While I haven’t posted much this month, it isn’t because I’m not writing: it’s because what I’m writing just doesn’t seem to pull together very well and so I have 4 or 5 items held in ‘draft’. See, I’ve been trying to integrate thoughts on accessible versus technically correct understandings of technology as it relates to privacy, and to issues on public relations and the use of FUD by privacy activists, and what I think of the idea of ‘anonymity’ in digital environments that are increasingly geared to map, track, and trace people’s action. Given that it’s the data privacy day, I thought that I should try to pull some of thoughts together, and so today I’m going to draw on some of those aforementioned ideas and, in particular, start thinking about anonymity in our present digitally networked world.
To take the ‘effort’ to try and remain anonymous requires some kind of motivation, and in North America that motivation is sorely lacking. North America isn’t Iran or China or North Korea; Canadians, in particular, have a somewhat envious position where even with the government prorogued – a situation that, were it to happen in Afghanistan would have pundits and politicians worrying about possibilities of tyranny and violence – there isn’t a perception that Canadians ought to be fearful that proroguement heralds the beginning of a Canadian authoritarian state, or the stripping of Charter rights and freedoms. This said, I think that people in the West are realizing that, as their worlds are increasingly digitized, their ‘analogue’ expectations of privacy are not, and have not for some time, been precisely mirrored in the digital realm. This awareness is causing worry and consternation, but is not yet (and may never be) sufficient for wide-scale adoption of anonymization technologies. Instead, we have worry without (much) action.
But let me back up, just a bit. What motivated the creation of a digital architecture that can be used for limiting anonymity online? What sense of anonymity am I referring to?
To the latter question, I’m referring to the ability to be anonymous at the hardware level of the Internet – I’m interested in remaining ‘anonymous’ in the face of client-server transactions. I’m not calling into question the ability to ‘game’ the web as perceived on Facebook, Yahoo!, Yelp.* Instead, I’m referring to particular individuals’ abilities to mask their presence or identity on a computer network.
What has driven the limitations upon online anonymity? To begin we need to acknowledge that the ‘net is, contrary to the early Internet Utopians, a perfect domain of control. With immense possibilities for control come opportunities of surveillance, surveillance that can deanonymize individuals and their actions. It isn’t that a particularly nefarious cabal has sought to do this: network engineers and administrators have deployed networking hubs and associated software-driven security appliances to better analyze data traffic and identify sources and destinations of data traffic for a long time to facilitate a fast, efficient Internet. We have witnessed incredible booms in the amount of traffic that is flowing across networks, with an increasing amount of that traffic is harmful to networks and individuals (e.g. DDOS attacks, email spam, phishing). To deal with these, along with other authentication, security, and traffic analysis challenges, network engineers and administrators have made network nodes ‘more intelligent’; intrusion detection systems operate at borders, email analysis often precedes mail hitting your inbox, and multiple levels of authentication and firewalls surround intranets. It’s important to note that networks have grown more intelligent, rather than recently become intelligent; network appliances have always had some ‘intelligence’ to them.** We might say that carapaces have slowly grown around networks as the nature of the network environment itself has evolved.
Given the technical element to data routing, network security, and data usage tracking, networking staff have implemented some technologies that, in the right hands, are as benign/beneficial as a scalpel in an experienced surgeon’s hands but, alternately, are as dangerous as the same scalpel in a psychopath’s grasp. Deep packet inspection (DPI) is one (of many!) such technologies. Last year, Sandvine noted that 160 ISPs purchase their equipment, with 90% of those ISPs using the equipment for some kind of traffic management purposes. This traffic management can extend to modifying the traffic speeds of particular applications, such as those used for P2P file-sharing, to discriminating between different tiers of service. Further, discrimination might mean impeding on some traffic – such as ‘suspicious’ traffic as identified by network administrators – or applying an ‘economic’ management system that is dependent on tracking customer data use and charging for bandwidth use. As is obvious, some of the uses I just identified are clearly ‘acceptable’ – if network equipment generally can detect and limit/isolate computers operating in a botnet, that’s a plus as I read it – whereas others – behavioural advertising and carriers delaying competing services – are far less acceptable.
It is critical to identify what is seen as acceptable versus unacceptable uses of any particular networking technology. Targeting use is important, given that there is a lot that goes on behind the scenes that consumers and end-users are largely ignorant of and, to date, have had no issues remaining ignorant of. ‘Computer geeks’ have done their thing, the email has flowed, and everyone has been happy (save, perhaps, for the admins responsible for keeping things running at those moments when an attack overwhelms the network defences…). Because of a general lack of technical training, incredibly poor relationships between large telecommunications companies and end users, and increasing uses of network technologies for surveying and modifying traffic in obstrusive ways, the public is only now getting interested in how our digital networks operate. They’re a few decades late, and their late arrival is generating challenges for all involved. Citizens expect perfect (or, at least largely similar) correspondence between ‘analogue’ and ‘digital’ expectations of privacy, consumers want efficiency and speed, and administrators want secure networks. This is to say nothing of the corporations running the networks, who want to earn a reasonable rate of return on their investment. These concerns don’t necessarily fall into ‘either/or’ categories, but require a common language and commonly understood implementation strategy that is respected by all involved. Developing this language and consensus is, obviously, a daunting task.
Public interest in telecommunication networks is not inherently bad, and in fact is probably a good thing – more people should be involved in making technology increasingly democratic – but participation, at this point, requires that either incredibly good metaphors and analogies need to be deployed, or interested people need to learn something about the technologies in question. Arguably, the line should be drawn somewhere between those two alternatives.
It is even more important that the privacy advocates who are dealing with networking technologies develop an appreciation both for the real challenges faced by network administrators as well as the technical structures underpinning networks themselves. They need to realize that while they defend civil rights, they need to find ways of bringing consumer groups (and, ideally, network operators themselves) onside, as opposed to alienating the consumer and network operator to protect the citizen. We live in market societies: this means consumers have to be placated, or at least feel like they’re being placated. Such placations may often be symbolic, but the effort to recognize the bridge between these multiple agentic points of view must be recognized and, ideally, exploited by privacy advocates.
Further, it is key that privacy advocates possess the technical knowledge to parse what a well-meaning administrator tells them, so that they can subsequently craft their concerns, complaints, and issues in a language that can be accessible to the public and sensitive to the technical realities of the contemporary networked world. In the case of DPI, there are various ways that the technology can be used, and not all of them are harmful. The stance that any analysis of data packets, however transitory, constitutes a privacy infringement would require the abandoning of many incredibly valuable perimeter defences that most end-users are entirely ignorant of. We needn’t toss out the baby with the bathwater! Effectively, without appreciating the particularities of each device and its particular uses, advocates cannot precisely target their complaints for maximum effect: rather than targeting all cars, environmentalists often target vehicles below particular standards; they draw distinctions within a large category and frame solutions for both citizens, the environment, and consumers. Privacy advocates can learn a great deal about how to position issues from surrounding groups, and in many cases already have.
Networking technologies can often be designed to analyze and identify unique users. In many environments this is required for anything from law enforcement (e.g. CALEA), to billing, to traffic analysis purposes. The question is whether or not such analysis and identification, when performed by your Internet Service Provider (ISP), is appropriate or not. In the EU, there are questions over whether any use of DPI or DPI-like technologies constitute a privacy infringement. An element of such questions surrounds whether or not temporary analysis of data traffic constitutes wiretapping (I have doubts) and, implicitly, an element is about what kind of anonymity Internet users can expect. Should our ISP analyze traffic to identify dominant applications used and bandwidth those applications, in aggregate, are generating? Should our ISP be theoretically capable of revealing what particular users do with their Internet connections if law enforcement makes a legitimate request? Should our ISP identify the lowball percentage of data traffic that constitutes copyright infringing material?
It is, of course, when we get to these more precise questions that question of ‘what anonymity are we referring to?’ comes to the fore again, alongside the question ‘what conditions warrant deanonymization?’
The Information and Privacy Commissioner/Ontario maintains that pseudo-anonymity, rather than full blown anonymity, should be the expected and perceived norm of Ontarians in digital environments. By this, an individual can maintain anonymity until they perform some action that crosses the boundary of the law – at that point, it is imperative for a service provider to identify who that individual is so that the arm of the law can reach out and touch them. In effect, IPC/O’s position is that operating in the digital era does not mean that the state’s coercive powers ought to be diminished: the benefits of free, anonymous speech and association can be had, so long as this is done within the confines of the law.
At a broad, principled level the IPC/O’s position on anonymity raises concerns: what if we applied this same set of rules to an authoritarian environment, such as in China or Iran? However, if we move from ‘high-level’ theorizing and generalizations to ‘mid-level’ theorization and better contextualized generalizations the conditions of inquiry change; does the pseudo-anonymity offered in Ontario, which is (generally) an orderly and lawful province in an orderly and lawful nation, meet the expected freedom and association rights of Ontarians without detoothing the provinces and/or nation-state’s coercive power? Clearly this latter question is better contextualized than one would expect from a philosophical treatise on anonymity, and more likely to resonate both with (in this case) Ontarians and Canadians than a ‘high-level’ theory that has to apply universal statements to particular situations without becoming logically or practically incoherent.
Note that I’m not suggesting that we must avoid ‘high theoretical’ approaches to privacy and anonymity – I’m regularly involved in such discussions, and think that the principled position needs to be stated loudly because the speaker is often alone in the room – but that there is a danger in always assuming a ‘principled’ position that refuses compromise and reflective consideration in advocacy. Advocacy is not, as I’m regularly reminded, the same as scholarship. Are networking technologies like DPI likely to be ‘banned’ in the West? Unlikely – were an attempt made, network operators would point out to the public just how ingrained these technologies are in daily operations, and instead (continue to) focus on uses of the technology. If advocates adopt a nuanced and contextualized and principled position, from which they can insist that particular uses of the technology be banned, and frame the benefits of such bans to reach out to consumers and citizens alike, then I think that that advocates will have a stronger foot to stand on.
Concluding, and returning to anonymity more closely, I think that we need to distinguish various ways to ‘approach’ the topic of anonymity. We need to recognize different levels of theorizing about ‘what anonymity means’, analytically distinguish between the domains of expected anonymity (e.g. Internet versus Web versus particular sites on the Web), and collect empirical data that outlines the present practices that would anonymize and deanonymize individuals in each of these domains. After intensively investigating these practices, advocates and citizens alike can proceed to launch complaints, concerns, and raise issues in a highly contextualized, high targeted way that is likely to have superior results than broadly framed worries lacking analytic precision.*** These worries are not just ‘academic’: launching ill-formed complaints can lead to setting precedent that runs counter to privacy-protection, that undermines the instantiation of privacy principles in society and jurisprudence, and potentially waters down constitutional rights. Badly formed complaints don’t just run the risk of being ineffective: they run the greater risk of jeopardizing the principles that privacy advocates defend, principles that often includes anonymity in ‘public’ spaces like the Internet.
* I’ve begun differentiating between ‘first’ (hardware) and ‘second’ (web-level) presence to mark off this distinction between spaces of anonymization.
** At some point, probably after my February exams, I’m hoping to write something on the use of the term ‘intelligence’ to refer to networks. I find the term incredibly offsetting and awkward.
*** As a note, I recognize that this is ‘ideal’ – often groups suspected of infringing individuals’ privacy are not forthcoming with information. In these cases, advocates should get as much of the best data that they can together and launch the complaint. I’m not suggesting that, where information to create one of these hyper-targeted complaints is unavailable that advocates shouldn’t complain, but that when the information is available the advocate ought to engage with all the available data in a charitable fashion. At the very least, they should try to seek out the information in a rigorous fashion before submitting the complaint.