
Traceability on the Internet - tapanjk
https://cacm.acm.org/magazines/2018/8/229771-traceability/fulltext
======
mindslight
> _This is an example of differential traceability; the police department has
> the authority to demand ownership information from the Department of Motor
> Vehicles that issues the license plates. Ordinary citizens do not have this
> authority_

This is a _fantastic example_ , but not in the way he intends!

While it is only the DMV that has the official database of license plate
numbers, simply having attached a unique identifier to each car means that
we're trivially subject to all sorts of independently-implemented
surveillance, from the lone PI stalking a target to the wide scale ANPR
dragnets we're currently grappling with. In fact I'd go so far as to say that
in the face of modern technology, the current implementation of license plates
_is a gross rights violation_.

As other commenters have noted, where is this glaring threat? We've had
Eternal September for 25 years and this "harmful behavior" has yet to manifest
in a way that can't be solved by a combination of good old fashioned policing
and Postel's law. Yet we repeatedly hear this tired refrain of ominous ne'er-
do-wells who simply must be stopped.

The current concern is harassment on quasi-public communications platforms
like Twitter. Yet Twitter is _already operating with everyone having a nym_ ,
and still not succeeding at the goals each of its critics envisions. Making
these nyms more permanent doesn't change the actual technical difficulty of
the problem of moderation!

If we're concerned about "social network bullying and misinformation", then we
should first demand to see progress on the topic from independent entities
that can each try many approaches and fail in isolation. Changing the Internet
to have a baked-in totalitarian identification regime and assuming these
platforms will _then_ address our wishes is downright foolish.

~~~
goldenkey
I never realized license plates were able to be utilized by a well funded
private data aggregation operation. Great observation. How far do we have to
go with allowances for information and actions that are taunts for death and
destruction? It seems to me that the only fair way to shape society and
well..shared reality..is to allow everyone to do everything and anything and
allow others who feel strongly to enact responses..ie punishments.

This will eventually maybe be the case ala Star Wars, independent agents
roaming reality, with no law other than consequence by others.

It seems this is untenable too because it evolves into unfair reality, biased
on wealth and capital of weaponry and defense. Not only physically but on a
knowledge and information and technological basis.

Isnt the real underlying archtype of license plates and well..any
authoritarian laws by the government a sort of protectionism for those of us
without the money for defense and offense of our own free persons?

[1] [https://youtu.be/9CO6M2HsoIA](https://youtu.be/9CO6M2HsoIA)

I am libertarian..but freedom in reality is a function of resources. So I
cannot square this circle... laws are a hard issue.

~~~
mindslight
You're really just describing an anarcho (-capitalist) framework. Which is
fine, but isn't actually libertarianism, anarchism, or really any -ism without
accompanying _heuristics_. Essentially your first three paragraphs describe
what _we already have_ , just in different terms - really, read them with that
in mind.

The real questions are about who gets that power, how it accumulates, and what
that power _is actually able to compel_. Ancap/Libertarianism subscribe to an
assumption that markets are generally efficient, and so kind of throw up their
hands with regards to these questions _in the small_.

> _Isnt the real underlying archtype of license plates and well..any
> authoritarian laws by the government a sort of protectionism for those of us
> without the money for defense and offense of our own free persons?_

No, not inherently. For instance, one can also say that authoritarian laws by
the government are to serve those _with_ the resources funding the government,
in order to enact _their_ agenda. Both are right, but not completely.

One of the biggest instances of market inefficiency is the power dynamics of a
given situation, which are indeed effected by technology. For instance, a gang
of four thugs can easily beat and rob you with impunity. But if all five of
you have _guns_ , then that gang has to weigh the risk that you might just get
a lethal shot off [0]. That is a qualitative change to the dynamics of the
situation.

To bring things back to a very concrete example about the current topic, we
all know how draining and damaging being the target of a baseless lawsuit by a
well-funded adversary is. If one can only post online along with their real
name, that means every small-fry whistleblower or critic is under immediate
threat by this type of might-makes-right retaliation. Whereas if one is able
to post anonymously, then they have an opportunity to _completely sidestep_
being attacked in this manner.

[0] disclaimer: of course, maybe we don't think that people getting shot all
the time is the type of chaos to structure a society around, but that was _an
example_ not a universal _endorsement_.

------
rasengan
This position invites a slippery slope which will lead to the identification
of us all at all times. Especially, to suggest giving the power of
traceability to “official” law enforcement only is a really bad
recommendation.

Did you forget what happened at the NSA?

Please don’t make these recommendations while using the name Vint Cerf, father
of the Internet. It sends a bad signal as if you (supporting traceability) are
not the minority here.

I have had enough of my /heroes/ supporting backdoors. Please stop it. I hate
working against you (supporting anonymity is clearly something you don’t wish
to achieve). :(

~~~
mhneu
What we've learned over the past year or two is that everything we all used to
worry about NSA doing, Facebook is ACTUALLY doing.

I was also one of those misled, and now know the NSA has controls and a
democratic governance structure atop them (as do the other four agencies in
UK, Canada, NZ, Aus) that restrict what they do for lawful, democratically-
endorsed uses only.

Surveillance capitalism at Facebook (good description here:
[https://www.schneier.com/blog/archives/2018/03/facebook_and_...](https://www.schneier.com/blog/archives/2018/03/facebook_and_ca.html)
) is a bigger threat to democracies.

~~~
rasengan
> lawful, democratically-endorsed uses only.

[https://en.wikipedia.org/wiki/LOVEINT](https://en.wikipedia.org/wiki/LOVEINT)

~~~
mhneu
Yes, but note from the page: those unauthorized accesses were _reported_ and
the employees were _sanctioned_ including demotion, etc.

On the private side, it can be worse, because the governance structure is not
always there.

[https://bgr.com/2016/12/13/uber-privacy-and-
security/](https://bgr.com/2016/12/13/uber-privacy-and-security/)

 _Uber employees helped ex-boyfriends stalk ex-girlfriends, and were even able
to access trip information for celebrities like Beyoncé, Reveal News explains.
These revelations come from the company’s former in-house forensic
investigator Ward Spangenberg._

Agreed from comment above this one - it's a problem both for govts and for
private industry. I think what democratic societies need is an agreed
framework for how as a society we regulate such data collection (as Schneier
argues in the link I posted above, or as Doctorow has recently argued.)

------
teddyh
Even _if_ it were somehow possible to achieve pseudonymity (i.e. permanent and
unchangeable – but anonymous – identifiers), _any_ work in this area towards
this goal will first be heavily funded, and later heavily co-opted, by the
people wishing for actual identification without pseudonyms, and this will
ultimately then be presented as the only possible technical solution. The
large companies in the field will then adopt the completed “standard”, thereby
forcing every user of their services to use it, and any form of actual
anonymity or even pseudonymity will then have been lost.

We have seen this phenomenon before in other fields. Large actors provide
funding for groups with ostensibly beneficial goals, and the funders then
influence the groups’ work towards the actor’s own desires, often subverting
the goal of the original group completely, but getting the percieved aura of
legitimacy of the original group onto the subverted standard.

------
AndrewKemendo
Isn't the point of RMS and others in the libre-internet movement that it's
exactly those groups that Cerf identifies, namely governments, that we want to
ensure don't have unique traceability capabilities because they also have
coercive capabilities?

------
EGreg
When I visited Tim Berners-Lee’s SOLID project, I recommended one thing to
them: do NOT have one canonical WebID for everything.

I had to grapple with these issues years ago and here are some solutions:

[http://magarshak.com/blog/?p=114](http://magarshak.com/blog/?p=114)

------
sverige
> In most societies today, it is accepted that we must be identifiable to
> appropriate authorities under certain conditions (consider border crossings,
> traffic violation stops as examples). While there are conditions under which
> apparent anonymity is desirable and even justifiable (whistle-blowing, for
> example) absolute anonymity is actually quite difficult to achieve (another
> point made at the Ditchley workshop) and might not be absolutely desirable
> given the misbehaviors apparent anonymity invites.

Border crossings and traffic stops occur in meatspace, where there is some
potential for an actual threat. What exactly is the threat that justifies the
need to identify individuals at all times on the internet?

------
tomwas54
Google Cache link:
[https://webcache.googleusercontent.com/search?source=hp&ei=A...](https://webcache.googleusercontent.com/search?source=hp&ei=AttmW4bWKMSVkwXEhbLQDQ&q=cache%3Ahttps%3A%2F%2Fcacm.acm.org%2Fmagazines%2F2018%2F8%2F229771-traceability%2Ffulltext&oq=cache%3Ahttps%3A%2F%2Fcacm.acm.org%2Fmagazines%2F2018%2F8%2F229771-traceability%2Ffulltext&gs_l=psy-
ab.3...921.1793.0.2006.7.7.0.0.0.0.89.314.6.6.0....0...1c.2.64.psy-
ab..1.5.282...0j0i131k1.0.mAVsfQujqe8)

------
lifeisstillgood
LGBT friends of mine defend anonymity for the protections it seemingly affords
similar youngsters - but as more of the real world moves online then more of
the bad actors move too.

We have traceability IRL and we can choose how much bad behaviour we are
willing to tolerate - and it is that choice that we need to focus on, what
society is willing to let slide not anonymity.

it's not a protection. we can let it go.

------
al_ramich
It would make a lot of sense. The fact that currently there isn't a single
unique identifier per online user allows for an unregulated environment.
Obviously, there are things like IPs, the mobile device identifies (phone
number...) or even single-sign-on platforms but the bottom line is that there
isn't something that is unique per user and platform independent. Should there
be a unique credential per user just to access anything online? From the
security perspective, you would definitely say yes but you could also imagine
that this could be taken too far

[http://uk.businessinsider.com/how-china-is-watching-its-
citi...](http://uk.businessinsider.com/how-china-is-watching-its-citizens-in-
a-modern-surveillance-state-2018-4)

~~~
Asooka
You're basically describing "The digital imprimatur" [1]. It will absolutely
be abused to hell and back if implemented, starting with "it's for the
children", going through "artists must get paid" and arriving at "we have
always been at war with Eastasia".

[1] [https://www.fourmilab.ch/documents/digital-
imprimatur/](https://www.fourmilab.ch/documents/digital-imprimatur/)

