AIFON

(Continued from the previous post)

The theory of regulated anonymity as propounded by Naavi advocates a conflict resolution solution for preserving the democratic principles of Privacy Protection in Cyber Space along with the need of the law enforcement to be able to prevent misuse of “Privacy” as a cover for Cyber Crimes.

The Theory is built on the premise that “Absolute Anonymity of the Netizen is impractical as it would be completely opposed by all law enforcement authorities and is against the current laws in most countries. Under the theory, Anonymity should be regulated by providing every Netizen with a “Cyber Space Avatar ID” to substitute the “Physical Space Citizen ID”. The Netizen may use his Netizen ID whenever he wants to be anonymous while he is free to do any transaction in Cyber Space also with the Citizen ID of the Physical Society. Whenever a justification arises for the Privacy wail to be lifted, a due process outside the control of the Government/Politicians/Corporate interests would be applied.

The assumptions under this theory are

a) Government of the day is not absolutely trusted by the Citizens and

b) Privacy law in most countries advocate a “Due Process” for lifting the privacy wail in the interest of national security etc. However the “Due Process” has a tendency to get corrupted in favour of an aggressive Government or influential corporate authority.

c) There is a need for an agency to act as an “Ombudsman” (Privacy Protection Group or PPG) between the Law enforcement authorities and the Citizen to decide when privacy wail can be lifted in the interest of national security and in accordance with the due process of law.

d) PPG has to be constituted outside the control of the major stake holders in privacy breach namely the Government, Politicians, and the Corporate powers.

e) Anonymity can be better preserved by distributing data across multiple persons and locations so that no single country or single person has all the data that are necessary for identifying a Netizen of the Cyber Society to a corresponding Citizen in the Physical world.

f) Necessary and Sufficient Penalties can be imposed on the Netizens applicable to Cyber Society independent of the penalties that can be imposed on the Citizen mapped to an offending the Netizen ID.

Suggested Process

In pursuance of the above principles, the system of Regulated Anonymity recommended by Naavi is depicted in the following diagrams. The first diagram shows the suggested architecture for converting the Citizen ID to a Netizen ID and the second diagram shows how the request for the lifting of the privacy wail will function.

In the above process, only for a brief period, private data will not be available in unencrypted form at any stage of anonymization. The decryption occurs only at the time of disclosure. These servers would be in different countries other than the country of residence of the user. The Netizen ID and its mapping to the ID required for accessing the data when required would be kept in a fourth server.

This system ensures that data gets distributed over four different countries and servers and hence it would be difficult to forcefully access the data by any Governmental authority.

The process of revealing the personal data in case of a genuine need would be handled with a strong mechanism for filtering fake requests and unlawful requests. The body which filters the requests from law enforcement agencies will consist of experts in privacy law in different countries.

This process of Regulated Anonymity is expected to satisfy the Privacy requirements as well as the law enforcement needs.

It remains to be seen however who will venture into setting up the above system. It would be ideal that an organization like ICANN should take the lead in establishing such a system.

Naavi

Internet developed in the 70’s because of its ability to provide an opportunity for anonymous expression by individuals. Even today Privacy activists are fighting for anonymity as a matter of right. “Right to be Forgotten” is the new prescription of privacy laws under development in EU.

There is admittedly, a strong case for “anonymity” and also “Pseudonomity” as means of protecting the privacy of an individual on the Internet. However looking from the perspective of increasing Cyber Crimes and their escalation to Cyber Terrorism and Cyber Wars, there is an equally strong case for the demand of the law enforcement for absolute surveillance and need to identify individuals conducting any transaction on the Internet. The new laws in most countries including India and US try to provide for such “ Authorized Invasion of Privacy”. This brings forth the direct conflict between Privacy and Crime Prevention while formulating regulations.

If we agree that even “Democracy” needs to defend Cyber attacks on its individuals and therefore do everything within its powers to identify criminals and punish them if they are hiding behind the privacy rights, then it is necessary to find a solution to this conflict of interest.

The biggest problem in Privacy advocates accepting to any form of surveillance is the proven fact that a power meant to secure the society is always misused by the Government to secure its own power to rule. Thus, surveillance will be used to gather information on the activities of the political opponents and to intimidate the opponents. Thus a dictatorship under the garb of democracy can always use the powers assumed for national security of the security of the political party.

It is in this context of both “Anonymity” and “Regulation” having their own justification that I suggest a system of “Regulated Anonymity”. This could be a solution to resolving the conflict between Privacy advocates and the regulators.

The system of “Regulated Anonymity” envisages that a “Non-Governmental” body of the Netizens will regulate the anonymity. The system would be similar to the presently available “Anonimizer” services. However, at present the anonimizers are either run with a profit motive by a private company or known groups of law evaders. While an anonimizer run by a private company will only replace the Government with a private entity who can be corrupted for an organized breach of information, an anonimizer run by law evaders will not cooperate with the regulators even when it is necessary in the interest of the society.

We therefore need to have an agency which is not a Government body with political interests, nor a private body with profit interest nor a criminal body with self protective interests. It is a challenge of the “Regulated Anonymity” system to find such an agency.

Perhaps the answer lies in the system of how Wikipedia runs or some thing similar to it. The control should be with a distributed set of persons committed to Privacy and Safe Internet. The interaction with the law enforcement should be with people who are another set of persons who can evaluate the requirements of the law enforcement and invoke a trusted cooperation from the technical team to reveal the identity of persons behind any offending transaction.

I invite suggestions and comments from legal and technical persons about how such a system can be designed.

(Part II in continuation)

Aaron Swartz, the young techie who committed suicide on the 11th of January represents a tragedy that could have been prevented if the Police had been more reasonable.It is alleged that the US prosecutors tried to demand higher punishments by invoking Computer Fraud and Abuse Act and thereby trying to enhance the possible punishment from around 6 months to 35 years.

Involvement of Swartz in the campaign against “Stop Online Piracy Act” (SOPA) made him a symbol  of Internet activism which needs to be remembered by all Netizens.. See here for details

Though the prosecutor in the case denied that they tried to threaten the victim with over prosecution threat, the possibility of an unreasonable punishment appears to be a principal cause for the suicide.

This is indicative of what is in store for Netizens if they silently suffer the misuse of law from time to time.  In India we have already been seeing how the criminal justice system is misused by politicians. If therefore Netizens donot organize themselves and fight against misuse of law by those in power, they will be unfairly exploited.

This AIFON therefore tries to lay the foundation for the development of an all India body of Netizens.

Naavi

It is being increasingly observed in India that the Cyber Law space is in need of a major overhaul. Cyber Crimes are increasing and the Government machinery as well as the Police are acting dangerously showing apathy for genuine victims and aggression for political opponents.

ITA 2008 has bestowed enormous powers on the Police and if a tendency develops int he police to misuse them then there would be danger for the society.

Our Human Rights Organizations are incapable of understanding the requirements of Netizens, protecting their rights and preventing their unfair victimization.

Examples of Government apathy is evident in the Government of India remaining silent on the appointment of chair person for the Cyber Appellate Tribunal in Delhi. In Karnataka apathy of the Government is evident from the action of the earlier Adjudicator who has kept the service out of reach of cyber crime victims in Karnataka with a tainted decision and the new administration remaining silent.

Examples of Police atrocities is raising. Honest Small business owners in Internet space are in danger of being harassed by excessive use of force

There is a need for change in some of the laws to make them more effective without being repressive.

Naavi.org has been a spokes person for such issues on cyber space for nearly 15 years. But the anti netizen forces have now become so strong that unless a larger movement of netizens takes up the responsibility for fighting for netizen’s rights, the future of Cyber space dwellers from India looks bleak.

Naavi.org therefore proposes setting up of an All India Netizen’s Forum with the sole objective of being a representative body of Netizens which can take up issues of importance to the Netizens with the appropriate authorities from time to time.

Initially, Naavi.org will be the base and an attempt to build a critical mass of Netizens into this forum will be started. If sufficient support is received, the movement will be taken forward.

The outline of what this “All India Forum of Netizens” (AIFON) is expected to do will be presented through this site.

I look forward to support from all like minded persons for this initiative.

Naavi