Andy Smith, a senior security official at the Cabinet Office, caused quite a stir at the Parliament and Internet Conference last month, when he suggested that people should use false names and provide false information on the internet – and in particular, when using social networking sites. Reaction was explosive in both directions: Labour MP Helen Goodman called his comments ‘totally outrageous’, while security expert Alec Muffett, in a wonderfully strident blog, expressed strong support, calling Smith an ‘epic hero’. Both sides have strong reasons for their beliefs – and the disagreement is one that has been echoed over the years. It reflects an issue that seems to have particular interest for the British: when, how, and where to we have the right to anonymity – and who, when and where do people have the right to demand from us our real names and details.
Do we have a right to anonymity online?
There is a famous cartoon from the New Yorker back in 1993, with the caption ‘On the Internet, nobody knows you’re a dog’. It reflected the idea that your online ‘persona’ could be something you create, something that has no real connection to your ‘real world’ identity. In those seemingly long-lost days, the internet was a bit of a wilderness – a kind of ‘wild west’ where there was no place for law or governments. John Perry Barlow’s famous ‘Declaration of the Independence of Cyberspace’ in 1996 included the suggestion that ‘Your legal concepts of property, expression, identity, movement, and context do not apply to us.’ The inclusion of the word ‘identity’ was crucial. Identity, and the ability and right to either determine it or conceal it – to mask it – was fundamental to way that the pioneers of the internet saw their world. The adoption of the Guy Fawkes mask as the symbol of the current hacker group ‘Anonymous’, and indeed their very name, shows how that ideal has continued as a key part of what is considered to be ‘freedom’ on the internet.
Bringing in the law
As time has passed, however, things have changed online. Businesses have come in, and turned the place into a substantially commercial environment. Governments have come in, and tried to take a grip – to bring some kind of law and order to the online world. Both businesses and governments have seen the anonymity that characterised the internet in the early days as something threatening – and have sought to deal with it. From a government perspective, if we are to enforce law we need real names – to catch terrorist and paedophiles, to stop cyber-bullying and nasty anonymous commentators we need real names, which is why Helen Goodman found Andy Smith’s comments so outrageous.
From a business perspective, if they want to have a grip on their customers, the more information they can find out the better – and ‘real names’ and ‘real’ information is the best of all. That’s why the sharpest intakes of breath when Andy Smith made his remarks at the Parliament and Internet conference were from the Facebook delegation. Facebook’s policy is that we should all only use our real names on Facebook. Anonymity and pseudonymity are not only frowned upon but actually against their terms and conditions. Without real names, Facebook’s data – what they gather from us – would be far less valuable, and hence Facebook itself would be far less valuable.
An honourable British tradition?
There is, however, an honourable British tradition in our right to withhold our name and identity even from the authorities. Looked at from the perspective of our European neighbours, Britain does not have a particularly good record in terms of privacy – our loving embrace of CCTV cameras is considered quite extreme, and we were the drivers of the Data Retention Directive, considered by Peter Hustinx, the European Data Protection Supervisor to be ‘the most privacy-invasive instrument ever adopted by the EU’ – and yet when it comes to Identity Cards, we are firmly opposed. Most European nations, even those keenest on privacy in other ways, accept identity cards without much complaint. We don’t – and have not, since the famous case of Willcock vs Muckle ( 2 KB 844) where the whole idea of identity cards in peacetime was considered almost un-British.
The National Registration Act, 1939, had allowed the police to ask for identity cards, for security purposes during the Second World War. The police continued to use it, and Willcock, a noted liberal, had refused to produce it when asked by police constable Muckle, and was prosecuted under the Act. Willock appealed, and still lost, but Lord Goddard commented that:
“From what Mr. Gattie [a prosecution lawyer] has told the court it is obvious that the police now, as a matter of routine, demand the production of national registration cards whenever they stop or interrogate a motorist for whatever cause. Of course if they are looking for a stolen car or have reason to believe that a particular motorist is engaged in committing crime, that is one thing: but to demand production of the card from all and sundry, for instance, from a woman who has left her car outside a shop longer than she should, or on some trivial occasion of that sort, is wholly unreasonable. This Act was passed for security purposes; it was never passed for the purposes for which it is now apparently being used.”
The inference is clear: that regular and trivial requirement for proof of identity is ‘wholly unreasonable’. Lord Goddard went on to say that relations between people and the police was something that we in this country are proud of – and that for police to regularly demand that people prove their identity would damage that relationship. Peoples identities are their own business, unless there is a drastic or emergency need for that identity to be revealed.
This is a tradition that has continued. Jacob Rees-Mogg MP, commenting on the potential expansion of police powers to demand identities contemplated in theLondon Local Authorities Bill, in December 2011, evoked another very British source: P.G. Wodehouse.
“Members will remember that Bertie Wooster, when arrested for pinching a policeman’s helmet on boat race night—I think wines had been taken—gave a false name when arrested. I cannot remember what name he gave, but I think he said that he lived in Acacia avenue. It might be a good address to give if you are ever caught doing things you should not do. There was no additional fine for giving a false name and Bertie Wooster paid the fine handed down at the magistrates court in London—five guineas, which was a lot of money in those days—but got away with giving a false name. There is a great tradition, from Odysseus to Bertie Wooster, of being allowed to hide one’s name from people who do not necessarily have the full authority to request it.”
There are current politicians who are known for using ‘false’ names: Conservative Party Chairman Grant Schapps is believed to have used at least three in addition to his own (Michael Green, Sebastian Fox and Chuck Champion), and the revelations of his use of those identities, whilst it has been criticised, has not been suggested to be illegal, and his party has not chosen to discipline him in any way.
There is of course a difference between anonymity and pseudonymity. Withholding your name and details, as Willcock did, is different from assuming a ‘false’ name, as Grant Schapps did and as Andy Smith advocated. However, in a practical sense, when operating on the internet, simply withholding your name is not an option. Online services require usernames and other user information – so to get the protection and rights that anonymity would provide can only be done by following Bertie Wooster’s approach and adopting a false name. Where anonymity is impossible, pseudonymity is the next best thing.
Rights to anonymity and pseudonymity?
The feeling in the Parliament and Internet Conference when Andy Smith made his statement may have been mixed, but there were sufficient numbers of people in the room who supported him – some just as vehemently as Alec Muffett – for it to be something that needs to be taken seriously. There are risks attached to the approach, and Helen Goodman’s concerns do have a real basis, but those risks are neither as great nor as insoluble as they might seem. Even when a pseudonym is used, where damage is caused it can be ‘broken’ – and the use of Norwich Pharmacal orders can help to reveal the person behind the problem. The respective rights can be held in some kind of balance. For most of us, for ordinary people, as Andy Smith suggested, pseudonymity can provide protection and reduce the risk of our data being misused, being hacked or lost. What is more, in suggesting that we should all use false names when needed, or not disclose our names at all, he seems to have been tapping into a long-standing British tradition, one supported not only in convention but in law.
Perhaps, if the Bill of Rights Commission really wants to look at specifically British rights, a right to use whatever name or details you choose unless there is a genuine, urgent and important reason not to, should be one of the rights that they consider. If they do, they would be facing considerable opposition, both from people like Helen Goodman who are concerned about the risks and dangers of crime online and from lobby groups from the likes of Facebook, whose business models might seem to be under threat. Whether the words – and the spirit – of P.G. Wodehouse and of Lord Goddard are strong enough to defend against them is another matter. I would like to think so.
Dr. Paul Bernal is a lecturer in the UEA Law School and a member of media@UEA. He blogs at: http://paulbernal.wordpress.com/ and tweets as @paulbernalUK.
Suggested citation: P. Bernal, ‘Internet Anonymity: A Very British Dilemma’ UK Const. L. Blog (6th November 2012) (available at http://ukconstitutionallaw.org).