Industry Observations-Web Application Security

Anonymity or Accountability?

Over a decade ago, when I was just starting in the computer security scene, I went to a conference for managed security services providers as the sole representative for my company. Near the end of the day-long conference there was a large discussion in which people were asked, “If you could change one thing with a magic wand to have the biggest impact on security, what would it be?”

When it finally got to me, I said the only thing that came to mind, “Attribution.” I explained, “If I had a magic wand and could change anything to have the largest impact on security, I’d make it so that everything on the Internet could be attributed to people so that we could have accountability. If you knew the packet you sent would be tagged with the information necessary for someone to track you down, you’d be extremely unlikely to commit any crimes using the Internet.”

I know it’s impossible to do that, but it was a magic wand after all. But that’s not the end of the story. Over the years I have become a privacy “guy” insomuch as I take people’s privacy seriously. However, I also have one foot squarely in the world of banking, finance, retail and so on – where attribution is hugely important for security, and also as an unintended consequence *ahem* marketing. So as much as I’d love to have people live in a free and open society, we all know what a bunch of jerks people can be when they know there’s nothing at risk when they break the law.

On the flip side, 100% attribution is terrible for privacy when you’re not doing anything illegal, or if you are a political dissident. The very last thing our forefathers wanted when they were talking amongst themselves in pubs on the East coast, considering creating a new nation, was attribution. They saw fit to write amendments to the constitution to limit unlawful search and seizures, and to allow freedom of speech.

So on one hand you have freedom and on the other hand you have safety. I have taken to asking people: “If you had to chose only one, which would it be? Accountability or Anonymity? Do you ever want there to be a way for you to do something anonymously or not? Do you ever want to be at risk of not finding someone who had committed a crime or not?”

I am somewhat surprised to find that when given only the choice between one or the other, it has been nearly an even split amongst people I talk to – usually at conference – about which they’d prefer. Right now, we teeter on the brink of having no anonymity at all. With enough vulnerabilities that allow full compromises of millions of machines, and enough listening posts all over the world, anonymity is slowly but surely getting harder and harder to get. Look at the most recent busts of various Tor hidden services like Silk Road 2 – people whose livelihoods and freedom depend on privacy still can’t manage it.

Most people would say that drug dealers and arms dealers deserve to be behind bars, so good riddance, regardless of how it happened. However, what about Colorado? Last year, being in possession of marijuana would land you in jail. This year it won’t. So are we as a society willing to indiscriminately put people in jail for breaking the law, even when the law later turns out to be unjust and/or bad for society?

Or worse yet, what if our government moves into a second age of McCarthyism – where they hunt down those who engage in civil disobedience with untold masses of siphoned information to decide whom to jail and whom to leave alone? What if adultery suddenly became a felony? Thought crimes could be punishable in such a dystopian world — not a pretty sight either. Though your banking passwords would be safe, certainly. (Except from the government.)

Perhaps releasing certain types of criminals or forgiving certain types of crimes, as California is about to do, might be a worthwhile exercise. A certain level of crime, while seemingly bad, is critical to allowing for a free society. It’s a complex issue, and of course there is always a middle-ground, but I think to properly understand the middle ground you have to explore the edges. What would a perfectly accountable Internet bring? It would bring with it a near zero cyber-crime rate but also limited freedoms. What would a perfectly anonymous Internet bring? It would bring unfettered cyber-crime but unlimited freedoms. It feels like you’d want some sort of middle ground, but there’s no such thing as “somewhat anonymous” when your life depends on it.

While my younger self would have said that “attribution” was the key to security, I would now tell my younger self to look beyond security, and really contemplate what a completely secure society would look like. Maybe a completely secure society with attribution for every act isn’t such a great idea after all, I would warn him. There are probably no easy answers, but it’s a conversation that needs to happen.

Assuming for a second that there was only one answer, if you had to chose one, which would it be: anonymity or accountability? And more importantly, why?

  • Paul Smith

    Thanks for such a thought provoking question. I would choose anonymity every time. Accountability is wonderful when people have responsibilities or duties tied up in what they are doing. Without listing them, it is obvious that there are many more aspects of life that an individual is not and should not be held accountable for than what they are accountable for. If an individual is held accountable for everything they put online or do in the real world then they would be forced to gravitate toward actions deemed acceptable by everyone in all their social groups simultaneously. There could be no socially acceptable deviance. Anonymity allows for experimentation. It allows failure without consequence. Accountability is not the human default setting, we evolved without oversight and many mistakes were made but those made us stronger. Accountability is something we invented to better organize our social constructs. Anonymity doesn’t preclude accountability anywhere but in an environment where every action is recorded. This makes the internet unique in human history in that we have to be intentional about identity management. One identity is not enough when you need to have a professional life and a social life or as you change as a person but what you put online representing who you are does not. Online personas should be anonymous by default and as private as a private citizen’s physical belongings or their person. Just like a politician or public servant or figure is accountable for more than the average citizen so should there be options to give yourself more online accountability than the standard 0 base point. Sites like reddit are a great example of a community forming around the idea of anonymity and voluntary identity building. You can enjoy Reddit without a user account anonymously and without accountability but if you wish to vote you must maintain a user account that follows the basic community rules. Then you can run for offices like moderator and gain prestige and have your opinions carry the weight of your comment history. but other accounts have different reputations and are responsible for their own actions. This is how anonymity can be the natural successor to and cure for government and corporate oversteps.

  • w3be

    I’m glad to see these questions and your discussion Robert, and although we’re talking in the context of the Internet, one of our most modern and powerful technologies, the core concepts here are ancient. Thousands of years ago our most fundamental questions around justice, law, and ethics were being discussed as they still are today, and I imagine we could learn something by looking back, although certainly the idea of anonymity (an originally ancient Greek term) has changed quite a bit.

    Start with Plato’s ethical thought-experiment The Ring of Gyges, and it’s clear we need accountability for people in powerful positions, such as our elected government who we place our trust in.

    On the other hand, the old saying “don’t shoot the messenger” has deep roots, going back to Plutarch’s account of Tigranes the Great beheading a messenger who brought news of a coming war.

    More recently, according to Wikipedia, the Supreme Court ruled in favor of anonymity in the case of McIntyre v. Ohio Elections Comm’n [1]

    “Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority.”

    That speaks pretty loud and clear.

    There must be countless examples of anonymous works of art and literature throughout history. When ideas dangerously challenge a majority worldview or oppressive State, then authors may want their identities hidden. This is obvious today with journalism in oppressive regimes, and has been with authors who challenged philosophies or theologies of the past.

    So my response would be we need to require accountability in some contexts and allow for anonymity in others.


  • Justin

    If I had to choose only one, I would choose anonymity. With anonymity comes freedom and privacy. With accountability comes safety and security. I, personally, would rather have freedom and privacy than safety and security – again, if I had to choose between the two extremes.

    Freedom comes at a price. As an American, it’s a core principle engraved in our nation’s history. Countless men and women have given their lives in order for this nation to exist, and in order for its established freedoms to persist. Why, then, would we sacrifice freedom on the digital frontier?

    Freedom comes at a cost. With respect to the Internet, that cost is safety and security.

    All of that being said, I don’t think either extreme is the answer (I agree with you, Robert). The answer lies somewhere in the middle, and it’s a brutal, complex, and frustrating process to discern exactly where. Perhaps our best hope of finding that sweet spot is to fight against the pendulum’s momentum whenever we sense it swinging too far or too fast toward either extreme.

    Or maybe we just need two Internets. One with total accountability, and one with total anonymity. Governments agree to “hands off” the free Internet, and let users choose which one they want to be a part of. Yeah, that’ll work… right? 😉

  • Pingback: Anonymous or Accountable? | Snake Eyes Software()

  • Clerkendweller

    I wonder about the language here – “safety” and “freedom” are not opposites. Also “privacy” and “anonymity” are two different concepts. I realise this post is about “security” and you want to “explore the edges”, but it touches on many privacy aspects, which need to be considered from the perspective of harm to individuals.

    In the world of attribution, I might be at a lower risk of harm (impact and likelihood) if everyone knows I did not participate in a hit and run car accident (e.g. if my identity can be shown to be somewhere else at the time).

    Similarly whistleblowers can expose crime that would otherwise be allowed to continue, and anonymity here is an important protection that encourages and supports such reporting. Anonymity in business process feedback (e.g. suggestions) can also help companies improve.

    As for the middle ground, there should be no reason to reveal my identity to prove my age (e.g. to be able to buy certain goods or use some services). All I need to be able to do is to be able to allow you to verify my age. You don’t need my name, address and full date of birth. Pseudonymity (e.g. identity escrow) is an important principle too.

    Thank you for raising the topic for discussion. I can’t choose between the two options. My answer will vary depending upon the context.

  • Dirk Wetter

    What one would choose probably depends also on the personal circumstances and on the country one is living in. If an average person is feeling harassed by the security measures of a country or his surroundings this one would rather vote for anonymity. But the same decision would be done by a crook or a worse criminal. If one is feeling insecure most persons will likely willing give up anonymity — that’s why all big brothers around the world are telling us each day what the threat level is like. 😉 The latter is intrusive marketing which directly addresses our fear center in the brain (right Amygdala). So, the first obstacle on what to choose is made difficult by emotions and realistically assessed living circumstances.

    Privacy/anonymity has a high value. Through my European/western world eyes: We should not continue to give it up. Accountability where really needed might come handy if done by an independent third party. The latter however has nobody gotten right yet and also by nature it has a lot of attack surface.