d harder. If you want to buy or sell, or even just download information, you'll have to say who you are.
Without the basic elements of identity that we discuss in our cover story (page 70), the Internet won't realize its potential as a universal backbone of commerce and communications. Neither big corporations nor individuals will want to expose themselves in an environment where they can be attacked by people wearing electronic ski masks.
But will the end of anonymity also mean the end of personal freedom? What if a government could find "undesirables" instantly, correlate all their movements and purchases, and ensure that they're not able to hide behind aliases? Ultimately, computers will be able to do that. We should be worried about that kind of security. It's not needed for ordinary commerce and communications, and we shouldn't let governments hide behind the argument that it is.
That's just what the U.S. government is doing. The Clinton administration has consistently stood for an Internet where the government has the last word, whether on security or content. So far, U.S. courts
don't seem inclined to agree on the content issue. And the international market is now making a sham of the U.S.'s stringent export restrictions on cryptography: The recent CeBIT show in Hannover, Germany, saw the debut of several Euro-grown 128-bit encryption products. If the U.S. couldn't keep the atomic bomb under wraps, it certainly can't make a secret of basic math.
So, security and freedom -- how do we navigate these two sometimes contradictory goals?
First, let's not go overboard. The noncomputerized world we've lived in for millennia has never been 100 percent secure. If someone steals your credit card, the issuer makes good on its promise to protect you and the merchant. These relationships -- not some foolproof system of identity -- are why it all works.
Let's emulate these kinds of relationships on the Web. Digital IDs should give us enough certainty to support our traditional notions of trust, but in a form that also respects privacy and is as unobtrusive as it is appropriate. I
happen to favor strict checks on people who buy rocket launchers; I certainly don't favor them for people who buy shirts on-line.
Which brings me to my second point: personal freedom. Governments should play a role in digital security; someone, for example, should validate certificate authorities (but not as an excuse to monopolize encryption, as British authorities are attempting to do). Governments might ultimately need to regulate what can be done by various parties with your digital ID. It's far from certain that we all won't cry "Uncle" after a few years under siege from "targeted" marketing efforts that presume we want to receive hundreds of offers for vacations in Mexico just because we charged a burrito at the local tacqueria.
But my fond hope is that governments can be kept as far away from core security mechanisms as possible. Clipper chips, government key servers -- these spell trouble for individual liberty. The usual arguments of crime and terrorism don't bear scrutiny: They're just
lazy attempts to pull the trigger on expanded intrusion into all our lives, a temptation nearly irresistible to bureaucrats.
The libertarian idealism of the Internet is already strained. The end of anonymity is a reasonable price to pay for the expanded community that the Internet can bring. The end of liberty is not.
Mark Schlack, Editor in Chief,
mschlack@bix.com
RIP: Anonymous User
