CCR Symposium: The Right to Remain Anonymous Matters

Orin Kerr says he was brought in to be a mild dissenter. I fear I may have been set up to be the pig at the garden party.

So let me start by saying that Danielle Citron’s Cyber Civil Rights is a wonderful paper. It is right about many things, although I’d be prepared to wonder whether the expression-action distinction might not reflect something true, real, and valuable, or whether the current balance between libel and the ‘wild west’ of unregulated speech is really so bad. But never mind all that: for present purposes let’s stipulate that Cyber Civil Rights is right about all its facts — including (as I indeed have no doubt she is right) about the terrible harms being wreaked online by evil people at the expense of innocent victims who are (wildly) disproportionately female and minorities. And let’s further stipulate that the article is right about its novel and exciting statutory arguments concerning how existing civil rights law might be used to deal with that – stuff I had fun thinking about and enjoyed teaching too.

Nevertheless, I have deep, deep problems with the paper’s proposed remedy — because there’s something critical that the paper leaves out.

Prof. Citron begins her remedies discussion with the suggestion that ISPs be stripped of § 230 immunity for postings by others, in the hopes that this will force them to police their customers. She proposes that they be subject to distributor liability – that we move to the takedown regime we have come to know and love under the DMCA. To which one can only reply…huh?

But never mind that: The core proposal is to set the duty of care for ISPs seeking not to be held responsible for their customers’ writings at a level that will required them – by law – to keep records of users’ IP numbers. In short, in order to serve the goals of deterrence and enforcement, Prof. Citron proposes the complete elimination of anonymity on the US portion of the Internet in order to root out hateful speech.

Let me repeat: Professor Citron proposes the complete elimination of anonymity on the US portion of the Internet in order to root out hateful speech.

I’m convinced that even though Prof. Citron is attacking a significant social problem, the cure proposed is (1) worse than the disease, (2) deeply unconstitutional, and (3) would have pernicious global side-effects.

The claim that the cure is worse than the disease is a value judgment, and thus no doubt disputable. It is based, I’ll admit, more on instinct than data. We don’t have good data about the amount of socially valuable anonymous speech any more than we do about the real quantity of the hateful stuff. We’re left to imagine a world with much less of both – I think the long run consequences of turning the major communications medium of the future into the government’s fishbowl have too big a chance of being pretty lousy. Others might trade some civility now against the risk of another Bush/Cheney administration later, but not me.

The claim that the proposed remedy is deeply unconstitutional is not based on a value judgement. It is based on a line of cases not addressed in Cyber Civil Rights – for which I blame law review length limits rather than the author. Starting from Talley v California, 362 U.S. 60 (1960), then McIntyre v Ohio Elections Comm’n, 514 U.S. 334 (1995), running through Watchtower Bible and Tract Soc. of New York, Inc. v Village of Stratton, 536 U.S. 150 (2002), the Supreme Court has made it clear that there is a strong (some would even say sweeping) constitutional right to anonymous speech. At the very least, when wholesale bans on anonymous speech such as proposed in Cyber Civil Rights reach core First Amendment speech they are not allowed. (I’ve written about these cases here and here if anyone wants a little more detail.)

The third point flows from the second. Dissidents around the world rely on US servers to get out their message. It’s probably not a good idea to engineer our communications in a way that might tempt our government to cozy up to foreign bad guys by slipping them information about the dissidents (think Nixon or Kissinger) who after all don’t have First Amendment rights here when based abroad. It’s bad enough that the EU has taken a big step in this direction by requiring ISPs and telecoms to store traffic data for a year. They have a Privacy Directive (and don’t have a First Amendment). We shouldn’t attempt to follow suit.

Here’s the core of Prof. Citron’s response as I understand it:

[S]ome believe immunizing website operators is essential to preserve anonymity, which they view as vital to free expression on the Internet. They may invoke the role of websites such as to facilitate political dissidence against oppressive regimes or analogize to important roles played offline by “anonymous” persons, such as investigative journalists’ sources. These parallels, however, are inapt. In some instances, many “anonymous” actors are not, in fact, anonymous, but rather have undisclosed identities. No responsible newspaper publishes material based on sources whose identity it does not know. Similarly, although the Supreme Court has rejected thinly supported demands for the production of dissident groups’ membership lists, it has never suggested that authorities or private litigants could not obtain the identities of persons reasonably suspected of unlawful activities. Freedom of expression has never depended on the absolute ability of speakers to prevent themselves from being identified and held responsible for activities the state may properly prohibit. As Professor Tribe notes, “secrecy often seems the shield of dangerous and irresponsible designs.”

Count me among those “some”. Just because it is true that “authorities or private litigants could … obtain the identities of persons reasonably suspected of unlawful activities” without violating the First Amendment doesn’t mean in any way that it follows we can all be treated as suspects without doing great violence to the Bill of RIghts.

Prof. Citron argues that we’ll be OK so long as site operators and ISPs stand on principle and protect our identities from improper requests:

Traceable anonymity would not betray our commitment to anonymous speech if site operators and ISPs refuse to reveal a poster’s identity unless a court order demanded it. This would protect individuals for whom anonymity is most crucial, such as victims of domestic violence and political dissidents.

I suppose I have come to lack faith in big profit-oriented cable and telecoms companies – a lack of faith that is educated by events such as EFF’s campaign lawsuit over what appears to have been a lengthy project of illegal recording of internet traffic carried out by major telecoms at the US government’s request.

Freedom of expression does in some cases depend on people reasonably believing they can speak without being called to account for it. That may sometimes be disreputable, even evil. Sometimes it may help save a life, or the Republic.

[Consistent with my practice on my own blog, I have set comments to “on”. Unless my hosts have a different rule, I plan to disemvowel or delete those which violate my comment policy.]

You may also like...

38 Responses

  1. question says:

    Do you have a right to anonymous speech when you use technology to amplify that speech – aren’t you consenting to some degree in handing over information to the company, so risking your anonymity? Why isn’t an ISP address like a pen register – people must realize when they use telecom companies to amplify their speech, those companies may retain some data.

  2. Ann Bartow says:

    I feel kind of odd commenting here, since you can’t comment commensurately on my post. Be that as it may, while I think you raise important points, your post might leave people who are not immersed in this area of the law with the incorrect impression that ISPs cannot (legally) or do not record ISP addresses. But of course, they can and do, routinely, for their own marketing and R&D purposes, and because sponsors and advertisers require it. So does this very blog – not just of commenters but of anyone who visits, that is how site meters function. And similarly, so do most web sites. There is very little anonymity on the web now. What Prof. Citron is asking is that in addition to serving advertisers, as it currently does, personally identifying information also be used to facilitate civil rights concerns. I’m not sure I agree with this approach, but I apparently find it significantly less radical than you do.

  3. “Question” – As a general matter, your rights are your rights regardless of the technology you use. (Vehicles are a very notable exception. There are others.) Your speech rights are not metered by technology (except for those technology where the government must regulate scarce broadcast spectrum, and thus must make choices and license among competing users). Pencil, pen, typewriter, printing press, computer — all the same.

    I will grant that there are some similarities between pen registers and IP registers. (I’d suggest this means Smith v. MD is due for a re-think.) Even if one runs with this analogy, however, there are statutory protections that require a certification that the request is related to an ongoing investigation — we (claim we) don’t allow the feds to just scoop it all up.

    Ann – As you know (but are justified in making me spell out rather then relying on links to old papers), there is a huge difference between on the one hand having a private ecology where firms make decisions about what they want to keep (no constitutional issue), and a rule that mandates ubiquitous data retention (huge constitutional issue). And, again as you know but rightly are making me spell out, it’s the retention of the data for a long time which is infinitely a worse threat to privacy than the capture of the info. Short term data will be used in true emergencies. Long term data is an attractive nuisance for those whose main interests may be laudable, but often are not very friendly to political (and usually social) liberty.

    In practical terms, there’s also difference between the nearly-one-stop-shopping aspect of a relatively small number of (large) ISP’s data retention in a standard form for a standard time, and the multifarious policies of various web site owners.

  4. Paul Ohm says:

    This has already been a fascinating symposium about an excellent paper, and I can’t wait to hear what else is said. Kudos to Concurring Opinions for doing this and to Prof. Citron for getting us all thinking about this.

    Like Prof. Froomkin, I worry about what happens when we mandate long-term IP address retention, but I think there is another worrisome angle here he doesn’t highlight enough. Although Prof. Bartow is right to point out that “there is very little anonymity online right now,” I would hate to see the government outlaw the “little anonymity online” which remains.

    Some ISPs refuse to log IP addresses to protect the identity of their users. Some of these make this choice to abet horrible behavior (AutoAdmit); some of them do this to empower more noble behavior (wikileaks); and many of them do this to assist anonymous speech of any kind, because they believe in a right to anonymous speech (anonymizing proxies going way back). All sorts of people–the noble to the profane to the criminal–take advantage of the anonymity these sites provide, and a ban on one means a ban on all.

  5. Nathaniel Gleicher says:

    I just wanted to point out that there is a significant challenge to both examining online harassment as a civil rights problem (which I think is the right frame) and contemplating a broad regime of IP address tracking (which I’m uncomfortable with). The rights to anonymous speech and association are key protections for members of threatened minorities and unpopular organizations. (cf NAACP v. Alabama) Removing the protection of anonymity from online harassers means it must be removed from targets as well. This removes a protection that has been both historically important and strongly protected by the Courts. This conflict is why I tend to look instead to narrowing websites’ section 230 immunity as a possible solution — not as a tool to require IP address tracking, but as a more direct check on websites themselves. This carries risks of its own, of course, but if drawn properly, it seems like it can both protect anonymous speech and work to limit online harassment.

  6. Bruce Boyden says:

    Michael, I think you have to admit that Danielle is not proposing “the complete elimination of anonymity on the US portion of the Internet,” even if you say that twice. She’s proposing conditioning ISP immunity on longer-term retention of already-collected data, as Ann points out. That’s at most some movement along a scale far short of an endpoint. I mean, I could as easily argue that “Twitter is the complete elimination of the paragraph as a means of communication.” It’s simply not, even if it moves us a bit closer to that outcome.

  7. Paul Ohm says:

    Once more, this time a bit more clearly, because Prof. Boyden repeats what I think is only partially correct: Prof. Citron is not talking about only “already-collected data.” On page 123, she specifically says that section 230 immunity should “require website operators to configure their sites to collect and retain visitors’ IP addresses.” She calls this “traceable anonymity.”

    If Congress amended section 230 in this way, you couldn’t simultaneously configure your web server to stop logging IP addresses AND ALSO expect section 230 immunity. You would have to choose one or the other.

    Many other parties would celebrate such a change: the Church of Scientology, the U.S. Department of Justice, and China, to name only three. I don’t mean this as “guilt by association.” I simply mean to highlight the other interests that must be balanced.

  8. Bruce Boyden says:

    Paul, that’s correct — not all sites log IP addresses, although many do.

    Re: who’d celebrate, I’m not sure anything follows from building a rogue’s gallery of people who support either position. But I’m curious about some of the people on your list. Does Scientology sue many John Does? I thought most of their lawsuits were against named adversaries. And China? Who is China suing in U.S. courts?

  9. I’m not sure that it is a “wonderful paper,” as it is chock full of factual distortions and outright lies. It is a shame that it is, as she probably could have maintained a little more credibility had she been honest. So, as everyone is applying the lotion to congratulate her, you ought to understand that you’ve either a) purposely overlooked the dishonesty, or b) just got bamboozled.

    That aside, I found Prof. Froomkin’s analysis to be right on. I was kind of expecting this type of critical review from Orin Kerr, but I’ll take it where I find it. In fact, being a Froomkin fan in other arenas, I’m delighted to find that I’m a fan of yet another one of his views.

  10. Two comments on the above. First, I think Bruce Boyden is factually incorrect: what Prof. Citron proposes will in fact change the current regime of hit-and-miss online anonymity to one where the law says there can be none. This will change the regime from private choice to legal compulsion, and alter a heterogeneous regime to a homogeneous one. (If everyone were already doing it, why require a change in the rules?)

    I argued a long time ago that traceable anonymity is significantly different and inferior to the real sort. See Section II.A.1 of Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases, 15 U. Pitt. J. L. & Com. 395 (1996), htmlized version at .

    As for Marc Randazza, I think there’s a burden in polite conversation for those who accuse others of “factual distortions and outright lies” (plural) to supply at least two examples.

  11. Paul Ohm says:

    Bruce, you seem to be arguing (and please correct me if I’m wrong) that a change to section 230 immunity will be felt only by those who are sued. But I (and I think Michael) am arguing that a change to section 230 will be felt by every web host, blog owner, ISP, and online speaker.

    The point isn’t who is suing whom to reveal identity. The point is the chilling effect. You’re less likely to set up a new blog protesting the Church, asking China to Free Tibet, or advocating Falun Gong, if you can’t set the web server settings to allow anonymous speech. You’re less likely to post the next Project Chanology manifesto, criticism of China or anything else which is unpopular, outrageous, or dangerous under this new regime, whether it is something we like or dislike.

  12. Nathaniel Gleicher says:

    Shouldn’t we be clear on exactly what type of change to section 230 immunity we’re talking about, here? Not all abrogations of section 230 are equal. Certainly, any change to blanket immunity is going to have ramifications across the web. The question is how broad a change we are considering, and whether minimizing or eliminating the dangers that Prof. Citron identifies would be worth the change. A complete elimination of the immunity would have a different impact than, say, a procedural burden such as a notice-and-takedown regime. I’m not suggesting that either of these solutions is preferable — both raise significant concerns, and I wouldn’t advocate for either — but the degree and type of the impact will be significantly different. Perhaps there is a narrower burden that could be placed onto Section 230 that would have a more limited effect, but still meaningfully reduce instances of online harassment.

  13. Paul Ohm says:

    Nathaniel, you’re absolutely right, but I have been responding to the rather aggressive, at least as I read it, section 230 change prescribed in the article.

    I’m worried less about the “good faith consideration” of takedown notices standard you offered in your earlier post, although I think the devil would be in the details.

  14. Blake Reid says:

    I think the point about the lack of data regarding how much hateful behavior is really happening and the value of anonymous speech is not getting enough play here.

    My criticism is not that cyberharassment isn’t a big deal when it happens, but rather that if it is a rare occurrence, we need to weigh the value proposition of proposed remedies accordingly.

  15. I think there’s a burden in polite conversation for those who accuse others of “factual distortions and outright lies” (plural) to supply at least two examples

    That is a more than fair standard.

    From her work:

    According to a 2006 study, individuals writing under female names received twenty-five times more sexually threatening and malicious comments than posters writing under male names. CCR at 65.

    However, the study she sites is available here. How does it define “attacks”:

    “The set of behaviors defined as attacks included attempts to send a file to the user, attempted DCC chats with a user, malicious private messages sent to a user, and links sent to a user.”

    In other words, if someone so much as tried to chat with someone (regardless of content) or sent that person a link or a file, it was considered an “attack.”

    Lets, however, remove these “attacks” from the mix. Lets say that we just consider the “impolite” or worse messages. I wonder how many of them were geeks who have no social skills trying (poorly and unskillfully) to “attract” a female by moronic means. I’d be willing to bet a pretty expensive six pack of beer that this would account for a significant percentage of these “attacks.”

    Saying “hey baby, wanna have cybersex with me?” isn’t an “attack.” It is a 14 year old male’s dumb attempt to impress a perceived female in a chat room — where the mere appearance of a female is often a cause for irrational exuberance. It is referred to as a “nerd rush.”

    Add nerd rush theory to the Greater Internet Fuckwad Theory (hereinafter GIFT) and you’ve got a far cleaner explanation than a civil rights conspiracy.

    To continue, failing to account for missing data isn’t exactly a “distortion,” but failing to consider basic communication theory when trying to evaluate a communication issue casts some serious doubt on the value of the evaluation.

    The percentage is debatable, but this quick film discusses the fact that when we communicate, only 7% of our thoughts are communicated via words. The rest is via tone and visual cues. Have these “studies” adjusted for the fact that only 7% of the communication gets through online? I doubt it.

    Accordingly, Citron gives us a study that really doesn’t begin to crack the surface of the underlying facts (not even those she is honest about). It starts with a political desire for greater censorship and works its way backwards from there, filling in the holes with lies, half truths, and ignoring contradictory facts.

    Consider what a jerk the average person is. Half the people are bigger jerks than that. Now, stir in anonymity, 93% of the communication being lost, and the GIFWT and what do we have? A pretty good picture of why people act like jerks on the internet, but one that is remarkably gender-neutral.

    Citron, in an attempt to zealously promote a political agenda, paints a compelling picture of drooling mobs of lulz-obsessed men, waving axes and dead skunks over their heads to try and drive women off line, but this too is a gross distortion.

    I can dig up plenty of examples of women driving other women off line. this story, for example, in which a “feminist” professor drove another feminist blogger offline by, of all things, threatening to strip her of her anonymity and suing her for defamation.

    Lori Drew was “bullied” by a female neighbor, Juicy Campus would never have reached its heights of filth without angry sorority sisters. Jessie Logan was marginalized more by her female classmates than her male classmates.

    The fact is that humanity may be ugly, and the internet may reveal that ugliness, but characterizing this as a gender, race, or civil rights issue — to try to elevate it to a status that would justify (to some) tossing the First Amendment baby out with the bath water is not the kind of work that I would call worthy of praise.

    More? Okay…

    From the same study:

    Among the private messages, on average, we found 30% of malicious ones for the female bots, 24% for the male bots, 23% for the ambiguous bots, 28% for the female human users, 26% for the male human users, and 25% for the ambiguous human users. Most other private messages include “hello” or “how are you doing?” messages that typically would be followed by a malicious private message (i.e., sexually explicit or threatening language).

    So hold on, female bots got a slightly higher number of private messages, female humans got a statistically insignificant (or close to it) higher number of private messages, and then among those messages, females were slightly more likely to get explicit language in those messages.

    Lies? Okay, got you covered:

    Citron writes at page 73-74:

    Another poster sent an e-mail to a particular female law student’s faculty asserting that her father had a criminal record.73 The poster displayed the e- mail on AutoAdmit before sending it, explaining: “I’ve assembled a spreadsheet with [the faculty e-mail] addresses and every single one of them will be notified about what our darling [named student] has done. I post this here as a warning to all those who would try to regulate the more antisocial posters – we have the power now.”

    Site members applauded the e-mail and rallied around the sender. For instance, a poster stated that the e-mail sender should be awarded a “Congressional medal.”75 Others recommended sending the e-mail from a

    public PC and a “hushmail account” or with anonymizing software.

    A “Congressional Medal” comment was made, but even a fool in a hurry could tell that it was pure sarcasm and a statement of disdain for the harasser. I reproduce it below:

    Date: March 9th, 2007 2:17 PM 
Author: David Carr (Glass of water for Mr. Grainger) 

    Date: March 9th, 2007 2:19 PM 
Author: c00kie 
This is a great idea that you are guaranteed never to regret.

    Date: March 9th, 2007 2:34 PM 
Author: Bodhi Tree Miracle 

    Will likely lead to a Congessional medal of some sort.

    Even if you can’t see the sarcasm in that statement, if you read the entire thread, you’ll see that the vast majority of the comments condemned this action. The statement that “site members applauded the email and rallied around the sender” is just a bald-faced lie. I’ve preserved an internet archive copy of the thread here. Read it for yourself and ask yourself if she’s taken the liberty of grossly misrepresenting the facts.

    Could I go on? Probably. Or, maybe this is all the dishonesty that is in this “wonderful” study. However, in my experience, when you find one termite, there is usually a nest of them. Simply re-defining censorship as something else, relying on absurd theories like (paraphrased) “silencing some augments the speech of others, therefore it is advancing First Amendment interests” doesn’t make it so.

    This article is nothing more than lies wrapped around a MacKinnonite research agenda in an attempt to create a hysteria among upper class women that they are constantly under attack. It is the left wing equivalent of the “save the children” and “run, terrorists are coming!” rhetoric we hear from the Right. Fear mongering and false crises are the fuel that runs the engines of censorship, and Prof. Citron is one in a long line of this kind of dishonest theorists who the Academy is reluctant to challenge lest one be branded a “sexist.” I applaud Prof. Froomkin for not falling victim to that kind of fear, but I chastise the rest of you for not having a cynical bone in your bodies as you read this absolute dreck.

    Before any of you fawn over it with another pixel, chill for a second and realize that the scheme she’s promoting may wind up at your door too. The right thing to do is not to fluff this flimsy piece of garbage, but to stand up and tell this fear monger that our precious rights are not going to be the first thing you grab for to achieve your publication quota or to push your personal agenda. I would hope that a symposium of legal educators would find more than a single voice that rejects the notion that war=peace, freedom=slavery, or censorship=honoring the First Amendment.

  16. Ugh, all my important links are broken!

    The link to the study she cites for her evidence of “attacks” is here:

  17. Patrick says:

    Thank you for opening comments on this post, Professor Froomkin. There are many not part of this symposium who are reading it with interest.

    A couple of points in Nancy Kim’s post above confused me:

    I’m not talking here about Citron’s article or governmental regulation (at least, not yet) — I’m referring simply to social norms. While some may argue that the government should not attempt to tame the Internet, that shouldn’t mean that one shouldn’t regulate one’s own conduct out of a sense of decency and self-respect or that one shouldn’t try to persuade others to adhere to a more civil code of conduct. Somewhere along the line, advocating civil behavior –socially responsible and even polite discourse –has morphed into “censorship” or “suppression” and all Internet activity has been lumped into the monolith “speech.”

    Really? Do any serious people conflate advocacy of civil behavior online, or even calling out those whose speech transgresses the norms of politeness, with censorship and suppression? Perhaps in academia.

    In the online world at large you’ll find many people who are quite supportive of civility, and even willing to intervene through argument on behalf of those who are targeted by boors. Yet they may still be concerned about the prospect of imposing tort (a civil rights action, in terms of remedies, is essentially the same as a tort) liability on websites and ISPs for the actions of third parties, as well as stripping the protection of anonymity from those who may need it for socially beneficial purposes. The law is too blunt an instrument to think craft a tool of discovery which will reliably protect a Mark Felt, while exposing a Lori Drew.

    The notion that libertarians routinely describe calls for civility as censorship seems a strawman. That internet libertarians worry about the social and political consequences of removing what anonymity still exists on the internet, there can be no doubt.

    Funny enough, it was the government that was instrumental in this collapse of distinctions when it specifically exempted websites from responsibility for content, treating them as public forums yet permitting them to maintain private status.

    Until the government builds an internet of its own, private websites will remain the closest the internet has to a public forum. I take it that Professor Kim is not suggesting that the internet should be nationalized.

  18. Patrick,

    I think you’re dead on. The “hard way” to confront the problem of incivility on the internet is to be someone who pushes against such incivility — but who does so knowing that strength comes from your ideas, not from pushing your agenda until finally a legislature breaks and next thing you know, we have all lost something.

    The way to cure this bad speech is through more speech. The way to bring about more speech is through commitment by good people to speak up. Nobody seriously calls that “censorship.” Well, I think Clint Eastwood did after he said something bigoted recently, but Clint isn’t exactly a scholar.

    We will all be victimized if we let the Academy play its “victim studies” game by simply re-defining very important concepts like “freedom” and “free speech” and “equality” to fit their publishing agenda. We similarly are victimized when “academics” rely on lies and half-truths to do the same.

    However, we all lose a little something as well when the trolls win.

    So, how do we beat the trolls while simultaneously holding back the academic/left-wing/censorship hordes? That is really what should be debated here. I think that Citron’s ideas are as much a threat to online discourse as a dozen “lonelyvirgin” posters.

    Smack in the middle are a few people who still believe in the First Amendment and the search for truth. It is like standing between the Hutus and the Tutsis, both of which want to hack each other to pieces, but both of them are dead wrong.

    The way to combat this problem, to the extent that it is a problem, is to:

    1) wrest it away from the “victim studies” crowd, because they don’t own the internet, and they don’t own the problem. They don’t have a monopoly on internet related grief, and they have no more authority to whine about it than the rest of us.

    2) Get in there and participate in the marketplace of ideas — instead of crying to the government to intervene or to create intervention mechanisms for individuals and corporations to abuse — because you can be damned sure that they will.

  19. My dear Randazza, I beseech you not to take great displeasure with me, tho I write to say that even in our benighted times, a gentleman simply does not discuss a member of the Gentle Sex with such rampant discourtesy.

    “Lies”, you say? “Hysteria”? My Dear Randazza, when a gentleman, such as your style yourself, believes that a member Fair Sex has made a statement that perhaps might be argued to lack something in exactitude, it behooves him, out of consideration for her Gentle Sensibilities, to, should he see need to reproach her at all, to phrase such reproach more gently (and again, only should such be necessary) and then only transmit such through her husband, or, should she regrettably be unwed, through her father or elder brother or other guardian

    Your lack of proper discourtesy has, no doubt, given these Fair Maidens a further case of the vapors and consigned them, once again, to their fainting couches.

    Common sorts, of course, might believe that even in these post-decadent times, both the Fair Sex and our rougher selves might feel free to comport themselves with such common crudity, as though one were addressing a fellow gentleman, but one would have thought you were above such.

    One can understand why the male guardians of said Ladies have protected them from such common crudity through the rest of this most cordial Symposium by closing it to commentary that might fall, unwelcome, upon such delicate ears.

    Believe me, Dear Sir, yr humble & devoted, etc.


  20. Bruce Boyden says:

    Michael, I suppose this all turns on what it means to be anonymous. I think we can agree that anonymity does not mean only the ability to communicate in a completely undetectable way. Otherwise, even “anonymous” leafletters are not anonymous because their faces can be seen and identified as they are leafletting. Also, if the leaflets were printed up by a print shop, the printer would know who the leafletter is — again, not anonymous. But the leafletter is in fact still anonymous in both situations, because it’s the practical ability of someone to remain unknown to a broad range of targets of the communication that makes them anonymous.

    The question is whether a record-keeping requirement, unaccompanied by a universal identity-disclosure requirement, “completely destroys” that practical ability. The answer to that is clearly no; there are still plenty of hoops plaintiffs or the government will have to go through to get the records, and then turn the records into a name and address (and then, as David Robinson points out, turn that name and address into an actual defendant). There’s plenty of practical ability to remain anonymous left. While you may believe such a requirement would have harmful effects, that does not equate to a complete destruction of the ability to remain anonymous.

    Paul, is there any substantial chilling effect now on sites that log IP addresses voluntarily? I think some recent lawsuits have indicated that you can’t trust such representations even when they are made. So if there’s a chilling effect we should worry about, it should already exist. If not, how would that change as a result of a record-keeping requirement? It might as the result of, perhaps, sensationalist news coverage, but I suspect that would fade pretty quickly.

  21. I am afraid we do not agree as much as you think. Real anonymity is total and untraceable. Admittedly, real life rarely grants you that. Thus, the anonymous handbiller risked being photographed even if she runs off the handbills on her home printer and then copies them herself at Kinkos. (Leave aside claims that some color LJ printers carry unique identifiers in order to detect currency counterfeiters.) Too modern? Think ditto machine.

    The contemporary question is not simply the degree of chilling effect from a record keeping requirement coupled with a promise of legal process before the data is accessed by third parties. There’s also the extent to which one trusts participants not change the rules (“9/11 changed everything”) and whether one trusts them to play by the rules (“when the President does it, it’s not illegal”).

    Currently people avoid some IP logging by using proxies and cutouts. In the past anonymous remailers were popular, although the supply of reliable ones seems to have largely dried up for the moment.

    IP logging makes it much more likely that one is traceable than did the risk that someone would photograph you and ID you. It makes it, in many cases (but not all as David Robinson so cogently reminds us) much easier too. In the past our hypothetical anonymous self-published pamphleteer.

    The Internet’s communicative dominance will only grow. Governments’ and marketers’ tendency to see all that data as an opportunity will not shrink. The extent to which we can trust large institutions will remain the same. Do we agree on those three trends? If so, what follows?

  22. Paul Ohm says:

    Bruce, shouldn’t the question be the opposite one? On sites which today promise IP anonymity, do people speak more frankly and with less fear of identification than on sites that make no such promises? Isn’t that the common understanding of why AutoAdmit became such a cesspool? This isn’t a singular example. Don’t people do and say things when tunneling through TOR that they wouldn’t when they weren’t? Weren’t people using Torrentspy before Judge Cooper mandated IP address tracking in ways that they probably weren’t after?

    Ultimately, this is an empirical question, and I simply don’t have a firm source for an answer. I have a lot of anecdotes, however, and I could list a bunch more from my time at DOJ if you were interested. Some people trust assurances of IP anonymity and alter their behavior in reliance of them. The average lawprof and the typical reader of Concurring Opinions may not, but others do. They are the ones I fear will be chilled.

    And I just disagree with you that the chilling effect which results from the knowledge that some providers promise IP anonymity but actually lie is comparable at all with the chilling effect of creating a rule which would have the practical effect of forcing all web servers in the land to store IP addresses.

  23. The problem isn’t (at least how I see it) that anonymous speech might go away. There will always be a way to circumvent IP logging if you are determined enough.

    The problem is that if intermediaries are required to take on liability or to take on record-keeping requirements, on the off chance that someone might want to sue the primary speakers, then you’re going to find that intermediaries will be strongly discouraged from allowing online discourse of any kind.

    For example, I didn’t have to own my words on this comment. I could have posted under Elmer Phud, if I wanted to. But, if the publisher, or on Froomkin (as the author of the post) were liable for something I might post, would they have bothered to open comments at all?

  24. JP says:

    Bruce’s comparison to leafletters is useful. He suggests that leafletters are anonymous because they might be photographed, or recognized by the printer. (This isn’t quite right–if the leafletter is recognized or photographed, his attempted anonymity has been compromised–but this is immaterial.) Would you object to a requirement that ALL leafletters be photographed (with the photographs to be stored confidentially, and the government or litigants required to jump through hoops to obtain those photographs)? If so, what is the distinction between this and Prof. Citron’s proposal?

  25. Patrick says:

    Would you object to a requirement that ALL leafletters be photographed (with the photographs to be stored confidentially, and the government or litigants required to jump through hoops to obtain those photographs)?

    Indeed. While I assume that Professors Bartow wouldn’t object to being photographed each and every time she enters a Kinko’s (because as Marc Randazza points out, she has nothing of which to be ashamed), plenty of other, shadier people might.

    JP’s comment hits the nail harder than anything anyone has written in this symposium, or any comment anyone has written in this, the only post on which the Peanut Gallery is permitted to intrude on this magic circle of law professors discussing the theory they’ll apply to the First Amendment once they become circuit judges.

    Again, thanks for opening this post to comments, Professor Froomkin.

  26. I’ll echo Patrick on that latter; those of us who hail from the Jurrasic often believe that honest and open discussion is better than listening to a sermon from the mount, whether we’re talking about a hill or the apocryphal story of Catherine the Great’s last mumbled cries from beneath hers.

  27. Much as I appreciate the kind words, they’re unfair to the many other participants who opened their contributions for comments: Orin Kerr, David Fagundes, Nathaniel Gleicher, Orin Kerr (again), Kaimipono D. Wenger, Nancy Kim, Orin Kerr (yet again), Dave Hoffman, Daniel J. Solove, Nathaniel Gleicher (again), David Robinson.

    If there are more comments here, it may just be I’m more wrong-headed or something….

  28. Well, you started it (the open discourse).

  29. Actually, I didn’t. I believe that honor belongs to Orin Kerr.

  30. Interestingly, for all the critiques about the lack of open discourse in the symposium, by my count, only 6 posts disallowed comments and about 25 posts allowed comments.

  31. Danielle Citron says:

    I want to respond to the erroneous and reputation harming suggestion that I have misrepresented the University of Maryland study (and the broader issue as to the gendered nature of online harassment) and an AutoAdmit comment.

    First, cyber harassment is indeed a gendered phenomenon. The non-profit organization Working to Halt Online Abuse (WHOA) has compiled statistics about individuals harassed online. In 2007, 61 percent of the individuals reporting online abuse were female while 21 percent were male. Similarly, in 2006, 70 percent of its online harassment complainants identified themselves as women. Overall, from 2000 to 2007, 72.5 percent of the 2,285 individuals reporting cyber harassment were female and 22 percent were male. Half of the victims were between the ages of 18 and 40 and reportedly had no relationship with their attackers. Similarly, the Stalking Resource Center, a branch of the National Center for Victims of Crimes, reports that approximately 60 percent of online harassment cases involve male attackers and female targets.

    Academic research supports this statistical evidence. The University of Maryland’s Electrical and Computer Department recently studied the threat of attacks associated with the chat medium IRC. Researchers found that users with female names received on average 100 “malicious private messages,” which the study explicitly defined as “sexually explicit or threatening language,” whereas users with male names received only 3.7. Indeed, contrary to what has been misstated, the study explicitly explained that the “experiment show[ed] that the user gender has a significant impact on one component of the attack thread (i.e., the number of malicious private messages received for which the female bots received more than 25 times more private messages than the male bots)” and “no significant impact on the other kinds of attacks, such as attempts to send files to users and links sent to users.” The study explained that attacks came from human chat-users who selected their targets, not automated scripts programmed to send attacks to everyone on the channel, and that “male human users specifically targeted female users.”

    I am extensively quoting the study to make clear that my analysis is not my interpretation of the study but instead that of its authors.

    Second, however one line of my BU article may be construed by others (i.e., the comment he deserves a Congressional medal), my editors, myself, Nathaniel Gleicher and others have read it as I have. But no matter, the work does not include lies (the suggestion that I am deceiving others is indeed defamatory as is the suggestion that the explanation of the Maryland study is) but instead includes exact quotes of the countless postings on AutoAdmit. And the various stories of the attacks on women are exact quotes as well and cannot be disputed.

    I hesistated speaking to this issue as I fear cyber harassment, which I have clearly experienced personally and indeed as Dave notes in a prior comment on Prawfs has included menacing physical harm.

    Danielle Citron

  32. JP says:


    Thank you for addressing this. This is in multiple places, but I’m hoping this becomes the thread were your points can be discussed.

    With respect to the Univ. of Maryland study, I think the argument that you were dishonest is wrong and unfortunate. However, I think there is a reasonable argument that the study is misleading, and does not support your point. This was discussed in one of your older CoOp post (click my name). In that thread, I (partially) defended your use of the study, but another commenter convinced me that I was wrong.

    Specifically, while it is true that, as you note, female user names received 100 malicious private messages while male names received only 3.7, the study does not report the number of total private messages that male and female users received. It does, however, say this:

    “Among the private messages, on average, we found 30% of malicious ones for the female bots, 24% for the male bots, 23% for the ambiguous bots, 28% for the female human users, 26% for the male human users, and 25% for the ambiguous human users.”

    In other words, the gender disparity in the number of malicious messages can largely be accounted for by the gender disparity in the number of total messages–most of which were not malicious.

    There is also a good question of whether the IRC forum studied bears any reasonable relation to “the internet” as a whole. I strongly doubt that any conclusions drawn from the study, even if they are correctly stated, are relevant to how most people experience the internet.

  33. Danielle Citron says:

    Thank you for your thoughtful reply. I suppose we will disagree on what that sentence suggests as to the study, but it is worth noting that the next sentences (where the authors wrap up in their Conclusion section) reiterates again their findings (I reproduce the whole Conclusion here): “In summary the threat of attack on IRC seems to be rather low. The only type of attack that occurs consistently daily is malicious private messages, and in and of themselves they pose no threat to computer security. The threat does not seem to depend on whether or not a user is active in a channel. Users with female names are, however, far more likely to receive malicious private messages, slightly more likely to receive files and links, and equally likely to be attacked in other ways. This implies that the attacks are carried out by humans selecting targets rather than automated scripts sending attacks to everyone in the channel. Users with ambiguous names are far less likely to receive malicious private messages than female users, but more likely to receive them than male users. Users in channels that do not allow bots at all are more likely to receive attacks than users in channels that allow a minimal number of bots.”

    It may be worth noting that the authors appear to have chosen IRC because it permits multi-user chat as opposed to networks that only permit two-way party discussion.

    I agree that this study alone does not prove the point that cyber gender harassment is a gendered phenomenon. It seems a helpful illustration of the statistics provided by WHOA, the Stalking Center, and other social science studies (such as those by Paul Bocij, Sheridan & Grant, and others). Moreover, it is important to see why this is uniquely gendered: the harassment involves sexually-threatening comments that would be more threatening to women given the prevalance of actual offline rape suffered by women (such as I want to rape you, threats of gang rape, suggestions that women should be sexually violated in other frightening ways, suggestions that a woman has rape fantasies while providing women’s home addresses) and demeaning comments that cast doubt on women’s competency in their work (such as “this shows why women are too dumb to be journalists and belong raising babies”).

    Thank you for your thoughtful comments.


  1. May 19, 2009

    […] it’s worth, on the detail of Citron’s argument, my comments here confirm I’m with these responses). The kind of censorship being exercised by search gatekeepers is another. As Daithí […]

  2. August 24, 2009

    […] for everyone else, I accept the legitimacy of arguments by people who wish to post or blog anonymously at face value. I believe such posts have less legitimacy than […]

  3. December 14, 2009

    […] Amendment protections should not always protect anonymous bloggers who defame others.  There is disagreement in the legal community as to how to balance First Amendment free speech guarantees with libel and […]

  4. December 14, 2009

    […] Concurring Opinions, Michael Froomkin believes that allowing this framework to become law entails a value judgment.  He’s right, but for a different reason: allowing these claims is in itself a value judgment […]