On the Internet, no one knows if your’re a dog, or so I’m told. But does President Obama’s newly announced “Cyberspace strategy” herald a possible end to the days of anonymity (or for that matter Anonymous) on the internet?
The answer is, “Possibly”.
Along with his press conference, today listing Cyber-Security as a national security priority, the White House also released the 75 page “Cyberspace Policy Review”. It all seems pretty straightforward, answering basic national security, infrastructure and financian concerns about various “cyber threats”. (The validity of a lot of these threats is, of course, up for debate, but isn’t what I’m looking to address here.) However, buried in the text is a somewhat scary bit of policy jargon:
10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.
Now, to be frank, there’s a few scary bits throughout the document. There’s a lot of wording that could support the growing of walled gardens in the private and public sector and the promise of more government regulation of the internet in the United States, but that bit sticks out to me.
An “identity management vision” is a means of regulating and more importantly authenticating your identity online. This would mean the creation of some sort of regulatory agent that can assist in the establishment of authenticity standards in the hopes of allowing federal agencies the ability to tell if email@example.com, Captain Swing on myspace, and chimplover35 who comments on Digg are all in fact the same individual. It’s, theoreticaly, the end of anonnimity on the internet. (At least the US bits.) Obviously it’s not the first time the US Federal government has shown an interest in policing identity on the internet, and it probably won’t be last, but it doesn’t bode well.
Io9′s Annalee Newitz has an interesting (and likely) take on the likelyhood of indentity policing ending up in the hands of a private sector company:
And here’s where my not-so-wild speculation about Facebook identities comes in. Many companies have turned to Facebook as an “identity management” system (including Gawker Media), allowing people to log into their services using their Facebook identity. The reason is simple: Most people only have one Facebook identity, and they stick with it. There’s a general notion that your Facebook identity is your authentic identity, or at least an identity that you keep over time, and that its characteristics can be traced back to who you are in real life. Therefore, having you log into every web service, from io9 comments to Digg to (possibly in the future) Paypal, is a way of managing your identities. Instead of having a separate identity for each of those services, you have one. Easy to manage, easy to trace.
Why shouldn’t Obama’s cyberczar just cut a deal with Facebook (and maybe a few other social networks like LinkedIn) and turn those profiles into your authentic identities? So you can send mail and buy things using your Facebook ID, and that’s how you’ll be tracked. Hey, you’re already on Facebook right? And you can set your profile to “private.” So it’s easy and “privacy enhancing.” (Never mind how easy it is to get around those privacy settings – pay no attention to that black hat behind the curtain.)
The scenario I’m describing is, in essence, how the Social Security Card became the twentieth century’s identity management system starting in the 1930s. These cards were not originally intended as ID cards, or as a way to authenticate your true identity. They were just a way to manage government assistance to those who needed it. But they became an ID card simply because everyone in the US had been issued one. When the government and businesses needed a way to track people’s identities, it became the easy choice. Showing your social security card meant that you couldn’t just come up with random new names for yourself every time you signed a form or took a job.
Though people in the US now think of the Social Security Card as the “obvious” form of ID, it took years for it to evolve from a simple social assistance card to an “identity management vision.”
Just as the (currently, temporarily scrapped) National ID card system would have been carried on the backbone of private interests, it’s entirely likely that any form of identity policing on the internet would end up being, by and large, maintained by a pre-existing entity in the private sector. At first glance, a Facebook/US Government partnership seems unlikely, but does it really? Newitz is right in claiming that this is exactly what happened with the Social Security Card. This little white and blue piece of paper that most Americans posess quickly became a universal form of ID even though it was never intended to act as such. (And in fact the card insists that a SSN is not an ID.) And there are many, many companies that are currently using Facebook as identity sourcing or are looking at doing so.
Why not link your email addresses and your paypal accounts and your amazon information and your bank information to your Facebook account. It’s safe and private, right? While you’re at it, why not link your biometric information to your email account to your facebook account? (Here’s the fun part — a lot of people already do that, and expect to see more push for email-based biometric security in the next year.)
Facebook is just one likely candidate for an increasingly likely scenario, and that scenario is one in which the powerful anonymizing factor of the internet is slowly reduced via public-private partnerships. Partnerships which will be based on “convienence” and public safety.
On the bright side, Obama claims that he still supports net neutrality:
“Our pursuit of cybersecurity will not include — I repeat, will not include — monitoring private sector networks or internet traffic,” he said. “We will preserve and protect the personal privacy and civil liberties that we cherish as Americans. Indeed, I remain firmly committed to net neutrality so we can keep the internet as it should be, open and free.”
But those aren’t very comforting words when they’re released next to a document that encourages us to look back to the cold war, and discussed the importance of selling the idea of a national security cyber-threat to the American People. It’s easy to say “I remain firmly committed to net neutrality…” but harder to accomplish when your policy documents outline how to convince the Internet-using populace to allow internet regulations and promotes solidifying “who is in charge” of the internet. (Those are just a few of the gems I noticed on a quick skim.)
Am I being reactionary? Maybe a little. But while the Obama adminstration has talked a good game regarding electronic civil liberties, he certainly hasn’t actually backed up the talk with actions, yet. In fact, he’s done just the opposite with his support of enhanced wireless wiretapping powers and his appointment of MPAA/RIAA and staunch anti-P2P advocate Joe Biden as his VP. While I’m not quite ready to go down to my local teabaggers meeting just yet, It’s obvious that electronic privacy is going to be an interesting minefield to watch Obama walk through.
On the internet, nobody knows you’re a dog. Except Facebook. And Linkdin. And the FTC and LexisNexis and the CIA and the NSA and SEC. Oh, and 4Chan.