Web anonymity battle starts anew

SAN FRANCISCO —  One of the Internet’s founding fathers is set this week to revive a heated cybersecurity debate over whether to preserve anonymity and the use of pseudonyms in online chat forums and social networks like Twitter.

Vint Cerf, Google’s chief Internet evangelist, is expected to make the case for keeping people’s identity anonymous — particularly on certain Web services — when he delivers the keynote address at the RSA cybersecurity conference here on Wednesday. 

Tension over the issue has been building for years between free speech advocates and those who say tougher steps are needed to boost cybersecurity on the Internet.

The debate arrived on the international stage last December at a United Nations conference in Dubai, United Arab Emirates, where some countries floated proposals to ban Internet anonymity for a global telecommunications treaty.

“The ability to speak anonymously [online] is critical to the ability to speak freely, to speak on the matters of public policy,” said Harold Feld, senior vice president of consumer interest group Public Knowledge and a former member of the U.S. delegation during the U.N. conference.

Some countries, including China and Russia, have reportedly argued that anonymity on the Web poses a risk to cybersecurity and makes it harder for them to go after hackers and other malicious actors, which leaves Internet users vulnerable to online fraud schemes, virus-laced spam and malware.

But free speech advocates warn that the push to ban anonymity in the name of cybersecurity is simply a facade for efforts by authoritarian governments to crack down on political dissidents and critical speech they disagree with on the Web.

 A vocal advocate for Internet freedom, Cerf sounded the alarm about attempts by “authoritarian regimes” allegedly to bar the use of pseudonyms on the Web in a set of op-eds published prior to the U.N. conference.

“Several authoritarian regimes reportedly would ban anonymity from the Web, which would make it easier to find and arrest dissidents. Others have suggested moving the privately run system that manages domain names and Internet addresses to the United Nations,” Cerf wrote in a May op-ed published in The New York Times.

“Such proposals raise the prospect of policies that enable government controls but greatly diminish the ‘permissionless innovation’ that underlies extraordinary Internet-based economic growth to say nothing of trampling human rights,” Cerf wrote. Cerf is called one of the “founding fathers of the Internet” and credited with helping design the Internet’s architecture and key Web protocols.

The theme of his address to the RSA cybersecurity conference was outlined in an abstract description released by conference organizers, and it stands out among the other technical-focused speeches planned for the event. 

The RSA conference is an annual confab of information security professionals who are focused on the latest methods to protect computers systems and commercial and government networks from the growing number of hacker attacks.

Current and former government officials will also be on hand to participate in panels on recent developments in cybersecurity policy, including FBI Director Robert Mueller and Deputy Assistant Secretary of Defense Eric Rosenbach. 

Later in the week, White House Cybersecurity Coordinator Michael Daniel will provide an overview of the administration’s cybersecurity agenda for the year and its approach to handling cyberattacks and attempts to crack into commercial networks in order to steal valuable intellectual property from businesses.

However, Cerf’s keynote illustrates the growing importance of the debate over striking the right balance between the limits countries want to place on cyber aggressors and protecting people’s free speech and privacy rights online. 

Observers say the international fight over barring anonymity on the Internet is far from over and will continue to come up in future global conferences.

“I think countries that are very active in pursuing this agenda are bringing this up in every forum where they can make it happen,” Feld said. “They will continue to raise it and this will continue to be an issue.”

The proposals floated ahead of the U.N. treaty conference did not explicitly call for cracking down on anonymity on the Web, but the idea was included in cybersecurity and anti-spam measures. 

Countries have noted that cyberattacks are a growing problem, and spam, viruses, malware and other malicious software are increasingly flowing into their borders.

To combat those cyber threats, some countries argued that they need to be able to easily track down or unmask the person who is sending email messages laced with malicious viruses and malware, or spreading computer worms over online comment boards and forums, according to Internet industry analyst Larry Downes.

But they are using cybersecurity as a guise to crack down on speech and ideas they disagree with, he argued.

 “A lot of those countries are looking for any excuse to look at more stuff … to improve their level of control,” Downes said.

The treaty proposals called for countries to have control of Internet routing information or identifier information assigned to IP addresses so countries could trace suspicious Web activity back to the owner.

This fall Terry Kramer, the head of the U.S. delegation at the U.N. treaty conference, warned that the technical methods proposed by countries like China and Iran to boost cybersecurity would also allow them to see “what information is flowing on the Internet.”

“There are a variety of non-democratic nations that are seeking to put some content restrictions out there, that are saying they want to know how traffic flows,” Kramer said.

Feld said some countries can already bar anonymity on certain Web services under their national laws but were looking to include these measures in a global treaty to legitimize their actions on a global scale.

“It’s not that cyber is a pretext, it’s just that they’re proposing a cure that’s worse than the disease,” Feld said.  

“The concern is if you mandate this at the international level, you’re going to override the ability for countries to set the place where they’re comfortable, where you balance free speech concerns and these cybersecurity concerns, and we don’t want to be stuck with the least common denominator on this stuff.”

But both Downes and Feld acknowledged that anonymous speech and the use of pseudonyms online makes it more difficult to trace and identify hackers and cyber enemies.

“In some sense they’re right [that] if we made criminals identify themselves before and during the commission of a crime, it would certainly be much easier to stop them,” Downes said.

But at the same time, they stressed that the U.S. government values anonymous speech more than some other countries do, and not all governments hold online anonymity in the same regard.

“In the U.S. we always balance these things against the rights of individuals to maintain their personal privacy and the value of anonymous speech,” Feld said.