation should be revealedor concealed. What are the vacyand whowant to communicateanonymously because conditionsunder which people who communicate over the acustomer’srealname is notassociated with the account. Internetshould be encouraged(or perhaps compelled) to Thefree e-mailoffering and anonymous services make disclosetheir identities, and when should they be allowed traf®c analysismore dif® cult and costly. (orencouraged) to remain anonymous?
TraceablePseudonymous Communication. Like ano- Benets nymouscommunication, pseudonymous communication canbe either traceable or untraceable. Suppose that Al- Mostrespondents to the AAAS onlinesurvey and focus icesends amessage toEric through remailer Bob using a groupsindicated that they had had very positive expe- pseudonym.Bob keeps a logand can link the pseudonym riencesin communicating anonymously. They identi® ed toAlice.Eric can directly send the reply message tothe severalpositive aspects ofanonymous communication, pseudonymouse-mail address appearingin the ª From:º bothon- and off-line. Some, in fact,regarded the ability ®eldof themessage. Themessage sentby Ericwill be re- tocommunicate anonymously as essentialto theirwork. ceivedby the remailer operator, Bob, whowilllocateAlice andforward Eric’ sreplyto her(Froomkin, 1995a). Many InvestigativeJournalism. Journalistsfrequently use Internetservice providers and online service providers anonymoussources tohelpinvestigate news stories.While (e.g.,America Online) allow people to employa pseudo- thejournalists participating in the AAAS focusgroup ex- nymas theiruser ID(Froomkin,1996a). The providers pressed some discomfortwith anonymous tips, they nev- usuallykeep a recordof customers’ names, e-mail ad- erthelessreported using them and quoting informants who dresses, andother personal information and can trace them wereunwilling to reveal their identities as anª anony- ifnecessary. moussources. ºDouble-checkingwith other sources and ASSESSING ANONYMOUS COMMUNICATION ONTHEINTERNET 83 verifyinginformation received anonymously are essential outdisclosing one’ sidentity.The proliferation of Internet insuchcases, however. discussiongroups focusing on suchtopics offers evidence ofthevalue of anonymouscommunication in this realm Whistleblowing. Conferenceparticipants pointed out (Lewis,1994; Lee, 1995). that,before the advent of theInternet,employees of anor- ganizationwishing to ªblowthe whistleºon colleaguesor PersonalPrivacy Protection. Anonymouscommuni- superiorswhile remaining anonymous could simply send a cationis oneof themost powerful means peoplehave for letterwithout including any identifying information, such ensuringprivacy. Anonymity offers protectionagainst be- asanameand return addresses. Telephonesand fax ma- ingtrackedand receivingunwanted advertisements as well chinesprovide alternative channels for doing this. Now, asjunke-mail. People may also use pseudonymsto hide individualscan also register anonymous complaints by e- theirtrue identities when requesting information. Women mail.Government agencies, including the Department of mayprefer using a neutralor malepseudonym to commu- VeteransAffairs (http: //www.va.gov/oig/hotline/hotline. nicateon the Internet in order to avoid gender discrimi- htm)and theGeneralAccounting Of® ce (http: //www.gao. nation,differentiation, or harassment.Men can also use gov/fraudnet/fraudnet.htm)have established anonymous femalepseudonyms to mingle with female communica- hotlineson the Internet. A governmentemployee who torsor to experience the intimacy of female friendship. believes,for example, that his boss istakingbribes can Suchdeception may, of course, have harmful as wellas use anonymouse-mail services tosend evidence to his bene®cial effects. agency’sinspectorgeneral’ sInternethot line. AvoidingP ersecution. Individualssubject to human LawEnforcement. Policerely on anonymous infor- rightsviolations by repressive regimes sometimes com- mantsto obtaininformation about criminal activities, al- municateanonymously to avoid persecution (Froomkin, thoughthey are sometimesoverloaded with misleading 1996a;Froomkin, 1997; Marx, 1999), and human rights anonymoustips on high-visibility cases. Incyberspace, organizationsuse ittoensure private communication with severalsites offeraccess toanonymouse-mail to helppo- thosewho may be atrisk. In manycountries, criticizing licecapture suspected criminals by offeringrewards and thegovernmentor exposing human rights abuses isillegal. anonymityto citizens for information about crimes. The Withanonymous online postings, such information can be website of theChicago Police Department (http: //www. broughtinto the open without exposing the informants to ci.chi.il.us /CommunityPolicing /FightCrime/Forms/Nar- therisk of retaliation. cotics.html),for example, includes an ªOnlineDrug Ac- tivityFormº for people who want to provide anonymous Harms informationabout drug sales andrelated activity .An- otherexample is theestablishment of a speciale-mail Experiencewith anonymity off- and on-line demonstrates addressÐ [email protected] Ðforthe Federal Trade Commis- thatit canalso lead to unwanted communication that can sion.Consumers can, without identifying themselves, for- rangefrom annoying to dangerous(Froomkin, 1995a). wardunsolicited commercial e-mail that they believe may befraudulentor deceptivewhile remaining anonymous if Spamming. Anonymousª spamºis perhapsthe most theywish (Clausing, 1998). commonabuse of anonymous communication. Spam is electronicjunk mailÐ messages thatare postedto mul- Self-Help. Conferenceand focus group participants tiplenewsgroups or mailing lists as wellas bulke-mail identi®ed a numberof instanceswhere anonymity may fa- advertisementssent simultaneously to many individuals cilitateself-help regarding such matters as alcohol,drug, (Bernstein,1995; Arar, 1994). Spamming newsgroups or andfamily abuse, sexual abuse, sexual identity ,AIDSand individuale-mail addresses withthousands of commer- otherdiseases, andmental and physical illness (Froomkin, cialmessages isattractiveto some advertisersbecause of 1996a;Froomkin, 1997; Marx, 1999). People might be thelow cost (Edelsten, 1996; Foner, 1996). Hackers may shyor feeluncomfortable seeking help or information in sendmessages todisrupt or damageservices. Online spam- aface-to-faceinteraction, telephone conversation (even ming,generally an annoyancefor individuals, has occa- thoughthey can communicate anonymously or pseudony- sionallybecome a seriousproblem for ISPs andsystem mously),by mail(a personhas toattacha returnaddress operators.For example, in 1997, spam from® rms call- inorder to receive a response),or by seeking informa- ingthemselves ª LCGMºand ª WebPromoº caused traf- tionin libraries (others might accidentally see whatone is ®ccongestionon America Online. The companies used reading).Searching for, sharing, and consuming the infor- false headerinformation to makeit appearthat the mes- mationon theInternet, preferably in theprivacy of one’s sages came fromAOL itself (Seminerio, 1997). A simi- home,might be theoptimal way to gain knowledge with- larsituation occurred on CompuServe, also in 1997 84 R.KLING ETAL.
(CompuServeInc. vs. CyberPromotions ,1997).The junk ªCBºchannel. Many people trusted ª Joanºand ª sheºde- e-mailsent by thesecompanies slowed down or jammed velopedrelationships with several participants. The ease theservice providers’ servers. ofonlineaccess toaspecialgroup of peopleaided Alex in perpetratinghis fraud. His intentions were manipulative Deception. Anonymityfacilitates deception. In 1994, andlargely self-serving. When participants discovered that asubscriberto Prodigy made allegedly libelous statements theyhad been deceived, some experienceda strongsense onanelectronic bulletin board claiming that an investment ofwhathas beentermed ª identityrape.º bank,Stratton Oakmont, was assistinga publicoffering for a®rm whosepresidenthad been involved in criminal activ- OnlineFinancial Fraud. Withthe adventof electronic ities(Kansas CityStar, 1994). Because themessage was cash (e-cash),individuals can conduct online commercial postedwith a pseudonym,readers couldneither assess the transactionsanonymously. Any individual or organization credibilityof theassertions nor contactthe sender for evi- canset upa virtualcommercial site to run a fraudulent denceof thecharges.Nevertheless, the libelous assertions businesson theInternet, sell merchandise and /or informa- causeda steepfall in the value of stockand damaged the tion,and satisfy customers who are alsovirtual players bank’sbusiness. (Froomkin,1995a, 1996a, 1997). For example, Kevin Jay Lipsitzsold magazine subscriptions over the Internet but Hate Mail. Individualsmay say thingsanonymously failedto deliverthem to his customers. He was eventually thatthey would not say iftheybelieved they could be iden- foundguilty of violatingNew Y orkstate consumer fraud ti®ed and held responsible for theirstatements. Messages laws(Swartz, 1997). thatthreaten or harass are generallysent anonymously. Inone well-known example, in September1996, Richard OtherIllegal Activities. Conferenceparticipants iden- Machado,a formerstudent at the University of Califor- ti®ed several other types of illegalactivities that could be niaat Irvine,sent a numberof e-mail messages threaten- conductedonline with the aid of technologiesthat facili- ingto ªhuntdown and killº Asian students at theuniver- tateanonymity or pseudonymity. These included money sity.The message, signedª Asianhater,º warned that all laundering,illegal arms transactions,drug deals, criminal Asiansshould leave UC Irvine(Maharaj, 1997). Machado organizationalrecruitment, and theft of intellectualprop- was eventuallycaught and convicted on civil rights erty.Since the nature of the Internet does not materially violations. affectthe criminality of suchactivities they were not the subjectof much discussion at the meeting. Impersonationand Misrepresentation. Whileimper- sonatingothers may be sociallyacceptable in certaincon- texts,such as acostumeball or theatricalevent, such be- NEWCONTROVERSIALISSUES havioris illegalin manyother circumstances where it could cause ®nancialloss, physical or emotionalharm. Online Thenature of the Internet poses hugebarriers to theregu- impersonationmay deceive whole groups, such as thepar- lationof individualbehavior, including anonymous com- ticipantsin a self-helpnewsgroup. Or anindividualmay munication.The openness, decentralization, and transna- gainaccess tosomeone else’ saccount,and send hate mail, tionalcharacter of theInternetall challenge the ef® cacyof spreadrumors, or engagein variousillegal activities in that traditionalcontrol mechanisms, including physical surveil- person’sname. lance.As aresultof itschallenges to traditionalmeans of Peoplecan also misrepresent themselves by usingafake regulation,the Internet has raisedseveral new controver- identity(pseudonym). For example, a teenagegirl calling sialissues. herselfª Kimºposted a series offabricatedmessages toa newsgroupabout her experience associated with the death Anonymityvs. Accountability ofherpremature baby. ª Kimºmisrepresented herself to gainsympathy, and members ofthenewsgroupresponded Societieshave different practices related to anonymityand withnurturing, care, and concern. Eventually, she was accountabilityin daily life. In Germany, citizens have to trippedup byherown lies and vanished. ª Kim’sºbehavior registerwith the police if they move, even within the same hada negativeeffect on members ofthegroupbecause she region.In the United States, such registration would be violatedtheir trust. Members experiencedhurt, anger, em- regardedas aninfringement on individual rights under barrassment,and suspicion of oneanother (Grady, 1998). theConstitution. Even when Americans pay taxes, they VanGelder (1996) discusses asimilarway in which donot have to reveal their true addressesÐ apost of® ce theInternet enabled some peopleto developunusually in- boxis perfectlyacceptable. Many of thetensionsbetween timatefriendships under false pretenses.In VanGelder’ s anonymityand accountability have been examined under account,a manby thename of Aleximpersonated a dis- therubric of personalprivacy and social control (see Kling, abledwoman (whom he calledª Joanº) onCompuServe’s 1996b). ASSESSING ANONYMOUS COMMUNICATION ONTHEINTERNET 85
Thelink between anonymity and accountability raises 5.The Internet connects vast numbers of linkedcom- specialconcerns. Because ofthedif® culty in holding in- puternetworks. The connections are notjust na- dividualsaccountable for their statements and actions, tional,but international as well.It is, as has often anonymitycan lead to thespread of conspiracytheories, beensaid, a networkof networks. encourage® nancialfraud, and make it possibleto smear 6.People can request or consumewhatever they want orvictimizeothers sexually (Mossberg, 1995). Consider, and,with appropriate security, can do so witha rel- forinstance, using a computerin a publiclibrary, school, or ativelyhigh degree of privacy. Internetcaf e Âwhereanyone can sit down at a computerand 7.In the absence of special measures, theInternet access theInternet without providing identi® cation. An allowsone easily and inexpensively to makean un- individualcould create one or morefree e-mailaccounts limitednumber of perfectcopies of anythingthat can fromservices suchas Hotmailthat operate on theWorld bedigitized. WideW eb.They could then send harassing or noxiousmail 8.The Internetprovides a nearlyideal setting for anon- inamannerthat is virtuallyuntraceable. ymousand pseudonymous communication. Onthe other hand, there are clearlycircumstances in whichanonymous communication can play a moreposi- Thevery nature of theInternet makes itvirtually im- tiverole. For example, in astudyof people providing evalu- possibleto set upbarriersamong the computers that are ations,David Antonioni (1994) found that those who were connectedto it and very dif® cult to trace true identities requiredto identify themselves gave more positive eval- (Edelsten,1996). As aresult,governments are limitedin uationsthan those whose who were allowed to give their theirability to identify and locate those responsible for il- responses anonymously.The not-too-startlingimplication legalbehavior and to imposepunishment and compensate isthatanonymity produces more candid (and presumably victims(Post, 1995). Remailers pose a specialdilemma for moreuseful) evaluations. lawenforcement. If thenumber of remailersis relatively small,it might be possiblefor law enforcement authori- tiesto analyzethe traf® c inand out ofthemand determine LawEnforcement vs. theNature of theInternet ªwhosent what to whomº(Froomkin, 1996a). (Some con- ferenceparticipants suggested that one strategyfor law en- Inthe physical world, anonymity can serve eitheras a forcementof® cials wishing to track anonymous messages ªshieldºor as aªsword.ºThe law protects and sometimes mightbe to operate one or moreremailers of theirown. encouragesanonymity when it is usedas aªshieldºto Othersobserved that there was nowayof knowingwhether guardindividuals against abuseÐ for example in the fed- thispractice was notalready in use.)Increasingly powerful eralwitness protection program. If, however, anonymity encryptiontechnology, however, will make it evenharder isusedas aªswordºto abetillegal or otherwisesocially tolocateremailers and senders ofanonymousmessages. unacceptableactivity, then the law may be usedto regu- Manyconference participants noted that in aglobalso- lateit. Issues raisedby certainactivities on theInternet, cietywhere the Internet knows no geographic borders, suchas fraud,data theft, child pornography, privacy in- technologyis veryquickly outpacing any jurisdiction’ s vasion,and copyright infringement, take on heightened abilityto keep up withit. New technologies like Iridium, importancebecause of thedif® culties authorities face in asatellitesystem thatwill permithigh qualityglobal wire- tryingto regulateonline activities. These dif® culties are less communication(Iridium LLC, 1997)and T eledesic oftenattributed to the characteristics of the Internet that satellitesystems, awirelessnetworking company that op- serve toimpedelocal and national as wellas international erates asatellitethat will offer high-bandwidth Internet effortsto stopcriminal activities (Lee, 1998): services (Teledesic,1998) make it very hard to control traf®c goingin andout of acountry. 1.There are verylow barriers to entry.Anyone with a SomeU.S. authorities have suggested that anonymous computer,certain easily-obtainable software, a tele- communicationmight be controlled by holding opera- phoneline, and a modemcan access theInternet. torsof remailers liable for any harm that might result 2.The Internet provides many-to-many communica- frommessages transmittedthrough their servers. There- tionthat the traditional media do notroutinelyoffer. centlyenacted Digital Millenium Copyright Act of 1998 3.Communication on theInternet was designedto be includesprovisions for such liability for online service decentralizedand free ofdirect human control. In providers,but also provides for a numberof ways that ser- otherwords, the Internet provides an arena for peo- viceproviders can avoid or limittheir exposure to liability pletocommunicate and transmitmessages withmin- (PublicLaw No. 105-304, October 28, 1998). With easy imal,if any,constraints. Internetaccess throughsatellite systems, however,remail- 4.Information on theInternet is deliveredquickly and ers couldsimply move offshore. Indeed, one of theearliest atverylow cost. andbest-known remailers (no longer in operation) was 86 R.KLING ETAL. locatedin Finland. Even if thelawbreaker is locatedwith cryptionis usedto ensure con® dentiality of transmitted theaid of remailer services andthe courts, the violator information,allowing a message tobescrambledsuch that maynot be reachableif he orshe isoutsidethe jurisdic- onlythe intendedrecipient can easily unscramble it (Post, tionof the court(Froomkin, 1995a; Edelsten, 1996). It may 1995).It enhancesprivacy by ensuringthe con® dential- bedif®cult, if notimpossible, to regulate the use ofonline ityof personalrecords, such as medicalinformation, per- anonymityon such an open and interactive system. Never- sonal® nancialdata, and electronic mail (Madsen, 1998). theless,Froomkin (1996a) has suggestedthat bilateral or Cryptographictechniques can also be usedto provide au- multilateralagreements between countries may be good thenticationof the identity of a message originator(i.e., nationalstrategies to regulate the abuse of anonymity. 6 arecipientof a message canverify that the person who Differencesamong nations’ legal systems willneed to be claimsto have sent a documentreally is thesenderÐ this dealtwith if such approaches are goingto work. is oftencalled a digitalsignature )andto verify data in- tegrity(i.e., that the message receivedis thesame as the message thatwas sent,and thus that the message was not Securityand Privacy accidentallyor intentionallychanged in transit).Finally , Remailertechnologies and cryptography increase the se- encryptioncan be usedto ensurethe non-reputability of curityof anonymous e-mail and enhancepersonal privacy messages. Thismeans thatthe senderof anelectronic mes- inonlinecommunication, as describedabove. Neverthe- sage (a purchaseorder, a contract,a threat)cannot deny less, securityand privacy of individualmessages depend havingbeen the sender(Certicom, 1997). The primaryim- criticallyon thewillingness and ability of remaileroper- plicationof cryptography for anonymous communications atorsto protect the con® dentiality of theirrecords (Levy, is thatencryption can be used to hideboth message con- 1994;Froomkin, 1995a). tentand the sender’ sidentifyinginformation, preventing Anexampleof dependenceon atrustedintermediary (in aneavesdropper from determining the message content thiscase, aserviceprovider), and the consequences of its and/orthesender’ sidentity. violationis demonstratedby the case ofTimothy McV eigh Disputeshave arisen between the law enforcement and (norelation to the individual convicted of thebombing of intelligencecommunities’ interests and the interests of pri- theOklahoma City federal building). In fall 1997, a fe- vacyadvocates with respect to theuse ofandregulation maleNavy employee discovered an AmericaOnline mem- ofencryption technologies. The Clinton administration berlisting for McV eigh,a memberof theU.S. Navywho has arguedthat unregulated use ofencryption can lead postedhis marital status as ªgayºin his online autobi- tothe widespread exploitation of the Internet for crimi- ographicalsketch. She reported it to Navy of® cials who nalactivity, and thus supportsthe regulationof encryption pressed AOLto reveal McV eigh’sidentity.Without a war- technologiesthrough export controls (Suro & Corcoran, rant,subpoena, or courtorder, AOL revealed the identity of 1998).A coalitionof privacy, commercial, and human TimothyMcV eigh,a 36-year-oldsailor. McV eighwas sub- rightsgroups have contested the Administration’spropos- sequentlydischarged (Abate, 1998; Napoli, 1998a; Rich, als (Corcoran1998a). Toward the endof 1998, the admin- 1998).While the court eventually ruled that McV eigh istrationscored a victoryin itsefforts to limitthe use of shouldbe allowedto return to hisduty station in Hawaii encryptiontechnology abroad when the United States and (Napoli,1998b), his case becamea symbolfor online 32other countries reached an understanding that would privacy. restrictexports of suchtechnologies from their countries Ina legalsense, privacyis theª rightto be let aloneº (Corcoran,1998b). (Liu,1997, pp. 294± 295), 7 aªrightof peopleto besecure intheir persons, houses, papers, and effects againstun- E-commerce reasonablesearches andseizuresº (Liu, 1997, pp. 297), 8 anda rightof individualinterest in avoidingdisclosure of Thepicture with respect to the role of anonymityin on- personalmatters ( Whalenv .Roe ,1997).As theInternet linecommerce is mixed.The Internet allows people to evolvesinto a mass medium,users are ®ndingit increas- conductcommercial transactions without disclosing their inglydif® cult to preservethe right of autonomouschoice identities,as theymight by payingcash inaretailstore in inconcealingor disclosingpersonal information, and may whichthey are notknown to thesalesclerk.However, rel- haveto livewith the erosionof theirinformational privacy. ativelyfew Internet users employsuch means, and those whouse creditcards andotherwise do not seek todisguise theiridentities are subjectto variouskinds of surveillance AnonymousCommunication and Encryption: byserviceproviders, content providers, sellers, and pub- GovernmentalEmpowerment licand private organizations. By collecting data from a Encryptiontechnologies are usedto provideseveral cru- varietyof sources theyare ableto discernbuying patterns cialfunctions in online communication. Most often, en- andviewing habits of Internetusers. ªDataownersº can ASSESSING ANONYMOUS COMMUNICATION ONTHEINTERNET 87 manipulatethe collected data, sorting, for example, by communicateanonymously is closelyassociated with free- income,address, age, purchasing habits and preference, domof speech,freedom of assembly,and right to privacy. gender,and interests, and sell the databasesin the market. Someanonymous speech has beenprotected under the roof Asaresult,the buying habits and personal characteristics oftheFirst Amendment for years (Froomkin,1996a and ofInternetusers are increasinglybeing studied and used 1997).In the United States, both politicaland non-political bymarketers,and individuals whose names are includedin speechreceive First Amendment protection, with political suchdatabases are beingtargeted for junk mail and other speechusually receiving the highest constitutional protec- unwantedinformation. tion(Froomkin, 1995b; 1996b; 1997). 10ArecentSupreme Anonymouscommunication technologies may serve Courtdecision ( McIntyrev .OhioElections Commission, astoolsthrough which people can combat the compila- 1995,at 1516) has con®rmed that ª anauthor’ sdecision tionand analysis of theirpersonal information by others toremain anonymous . . . is anaspect of the freedom of (Froomkin,1996a). The availability of anonymous e-cash speechprotected by theFirst Amendment.º enablespeople to conducttransactions without revealing Thereare atleast two important differences between theiractual identities, 9 therebyreducing opportunities for onlineanonymity and of¯ ine anonymity: (1) Mass dis- othersto maintaindossiers ontheiridentity, buying prefer- seminationÐthe Internet raises thestakes becauseit is ences,and habits (Froomkin, 1996a and 1997; McDevitt, mucheasier andless expensiveto reachlarge numbers of 1997). peopleonline than it isbymoreconventional media; and Thewidespread use ofencryptiontechnology also of- (2)PersistenceÐ electronic messages mayremain unde- fers newopportunities for criminal activity. Not only do tectedin many locations on the Internet far longerthan innocentpeople enjoy the privacy that digital currency of- thesender(or anyone else) expects.Even if auser deletes fers, butcriminals also bene® t. Forexample, a kidnapper amessage, itcan often be found through a logand couldask thevictim’ sfamilyto issue anonymousdigi- rebroadcast. talcash andpick up the ransom without being revealed. Concernedabout possible abuses ofanonymity on the Oran organization or person could establish a website Internet,some observerssupport a policythat prohibits or tosell goods, collect digital cash, and disappear with- strictlyregulates anonymity on thegroundsthat it empow- outdelivering the goods to buyers. Anonymity clearly ers peoplewho use theInternet to dosubstantial harm to threatensthe enforcement capability of national author- others.People holding this view might advocate that re- ities.It is notsurprising, therefore, that many govern- mailersbe forcedto discontinue their services iftheirop- mentswish to bananonymous digital cash. However, any eratorscannot guarantee that no harmfulmessages willbe restrictionon anonymous e-cash mayalso place a chill- transmittedand if they are unableor unwillingto provide ingeffect on anonymous speech (Froomkin, 1996a) and recipientswith the identities of the originators of mes- impingeon personal privacy. Consider the possibility that sages theyforward. Such a policywould make Internet customershave to paywith e-cash inorderto participate communicationmore restrictive than other common, ev- inanewsgroup,view pornographic materials, or readfee- erydayforms ofcommunication. T elephoneoperators do basedtext. If e-cash isnotused anonymously, records of notmonitorcalls, nor are theyrequired by lawto revealin- theirparticipation and reading habits could be compiled formationwithout a warrantabout where calls originated. andsold by servicecontent providers. Imagine that cus- Postalworkers deliver mail without having to guarantee tomersmust reveal their identity (or part of theiridentity) thatthe content of the mail is notharmful. The Postal wheneverthey ask thebank to issue digitalcash andwhen- Servicedoes not make any attempt to authenticatereturn everthey spend the cash. Their records would be readily addresses. Why,then, should authentication always be re- subjectto manipulation.Balancing the use ofanonymity to quiredon the Internet?In the physicalworld, if theauthor- protectpersonal privacy with the government’smandateto itieshave done nothing to preventthe fraud or deception preventcrime is oneof thechallenges heightened by the conductedin other media, especially print media, why relativelyeasy use ofanonymouscommunication on the shouldthey do so withInternet communication? Internet. Participantsat the AAAS conferencedebated the ex- tentto which the social conventions and legal traditions thatgovern anonymity and pseudonymity in non-Internet ONLINEAND OFFLINEANONYMOUS lifeshould be used as guidelinesfor the Internet. Some COMMUNICATION participantsargued that computer-mediated communica- Onemajor issue thatarises frequentlyin discussions of tionwashes outmany cues, clues, and indicators of au- anonymouscommunication on the Internet is theextent thenticitythat are routinelyavailable in face-to-face towhich the social conventions and legal traditions settings(or even telephone interactions). It puts trustwor- thatgovern anonymity /pseudonymityin otherareas oflife thinessat risk. Others argued that the sheer volumeof canserve as modelsfor online anonymity. The right to communicationvia the Internet is toooverwhelming to 88 R.KLING ETAL. siftthrough it all,and that ® ne-grainedsurveillance tools rights.12 Althoughno formalpolls or voteswere taken, it radicallyreduce privacy. However, participants agreed that was evidentthat most felt it was premature,unnecessary , peoplehave higher expectations for electronic communi- probablyharmful from the standpointof individualrights, cationthan they do for other forms ofcommunication. andperhaps fruitless for governments to attempt to im- Theª defaultºfor online anonymity policy, most agreed, poserestrictions on anonymouscommunications. The pre- shouldbe free speech.Limitations on anonymouscommu- sumptionunderlying this consensus was thatanonymous nicationshould be nomore restrictive than the provisions communicationon theInternet should be permittedto the ofthe Universal Declaration of Human Rights (UDHR) extentthat technology allows and that the burdenof proof thatapply to free speech. 11 Someconference participants rests withthose who would seek tolimitit. alsoargued that policy should re¯ ect the views and expe- rienceof thosewho would be mostharmed or threatened NOTES byreductionsin anonymouscommunication (e.g., human rightsgroups). 1.See AAAS’ sWebsite for the detailed information about the project http://www.aaas.org /spp/anon/project.htm .SeeT eich,et al. (1999),ª AnonymousCommunication Policies for the Internet: Results CONCLUSION andRecommendations of the AAAS Conference,ºinthis issue for pol- Anonymouscommunication on theInternet offers oppor- icyrecommendations drawn from the AAAS project. tunitiesand risks relatedto howpeople exchange informa- 2.The survey form is avialableat
12.See T eich,et al.(1999), ª AnonymousCommunication Policies Foner,Lenny. 1996. Anonymityand Pseudonymity [online].A vailable forthe Internet: Results and Recommendations of the AAAS confer- fromW orldWide Web: < http: //foner.www.media.mit.edu /peo...- ence,ºin thisissue. Theory-and-the-Net/anonymity.html>(last visited on 17 January 1998). Froomkin,A. Michael.1995a. Anonymity and its enmities. Journal of REFERENCES Online Law 4:1±27. .1995b.The Metaphor Is the Key: Cryptography, the Clipper Abate,T om.1998. Online privacy on stage. SanF ranciscoChronicle , Chip,and the Constitution. Universityof PennsylvaniaLaw Review 20January, B3. 143:709±810. AmericanCivil Liberties Union of Georgia v. Zell Miller .1997.Civil .1996a.Flood control on theinformation ocean: Living with Action1:96-cv-2475-MHS [online]. A vailablefrom W orldWide anonymity,digital cash, and distributed database. Journalof Law Web:
Maharaj,Davan. 1997. UCI InternetHate Mail Case Ruled a Mistrial. Post,David. 1995. KnockKnock, Who’ sThere?:Anonymity and LosAngeles Times, 22 November,A1. Pseudonymityin Cyberspace [online].Available from World Wide Marx,Gary T .1999.What’ sinA Name?Some Re¯ ections on The Web: