Rethinking Anonymity for the Information Age
We need an understanding of anonymity that befits our present information age, in which users can be tracked in ways never before seen. Unfortunately, in much of the examination around data and technology politics by journalists, analysts and scholars, there is disagreement or confusion about what anonymity is and what distinguishes it from privacy and encryption. This guide tries to both explain anonymity and illustrate why it is valuable; or dangerous, depending on your vantage point. Anonymity online is hotly contested. On the one hand, anonymity affords a veil of protection to those who would otherwise suffer reprisal when challenging injustice. On the other hand, it enables criminals, terrorists and bullies to harm others without fear of attribution.
Anonymity Means Being Unreachable
According to the traditional understanding, anonymity refers to a state of namelessness. But remarkable advancements in computer technology over the last two decades have rendered this definition obsolete. While your given name remains the main way of being identified, the myriad devices and services that you use and their generation of data about you and your activities mean that being nameless does not preclude others from figuring out who you are, which is the whole point of being anonymous. Adversaries do not need to know your name in order to target you – whether you are an ordinary citizen, a public figure, a criminal or bully – because he or she or they can do so simply by pinpointing the location of the mobile phone nestled in your pocket. Even were you to use a fake name when participating in an online social network, the organizations behind those targeted ads are able to identify a unique user and find out your gender, age, geographic location and – based on your behavior in the network – socioeconomic background and political inclinations. In short, if you can be identified, you are not anonymous
Why does anonymity matter? To quote the philosopher Helen Nissenbaum, “For situations that we judge anonymity acceptable, or even necessary, we do so because anonymity offers a safe way for people to act, transact, and participate without accountability, without others ‘getting at’ them, tracking them down, or even punishing them.”1 In seeking anonymity, online or offline, we want to eliminate the possibility of others being able to reach us if we do not want them to. Anonymity describes the state of being unreachable. It is achieved by severing the links between an individual and a unique identifier (e.g., a given name, user ID, license plate number or social security number) or pattern (e.g., routes to work, “likes” on Facebook or products purchased online).
Sometimes confused with anonymity, pseudonymity refers to the state of having a disguised identity. A pseudonym is a fictional handle that conceals its holder. In this day and age, however, a person can be unwittingly reached even when communicating with a pseudonym. An organization is still able to get at the holder using other identifying information. Pseudonymity, then, does not guarantee absolute anonymity.
How Anonymity Relates to Privacy and Encryption
The late scholar Alan Westin defined privacy as “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.”2 Put differently, privacy is the power to control information about yourself and information that you communicate.3 If someone gathers or makes use of such information in a manner you disapprove of, your privacy has been compromised.
The act of seeking anonymity and the act of encryption are means of exercising this power. To seek anonymity is to exercise power in order to control information about parties exchanging information – the who in an exchange between persons. To encrypt is to exercise power in order to control information exchanged between parties – the what in an exchange between persons.4 Encryption is the process of converting electronic data into ciphertext, a form that can be read only by authorized parties. While some encryption software, like Tor, may also hide the identities of the communicating parties, they do not necessarily do so; through encryption, one can hide the contents of an email without concealing the sender and receiver.
The Right to Anonymity
When deemed appropriate, individuals are granted a right to anonymity – the right to be unreachable. The right to anonymity is a social norm, for in certain contexts there is a shared expectation that individuals ought to be able to be anonymous when conducting themselves, online or off. In most places, people are granted the right to anonymity when donating to charity, voting for public office or participating in medical research. But anonymity is not always acceptable. Consider that when applying for a driver’s license or crossing national borders, individuals are expected to prove who they are. Suffice it to say, those who commit or intend to commit crimes or acts of terror are also not free to enjoy the veil of anonymity.
There are no universal, hard-and-fast rules that specify when an individual ought to have the choice to be anonymous. Rather, the right to anonymity is contextual. Whether or not someone should have the right to be anonymous is prescribed by social conventions and hard laws that may differ across social settings in terms of political system, historical background, religion or so on. In some settings, for example, an individual’s right to anonymity is protected when issuing remarks that others find harmful, whereas in other settings, local laws concerning hate speech or blasphemy may trump an individual’s right to be unreachable when expressing the same remarks.
The right to anonymity for internet users is controversial, especially among Western societies, for there exist conflicting positions on when the right to anonymity should be forbidden or preserved. On one side of the debate are security professionals who argue that security should override the freedom to be unreachable, concerned as they are that popular anonymizing tools supply transgressors with the veil they need in order to freely carry out acts of terrorism and crime. Also on this side are commercial organizations whose business models rely on consumer identification, as well as public intellectuals who charge that anonymity leads to unattributable acts of cruelty. On the other side of the debate are those who insist that the protection of anonymous communication is critical to free expression and democracy. Consider whistleblowers and journalists who seek to expose corrupt activity, or political dissidents who organize against government repression.
Anonymity Is Rarely Absolute
There are varying degrees of anonymity. Partial anonymity refers to a state of being that is not entirely out of reach from those who would seek to identify you. When, for example, you use a pseudonym in a social network but are served ads based on identifying information that is not your given name, you are partially anonymous.
Offline, it is frequently the case that an intermediary will facilitate anonymous conduct. A journalist who withholds a source’s name is one such example. Online, the lion’s share of users operate in a state of partial anonymity, thanks in large part to tracking by concerned governments or profit-seeking corporations. Few users have the technical know-how or resources to attain absolute anonymity online. Computer security specialist Bruce Schneier has written that being anonymous online is all but impossible. “If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, you’ve permanently attached your name to whatever anonymous provider you’re using. The level of operational security required to maintain privacy and anonymity in the face of a focused and determined investigation is beyond the resources of even trained government agents.”5 The elusiveness of absolute anonymity is important to bear in mind when we are told that the apps we use enable us to communicate anonymously. This is almost never the case, because you can still be reached.
Even so, there are steps one can take to gain more anonymity in particular and privacy in general. For a primer on maintaining online privacy and security, visit Obscure Me, GPPi’s toolbox for online privacy.
References
- Helen Nissenbaum, “The Meaning of Anonymity in an Information Age,” The Information Society, no. 15 (1999): 141 – 144.
- Alan Westin. Privacy and Freedom (New York: Atheneum, 1967), p. 7.
- Lawrence Lessig, “Reading the Constitution in Cyberspace,” Emory Law Journal, 45, no. 3 (1996): p. 8.
- A. Michael Froomkin, “Lessons Learned Too Well: Anonymity in a Time of Surveillance,” University of Miami School of Law (2015), p.2, accessed July 1, 2015, ssrn.com/abstract=1930017.
- Bruce Schneier, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, (New York: W. W. Norton & Company, 2015), p. 43.
Scissors icon: Mourad Mokrane, Noun Project.