http://elj.warwick.ac.uk/jilt/01-2/grijpink.html Contents Abstract 1. Introduction 2. Key Question 2.1 Explanation 3. Anonymity: A Question of Degree 4. The Social Significance of Anonymity 5. The Legal Implications of Absolute Anonymity Under Private Law 5.1 Absolute Anonymity Under Contract Law 5.1.1 Absolutely Anonymous Electronic Contracts 5.1.2 Problems Concerning the Implementation of an Absolutely Anonymous Contract 5.2 Absolute Anonymity Under the Law of Property 6. Semi-Anonymity 6.1 Semi-Anonymity Under Contract Law 6.1.1 Semi-Anonymous Contracts 6.1.2 Problems Concerning the Implementation of the Semi-Anonymous Contract 6.2 Semi-Anonymity Under Property Law 7. Are New Legal Structures Desirable? 7.1 Prevention or Cure 7.2 Legislation or Self-Regulation 7.3 Renovation or Building From Scratch 8. Conclusion Notes and References Download New Rules for Anonymous Electronic Transactions? An Exploration of the Private Law Implications of Digital Anonymity [1] Dr Jan Grijpink Principal Adviser, Dutch Ministry of Justice jgrijpin@best-dep.minjus.nl Professor Dr Corien Prins [2] Professor of Law and Informatisation, Tilburg University, The Netherlands J.E.J.Prins@kub.nl Abstract For various reasons, most prominently privacy considerations, consumers on the Internet become reluctant to reveal their true identity. Different techniques and services have recently been developed which make Internet activities, such as surfing, anonymous. Facilities are also available to provide individuals with a pseudo-identity. This article explores the status of anonymous electronic transactions under the Dutch private law system and analyses whether new legal rules are required to protect consumer interests. Keywords: Anonymity, Semi-anonymity, Pseudo Identity, Private Law, Privacy, Smartcards, International Regulation, Intermediary, Self-regulation, Legislation, Consumer Protection. This is a Refereed article published on 2 July 2001. Citation: Grijpink J H A M and Prins J E J , 'New Rules for Anonymous Electronic Transactions? An Exploration of the Private Law Implications of Digital Anonymity', 2001 (2) The Journal of Information, Law and Technology (JILT) . <http://elj.warwick.ac.uk/jilt/01-2/grijpink.html> 1. Introduction Lately, anonymous communications on the Internet have gained considerable attention. A New Jersey state court judge ruled in November 2000 that a software company is not entitled to learn the identities of two 'John Doe' defendants who anonymously posted critical comments on a Yahoo message board[ 3]. Fall 2000, Ian Avrum Goldberg's dissertation on A Pseudonymous Communications Infrastructure for the Internet received world-wide publicity[ 4].Ongoing concerns of digital privacy stimulate the debates about possible ways to avoid being 'profiled' on the Net and communicate anonymously. Anonymous communication raises various (legal) questions. What exactly do we mean by anonymity? Why would people want to communicate and transact on an anonymous basis? What are the practical and legal restraints upon anonymity when communicating and transacting with others? In other words: aside from the ad-hoc problems that now arise under case law, what is the larger landscape of the legal consequences of anonymity? This article sets out the most important conclusions of the first stage of a study into the dimensions of digital anonymity. It is intended to set out the problem, make people aware of the intricacies of the problem and thus stimulate the debate on useful legal structures for anonymity. The article focuses on the private law dimensions, addressing situations where consumers want to purchase anonymously on the Internet. With the purpose of directing the key question towards future developments in information technology, the study is based on a picture of the future in which the large scale use of anonymous electronic transactions occupies an important position. We hereby take the chip card as an illustrative example and focus on the Dutch legal situation. Finally, it should be mentioned that this study forms part of a broader search for sustainable legal and organisational transformation processes arising from new information and communication technology[ 5]. The article is laid out as follows. Section 2 provides an outline of the key question into new law for digital anonymity and some background information. Anonymity is a concept that is subject to multiple interpretations, an issue that is discussed in section 3. The key question is only worth addressing if absolutely anonymous electronic legal transactions are technically feasible, and we can put forward a plausible case supporting the practical significance of anonymity in electronic legal transactions. We will set forth that case in section 4. Section 5 outlines the status of an absolutely anonymous contract under private law, contract law and property law. This provides an idea of the room that current private law offers for anonymous legal transactions, which is a good starting point for answering the question of whether these provisions will be adequate when it comes to the widespread anonymous use of chip cards. In section 6 we look into the legal status of less absolute forms of anonymity in legal transactions (semi-anonymity). To answer the question concerning the desired legal development, in section 7 we address the role that the law will have to play if a situation arises in which anonymous electronic legal transactions dislocate vulnerable legal relationships. We will then examine two alternatives for the development of new law: based on our own Dutch law or derived from foreign law. These considerations lead in section 8 to conclusions regarding the extent to which the risks of anonymous electronic legal transactions will in the future necessitate the introduction of new legal rules. Given that legal development takes so much more time than the introduction and distribution of new technology, it is of great importance to gain early insight into the direction in which the law can best develop in response to new technology. That is the underlying motive behind this part of the overall study and the justification for directly reporting on the first preliminary results, in the hope that this will set in motion a discussion that offers prospects for timely legislation should the need arise. <snip> 8. Conclusion In this paragraph we formulate our preliminary response to the question of the extent to which the risks of anonymous electronic legal transactions will in the future necessitate new private law structures, what these structures will probably relate to and the direction in which this development of law could occur. Our legal culture places prevention above a distribution of incurred losses, so that we anticipate that digital anonymity will be regulated as much as possible rather than compensated for in insurance constructions. In the case of absolutely anonymous and semi-anonymous contracts we have noted that the space for these legal transactions is limited (contract law), or is completely absent (property law). In a nutshell, it can be said that knowledge of a person's identity is not a legal requirement under contract law. Parties that knowingly take the risk of entering into a contract with an absolutely anonymous or semi-anonymous party bear the risk of the adverse consequences of a shortcoming. If the identity of the other party cannot be determined, the party in question will face the same situation as he would in the physical world: he will receive neither what the other party was obliged to provide, nor any compensation for damages. A consequence of this nature is acceptable and its implications are kept within reasonable limits if people only act semi-anonymously to a modest extent. The question remains, however, of whether this will be the case if widespread use is made of the possibility to surf, order and pay absolutely anonymously or spontaneously semi-anonymously in an electronic environment. We feel that widespread anonymous actions are accompanied by so many new risks to the various parties involved that this will lead to imbalances in the legal relationships, which will give the legislator cause to seek solutions to protect vulnerable parties and interests. Cases in point include suppliers demanding full payment in advance in an electronic contract entered into at a distance, stringent exoneration clauses and unfavourable proof stipulations. With regard to the content of the possible new legal structures, it is likely that in our Dutch legal culture we will first be induced to search for ways of extending existing formal regulations that limit the possible use of absolute anonymity. In order to respond to a growing need for anonymity in legal transactions, the regulations for organised semi-anonymity could also be extended (e.g. under property law), so that it will be possible to break through a person's anonymity retrospectively if necessitated by court order or by the law. Organised semi-anonymity (or pseudonymity) in legal transactions is therefore a useful weapon against a number of disadvantages of acting absolutely anonymously or spontaneously semi-anonymously, while retaining the envisaged protection of privacy. It is only with the guarantee of this organised protection of a person's true identity without that being abused, that identity fraud can be kept under control and that pseudonyms can provide anonymity towards third parties without damaging the legal order. That is not to say that this form of anonymous legal transaction is easy to organise[ 25 ]. Beyond private law, it will require extra regulations under administrative law, such as an extension of the obligation of public and private bodies to check their clients' identity, of the duty of people to provide proof of identity and public-private co-operation in verifying people's identities and in testing the soundness of general and contractual proofs of identity. Apart from political and social issues that will have to be solved in an international context, bringing about the information infrastructure needed for this purpose will also take a lot of time and money. But balancing the interests of protecting privacy and the need for anonymity in the future information society on the one hand, and those of the legal order on the other, makes extending organised semi-anonymity in our legal culture an attractive course to take for vulnerable transactions. Because both of the above solution directions under Dutch law will reinforce already existing tendencies towards 'juridification' of our society without internationally achieving the envisaged legal protection under Dutch law, we feel that it is desirable to look into how more space can be created for reliable legal transactions on an absolutely anonymous basis, perhaps under our property law as well. This relates in the first place to absolutely anonymous transactions that are of less social importance and whose disadvantages can easily be insured. It also concerns socially important, vulnerable transactions that already tend to be settled on an absolutely anonymous basis world-wide. By way of making a first move in that direction, we feel that it seems in any event desirable to look into the extent to which already existing foreign legal structures such as the agency are suitable for this purpose, and whether this could be incorporated into legal systems that are not familiar with these structures, such as the Dutch legal system. At issue here are the trust in anonymous electronic transactions, consumer protection, combating identity fraud and, let us not forget: the issue of legal certainty when border-transgressing anonymous transactions are involved. Given that the development of law takes so much more time than the introduction and distribution of new technology, it is of great importance to gain early insight into the direction in which Dutch law can best develop in response to more digital anonymity. The importance of new concepts and rules for digital anonymity in legal transactions makes it desirable to discuss and perform research into the directions proposed here, paying attention to the effect that derivation from foreign law has on the key principles of private law systems that are not familiar with such directions. Notes and References 1.The Dutch version of this article has been published in: Nederlands Tijdschrift voor Burgerlijk Recht [Dutch Journal of Private Law], NTBR 2001-4, Kluwer, Deventer. The article is also due to be published in the Computer Law & Security Report, July/August 2001. 2. Dr. J.H.A.M. Grijpink is Principal Adviser at the Dutch Ministry of Justice <jgrijpin@best-dep.minjus.nl >. Prof. Dr. J.E.J. Prins is Professor of Law and Informatisation at Tilburg University, the Netherlands < J.E.J.Prins@kub.nl >. The authors are highly grateful for the contribution of Chris Nicoll, University of Auckland (New Zealand) to paragraph 7.3. 3. The court's decision is available at: < http://www.citizen.org/litigation/briefs/dendrite.pdf >. 4. Available at: <http://www.isaac.cs.berkeley.edu/~iang/thesis.html >. 5. This research programme is an initiative of the Expertise Centre 'Globalization and sustainable development' at Tilburg University < http://globus.kub.nl >. The part of the research discussed here was conducted in collaboration between the Centre for Law, Public Administration and Informatisation at Tilburg University and the Directorate of Strategy Development of the Dutch Ministry of Justice. 6. An isolated (without personal details) person-related biometric characteristic, from which one can derive that the person acting is the right one, but not precisely who he is. For a more detailed discussion of biometrics, reference is made to: van Kralingen, R, Prins J E J and Grijpink, J H AM (1999), 'Het lichaam als sleutel. Juridische beschouwingen over biometrie' ('The body as the key. Legal considerations on biometrics') in Van den Berg & Schmidt (eds) National Programme for Information Technology and Law (IteR), No. 8 (Alphen aan de Rijn: Samson) and Grijpink J.H.A.M. (1999) 'Biometrie als anonieme bewaker van uw identiteit' ('Biometrics as an anonymous guard of your identity'), Beveiliging no. 5, May 1999 pp.22 ff. (Amsterdam: Keesing Bedrijfsinformatie). 7. See: van Klink, B, Prins, J E J, and Witteveen W J, (2000), 'Het conceptuele tekort' ('The conceptual gap') (The Hague: Infodrome < http://www.infodrome.nl >). 8. Grijpink J H A M (1998), 'Justitiebrede scenario's voor het jaar 2010' ('Scenarios for the Ministry of Justice in the year 2010') (Den Haag: Ministerie van Justitie). 9. See the report of the Scientific Council for Governmental policy 'Staat zonder Land' ('State without Country') V 98 (The Hague 1998); the ministerial paper 'Internationalisering en recht in de informatiemaatschappij' ('Internationalisation and law in the information society') TK '99-'00, 25880, no. 10 < http://www.minjust.nl/c_actual/rapport/irinfomy.pdf > and the comparative study accompanying the ministerial paper into the views of various foreign governments on internationalisation and law: Koops, B J, Prins, J E J and Hijmans, H (2000), 'Internationalisation and ICT Law' (The Hague/Boston: Kluwer Law International). See also: < http://www.minjust.nl/c_actual/rapport/overcrbi.pdf >. 10 . See earlier on a distinction: A.M. Froomkin, 'Anonimity and Its Enmities', 1995 J. Online L. art. 4 < http://www.wm.edu/law/publications/jol/froomkin.html >. 11 . A biometric number is a number that is derived using a formula from a physical characteristic (e.g. a fingerprint, the geometry of a finger or hand, or the characteristic movements when signing a document). A biometric number yields a person- related pseudonym. All sorts of other numbers and codes used to verify a person's identity are not person-related. Someone can give a PIN number to somebody else, for example; the electronic signature (code for encrypting data) is computer-related and can be used by another user of that computer. See: van Kralingen R, Prins, J E J and Grijpink J H A M, 'Het lichaam als sleutel. Juridische beschouwingen over biometrie' ('The body as the key. Legal considerations on biometrics') in Van den Berg & Schmidt (eds) National Programme for Information Technology and Law (IteR), No. 8 (Alphen aan de Rijn: Samson); Grijpink J.H.A.M. (1999) 'Biometrie als anonieme bewaker van uw identiteit' ('Biometrics as an anonymous guard of your identity'), Beveiliging no. 5, May 1999 pp. 22 ff. (Amsterdam: Keesing Bedrijfsinformatie BV) and Grijpink J.H.A.M. (2001) 'Biometrics and Privacy' in The Computer Law and Security Report March/April 2001 (Oxford, UK: Elsevier Science Ltd). 12 . Verification is generally not sufficient for the application of criminal law. The police are therefore expected to irrevocably establish the identity of a suspect when investigating a criminal offence. If errors are made at this stage, the legal intervention will go wrong further on in the criminal law enforcement chain. After all, it will generally not be possible to rectify a faulty identification retrospectively by means of verification because, for instance, the suspect can no longer be located or because the available data are contradictory. If the police have made a successful identification at the beginning of the criminal law enforcement chain, other partners in this chain will be able to make do with verifications further on in the legal proceedings. 13 . For examples of the various forms, see: Prins, J E J (2000), 'What's in a name? De juridische status van een recht op anonimiteit' ('What's in a name? The legal status of a right to anonymity') in Privacy & Informatie vol. 3 no. 5 (Th Netherlands: Koninklijke Vermande). 14 . For a discussion of this link between privacy protection and anonymity, reference is made to: Grijpink, J H A M (1999), 'Werken met keteninformatisering' ('Working with chain computerisation'), Section III Privacy and anonymity pp. 133 ff. (The Hague: Sdu Uitgevers). 15 . Goods can already be collected at 7-11 shops of this type in Japan. 16 . This subscriber does not necessarily have to be registered under his own name. In practice, the identity of a subscriber is seldom verified, and in the Netherlands an ISP is not authorised to ask for proof of identity other than on a voluntary basis. Neither is he legally or practically able to verify the soundness and validity of a proof of identity because of the lack of authority and information infrastructure. 17 . Supreme Court: HR 15 November 1957, NJ 1958, 67. 18 . See however: HR 24 January 1997, NJ 1997, 339. The Supreme Court ruled that the provisions of article 2:93, paragraph 1 and article 203, paragraph 1 of the Dutch Civil Code concerning the possibility of the ratification by a company limited by shares or a private limited company, after its foundation, of legal transactions that were performed on behalf of the company being founded is applicable mutatis mutandis to other legal persons. See also HR 11 April 1997, NJ 1997, 583 and furthermore the extensive case law on a subpoena for anonymous people that break into and occupy empty houses. 19 . See however: Ballon, G 'Ik gaf mijzelf geen naam'('I gave myself no name') Tijdschrift voor Privaatrecht, no. 3 pp. 557-592. 20 . See HR (Supreme Court) 15 November 1957, NJ 1958, 67. 21 . See for example: < http://www.anonymizer.com/docs/legal/agreement.shtml > (stipulations 9 and 11) and < http://www.xs4all.nl/freedom/Freedom_files/content/voorwaarden.html > (stipulation 5.4). 22 . Directive 1999/93/EC of the European Parliament and of the Council of 13 december 1999 on a Community framework for electronic signatures, OJ L 013/12, 19 january 2000. 23 . See also the report of the Scientific Council for Governmental policy 'Staat zonder Land' ('State without Country') V 98 (The Hague 1998); the ministerial paper 'Internationalisering en recht in de informatiemaatschappij' ('Internationalisation and law in the information society') TK '99-'00, 25880, no. 10 < http://www.minjust.nl/c_actual/rapport/irinfomy.pdf > and the comparative study accompanying the ministerial paper into the views of various foreign governments on internationalisation and law: Koops, B J, Prins, J E J and Hijmans, H (2000), 'Internationalisation and ICT Law' (The Hague/Boston: Kluwer Law International). See also: < http://www.minjust.nl/c_actual/rapport/overcrbi.pdf >. 24 . See the three proposed Directives, published on 12 July 2000, in which the importance of a high level of consumer protection is expressly put forward as a reason for introducing the new rules: Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector, COM(2000) 385; Proposal for a Directive of the European Parliament and of the Council on universal service and users' rights relating tot electronic communications networks and services, COM(2000) 392; Proposal for a Directive of the European Parliament and of the Council on a common regulatory framework for electronic communications networks and services, COM(2000) 393. 25 . Grijpink, J H A M (1999), 'Werken met keteninformatisering' ('Working with chain computerisation'), Section III Privacy and Anonymity pp. 133 ff. (The Hague: Sdu Uitgevers). |ELJ |JILT |THIS ISSUE |SEARCH |COMMENTS | -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com