Privacy-Enhancing and Privacy-Sympathetic Technologies: Resources

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 30 Apr 1999, rev. 11 July1999, 14 Aug 2000, 14 Jan 2001

© Xamax Consultancy Pty Ltd, 1999-2001

This document was prepared as a collation of resources, and a basis for a future paper

This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/PEPST.html


Contents


Introduction

I've written a series of papers on identification, anonymity and pseudonymity, catalogued below. Of these, the most accessible introductory work is probably Clarke (1996). The most comprehensive and authoritative thing I've done so far is Clarke (1999).

Historically, technologies of data processing and information-handling have been designed primarily to assist in surveillance of the individual's digital persona, and hence are reasonably described as Privacy-Invasive Technologies (the PITs). This line of argument has been developed in a series of articles since the foundation piece in CACM in 1988, most recently at Clarke (1999c).

Recently, I've been studying:

This document brings together resources relating to PETs and PSTs, and is intended both as a reference-page, and as the basis for another paper sometime soon.

[Note: the term PET has been around since at least the mid-1990s. Ann Cavoukian in Toronto, Peter Hustinx in Amsterdam, and/or Marc Rotenberg in Washington DC, are likely to know who originated it. As far as I'm aware, I originated the neologisms PITs and PSTs in late 1998. Like some of my other neologisms over the years, they may or may not catch on. But the pleasantly academic question of memes is a side-issue; what's important is that the concepts that they describe come into the mainstream, and get discussed.]


Self-References

This list includes only those papers that deal expressly with the topic. For complete lists of my papers, see my Dataveillance Home-Page,and my Annotated Bibliography.

Clarke R. (1993) 'Computer Matching and Digital Identity', Proc. Conf. Computers, Freedom & Privacy, San Francisco, March 1993, at http://www.anu.edu.au/people/Roger.Clarke/DV/CFP93.html

Clarke R. (1994a) 'The Digital Persona and its Application to Data Surveillance', The Information Society 10, 2 (June 1994)', at http://www.anu.edu.au/people/Roger.Clarke/DV/DigPersona.html

Clarke R. (1994b) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues', Information Technology & People 7,4 (December 1994) 6-37, at http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html

Clarke R. (1995) 'When Do They Need to Know 'Whodunnit?' The Justification for Transaction Identification: The Scope for Transaction Anonymity and Pseudonymity' Proc. Conf. Computers, Freedom & Privacy, San Francisco, 31 March 1995, at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperCFP95.html

Clarke R. (1996) 'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue' Proc. Conf. 'Smart Cards: The Issues', Sydney, 18 October 1996, at http://www.anu.edu.au/people/Roger.Clarke/DV/AnonPsPol.html

Clarke R. (1997a) 'Introduction and Definitions', August 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html

Clarke R. (1997b) 'Promises and Threats in Electronic Commerce', August 1997, at http://www.anu.edu.au/people/Roger.Clarke/EC/Quantum.html

Clarke R. (1997c) 'Chip-Based ID: Promise and Peril', for the International Conference on Privacy, Montreal (September 1997), at http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html

Clarke R. (1998) 'Public Key Infrastructure: Position Statement', May 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/PKIPosn.html

Clarke R. (1999a) 'The Legal Context of Privacy-Enhancing and Privacy-Sympathetic Technologies', at http://www.anu.edu.au/people/Roger.Clarke/DV/Florham.html

Clarke R. (1999b) 'Privacy-Enhancing and Privacy-Sympathetic Technologies', April 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/PEPST.html

Clarke R. (1999c) 'Notes on a Panel Session on Anonymity and Identity in Cyberspace', Computers, Freedom & Privacy Conference, April 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/NotesCFP99.html#AnonId

Clarke R. (1999d) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice', Proc. Conf. User Identification & Privacy Protection, Stockholm, June 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html

Clarke R., Dempsey G., Ooi C.N. & O'Connor R.F. (1998a) `Technological Aspects of Internet Crime Prevention', Proc. Conf. 'Internet Crime, Australian Institute for Criminology, Melbourne University, 16-17 February 1998, at http://www.anu.edu.au/people/Roger.Clarke/II/ICrimPrev.html

Greenleaf G.W. & Clarke R. (1997) 'Privacy Implications of Digital Signatures', Proc. IBC Conference on Digital Signatures, Sydney, March 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/DigSig.html


References

Barnes D. (1994) 'The Coming Jurisdictional Swamp of Global Internetworking (Or, How I Learned to Stop Worrying and Love Anonymity)', at http://www.io.com/~cman/swamp.html

Bell J. (1997) 'Assassination Politics', starting at http://www.infowar.com/class_1/BELL1.html-ssi

Blaze M., Feigenbaum J. & Lacy J. (1996) 'Decentralized Trust Management', Proc. 17th IEEE Symp. on Security and Privacy, pp 164-173, IEEE Computer Society, 1996, at ftp://ftp.research.att.com/dist/mab/policymaker.ps

Blaze M., Feigenbaum J. & Strauss M. (1998) 'Compliance-Checking in the PolicyMaker Trust-Management System', Proc. 2nd Financial Crypto Conference. Anguila 1998. LNCS #1465, pp 251-265, Springer-Verlag, 1998, at ftp://ftp.research.att.com/dist/mab/pmcomply.ps

Blaze M., Feigenbaum J., Ioannidis J. & Keromytis A.D. (1999), 'The KeyNote Trust-Management System: Version 2', AT&T Research Labs, March 1999, at ftp://ftp.research.att.com/dist/mab/knrfc.txt

Branscomb A.W. (1995) 'Anonymity, Autonomy, and Accountability: Challenges to the First Amendment in Cyberspaces', 104 Yale L.J. 1639 (1995)

Burkert H. (1997) 'Privacy-Enhancing Technologies: Typology, Critique, Vision' in Agre P.E. & Rotenberg M. (Eds.) (1997) 'Technology and Privacy: The New Landscape' MIT Press, 1997

CACM (1999) 'Internet Privacy: The Quest for Anonymity' Special Section of Commun. ACM 42, 2 (February 1999), at http://www.research.att.com/~lorrie/pubs/cacm-privacy.html

Cavoukian A. & Tapscott D. (1997) 'Who Knows: Safeguarding Your Privacy in a Networked World' McGraw-Hill, 1997, Chapter 10, pp.147-177

Chaum D. (1985) 'Security Without Identification: Card Computer to Make Big Brother Obsolete' Comun. ACM 28,10 (October 1985) 1030-44

Chaum D. (1992) 'Achieving Electronic Privacy' Scientific American, 266(8): 96-101, August 1992

Cohen J.E. (1996) 'A Right to Read Anonymously: A Closer Look at "Copyright Management" in Cyberspace', 28 Conn. L. Rev. 981 (1996)

Cranor L.F. (1999) 'Introduction: Special Section on Internet Privacy', Commun. ACM. Vol. 42, No. 2 (Feb. 1999) 28-38, at http://www.acm.org/pubs/citations/journals/cacm/1999-42-2/p28-cranor/. See also CACM (1999)

Cranor L.F. & Resnick P. (1997) 'Protocols for Automated Negotiations with Buyer Anonymity and Seller Reputations', TPRC 97, Washington DC, at http://www.si.umich.edu/~presnick/papers/negotiation/

Detweiler L. (1993) 'FAQ on Identity, Privacy, and Anonymity on the Internet', at http://www.rewi.hu-berlin.de/Datenschutz/Netze/privint.html and http://www.eff.org/pub/Privacy/Email_GII_NII/privacy_anonymity.faq

EFF (1996-) 'EFF Anonymity/Pseudonymity Archive', at http://www.eff.org/pub/Privacy/Anonymity/

EPIC (1999) 'Online Anonymity Under Attack in the Courts', EPIC Alert, 6.06, 22 April 1999, at http://www.epic.org/alert/EPIC_Alert_6.06.html

Frankel M.S. & Teich A. (1999) 'Special Issue: Anonymous Communication on the Internet', The Information Society, 15, 2, at http://www.slis.indiana.edu/TIS/editor_in_chief_letters/eic152.html

Friedman E. & Resnick P. (1998) Proc. Telecommunications Policy Research Conf., Washington, DC, October 1998. 'The Social Cost of Cheap Pseudonyms: Fostering Cooperation on the Internet', at http://www.si.umich.edu/~presnick/papers/identifiers/index.html

Froomkin A.M. (1995) 'Anonymity and Its Enmities' 1995 J. Online L., at http://www.law.cornell.edu/jol/froomkin.htm

Froomkin A.M. (1996a) 'The Internet As A Source Of Regulatory Arbitrage', Symposium on Information, National Policies, and International Infrastructure, 29 January 1996, at http://www.law.miami.edu/~froomkin/articles/arbitr.htm

Froomkin A.M. (1996b) 'Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases', 15 U. Pittsburgh Journal of Law and Commerce 395 (1996), at http://www.law.miami.edu/~froomkin/articles/ocean.htm

IPC (1994) 'Privacy and Electronic Identification in the Information Age' Information and Privacy Commissioner/Ontario, November 1994, at http://www.ipc.on.ca/web%5Fsite.eng/matters/sum%5Fpap/papers/elecid%2De.htm

IPC (1998) '407 Express Toll Route: How You Can Travel This Road Anonymously', Information and PrivacyCommissioner/Ontario, May 1998, at http://www.ipc.on.ca/web_site.eng/matters/sum_pap/papers/407.htm

IPCR (1995) 'Privacy-Enhancing Technologies: The Path to Anonymity' Information and Privacy Commissioner (Ontario, Canada) and Registratiekamer (The Netherlands), 2 vols., August 1995, at http://www.ipc.on.ca/web%5Fsite.eng/matters/sum%5Fpap/papers/anon%2De.htm

JMLS (1995-) 'Anonymity Resources', at Cyberspace Law Center, John Marshall Law School, at http://host1.jmls.edu/cyber/index/anon.html

Kabay M.E. (1998) 'Anonymity and Pseudonymity in Cyberspace: Deindividuation, Incivility and Lawlessness Versus Freedom and Privacy', Proc. Conf. European Institute for Computer Anti-virus Research (EICAR), Munich, Germany 16-8 March 1998, at http://www.icsa.net/library/research/anonymity.shtml

Knowles W. (1999-) 'Anonymity on the Net', at http://www.c4i.org/erehwon/anonymity.html

Lee G.B. (1996) 'Addressing Anonymous Messages in Cyberspace', Journal of Computer-Mediated Communication 2,1 (June, 1996), at http://www.ascusc.org/jcmc/vol2/issue1/anon.html

Low S., Maxemchuk N.F., Paul S. (1996) 'Anonymous Credit Cards and Its Collusion Analysis', IEEE Trans. on Networking, Dec. 1996, vol. 4, no.6, pp 809-816, at http://www.research.att.com/~nfm/ref.1409.ps

McCullagh D. (1997) 'IRS Raids a Cypherpunk - Assassination Politics' Netly News, 4 April 1997, at http://cgi.pathfinder.com/time/digital/daily/0,2822,11950,00.html

McCullagh D. (1998-) 'Nym Resources', at http://www.well.com/user/declan/nym/

Marx G.T. (1990) 'Fraudulent Identification and Biography', Ch. 7 In D. Altheide et al., 1990 New Directions In the Study of Justice. Law, and social Control. Plenum, at http://socsci.colorado.edu/~marxg/fraudid.html

Marx G.T. (1999) 'What's in a Name? Some Reflections on the Sociology of Anonymity' The Information Society, special issue on anonymous communication, forthcoming, 1999

May T. (1994) 'Anonymity, Digital Mixes, and Remailers', Septemebr 1994, at http://www.oberlin.edu/~brchkind/cyphernomicon/8.html

May T. (1996) 'Crypto-Anarchy and Virtual Communities', Powergrid J., 1.01, 1996, at http://www.powergrid.com/1.01/cryptoanarchy-wp.html

Neumann P.G. (1996) 'Risks of Anonymity' Insider Risks Column, Commun. ACM 39, 12 (December 1996)

Novak T.P., Hoffman D.L., Peralta M.A. (1997) 'Building Consumer Trust Online' Commun. ACM 42, 4 (April 1999). Draft at http://www2000.ogsm.vanderbilt.edu/papers/anonymity/anonymity2_nov10.htm

Post D.G. (1996) 'Pooling Intellectual Capital: Thoughts on Anonymity, Pseudonymity, and Limited Liability in Cyberspace', 1996 U. Chi. Legal F. 139

Rigby K. (1995) 'Anonymity on the Internet Must Be Protected', Fall 1995, at http://swissnet.ai.mit.edu/6095/student-papers/fall95-papers/rigby-anonymity.html

Seltzer R. (1995) 'Anonymity for Fun and Deception: The Other Side of 'Community', Chapter 7 of 'The Way of the Web', B & R Samizdat Express, 1995, at http://www.samizdat.com/anon.html

Strassman P.A. & Marlow W. (1996) 'Risk-Free Access Into The Global Information Infrastructure Via Anonymous Re-Mailers', Symposium on the Global Information Infrastructure: Information, Policy & International Infrastructure, Cambridge, MA, January 28-30, 1996, Information Infrastructure Project, Kennedy School of Government, Harvard University, at http://www.strassmann.com/pubs/anon-remail.html

Tien L. (1996) 'Who's Afraid of Anonymous Speech? McIntyre and the Internet', 75 Or. L. Rev. 117 (1996)

Toren P.J. (1996) 'Internet: A Safe Haven for Anonymous Information Thieves?', 11 St. John's J. Legal Comment. 647 (1996)


Resources


Relevant E-Lists

The privacy-related e-lists are catalogued here.

Declan McCullagh runs an e-list specifically on nyms.

In addition, the following newsgroups exist:


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 29 April 1999

Last Amended: 14 August 2000 (plus change of William Knowles' URL, 14 Jan 2001)


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916