Cybersecurity Law and Policy
Below four response are reply of three questions highlighted in yellow. All you have to do is read the each response and write a reply to each response why you either agree or disagree with it. This is not a paper, so you can just answer the question, no need to have introduction or conclusion. Feel free to research more source to support the answer for each response. Answer should be more like opinion with support and example.
Question:
Should anonymity be allowed on the internet? (W01)
Should “members only” sections be allowed and all content vetted or filtered? (W02, W03)
What role do social media sites have in promoting anonymity? (W02, W03)
Response 1:
Should anonymity be allowed on the internet?
There absolutely should be privacy allowed on the internet. Just because there is the ability to track information about your users, does not mean you should. The saying goes that if you are not paying, you are the product. But, if there is an opportunity to make money, companies will do what it takes. Executives and board members have a responsibility to shareholders to use the money they invested in the company effectively (https://www.upcounsel.com/board-of-directors-fiduciary-duty). If companies will not support anonymity, the next group to enforce it would be the government. But, governments also have a duty to the citizens to protect them. If they believe the public could be hurt by the internet, they have to restrict it as much as possible or find some way to prevent those who try to cause harm from doing so. This leaves the public to fight for their right to anonymity. This can be done through small things such as switching to open source software that has been vetted by hundreds of programmers around the world (it also tends to be free compared to paid proprietary software) or switching your browser. You can just look to a country such as China to see what happens when the citizens have no choice and the government can do whatever it wants (https://www.securityweek.com/china-approves-real-name-identification-rules-internet-users).
Should “members only” sections be allowed and all content vetted or filtered?
While members only section could be possible, they should only apply to individual websites and not the entire internet. One of the best examples I can think of where this is already the case is Reddit. Within Reddit are subreddits that each focus on a single subject. These subreddits still have to follow the overall Reddit rules, but they can come up with their own rules past that. That includes submitting all posts for approval before it is published and asking for approval to join before you can see what has already been published. The only way this can happen is because there are volunteers that run every subreddit (mods). Without people volunteering to do all this work, there would be no way for Reddit to pay to do that. There would not be enough people to do this in large sections of the internet. While it is possible small-scale, the internet should stay open in general.
What role do social media sites have in promoting anonymity?
Social media is in a weird position. Because it is supposed to be a place for socializing, you have to allow users to find people they know so they can keep in touch. But, that also allows people who you do not want finding you to find you (https://blog.chayn.co/4-ways-abusers-can-track-you-on-facebook-what-you-can-do-about-it-b0902595f879). The only way to handle this is to allow the users to have greater control over how their posts and data is shared across the website. Websites such as Facebook and Google have implemented some of these controls, but they do not ever want to go all the way. Their entire business is centered around gathering as much data as possible and then using that to sell ads. Google alone makes tens and tens of billions of dollars every year from this (https://www.statista.com/statistics/266249/advertising-revenue-of-google/). The only way to force these companies to give these controls would be to put their profits at risk. If users start going away or they are threatened by another business that does give better privacy controls, they will implement them voluntarily. This exact scenario happened this year when Apple restricted app’s access to advertiser identifies and because of the positive response, did some of the same changes in Android (https://www.inc.com/jason-aten/google-responds-to-pressure-from-apple-over-privacy.html). It is all up to consumers to demand these privacy changes.
Your reply:
Response 2:
Complete anonymity should not be allowed on the Internet. Davenport notes that, “Accountability requires those responsible for any misconduct be identified and brought to justice. However, if people remain anonymous, by definition, they cannot be identified, making it impossible to hold them accountable.” [1]. I agree; the inability to identify and hold users accountable is a great risk. With no notion of punishment to act as a deterrence for misconduct, the number of threat actors could drastically increase. Users that may have been tempted to be malicious online but never went through with it or were deterred; would now be able to safely give in to their temptations with no risk. Yet, I suppose this could boil down to the quote about how the true test of your character is what you do when nobody is watching.
“Members only” sections should be allowed on websites. As they relate to subscription services, the business is providing access to exclusive content to consumers for a cost. As they relate to online forums or discussion boards, users can grow a sense of community around a topic and keep conversation relevant. They are pivotal to the organization and restriction of data. However, “members only” sections should not be above the law. All content behind such sections should be vetted or filtered to remain within the confines of the law.
“All the major social networks’ default settings are public” [2]. These default settings leave unknowing users’ information available to online companies. Online companies can find out “who your friends are, your psychological profile, what you’re doing on Sunday” [2] and much more. The impact that these default public settings could have on a user’s life can be destructive. For example, 70% of U.S. recruiters and H.R. staff have said that they have rejected candidates for what they found online [2].
In relation, anonymity comes at a cost by social media sites collecting user information themselves. In the WFLA News Youtube video, they reported that the Facebook app on user smartphones was listening to user conversations and using that data to personalize the user’s Facebook wall and advertisements [3]. This setting was enabled by default and needed to be manually disabled by the user. “I don’t think that people realize exactly how much Facebook is tracking every move that we’re making online” [3]. Default privacy settings like these allow social media sites like Facebook to constantly grow a collection of user data that can prove sensitive. Users can attempt to reduce their digital footprint but once the user data is collected, it is stored and used by the platform. Not only is it stored and used by the platform, “only a third of surveyed sites guaranteed not to send visitors’ personal information to third parties” [2]. Since the privacy and security of the user’s information that was collected relies on multiple entities there is even greater risk of exposure. Social media sites have an important role in promoting anonymity and protecting user data. It seems to be on the right track as Facebook leads the charge with their recent support of proposed new Internet regulations [4].
[1] Davenport, D. (Ed.). (2002). Anonymity on the Internet: Why the Price May Be Too High (4th ed., Vol. 45). ACM. https://www.csl.mtu.edu/cs6461/www/Reading/Davenport02.pdf
[2] null154. (2010, December 7). The Ethics of Internet Privacy [Video]. YouTube. https://www.youtube.com/watch?v=tD4_gJwfCMM&ab_channel=null154
[3] WFLA News Channel 8. (2016, May 24). Your privacy on Facebook: What you need to know [Video]. YouTube. https://www.youtube.com/watch?v=ZBX5PKvkbXA&ab_channel=WFLANewsChannel8
[4] Wheeler, T. (2021, April 5). Facebook Says It Supports Internet Regulation. Here’s an Ambitious Proposal That Might Actually Make a Difference. Time. https://time.com/5952630/facebook-regulation-agency/
Your reply:
Response 3:
Mr. Davenport argues for accountability over anonymity to control rash behavior and criminal activity online [1]. However, it’s my opinion that some people prefer to remain anonymous for benign reasons. Some wish to talk about sensitive topics such as medical diagnosis or physical abuse, some may want to debate politics without fear of retribution, others may just want to preserve a measure of privacy (especially celebrities and the very wealthy who could be targets). I believe people are entitled to surface level anonymity.
Daniel Solove clarifies these concepts. “Anonymity, defined broadly to encompass the use of pseudonyms, is the ability to speak without publicly linking one’s words to one’s real name. Traceability involves the ability to trace one’s words back to one’s identity.” [2] My limited research suggests that being untraceable on the internet is extremely difficult. We can limit exposure, but everyone should know that what they do online is likely traceable. Tor comes closest to making browsing untraceable but has many limitations and may place you on a watch list. VPNs shift data from the ISP to VPN servers and these companies are subject to the powers of their host government [3].
Mr. Solove sees the benefit of ensuring traceability but falls short of endorsing it because it threatens anonymity. He would endorse so called “traceable anonymity” where identities are only revealed when crimes are committed if laws are made uniform to only allow unmasking in the most compelling circumstances. He feels that the courts are too unprotective of anonymity. His second stipulation is a means to protect the traceable information stored by ISPs from misuse by the government or other parties. I can see the logic in both of his points. In my opinion, journalists, watch groups, and whistleblowers provide deterrent against government misuse in the US and this risk is lower, but there are many cases where the government has overstepped its authority.
If “members only” refers to websites which require you set up an account, and/or pay a membership fee then I see no reason why this should be restricted. Moderated forums keep conversations civil by enforcing conduct rules. They can reduce spam and help create a sense of community. I think it is fair for businesses to monetize their websites by offering exclusive content to paid members. If user agreements define allowable content, it is reasonable for website owners to filter prohibited content.
Social media companies have decreased the amount of anonymous discussion on the internet. In the pre-social media internet, many people used a pseudonym and had text only conversations. Today, social media encourages the documentation of your life in pictures and videos and the linking of accounts to friends and loved ones who may have differing views on privacy. More people share more of their real lives online. Social media companies should allow individuals to restrict what information is publicly available and to whom, but in my opinion if you post something you shouldn’t expect it to remain private.
[1] Davenport, D. (2002). Anonymity on the Internet: Why the price may be too high. Retrieved from csl.mtu.edu: https://www.csl.mtu.edu/cs6461/www/Reading/Davenport02.pdf
[2] Solove, D. (2009). CCR Symposium: Anonymity and Traceability. Retrieved from teachprivacy.com: https://teachprivacy.com/ccr_symposium/
[3] Porup, J. (2020). 9 steps to being (almost) completely anonymous online. Retrieved from csoonline.com: https://www.csoonline.com/article/2975193/9-steps-completely-anonymous-online.html
Your reply:
Response 4:
When it comes to the topic of anonymity I think we should first understand what anonymity truly means. According to Merriam-Webster anonymous means, “lacking individuality, distinction, or recognizability”. [1] When it comes to the internet this relates to hiding your or concealing your identity but not your behavior. This could be essential for whistleblowers who may have concern for their safety but have a responsibility to share wrongdoings after the proper channels have failed. [2] Even the everyday person who uses the internet for casual personal uses or business duties should have a right to anonymity. This is not an excuse though for malicious users to have free reign to post and say whatever they want if it poses a threat or violates a person’s constitutional rights. Additionally, there is the fact that many of the companies which we utilize are publicly traded companies which should be listening to the voice of their stockholders. As of current there are only three states which have implemented consumer data privacy laws, California, Nevada, and Virginia. These laws allow for individuals to access and delete personal information and to opt-out of the sale of their personally identifiable information to certain businesses. [3] Overall, anonymity should be a given when it comes to consumer data but on the other side of the internet where social media exists and public forums I believe people are giving up their right to be anonymous if they choose to use those digital forums.
The idea of “members only” group online is something I support. If people are willing to pay a premium for being a part of specific group then that is on them. People are entitled to their own decisions and choices and it is not our responsibility to police that. But, this comes with a caveat as people are using a public service to connect to these “members only” groups and most likely there are multiple companies supporting their connection, ISP, cloud provider for the domain, etc. I think that the User Agreements that come with these “members only” groups should state that all communications will stay anonymous and confidential unless federal or state law is violated. The same goes for doctors, therapists, clergy, and others. They have a right to keep your information confidential but as soon as they have a patient that violates state or federal law or indicates harm towards themselves or others they are mandated to report their findings. I think the same should apply to these groups as well. An example of mandatory reporting can be find within subsection 4-1321.02 of the Code of the District of Columbia (§ 4–1321.02. Persons required to make reports; procedure.) [4]
The last question posed to us about what type of role social media sites have in promoting anonymity is one I most likely have differing views on compared to other people. I don’t believe social media sites should have a role in promoting anonymity I believe that responsibility should fall on the user of the site and not the company. We as people are making a choice to share our lives and information on a public forum for anyone to potentially access or discover. In order to remain anonymous we have to make a choice in deciding where we share information and how large of an attack surface we want to create. A person who does not want to be found should not be using social media with an expectation of anonymity. However, while I don’t believe that social media companies should be promoting anonymity, I do believe that they should be promoting user data confidentiality and not distributing data to other companies for profit or advertising purposes. Unfortunately, much of the details are laid out in the User Agreements of these sites and we continue to accept them and use the services we agreed to.
[1] Merriam-Webster. (n.d.). Anonymous. Merriam-Webster. https://www.merriam-webster.com/dictionary/anonymous.
[2] Adams, M. (n.d.). Security vs. Privacy vs. Anonymity: Understanding the Differences. BusinessTechWeekly.com. https://www.businesstechweekly.com/featured/security-privacy/.
[3] Greenberg, P. (n.d.). State Laws Related to Digital Privacy. https://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx#:~:text=Three%20states%20%2D%20California%2C%20Nevada%20and,of%20personal%20information%2C%20among%20others.
[4] Code of the District of Columbia. D.C. Law Library – § 4–1321.02. Persons required to make reports; procedure. (n.d.). https://code.dccouncil.us/dc/council/code/sections/4-1321.02.html.
