The news of the U.S. government’s latest attempt at a national citizen “Internet ID” brought yet another round of choruses: The Internet must be free! Any government ID plan is bad! Anonymity for all forever! Perform an Internet search on “Obama national Internet ID” to see the screeds against the proposed plan. Security experts around the world are saying the government would have to pry their anonymity from their cold, dead touchscreens.
I chuckled at these angry responses because they sound like the heated calls for anarchy in the 1970s from tattooed punk rockers smoking unfiltered Camels while the Sex Pistols played in the background. The difference is the angry masses in this case are being riled up by security experts, who have been ranting wildly enough to spill their expensive Imperial Stout all over their tablet devices and brie salads.
Notably, the details behind the plan are scarce right now. The rationale, according to U.S. Commerce Secretary Gary Locke, is “enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”
Even though I’m a huge privacy proponent, I get a little tired of seeing every proposal for a national or government ID met with absolute aversion. Security isn’t binary. If a national ID plan offers more benefits than disadvantages, then I don’t want to throw the baby out with the bathwater.
Total Internet anonymity means total anarchy
Just like the anarchist who is the first to call the police when punched in the face over his or her beliefs, the Internet would fall if we had total anonymity and no means of ensuring trust. Without strong authentication, authorization, and accounting, even places on the Internet meant for total anonymity would fail. The Internet would not be the Internet. Why? Because someone has to pay the bills and maintain control.
If the Internet was completely anarchistic, with no access control, websites would be constantly taken down, denial-of-service attacks would be even more common than they are today, and anyone could pretend to be anyone else. (This is already all too easy to do on Facebook, one of the biggest websites ever.)
Someone has to exert control and make sure ill-intentioned people don’t take it all down. In the perfect world, no one would ever try to take down a website or disrupt someone else’s legitimate actions. But human beings are imperfect and often seem overly capable of damaging other people’s resources and experience. Case in point: I consulted for the owners of a thoroughly hacked website that had been created for collecting donations for a child’s cancer treatment. I’m sure the hacker has plenty of personal excuses to rationalize his or her behavior.