Ban internet anonymity – says US Homeland Security official
Justification: Child abuse and terrorism, of course
Internet anonymity should be banned and everyone required to carry the equivalent of a license plate when driving around online.
That's according to Erik Barnett, the US Department of Homeland Security's attaché to the European Union.
Writing in French policy magazine FIC Observatoire, Barnett somewhat predictably relies on the existence of child abuse images to explain why everyone in the world should be easily monitored.
He tells a story about how a Romanian man offered to share sexually explicit images of his daughter with an American man over email. The unnamed email provider uncovered this exchange and forwarded the IP address of the Romanian to the European authorities and a few days later the man was arrested. Job well done.
Before we have an opportunity to celebrate, however, Barnett jumps straight to terrorism. "How much of the potential jihadists' data should intelligence agencies or law enforcement be able to examine to protect citizenry from terrorist attack?", he poses. The answer, of course, is everything.
Then the pitch: "As the use of technology by human beings grows and we look at ethical and philosophical questions surrounding ownership of data and privacy interests, we must start to ask how much of the user's data is fair game for law enforcement to protect children from sexual abuse?"
Followed by the online-offline analogies: "Under most accepted legal theories, we do not own our 'physical' fingerprints, so can we really conclude we own our digital ones?"
And then the punch: "When a person drives a car on a highway, he or she agrees to display a license plate. The license plate's identifiers are ignored most of the time by law enforcement [unless] the car is involved in a legal infraction or otherwise becomes a matter of public interest. Similarly, should not every individual be required to display a 'license plate' on the digital super-highway?"
Despite Barnett's suggestion that we must "start" asking how much our online activity should be traceable back to an individual, the debate has in fact gone on for several decades and been largely decided in law and in practice. This article however is just the latest example of a push by law enforcement and the security services to normalize what had been secretive mass surveillance of internet transactions before it was exposed by Edward Snowden two years ago.
The fight is going on at several levels. There is the furious debate over encryption, where law enforcement is arguing for backdoors and tech companies are largely refusing to comply. And then there is the Safe Harbor agreement at the heart of vigorous debate this week between US and EU officials as a critical deadline draws near.
In that broader discussion, Barnett's article and arguments are clunky and unsophisticated. Anything used by terrorist groups or child abusers is automatically fair game according to his way of thinking. He writes: "Social media is used to generate support for terrorist groups ... How appropriate is the law enforcement engagement of the social media companies to reveal digital fingerprints of these extremist groups? Who determines the level of 'extremism' of a group? Few would disagree that law enforcement and intelligence services should have the ability..."
Of course, seen only through the lens of tracking down wrongdoers, this seems like a reasonable approach. Unfortunately it ignores the fact that this accounts for a tiny, tiny percentage of overall internet activity. The result of allowing every online transaction – most of which are far more personal and revealing than driving along a road – to be tracked would have a societal impact far beyond the very few, appalling but isolated incidents that Barnett wants to re-engineer the internet over.
"Where are the lines that cannot be crossed? Do the rules which apply to the physical world, both for citizenry and police, apply in the digital one?"
Implicit in this persistent but unthinking law enforcement argument is an assumption that all that information will be used only by the right people in the right ways. That assumption is startling in its naiveté, especially from someone who is clearly anything but naive.
Barnett is certainly right in that there needs to be a more informed and vigorous debate over how we allow law enforcement to do their job in the increasingly digital world. Unfortunately this ham-fisted effort to make one side of that case is more an impediment than a help. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- NSO Group
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust