Trust and Internet Identity Meeting Europe
2013 - 2020: Workshops and Unconference

Anonymity vs Accountability

(John Erik Seetsaas)

Let’s say you sign for service anonymously. What do people think when you say anonymity. What do they expect? They always answer: yes we want anonymity but we also want accountability. So the question is what we mean by anonymity? A: I don’t want that what happens somewhere not to affect the rest of my life. I want to have a separation of working sphere etc.

Q: Is anonymity wanted for business? A: It can be bad because if someone is breaking the law you cannot proceed them. The only thing you can is to ban them from that particular platform, but he can come back. Note: In Germany there is a law that service providers have to keep track of users so they later can identify them. The service provider has to provide the names of users.

Another person: To the certain level it is necessary to have anonymity (freedom of speech) There should be a line how far anonymity should be provided. Q: DO we want anonymity? A: Everybody should be confronted with legal acts. It is not only important what we think anonymity is because there is also “anonymous” fear between people. After all, they have fear from these people wearing masks and showing up as “Anonymous”. Note: There is a story about girls being stoked on Instagram. There is an identity problem in that case because if they block him, he will just create another account. It means they cannot block him currently.

Q: Do we want to build anonymity or a pseudonymity layer? A: If would be horrible if it is possible to just write your name and comment online. But for countries like Saud Arabia or China or countries with the regime, the anonymity is needed for people who want to pint something out.

Q: When the public opinion changes on some topics because of identity problems (e.g. elections in USA or Czech republic) A: We as a society have to learn to handle the quality of information (to distinguish between real persons and some anonymous accounts) What is illegal depends on the country as well because there are different laws in different countries.

Q: Who has the authority to say what is fine and what is wrong? Julian Assange (Swedish and US government used some situations and tweaked the law to enforce some actions)

Q: If we could would we build anonymity or pseudonymity in that system: A: There are more levels: 1. Absolute anonymity and 2. Relative anonymity. e.g PayPal (it does not reveal your identity and one can use it worldwide) e.g. German personal ID (the randomly generated attribute is given to someone and that person does not know who you are), but anonymity would mean not using it at all. A: It depends on the service. E.g. for a bank account you need to provide your ID, but if buying cigarettes/alcohol you only need to prove you are above 18, but not your complete ID. For the example of an Instagram account, there should be some technology to recognize that it is the same person creating a new account. Note: Instagram and Facebook do not allow anonymity because it is using many personal data and actually has people’s life-profiles.

We do not want the real criminals. If somebody does something illegal then he should also be accountable for that.

Global identifying platforms should introduce accountability but global identity systems are frightening people. There is only one government (Estonia) that got an identity governance platform.

I do not believe in global identity solution but the government failed to implement their solutions on the other hand.

Summary: Anonymity is needed somewhere (e.g. when doing some stuff like buying alcohol etc.)

The whistleblower should not be allowed to be anonymous. But on the other hand, if there is no anonymity there will be no whistleblowing.

There is a difference between creating a system where it is easy to be anonymous and a system where it is hard. Really strong law regulations are needed to have the possibility to for example track these accounts on Instagram.

FINAL COMMENTS: The system described exists (GSMA mobile connect 2.0 standard). You can do pseudo-anonymous authentication there.