Compliance Management, Network Security, Privacy, Threat Management

Privacy, identity, and the Nym of the Rose

No, not the witch in Disney's version of The Sword in the Stone, that's Madam Mim... Nor am I referring to Nym, the corporal in Henry V. A terse definition of nym is the one Wikipedia uses: A pseudonym, especially in the context of internet pseudonyms. But behind that deceptively simple definition is an ongoing dichotomy that has characterized the internet from its earliest days. Pseudonymity and anonymity are pretty easy on the internet: “On the internet, nobody knows that you're a dog.” Is that a good thing or a bad thing? Well, there's no denying that it allows many forms of crime and anti-social behaviour. As Mich Kabay put it:

In the real world, identity resides in the ways that an individual is recognised and held responsible for her actions; in cyberspace, identity is potentially just a user-ID. Social psychologists have found that anonymity can contribute to de-individuation  –  a state of loss of self-awareness, lowered social inhibitions, and increased impulsivity.

On the other hand, there are many people for whom pseudonymity or anonymity allows them to maintain an entirely legitimate online presence that might otherwise expose them to the most unpleasant consequences. As a writer, I'm willing to admit that I'm no stranger to the nom de plume myself.

The rather more famous author Salman Rushdie, who is no stranger himself to living with the threat of unpleasant consequences, has been somewhat vexed this week by a by-product of the debate, having been engaged in some debate with Facebook over his account: FB insisted for a while that the account should carry the name Ahmed Rushdie (apparently the name in his passport), rather than the name by which he is actually known to the literate world. And I commented back in the summer about the somewhat similar tribulations suffered by a certain former spacefleet Captain at the hands of Google+.

However, it may be that in the future, disputes over the accuracy of information tied to social network accounts will lead to worse sanctions than a suspended Facebook account. The U.S. Department of Justice wants the Computer Fraud and Abuse Act to allow prosecution on the grounds of “violation of terms of service or similar contractual agreement with an employer or provide[r].” Which would be bad news for people (certainly in the U.S.) who – mistrustful of a social network site's ability and/or willingness to look after their personal data properly and influenced by predictions that we've reached a point where “social networking identity could be the more valuable than your credit cards” – gave the site inaccurate information about themselves.

I imagine what the DoJ really had in mind here was misuse, such as setting up fake accounts for more-or-less (or unequivocally) criminal purposes, rather than this sort of trivial self-protection. However, Orin Kerr observes that "Anyone can set up a website and announce whatever Terms of Use they like...Under the Justice Department's interpretation of the statute, all of these Terms of Use can be criminally enforced…"

I can see that this could suit the major social networks which see themselves as providing a “digital passport” that allows them to mediate between their customers and all sorts of other services. But how many of us trust a company like Facebook to make good, safe use of the kind of access to our data that would be necessary to validate such a “passport” reliably?

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.