A new field of biometric identification uses the body itself as a password. Retina scans, facial contouring (your face is your PIN), electronic fingerprinting, hand geometry measurement, voiceprint verification, body odor parsing, wrist-vein recognition, and keystroke dynamics are among the techniques being examined; the hope is to build an array of traits so unique to each individual that the combination cannot be thwarted by even the most diabolical spy. In 1997 the Intrust Bank of Wichita, Kansas, began using voice biometrics to identify telephone customers by unique characteristics of speech. England’s Nationwide Bank is testing ATMs outfitted with scanners that verify the iris patterns of a customer’s eye. Eastman Kodak has discovered a way to compress the image of a human face twohundred-fold, so that a recognizable visage can take up a mere 50 bytes. This will allow a credit-card bearer’s image to be stored on the unused portion of the card’s magnetic strip and be displayed on a smart cash register whenever a purchase is made.

  Biologists have long used electronic tags to track wildlife specimens, studying migratory paths and living habits. Earlier we saw how miniaturized transponders are available to have implanted under your pet’s skin. Data about the animal’s health can be downloaded at close range, and chips may be detectable at ranges up to a mile. NASA and the military have looked into applying this technology for astronauts, soldiers, and others heading into danger. Many nursing home residents with dementia wear bracelets that trigger an alarm if they wander outside. Tags can identify a stolen motorcycle, or shoplifted retail items, as well as bales of wool, ski lift tickets, parking passes, meal cards, and club ID cards. We already mentioned dashboard transponders providing quick access to toll roads and bridges, which may let others monitor your car’s precise location on the road. In late 1997, a bill was given preliminary approval by the Republic of Korea National Assembly, mandating that an electronic ID card, containing personal information on a chip, be issued soon to all citizens over age seventeen. These cards would be required in all dealings with public offices, banks, police, and other official agencies, creating an efficient and pervasive electronic record that would follow citizens everywhere.

  Some techno-buffs envision all of the above being combined in a single capsule inserted subcutaneously at the birth of each new citizen. As journalist Simson Garfinkel put it, “what a pain carrying all those cards around. Wouldn’t it be far simpler to implant a chip into your shoulder and be done with it? Stay tuned.”

  All of this gives some people the willies. Televangelist Pat Robertson sees evidence of approaching Armageddon. “‘The Bible says the time is going to come that you cannot buy or sell except with a mark placed on your hand or on your forehead.... It is happening, ladies and gentlemen, exactly according to the Book of Revelation.”

  In the United States, such fears have been cynically manipulated by groups trying to delay even small-scale plausibility studies of using SSNs to enforce immigration laws. When the U.S. Senate considered authorizing a pilot investigation to test methods of verifying employment eligibility—a long way from establishing a national ID card or worker database—Grover Norquist, a conservative lobbyist, led a campaign using that “666 scenario” to stir opposition. Said Norquist, “It was great. We had our guys walking around with [barcode] tattoos on their arms. It drove [Senator] Simpson nuts because ... the implication was he’s a Nazi.”

  And yet, these delaying tactics will not prevent the coming of a new century and millennium. The ID verifiers will arrive—if not mandated by government, then seized upon eagerly by industry and private persons who have no other way of corroborating the identity and reputation of a myriad strangers. If they are outlawed, new tools of encryption will mask their use, as corporations employ them anyway.

  You don’t have to be a fundamentalist or Luddite to be troubled. Some are concerned whether these new technologies, and their supporting software, will be robust or reliable. Even if the front end interface is perfect, system managers will still wake up nights sweating that their futuristic sensors may be suborned by a clever hacker, or by some disgruntled employee using a “back door” to change records at a basic level. We are entering an age when innumerable science fiction scenarios may come true, in whole or in part, creating decade after decade of interesting times. Technological fixes will come with fanfare, disappoint with unexpected flaws, and be replaced with others that are advanced with equal amounts of ecstatic hype. And when a method finally does work reliably, some will proclaim it as the onset of some wretched Big Brother tyranny.

  Or, as novelist Thomas Pynchon put it, “Once the technical means of control have reached a certain size, a certain degree of being connected to one another, the chances for freedom are over for good.”

  Must this happen?

  Obviously, any group that is allowed to monopolize such techniques will gain profound, possibly permanent, advantages. Yet trying to impede their arrival will be futile, like stopping the ocean tide with fortifications made of beach sand. Hence, for the sake of both survival and freedom, we may have to apply these tools universally—especially on the mighty. If the tycoon and bureaucrat have it in their power to tap a key and get my location or my dossier, then I want to be able at least to find out that they are looking, and possibly to look right back at them. Already this principle is starting to take shape, in regulations that let consumers know who examines their credit records, and allow them to track which files IRS employees access. Only if this process of reciprocal accountability advances further will we stand a chance of having a little real privacy. The mighty won’t dare look too often, if their only prayer of being left alone lies in helping to create an ambience of courtesy and restraint.

  In the long run, our best defense may be to avoid relying overmuch on nifty tools. This can be achieved in a society where the overall daily habits of life are above board. Where accountability shines into so many corners that the occasional lapse won’t matter. Errors and malfunctions in such a society won’t cause economic collapse, because the fact that most transactions took place will be open knowledge, observed and recorded in many diverse ways, allowing their reconstruction after the dust settles. (See “The End of Photography as Proof of Anything at All” at the end of chapter 1.)

  As for ingenious criminals who steal successfully via secret trapdoors, they will languish over the long run, if they cannot spend their ill-gotten gains in a world of light.

  All abstract ponderings aside, we must still make some practical decisions about countless murky areas of modern life. For instance, once the distinction between names and passwords grows clear, there should emerge greater awareness of how pointless it is to pass laws against corporations or government agencies using the SSN to identify individuals in databases. True, a universal nine-digit code would let big-time data users exchange and correlate information about citizens in a swift and unambiguous manner. But banishing the SSN won’t prevent such activities, because computers are now so fast and sophisticated that they don’t have to be efficient anymore!

  Suppose a typical person—Mary Smith—has entries in several dozen databases gathered by her supermarket, video store, credit union, HMO, and so on. Ostensibly, each company keeps no more information than it needs for that specific line of business. Yet, should they choose, the corporations would have little trouble sifting and comparing information about Mary, even without an SSN, simply by using her given name plus profiling statistics to separate this “Mary Q. Smith” from all others with the same zip code who are not thirty-six years old with three children and no moving violations but two outstanding parking tickets.... Passing laws to forbid a uniform nationwide ID system would make such activity more cumbersome and secretive, but rules won’t prevent it for long. In fact, banning the SSN from use in database correlation will only ensure that errors do occur. Ludicrous errors. Or tragic ones, as when a computer “guesses” wrong and mixes up crucial medical records.

  It makes more sense to allow universal use of the SSN as a safe name, but
then to separate databases with unique password codes for each type of information. Such methods are under active study. It is a better idea, yet I doubt that even such improved measures will remain effective for long.

  The truth of the matter is that we will never succeed in preventing powerful institutions or individuals from collecting as much information about others as they can. Nor will we stop folks from constantly sifting, correlating, and drawing conclusions about their neighbors—even things that are “none of their business.” That is because the underlying impulse goes bcyond issues of power or profit. It is deeply rooted in human nature.

  Gathering and sorting data is what we do!

  From gossip to sport statistics to obscure facts about the O. J. Simpson case, we are habitual, incurable information junkies. Whatever a person’s education level, chances are you’ll find some area of knowledge that each individual claims to be “expert” in. At times, the pleasure people derive from this kind of mental activity can get heady, and for those with access to the most information, the high can be intoxicating. The scruffiest computer hacker, operating out of his parents’ basement as he explores far-off crevices of cyberspace, is no different from the chief of database systems for Experian Credit, Inc. One can easily picture both of them, late at night, chortling softly while rubbing their hands, “More data! Ooh, give me more!”

  Seriously, hasn’t our common experience with the failed “drug war” taught us a lesson? When dealing with deeply rooted human desires, we are better off trying to regulate and moderate, rather than standing obstinately in the path of a juggernaut, crying out, “Stop!” Driving a seductive activity underground is no way to ensure that it won’t be abused. Especially if corporations start setting up their databases in banking havens free of regulation or moderating influences, using the SSN without any supervision or accountability to the individuals involved. Just as drug prohibition created a vast illicit economy run by remorseless criminals, so will an underground information network develop if we legislate bans and sanctions against groups of people “knowing things.”

  Anyway, as we already discussed, common sense shows that it matters less what a person knows than what she or he does with the knowledge. It is our actions that determine both moral and legal culpability. Knowledge may be power. But it is action that determines true good and evil.

  A right of anonymity is a troubling legal concept, especially when it comes to in formation that may cause damage, and the person or institution originating the message may need to be held responsible.

  ANNE WELLS BRANSCOMB

  ANONYMITY VERSUS PSEUDONYMITY

  As we saw in the last chapter, defenders of anonymity often put the dilemma in stark terms. Citizens must have the power to conceal themselves at will behind encrypted messages and shrouded identities, or tyranny will almost surely ensue. If crime, spiraling rudeness, and a general breakdown of accountabiliy are the price we must pay, then so be it, because some kinds of free speech can take place only when people can wear masks.

  Although I have only contempt for foolish dichotomies, it is true that veiled identity can sometimes make the difference between candor and muzzled silence. We cited some examples in the last chapter. Others might include a telephone information line for teens seeking to avoid contracting sexually transmitted diseases, or a forum for battered spouses, or an honest engineer blowing the whistle on his company’s defective parts. In each case, the glare of instant identification might deter those hesitant first steps from the shadows. Moreover, one of the great, unsung benefits of the Internet has been to welcome so-called wallflowers, people whose shyness often cripples them in a physical world filled with handsome, articulate strangers. Many claim to have at last learned to open up online, growing confident and outspoken while clothed in the protective attire of an assumed name.

  Despite the central thesis of this book, that transparency is beneficial to all levels of society, we must surely protect the power of private individuals to do certain things under cover of feigned identities. And yet, to repeat Esther Dyson’s remark earlier about the damage that can be done by anonymity: “In the end, you need to be able to get at somebody’s identity to enforce accountability, and the question is how do you also enforce freedom of speech and freedom from prosecution for unpopular opinions.”

  Is this a true trade-off, as the encryption aficionados would have us believe? Or another false dichotomy? Might it be possible to answer Dyson’s question by encouraging beneficial uses of concealed identity, while discouraging those that threaten a breakdown of civil society? One suggestion that offers promise is called pseudonymity.

  Imagine that you feel impelled to assume a false identity for some limited purpose that is legal, yet fraught with potentially unpleasant repercussions (either embarrassment or fear of reprisal) dire enough to deter you from coming forward openly. Is there some way to get the shelter you need without wrapping yourself in a blanket of complete immunity from the consequences of your actions? Can people be offered masks that conceal innocuous behaviors yet allow them to be held accountable if they break laws or harm others?

  In my 1989 novel Earth, I suggested just such a system, now rumored to be under development, in which any individual or corporation could purchase a pseudonym from a licensed outlet, such as a bank or perhaps even the Electronic Frontier Foundation. Multiple sites could be used, as with key escrow, in which no single cache holds the key to connecting a real person with the pseudonym. Once registered, this false name might be used for a wide variety of endeavors on the Internet, even some commercial transactions. For all normal purposes it would provide anonymity, since the bank or issuing authority would be prohibited, under threat of severe sanctions, from revealing any primary information about the original purchaser, except by court-ordered warrant or other due process of law. Only strong probable cause of criminality or a major civil judgment could force disclosure—and then under strict conditions and safeguards.

  This scenario is closely related to the “trusted third party” approach to the escrow storage of encryption keys discussed in the last chapter. And again, competitive pressures would make commercial registration services fiercely defensive of their clients’ rights, since those with a reputation for tenacity would attract the most customers and do a profitable business selling pseudonyms. For their own prestige and self-interest, cache services would force the police and courts to follow every procedure to the letter.

  The obvious benefit of pseudonymity is that these false identities are intrinsically limited. If used to commit crimes, they can be traced. If used to fling slander, the mask will not avail against rightful redress in civil courts. And yet, they would remain useful in many financial transactions, and they should protect any eccentric whose sole aim is to express unpopular opinions, or to associate with whomever he or she pleases without opprobrium.

  Moreover, there would be a secondary benefit. Every pseudonym could come with a parity check, or tag, to let it be known that this name is a pseudonym.

  Again, I know that my strong privacy friends will object. But look again at the legitimate users of assumed names that I listed above, and in the previous chapter. Would any of them be appreciably harmed by this admission? By having it be known that a person was participating behind a John or Jane Doe disguise? No more than any of the people who write to newspaper advice columnists, like Ann Landers, under assumed names. In fact, whole realms of the Internet already swarm with pseudonymical personae engaged in swapping opinions, confidences, and outrageous lies. Anyone entering such a domain should be forewarned that extravagance is its great resource, not necessarily truth. Anything gleaned in those areas should be taken with several cups of salt.

  Meanwhile, other territories of cyberspace will copy the example of The Well, requiring that participants stand forth openly, wearing their own names. Even pseudonyms are insufficiently accountable in such territories. With all anonymity disallowed, the virtues of civility and credibility come to the fore.
In such “adult” venues, there is less extravagant bombast or posturing, and higher reliance on the veracity of what other people tell you.

  In other words, while there should be sanctuaries on the Net for unrestrained and even outrageous speech, there must also be realms for grownups, where the unit of exchange is fact or supported argument, backed by reputation, not rumor or innuendo. Anyone attempting to enter under a pseudonym would be told, politely, that this is a territory ruled by light. No “tagged” personae are allowed inside.

  There is another, even more controversial, way in which some transparency radicals would consider limiting pseudonymity, that is by setting time limits. Each pseudonym would come with an expiration date—perhaps five, ten, or twenty years. After that period elapsed, the link between a mask and its owner’s true identity would be released. Why add this measure? To retain some residual coupling between a person’s deeds and the consequences of those actions, even if they were legal at the time. In this way, we would model real life, in which cruel gossips can eventually be forced to own up to the hurtful things they said. There has always been a connection between our actions, the effects they have on others, and the repercussions that occur later, when we reap what we have sown.

  There is precedent for this in the laws granting U.S. government agencies authority to maintain secrets. These already operate under time limits, which have been reduced in recent years. After expiration, only the most severe threats to national security are supposed to justify continued concealment of facts. Again, government must be held to a much higher standard, but might the same overall principle apply, especially to other potentially dangerous centers of power?