At 07:56 AM 01/24/2003 -0500, Bob Hettinga wrote:
There's some interesting discussion about the ability of the Dutch legal culture to provide useful tools for regulating transactions in anonymous or semi-anonymous environments - if you can't find somebody, can you speak of enforcing contracts, etc. Not surprisingly, this has been discussed extensively by the Cypherpunks and other people exploring applications for cryptographically-protected communications. Some of the standard references are Tim May's "Cyphernomicon" paper (on the web), Orson Scott Card's novel "Ender's Game", and Vernor Vinge's story "True Names". (As the JILT paper says, systems like this may be quite complex to actually implement in practice, and fiction provides a good tool for exploring the social implications without doing the difficult detail work.) I do want to comment on the concept of pseudonymity and semi-anonymity. The paper appears to be using a definition in which a Trusted Third Party provides a pseudonym service, which knows the True Name behind each pseudonym and can provide it when required for a limited number situations, such as collecting unpaid debts or prosecuting ThoughtCrime, but otherwise the pseudonym is adequate for many activities, and the user can protect his privacy and conduct various activities under different pseudonyms without them being linked to each other or to his True Name. Unfortunately, the definitions of ThoughtCrime have been radically expanded in recent years, primarily due to "intellectual property" concerns from the music and movie publishers and the Church of Scientology, so the usefulness of these pseudonyms has decreased, even for pure communications applications without the anonymous digital payment systems that can enable anonymous business. An alternative definition of pseudonymity, which is more common in the Cypherpunks discussions, is the use of a persistent identity, verified by digital signatures, which permits the development of reputations without the need for True Names. The types of businesses that can be supported in this environment are more limited, because there's no way to throw somebody in jail if they default, but much of European merchant law evolved without this ability. For some applications, "Reputation Capital" provides enough protection - a name that's used for months or years of good transactions or writing good essays or making good investment recommendations has a value that will be lost if it's abused, but for other applications, escrow services substantially increase the types and values of transactions that are possible. Escrow can be used on a per-transaction basis, or the escrow service may be part of establishing a pseudonym, providing an amount of money that can be seized in a dispute resolution process without needing the True Name of the pseudonym-holder. Pseudonymity is becoming increasingly common in practice. AOL "screen names" were primarily intended to allow multiple family members to share an account, but are also useful for protecting privacy, especially of children in chat rooms. There's no explicit requirement for a True Name, though most accounts use credit cards which do provide some tracing ability, but the depth of credit checking performed by AOL is "did their credit card company approve paying for their service this month", rather than "how big a transaction can their assets cover" or "where do they sleep, in case the police want to arrest them". Yahoo Mail and Hotmail systems are relatively untraceable, however. EBay accounts have an organized reputation capital system, allowing buyers and sellers to rate whether the other party has met their obligations, and to allow prospective buyers and sellers to see the ratings and estimate whether they'll be defrauded or not. Unfortunately, EBay recently bought Paypal, so the privacy of Paypal users is no longer protected by the separation between the auction system and the payment system, since Paypal uses credit cards and therefore semi-traceable identities to pay people. Julf Helsingius's original Anonymous Remailer was originally intended to provide the stronger form of pseudonymity, but unfortunately he was forced to reveal the information he had about a user (because of the intellectual property Throughtcrime problem), though in fact that identity was another disposable email address.
In order to respond to a growing need for anonymity in legal transactions, the regulations for organised semi-anonymity could also be extended (e.g. under property law), so that it will be possible to break through a person's anonymity retrospectively if necessitated by court order or by the law. Organised semi-anonymity (or pseudonymity) in legal transactions is therefore a useful weapon against a number of disadvantages of acting absolutely anonymously or spontaneously semi-anonymously, while retaining the envisaged protection of privacy. It is only with the guarantee of this organised protection of a person's true identity without that being abused, that identity fraud can be kept under control and that pseudonyms can provide anonymity towards third parties without damaging the legal order.