JILT: New Rules for Anonymous Electronic Transactions? An Exploration of the Private Law Implications of Digital Anonymity

Bill Stewart bill.stewart at pobox.com
Sun Jan 26 12:06:43 PST 2003


At 07:56 AM 01/24/2003 -0500, Bob Hettinga wrote:
>http://elj.warwick.ac.uk/jilt/01-2/grijpink.html

There's some interesting discussion about the ability of the
Dutch legal culture to provide useful tools for regulating transactions
in anonymous or semi-anonymous environments - if you can't find somebody,
can you speak of enforcing contracts, etc.  Not surprisingly,
this has been discussed extensively by the Cypherpunks and other people
exploring applications for cryptographically-protected communications.
Some of the standard references are Tim May's "Cyphernomicon" paper (on the 
web),
Orson Scott Card's novel "Ender's Game", and Vernor Vinge's story "True Names".
(As the JILT paper says, systems like this may be quite complex to actually
implement in practice, and fiction provides a good tool for exploring the
social implications without doing the difficult detail work.)

I do want to comment on the concept of pseudonymity and semi-anonymity.
The paper appears to be using a definition in which a Trusted Third Party
provides a pseudonym service, which knows the True Name behind each pseudonym
and can provide it when required for a limited number situations,
such as collecting unpaid debts or prosecuting ThoughtCrime,
but otherwise the pseudonym is adequate for many activities,
and the user can protect his privacy and conduct various activities
under different pseudonyms without them being linked to each other
or to his True Name.    Unfortunately, the definitions of ThoughtCrime
have been radically expanded in recent years, primarily due to
"intellectual property" concerns from the music and movie publishers and
the Church of Scientology, so the usefulness of these pseudonyms has
decreased, even for pure communications applications without the
anonymous digital payment systems that can enable anonymous business.

An alternative definition of pseudonymity, which is more common in the
Cypherpunks discussions, is the use of a persistent identity,
verified by digital signatures, which permits the development of
reputations without the need for True Names.  The types of businesses
that can be supported in this environment are more limited,
because there's no way to throw somebody in jail if they default,
but much of European merchant law evolved without this ability.
For some applications, "Reputation Capital" provides enough protection -
a name that's used for months or years of good transactions
or writing good essays or making good investment recommendations
has a value that will be lost if it's abused,
but for other applications, escrow services substantially increase
the types and values of transactions that are possible.
Escrow can be used on a per-transaction basis, or the escrow service
may be part of establishing a pseudonym, providing an amount of money
that can be seized in a dispute resolution process
without needing the True Name of the pseudonym-holder.

Pseudonymity is becoming increasingly common in practice.
AOL "screen names" were primarily intended to
allow multiple family members to share an account, but are also
useful for protecting privacy, especially of children in chat rooms.
There's no explicit requirement for a True Name, though most accounts
use credit cards which do provide some tracing ability,
but the depth of credit checking performed by AOL is
"did their credit card company approve paying for their service this month",
rather than "how big a transaction can their assets cover" or
"where do they sleep, in case the police want to arrest them".
Yahoo Mail and Hotmail systems are relatively untraceable, however.
EBay accounts have an organized reputation capital system,
allowing buyers and sellers to rate whether the other party has
met their obligations, and to allow prospective buyers and sellers
to see the ratings and estimate whether they'll be defrauded or not.
Unfortunately, EBay recently bought Paypal, so the privacy of
Paypal users is no longer protected by the separation between
the auction system and the payment system, since Paypal uses
credit cards and therefore semi-traceable identities to pay people.

Julf Helsingius's original Anonymous Remailer was originally intended
to provide the stronger form of pseudonymity, but unfortunately
he was forced to reveal the information he had about a user
(because of the intellectual property Throughtcrime problem),
though in fact that identity was another disposable email address.

>In order to respond to a growing need for anonymity in legal transactions, 
>the regulations for organised semi-anonymity could also be extended (e.g. 
>under property law), so that it will be possible to break through a 
>person's anonymity retrospectively if necessitated by court order or by 
>the law. Organised semi-anonymity (or pseudonymity) in legal transactions 
>is therefore a useful weapon against a number of disadvantages of acting 
>absolutely anonymously or spontaneously semi-anonymously, while retaining 
>the envisaged protection of privacy. It is only with the guarantee of this 
>organised protection of a person's true identity without that being 
>abused, that identity fraud can be kept under control and that pseudonyms 
>can provide anonymity towards third parties without damaging the legal order.





More information about the cypherpunks-legacy mailing list