Traceable Anonymity and Revocable Privacy

June 24, 2011

Daniel Solove recently wrote a short piece on The Virtues of Anonymity. He observes that anonymity can be used both for good and bad purposes, and he therefore argues for striking a balance between the two through the concept of "traceable anonymity". In this legal concept, people's anonymity is protected by law, unless anonymity is abused to cause harm. In that case, according to Solove, the law should preserve a way to trace the identity of the culprit.

Interestingly, I have been arguing for the technical realisation of a related concept called Revocable Privacy for a few years now.

Main motivation for this line of research is the observation that legal or procedural measures by themselves will not be enough. In a dictatorial regime these are useless to protect the anonymity of the opposition. But also in a democratic society, rules and procedures may change (something we see often enough that there is even a term for it: "function creep") such that a reasonable expectation of anonymity is suddenly reverted.

In essence the idea of revocable privacy is to design systems in such a way that no personal information is collected, unless a user violates the (pre-established) terms of service. Only in that case, his personal details and when and how he violated the terms are revealed. Much more information on Revocable Privacy can be found at the pointers above. Simply note that Revocable Privacy aims to achieve the same balance as Traceable Anonymity, except that the way to achieve it is different.

I believe both approaches are complementary. It will be interesting to see how the legal and technical developments in this area will progress. Maybe they can be combined to provide a strong yet balanced approach to preserving privacy rooted both in law and technology.

In case you spot any errors on this page, please notify me!
Or, leave a comment.