Larry Lessig on ending anonymity through "identity escrow"
Declan McCullagh
declan at well.com
Fri Dec 5 09:28:18 EST 2003
In response to:
http://www.economist.co.uk/science/displayStory.cfm?story_id=2246018
To preserve freedom further, suggests Mr Lessig, anonymity could be
replaced by pseudonymity. It might become legal, for instance, to have
credit cards for online transactions under different names, as long as
these could still be traced to the individual owner. The challenge is to
set the legal hurdles for online search warrants high enough so that
governments cannot abuse their power. But at the same time to keep them low
enough so that criminals can be found and stopped. In this respect, the
online world should be no different from the real one.
---
From: Lawrence Lessig <lessig at pobox.com>
Cc: Declan McCullagh <declan at well.com>
Subject: Re: [Politech] Economist, Lessig want to preserve freedom by
ending anonymity [fs][priv]
Date: Fri, 5 Dec 2003 10:16:31 +0900
To: Aaron Swartz <me at aaronsw.com>
It's not an inaccurate quote, but it is taken out of context.
What I said was that the trend in our laws was to destroy any privacy at
all -- that the idiocy of Patriot Acts, etc., was effectively eliminating
any form of privacy. There are two kinds of responses to this -- one to try
to defend and build a system protecting absolute anonymity; the second is
to build effective protections for pseudonymous life, which is shorthand
for traceable transactions, but where the permission to trace is protected
by something like a warrant requirement. I'm not saying the government
should build these systems, but that they should be permitted and indeed
encouraged.
In my view, we will make no progress following path one, but that we would
strongly advance privacy if we could advance path two. A strong ethic and
architecture of pseudonymous identity, properly protected, would give us
more privacy than we have today.
Of course, it is possible (and probably likely) that such an architecture
would not properly protect the link between a transaction and the privacy
of a person. Government officials, for example, upon mere suspicion would
be able to break the link, etc. That of course is not what I am promoting.
I would promote a regime where the gov't required a very strong
warrant-like reason before it could break the code that makes the link. But
I will not that the baseline from which we're starting is a world where no
real showing is necessary for this sort of surveillance.
On Dec 4, 2003, at 9:26 AM, Aaron Swartz wrote:
>>To preserve freedom further, suggests Mr Lessig, anonymity could be
>>replaced by [warrant-traceable] pseudonymity.
>
>Can you explain this? The Economist article seemed to be total nonsense,
>but I'm surprised they paraphrase you as saying something like this. In
>general, for eliminating anonymity to make sense you need to answer three
>questions:
>
>1. Is anonymity the problem? Between DMCA subpoenas and national security
>letters, it seems that very few people on the Internet have even limited
>anonymity.
>
>2. Will the people who are anonymous evade things? The people who _are_
>anonymous, of course, are people like crackers. If you outlaw anonymity,
>crackers will likely find security holes that let them hide their identity
>and pass their actions off as those of others (e.g. using the WiFi network
>of some squeaky-clean grandma to launch the attacks).
>
>3. Is it worth the cost? Even if you can answer the above questions, it'll
>be difficult to do without knocking large groups of people off the
>Internet. (If the digital divide is bad now, imagine what it'll be like
>when you need a credit card to get on the Net.)
>
>Were you misquoted? If not, can you answer these questions? Or is this
>more blind optimism?
>--
>Aaron Swartz: http://www.aaronsw.com/
-----
Lessig
Stanford Law School
559 Nathan Abbott Way
Stanford, CA 94305-8610
650.736.0999 (vx)
650.723.8440 (fx)
Ass't: <laura.lynch at stanford.edu>
<http://lessig.org/blog>
<http://creativecommons.org>
<http://eldred.cc>
Help reclaim the Public Domain: Please sign this petition:
http://eldred.cc/sign
How else can you help? Check out:
http://svcs.affero.net/rm.php?r=Lessig
---
[Why do I get the feeling that Larry Lessig doesn't like "absolute"
anonymity much at all? Systems for building and defending "absolute"
anonymity already exist in the form of anonymous remailers and Freenet,
among others. It would be foolish to follow Larry's advice and concede too
quickly that such technologies have so few legitimate uses that they cannot
be reasonably defended. Even the oft-benighted Eurocrats have recognized
this: a 1997 EC directive encourages anonymity, as does a German federal
law (http://www.iid.de/rahmen/iukdgebt.html). In the U.S., since the
Federalist Papers were published with effectively "absolute" pseudonymity,
surely the framers of the U.S. Constitution had them in mind when crafting
the Bill of Rights. Justice Thomas lists more contemporaneous examples in
his McIntyre concurrence
(http://supct.law.cornell.edu/supct/html/93-986.ZC1.html). Saying anonymous
technologies are indefensible concedes a crucial point: that the
government's power is so sweeping that police have the right to learn our
identity in all cases. So much for whistleblowing and anonymous reports of
public brutality.
Perhaps more to the point, the twin privacy-encroaching technologies of
automated electronic surveillance and efficient large-scale databases did
not exist decades or centuries ago. "Absolute" anonymity lets us reclaim
some of that lost zone of privacy. Lastly, trying to remove "absolute"
anonymity from the Internet (banning strong encryption and computers that
can be programmed not to keep logs) would be far more disruptive,
destructive, and harmful than proposals like Hollings' CBDTPA that Larry
has rightly opposed. --Declan]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list