The Evolving Challenges to Maintaining Anonymity

While anonymity provisions under the First Amendment have been crucial over half a century, they do have limitations. Certain government powers cannot be used to mask people without the constitutional protections. Cases like TalleyLimit the government’s power to require authors to reveal their true names. John Doe online subpoena opinions provide anonymity online when private parties seek to use court-issued subpoenas to force the disclosure of personal information. These precedents do not generally restrict private activities that might compromise an individual’s anonymity due to the state-action doctrine.

Information that we share with companies and the government can be used to trace our identity. It happens even if you assume anonymity. Helen Nissenbaum, a 1999 writer, stated that anonymity is possible in today’s computer age, but it requires more than simply allowing individuals to keep their identities secret.

Three main challenges in maintaining anonymity are discussed by my book. They go beyond First Amendment protections. Some online platforms have “real-name policies,” which prohibit customers from anonymously using their services. The vast amounts of information available to people allows them to remain anonymous online, despite trying to do so anonymously. Companies have large amounts of personal information which is not controlled and can hinder anonymity.

It is up to social media platforms to decide whether they require users to use their real names or post under them. Facebook and Twitter have had real-name policies for a long time, but Reddit and Twitter are open to pseudonymous operation (though they ban impersonation). The government can’t require platforms to adopt real-name policies. However, they cannot ban them. While I have doubts about the efficacy and harm of real-name strategies, it is not possible for platforms to decide how much anonymity they want.

The second challenge—the availability of public information about speakers—also largely cannot be addressed by changes to the law. The book describes how anonymous speakers have their identities made public because they provided enough clues for others to piece together the puzzle pieces that would reveal their identities.

Banner 3

Some clues could have been found in the posts of their users, which often can be linked with other publicly accessible data. Only a handful of data points is required for identification. This has been established by academic research. Latanya Sweney used Census data from 2000 to show that nearly 87 percent of Americans were unique combinations of five-digit ZIP codes, gender and their birth dates. Paul Ohm, a 2010 prescient observer, pointed out that the easy reidentification and anonymization of data can pose great dangers to individuals’ safety. Ohm said that it would be easier for our enemies to link us to facts which they could use to harassed, defame and frame us or discriminate against. Powerful reidentification is going to bring us all closer to our personal “databases for ruin.”

The popularity of social media has increased the availability of information in the years following Sweeney’s pioneering research.  In my book I explain how, over the past years, people posting controversial or offensive speech on social networks, possibly under pseudonyms in an effort to hide their identities, used clues in their posts as well as publicly accessible information. The ease with which people can be tracked and unmasked based on publicly available information shows that anonymity empowers people through technology and First Amendment.

Legislative changes may address the third contemporary challenge to anonymity empowerment. A lot of personally identifiable information is collected online by data brokers, and other companies with very few restrictions regarding its use for piercing anonymity offline and online. The U.S. laws are very liberal in allowing the sharing, use and collection of facial recognition data and precise geolocation points as well as other information that could be used to identify individuals, which I have documented in my book.

Data security, privacy, and data protection laws must aim to preserve anonymity.  Many data protection laws such as the European General Data Protection Regulation promote anonymization or pseudonymization. Although this is an important step forward, it is dangerous to assume anonymity or pseudonymization of data when individuals can link to the data. Anonymization techniques such as adding noises to data should be considered in privacy laws.

In addition to the GDPR, some state laws like the California Consumer Privacy act give data subjects the opportunity to view and request the deletion of personal information. Although this is an important step, it can be very burdensome for individuals. A person may not be aware of all the companies and data brokers that have their information even though they want to erase it. Although privacy laws can provide people with some control over their data they aren’t a solution.

In the end, we require a national privacy law which not only promotes anonymization but gives data subjects options, as well as prohibits certain forms of data collection and use. An example of this is the ban on facial recognition technology by local authorities in San Francisco and Boston. We need to have a conversation at the national level about our desire to preserve anonymity. Congress should include those values in a national privacy bill.

Data security laws must also address information that could be used to identify individuals, like precise geolocation data. U.S. data security laws tend to be weak and dispersed, with many focusing on specific sectors like banking or healthcare. Data security laws must be stronger in order to safeguard that information. However, it’s important that personal information can not compromise your anonymity.

It was a pleasure to guest blog this week, and hear your views on the complicated equities of anonymous speech. Over the coming weeks I will be giving several talks on book topics and would love to talk with any classes or bar associations that might be interested.

Jeff Kosseff, an associate professor in cybersecurity law at The United States Naval Academy is Jeff Kosseff. His views do not reflect the Naval Academy or Department of Navy. This is an adaptation of Anonymous in the United States: The First Amendment and Online SpeechJeff Kosseff published ‘The Countdown to the Fall by Cornell University Press. Cornell University, Copyright.