University of Miami Law School University of Miami School of Law Institutional Repository Articles Faculty and Deans 1996 Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases A. Michael Froomkin University of Miami School of Law, [email protected] Follow this and additional works at: https://repository.law.miami.edu/fac_articles Part of the Computer Law Commons, Internet Law Commons, and the Privacy Law Commons Recommended Citation A. Michael Froomkin, Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases, 15 J.L. & Com. 395 (1996). This Article is brought to you for free and open access by the Faculty and Deans at University of Miami School of Law Institutional Repository. It has been accepted for inclusion in Articles by an authorized administrator of University of Miami School of Law Institutional Repository. For more information, please contact [email protected]. REGULATION OF COMPUTING AND INFORMATION TECHNOLOGY FLOOD CONTROL ON THE INFORMATION OCEAN: LIVING WITH ANONYMITY, DIGITAL CASH, AND DISTRIBUTED DATABASES A. Michael Froomkin* Table of Contents Introduction ............................................ 398 I. The Moral and Social Environment .................. 402 A. Costs of Anonymity ........................... 402 B. Advantages of Anonymity ...................... 407 C. Legislating Accountability ...................... 410 * Copyright 1996 A. Michael Froomkin. All Rights Reserved. Associate Professor, Univer- sity of Miami School of Law. B.A. 1982, Yale College; M.Phil. 1984, Cambridge University; J.D. 1987, Yale Law School. Internet: [email protected]. I received significant advice, comments, suggestions, and in several cases careful readings of earlier drafts, from Phil Agre, Caroline Bradley, Mary Coombs, Hal Finney, Oscar H. Gandy, Jr., Lucky Green, Patrick Gudridge, Richard Field, Trotter Hardy, Lili Levi, Mark Lemley, Tim May, Marcel van der Peijl, David Post, Peggy Radin, Steve Schnably, Bill Stewart, Peter Swire, Stephen F. Williams, and Eugene Volokh. I also benefited from the ideas posted by members of the cyberia-l, cypherpunks, and e-cash mailing lists. SueAnn Campbell and Nora de la Garza provided library support. Rosalia Lliraldi provided secretarial assis- tance. Portions of this paper, particularly in Part II, are a revised version of an electronically pub- lished paper, A. Michael Froomkin, Anonymity and its Enmities, 1 J. ONLINE L. Article 4 (1995), available online http://www.law.corell.edu/jol/froomkin.htmi. I particularly wish to thank Dean Peter Shane and Pam Samuelson for inviting me to partici- pate in the panel entitled "The Regulation of Computing and Information Technology" at the Con- ference for the Second Century of the University of Pittsburgh School of Law at which an earlier draft of this paper was presented. Unless otherwise stated, this article attempts to reflect legal and technical developments up to January 1, 1996. JOURNAL OF LAW AND COMMERCE [Vol. 15:2:395 II. Free Speech Now: The Anonymous Message in the Im- pregnable Bottle .................................. 411 A. How the Internet Enables Anonymous Communica- tio n . 414 1. Electronic Anonymity ..................... 417 a. Traceable anonymity ................. 417 b. Untraceable anonymity ............... 418 2. Electronic Pseudonymity ................... 421 a. Traceable pseudonymity .............. 421 b. Untraceable pseudonymity ............ 423 3. The Human Element: Remailer Operators ... 424 B. Constitutional Constraints on Regulation of Anony- mous Electronic Communication ................ 427 1. Anonymous Political Speech ............... 428 2. Anonymous Non-political Speech ........... 433 C. Practical Constraints: The International Tide ..... 443 III. New Channels of Commerce ....................... 449 A. Internet Credit Card Transactions ............... 450 B. Digital Cash: A Technical Menu ................ 453 1. The Debit Card M odel .................... 456 2. The Basic Digital Coin .................... 458 3. Blinded C oins ............................ 460 a. Preventing Double-Spending of Blinded Coins With On-Line Clearing (Digi- C a sh ) ..... .. ..... ... .. .. ....... 462 b. Preventing Double-Spending of Blinded Coins With Off-Line Clearing ......... 463 c. Preventing Double-Spending of Blinded Coins With Electronic allets .......... 465 4. The Traveler's Check Model ............... 466 5. The Electronic Purse (Mondex Money) ...... 467 C. Regulation of Digital Cash ..................... 471 1. The Privacy Calculus ..................... 471 2. Regulatory Policy Goals and Practical Con- strain ts . .. ... .. .. .. .. ... .. .. .. ... 474 IV. Data Collection and Profiling: Towards the Argus State? 479 A. A Primer on Profiling ......................... 482 1. M edical H istory .......................... 483 2. Government Records ...................... 484 3. Personal M ovements ...................... 485 1996] FLOOD CONTROL ON THE INFORMATION OCEAN 4. Transactions ............................. 485 5. Reading and Viewing Habits ............... 486 B. Interlinked Databases ......................... 488 C. Implications of Profiling for Anonymity Regulation 491 1. Privacy-Enhancing Market Solutions Unlikely 492 2. Beached Whalen .... .................... 493 3. Anonymous Communication in the Argus State 495 V. Summary and Conclusion .......................... 505 JOURNAL OF LAW AND COMMERCE [Vol. 15:2:395 INTRODUCTION Changes in the technology used to create, disseminate, and store information are likely to present some of the most complex challenges to lawyers, policymakers, and citizens throughout the world in the next century. Some of these challenges present broad choices; others present the more constrained, and perhaps more difficult, problem of adopting legal rules to reflect new and not always welcome technological reali- ties. It is important to establish what choices exist, if only to navigate intelligently in the coming policy turbulence. The set of legal and pol- icy options is shaped not just by culture, history, and politics but by the constraints of technology. This article seeks to explore the limits that technology imposes on the legal and policy options available to those concerned about anonymous communication, digital cash, and distrib- uted databases, and the ways in which proposed limits on anonymous communication might reduce personal privacy in unexpected ways. Anonymity lies at the heart of three interrelated problems arising from computer-aided communications over distributed networks (which I will call "the Internet" for short1). First, communicative anonymity is an issue in itself: the Internet makes anonymous communication easy, and this has both good and bad consequences. Legislation to restrict anonymous electronic speech has been introduced in state legislatures and in Congress.2 Second, the availability of anonymous electronic communication directly affects the ability of governments to regulate electronic transactions over the Internet (both licit and illicit). Third, anonymity may be the primary tool available to citizens to combat the compilation and analysis of personal profile data, although data protec- tion laws also may have some effect also. The existence of profiling databases, whether in corporate or public hands, may severely constrict 1. Actually, "the Internet" is not one thing, but a set of tools. I. Trotter Hardy, Government Control and Regulations of Networks, paper presented at Symposium on The Emerging Law of Computer Networks, Austin, TX, May 19, 1995 (on file with author). The Internet provides the best example because it exists today. The analysis will, I hope, scale up to any successor network al- though there is good reason to believe that it does not scale down to discussions that occur entirely within a forum owned and operated by a single Internet Service Provider such as America OnLine or Compuserve, at least absent common carrier status. Cf.Pacific Gas And Elec. Co. v. Public Utils. Comm'n of Calif., 475 U.S. 1 (1986); PruneYard Shopping Ctr. v. Robins, 447 U.S. 74 (1980). 2. See 1995 Pa. S.B. 655, 179th Gen. Assem., 1995-96 Reg. Sess. (enacted June 13, 1995) (amending 18 PA. CONST. STAT. § 910(a)(1)). Proposed federal legislation sought to prohibit all anonymous electronic messages intended to "annoy, abuse, threaten, or harass any person . .who receives the communication." S. 314, 104th Cong., 1st Sess. § 2(a)(1)(B) (1995). A similar proposal was introduced in Connecticut, see Larry Lessig, The Path of Cyberlaw, 104 YALE L.J. 1743, 1750 n.20 (1995). 19961 FLOOD CONTROL ON THE INFORMATION OCEAN the economic and possibly even the political freedoms of the persons profiled; although profiling may not necessarily change the amount of actual data in existence about a person, organizing the data into easily searchable form reduces her effective privacy8 by permitting "data mining" and correlations that were previously impossible. As U.S. law- yers we are most accustomed to thinking about the problems of data creation, dissemination, and access in certain delimited categories such as the First Amendment, intellectual property rules, the torts of inva- sion of privacy and defamation, and perhaps in the ambit of a few nar- rowly defined statutes such as the Privacy Act' or the Fair Credit Re- porting Act.5 These categories are valuable, but are collectively inadequate to the regulatory and social challenges posed by the infor- mation production,