Category: Anonymity


Cyberbullying and the Cheese-Eating Surrender Monkeys

(This post is based on a talk I gave at the Seton Hall Legislative Journal’s symposium on Bullying and the Social Media Generation. Many thanks to Frank Pasquale, Marisa Hourdajian, and Michelle Newton for the invitation, and to Jane Yakowitz and Will Creeley for a great discussion!)


New Jersey enacted the Anti-Bullying Bill of Rights (ABBR) in 2011, in part as a response to the tragic suicide of Tyler Clementi at Rutgers University. It is routinely lauded as the country’s broadest, most inclusive, and strongest anti-bullying law. That is not entirely a compliment. In this post, I make two core claims. First, the Anti-Bullying Bill of Rights has several aspects that are problematic from a First Amendment perspective – in particular, the overbreadth of its definition of prohibited conduct, the enforcement discretion afforded school personnel, and the risk of impingement upon religious and political freedoms. I argue that the legislation departs from established precedent on disruptions of the educational environment by regulating horizontal relations between students rather than vertical relations between students and the school as an institution / environment. Second, I believe we should be cautious about statutory regimes that enable government actors to sanction speech based on content. I suggest that it is difficult to distinguish, on a principled basis, between bullying (which is bad) and social sanctions that enforce norms (which are good). Moreover, anti-bullying laws risk displacing effective informal measures that emerge from peer production. Read More


The Memory Hole

On RocketLawyer’s Legally Easy podcast, I talk with Charley Moore and Eva Arevuo about the EU’s proposed “right to be forgotten” and privacy as censorship. I was inspired by Jeff Rosen and Jane Yakowitz‘s critiques of the approach, which actually appears to be a “right to lie effectively.” If you can disappear unflattering – and truthful – information, it lets you deceive others – in other words, you benefit and they are harmed. The EU’s approach is a blunderbuss where a scalpel is needed.

Cross-posted at Info/Law.


Cybersecurity Puzzles

Cybersecurity is in the news: a network intrusion allegedly interfered with railroad signals in the Northwest in December; the Obama administration refused to support the Stop Online Piracy Act due to worries about interfering with DNSSEC; and the GAO concluded that the Department of Homeland Security is making things worse by oversharing. So, I’m fortunate that the Minnesota Law Review has just published the final version of Conundrum (available on SSRN), in which I argue that we should take an information-based approach to cybersecurity:

Cybersecurity is a conundrum. Despite a decade of sustained attention from scholars, legislators, military officials, popular media, and successive presidential administrations, little if any progress has been made in augmenting Internet security. Current scholarship on cybersecurity is bound to ill-fitting doctrinal models. It addresses cybersecurity based upon identification of actors and intent, arguing that inherent defects in the Internet’s architecture must be remedied to enable attribution. These proposals, if adopted, would badly damage the Internet’s generative capacity for innovation. Drawing upon scholarship in economics, animal behavior, and mathematics, this Article takes a radical new path, offering a theoretical model oriented around information, in distinction to the near-obsession with technical infrastructure demonstrated by other models. It posits a regulatory focus on access and alteration of data, and on guaranteeing its integrity. Counterintuitively, it suggests that creating inefficient storage and connectivity best protects user capabilities to access and alter information, but this necessitates difficult tradeoffs with preventing unauthorized interaction with data. The Article outlines how to implement inefficient information storage and connectivity through legislation. Lastly, it describes the stakes in cybersecurity debates: adopting current scholarly approaches jeopardizes not only the Internet’s generative architecture, but also key normative commitments to free expression on-line.

Conundrum, 96 Minn. L. Rev. 584 (2011).

Cross-posted at Info/Law.


United States v. Jones: Privacy in Public Space? Piece it all Together and You Get 5.

By Priscilla Smith, Nabiha Syed & Albert Wong, Information Society Project at Yale Law School

There was exciting news from the Supreme Court yesterday.  By a rare 9-0 vote, in United States v. Jones, No. 10-1259, the Court held that the Government should have obtained a warrant before placing a GPS surveillance device on the defendant’s car and monitoring his movements.  This result was not completely unexpected, especially considering the Justices’ interest at oral argument in the Government’s position that GPS surveillance technology could be used without a warrant to track the movements of any car — even the Justices’ own cars — for an unlimited period of time.  The Government argued —  unsuccessfully — that this result was compelled because citizens have no privacy interests in their public movements.

Of particular note, the three opinions in the case and the unusual line-up make for a broader ruling than is apparent at the outset.  The most narrow rule comes from the Court’s opinion written by Justice Scalia and joined by Justices Roberts, Kennedy, Thomas, and — wait for it — Sotomayor, holding that that “the Government’s installation of a GPS device on a target’s vehicle,2 and its use of that device to monitor the vehicle’s movements, constitutes a “search.”  Slip op. at 3.  Scalia notes that the Fourth Amendment protects the “right of the people to be secure in their . . . effects,” and it “is beyond dispute that a vehicle is an ‘effect’ as that term is used in the [Fourth] Amendment.”  Id. at 3.  Ergo, he holds the installation done with the intent to “use … th[e] device to monitor the vehicle’s movements” was a search.  Id. at 3.  He describes the action at issue, saying “[t]he Government physically occupied private property for the purpose of obtaining information.”  He holds that since this form of physical trespass and monitoring would have been a search within the meaning of the Fourth Amendment at the time it was adopted, it is a search now.  Hello, original application guy.

On first glance, it seems that Scalia might be returning to old interpretations of the Fourth Amendment that required a physical trespass to have occurred before an action could be considered a search.  But what Scalia is actually doing here is defining the Court’s task, which is “at a minimum, is to decide whether the action in question would have constituted a ‘search’ within the original meaning of the Fourth Amendment,” and because it would have, it is a search now.  Just because in 1967 Katz said that the Fourth Amendment protects more than physical trespass, doesn’t mean that the Fourth Amendment doesn’t protect physical trespass.  See slip op. at 6-7 (noting Katz did not erode the principle that a search occurs where the Government “does engage in physical intrusion of a constitutionally protected area in order to obtain information.”) (emphasis in original).  So Scalia establishes and emphasizes a threshold for determining when a search has occurred — a threshold that is not comprehensive, but sufficient to resolve the issue at hand.

And thus Scalia declines to go further and consider what would happen if, hypothetically, there was no physical trespass.  He does hold open the possibility that “achieving the same result through electronic means [as they achieved here with physical trespass], without an accompanying trespass, is an unconstitutional invasion of privacy.”  Id. at 11.  Simple enough.  Why decide the harder issue with all its accompanying “vexing problems” that would arise in a case involving electronic surveillance without an accompanying trespass?  Scalia argues that there is no reason to “rush forward” to resolve them now.  Slip op. at 12.  Put aside for a minute that he encouraged the Court in United States v. Kyllo, a case holding that the use of heat-seeking technology required a warrant, to adopt rules that “take account of more sophisticated systems that are already in use or in development,” Kyllo, 533 U.S. at 37.

But Scalia has a problem.  As he points out, in its opinion in United States v. Knotts, the Court upheld the use of beeper technology to track a target’s movements, holding there was no invasion of privacy.  He distinguishes Knotts from this case because Knotts did not involve physical trespass. The beeper there was placed inside a container with consent of the then-owner of the container, and only then was the container placed in the driver’s car.  Moreover, Knotts didn’t challenge the installation.  Right.  But the Court didn’t decide there was no search in Knotts based on an absence of a physical trespass; the Court decided the case holding there was no invasion of privacy.  So shouldn’t Scalia explain to us why he holds open the possibility that “achieving the same result through electronic means [as they achieved here with physical trespass], without an accompanying trespass, [like they did in Knotts] is an unconstitutional invasion of privacy?”  Id. at 11.  Saying that GPS is a different technology, as he does in a footnote, is not enough.  Doesn’t he owe us an explanation of why Knotts doesn’t preclude that possibility, as the Government so vehemently argued it did and the Ninth Circuit in a similar case agreed?  See Pineda-Moreno v. United States.

Of course he does — or so says Justice Alito, with Justices Ginsburg, Breyer and Kagan joining.  See Alito’s concurrence, slip op. at 13.  In fact, not only did Alito think the Court should reach the Katz expectation of privacy test, he didn’t buy the physical trespass holding at all, and lists its many flaws.  Justice Alito then evaluates the GPS surveillance here, noting that “devices like the one used in the present case … make long-term monitoring relatively easy and cheap.”  “[T]he best we can do in this case,” reasons Alito, “is to apply existing Fourth Amendment doctrine” and “ask whether the use of GPS tracking in a particular case involved a degree of intrusion that a reasonable person would not have anticipated.”  Alito at 13.  Under this inquiry, “the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy,” because “society’s expectation has been that law enforcement agents and others would not — and indeed, in the main, simply could not — secretly monitor and catalogue every single movement of an individual’s car for a very long period.”  Id.  Now, Justice Alito recognizes the “degree of circularity” inherent in Katz’s expectation of privacy test — i.e., the problem that, if read literally, the test would permit a situation in which the government takes away your privacy so that one no longer has an“expectation” of it — and in so doing, one no longer has a constitutionally protected interest in it.  Hello, 1984.  Unfortunately, though, his concurrence does nothing to address, and instead relies exactly on, that circular part of it — the intrusion you would or would not have anticipated.  The concurrence is also remarkably skimpy in its explication of why exactly the surveillance is “intrusive” — you know, the point that is the actual crux of the case.

The only Justice who doesn’t avoid the issues is Justice Sotomayor.  Although she joins the narrow majority opinion because she buys Scalia’s argument that the physical trespass here suffices to decide the case, she writes separately to make clear that “physical intrusion is now unnecessary to many forms of surveillance,” her slip op. at 2, a statement that Scalia certainly does not deny.

Moreover, and making this a much broader ruling than it appears on first glance, unlike Scalia, Sotomayor explains the distinction between Jones and Knotts.  She agrees with the Alito Four that “’longer term GPS monitoring in investigation of most offenses impinges on expectations of privacy.’”  Sotomayor concurrence at 3, quoting Alito concurrence at 13.  Rather than relying on whether citizens “anticipate” invasions of their privacy, her opinion reflects the concerns of the D.C. Circuit, New York Court of Appeals, and C.J. Kozinski writing in dissent from denial of rehearing en banc in a similar case in the Ninth Circuit, that the information collected by GPS monitoring generates a “comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”  Id. at 3.  (In fact, unless we missed something, she appears to be the only one who cites to Chief Judge Kozinski’s dissenting opinion in the Pineda-Moreno case; no one seems to cite the DC Circuit opinion, scared off perhaps by some folks’ misplaced railing against its “mosaic” language).  She further discusses the concerns raised in a brief filed by some of us at the ISP on behalf of a group of privacy scholars that GPS surveillance, as she says, “evades the ordinary checks that constrain abusive law enforcement practices” and is susceptible to abuse, and that awareness of government monitoring chills associational and expressive freedoms.  Id.  She summarizes:

I would also consider the appropriateness of entrusting to the Executive, in the absence of any over­sight from a coordinate branch, a tool so amenable to misuse, especially in light of the Fourth Amendment’s goal to curb arbitrary exercises of police power to and prevent “a too permeating police surveillance,” United States v. Di Re, 332 U. S. 581, 595 (1948).

Finally, Sotomayor suggests a more fundamental change in the jurisprudence to “reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties,” and notes that the rule is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks,” Sotomayor at 5, questioning the notion at the heart of the rule that “secrecy [is] a prerequisite to privacy.”

The long and the short of it is that by agreeing with the Alito Four that the use of GPS surveillance technology for a prolonged period violates a reasonable expectation of privacy, Sotomayor’s concurrence means that five justices agree to veer away from the inside/outside distinction relied upon by the Government.  It seems that we may have some privacy interests in our public movements after all.


Uncontroversially controversial

Anonymous, most recently known for their digital protest interventions, are tough to pin down with definitive definitions. Perhaps one of the most uncontroversial statements one can nail on them is that they and their tactics are controversial. After yesterday’s extensive Anon-led distributed denial of service attacks prompted by the take-down of the popular file sharing site Megaupload, I thought I would ask CO readers to reflect on the DDoS as a political tactic. I have complied a few basic questions to help kick-start the discussion.

  1. Is it reasonable to compare a DDoS with civil disobedience or direct action?
  2. What might be an appropriate legal response for those campaigns that are deemed by courts as political protest? (Perhaps not answerable)
  3. How does the media and the public misunderstand these events? (and perhaps the media are the ones are responsible for the “success” of a DDoS campaign)
  4. Is the political effect of the DDoS primarily symbolic and a way for people to very quickly and collectively express their position on a matter?
  5. Is there anything lulzy about the DDoS? (Does that even matter?)
  6. How might the DDoS be deployed more ethically as political protest? Under what conditions or configurations might it be more permissible, palatable or effective? Or i it just too noxious and problematic to use for political purposes?


I will admit the DDoS is not what interests me the most about Anonymous, a bias clearly reflected in this piece I just published on them, but definitely worth pausing on for a bit after yesterday’s actions.




Parents Facilitating Facebook Use for the Under 13 Set: The False Promise of Minimum Age Requirements

The Child Online Privacy Protection Act (COPPA), enacted in 1998 and finalized in 2000, requires commercial websites that target children under 13 or have actual knowledge that users are under 13 to ask for parental permission before collecting and using their information.  Legislators hoped to protect children from predatory marketing, safety risks such as stalking or kidnapping, and other abuses related to the use of children’s private data.  They also wanted more parental involvement in online data-collection practices and to encourage the development of technologies designed to give parents better tools to protect their kids’ online privacy.  Although COPPA has succeeded in stopping egregious predatory data practices, it has fallen short of its core goals.  The Federal Trade Commission (FTC), tasked with implementing and enforcing COPPA, admits that online industries have neither innovated nor emphasized mechanisms for obtaining verifiable parental consent.  Instead, to avoid costs associated with obtaining parental consent including potential fines for inappropriately dealing with children’s data, many sites just limit their services to children 13 and older. Sites typically include the age restriction in their Terms of Service agreements (ToS), to which users must consent when they create an account.  Many sites ask users for their age or birth date to ascertain if they are 13 or over.  Facebook does, for instance, and reserves the right to terminate accounts of users who “violate the letter or spirit” of its ToS.  To protect itself from possible legal exposure, Facebook employs cookies to prevent users from changing their minds about their age to evade the site’s requirements and actively deletes accounts where evidence suggests that the users are not in fact 13 or older.  This spring, the FTC called for comments on a proposed amendment to its Child Online Privacy Protection Rule, enacted in 2000 and renewed without change in 2005.  As FTC Chairman Jon Leibowitz explained: “In this era of rapid technological change, kids are often tech savvy but judgment poor. We want to ensure that the COPPA Rule is effective in helping parents protect their children online, without unnecessarily burdening online businesses.  We look forward to the continuing thoughtful input from industry, children’s advocates, and other stakeholders as we work to update the Rule.”

A study released this week by danah boyd, Eszter Hargittai, Jason Schultz, and John Palfrey sheds new light on COPPA’s failings.  Given the current regulatory attention to COPPA, the study could not be more timely or more important.  The authors surveyed a national sample of 1,007 parents and guardians who have children ages 10-14 living with them.  They found that although many sites restrict access to children, many parents knowingly allow their children to lie about their age–indeed, they often help them do so– to gain access to age-restricted sties in violation of the sites’ ToS.  This is true for some of the most popular social media sites and services, such as Facebook, Gmail, and Skype.  Specifically, the study revealed that 55% of 12 year olds had Facebook accounts while 32% of 11 year olds and 19% of 10 year olds did as well.  Seventy-eight percent of the parents of 10 year olds helped their kids set up their Facebook accounts; 68% of the parents of 11 year olds helped their kids sign up; and 76% of the parents of 12 year olds did the same.  Of those parents who reported that their child joined Facebook underage and helped create the child’s account, 74% knew that Facebook had a minimum age that their kids failed to meet.  Although Facebook’s minimum age is a requirement, just over a third of the those parents believed the minimum age was a recommendation.  Over three-quarters of parents believed that there are circumstances that make it okay for their child to sign up for a service even if their child fell short of the age requirement.  Those reasons included communicating with parents, other family members, and friends; use of the service for educational purposes; and because classmates used the service.  Half of the parents indicated that their child could violate the restriction only if under parental supervision.  As the authors explained, those parents felt as though the violation was acceptable because they were monitoring their children’s online practices.  Importantly, most parents either did not understand the reason for the age requirement or failed to appreciate its privacy goals.  While most parents had no idea what animated the requirement, some offered explanations such as concerns about the adult content or language on the site, “children don’t need to have a social media presence,” and “to protect minors from perverts.”  A small fraction of the parents referred to legal issues.  Only two parents referenced privacy.

What does all of this tell us?   Rather than providing parents and children with greater options for controlling the use of youth’s personal information, COPPA has actually encouraged the adoption of formal limits on children’s access to online services.  Those limits are rather meaningless, though.  As the authors explain, parents are “taking matters into their own hands to circumvent the restrictions . . . at the cost of their children’s privacy and at the risk of acting unethically and potentially in violation of the law.”  While providers and parents together circumvent COPPA’s requirements, the true losers are the parents who don’t get the chance to audit and delete their children’s data, as COPPA mandates when sites have actual knowledge that they are collecting and using data from kids under 13.  We are also seeing parents help their children engage in public deceit because they think their kids would benefit from online services.  This creates a serious parenting conflict among those who wish to encourage honesty. Because children pretend that they are far older than they actually are in online interactions, they also may open themselves up to other risks including stalking, something the statute sought to avoid.  In the end, COPPA has accomplished very little and risked a lot.  Kids under 13 do not end up with privacy protections afforded by COPPA and may even put themselves at risk.  Providers get around COPPA’s requirements with age cutoffs that are routinely violated.  Innovation for greater parental controls remains illusive.  As the study’s authors urge, policy-makers should “shift away from privacy regulation models that are based on age or other demographic categories and instead develop universal privacy protections for online users.”

More broadly, the study shows us that parents are involved in their kids’ social media use, whether it’s deceptive and in violation of ToS or not.  One might say that parents are increasingly taking over the role of Chief Family Privacy Officer, but, as we now appreciate, without COPPA’s protections.  What’s needed is far more education for parents and kids about the privacy risks associated with social media.  That’s of course true for the under 13 set and for those 13 and older. But since parents are helping expose their kids to social media services without COPPA’s protections, we need to work on education as early as elementary/lower school.  High school students, their parents, and educators often don’t appreciate the potential privacy risks of social media so one can imagine that kids in lower school, their parents, and teachers don’t as well.  Do students really want to spend hundreds of thousands of dollars on a college education and then end up unemployable due to something they posted on Facebook (which now is at greater risk for being indexed and searched online due to changes in Google’s algorithm)?  Do they know that colleges may someday look at their social media activity, to their detriment?  A new survey done by Kaplan Test Prep of admissions officers at 359 selective colleges and universities revealed that 24 percent of respondents reported using Facebook or other social networking pages to research an applicant, see here too.  All of this also reinforces the lessons of Ryan Calo’s important work on the flaws of current notice regimes and the potential for improvement through thoughtful design–parents neither get that ToS requirements are not just suggestions nor appreciate the privacy concerns animating those requirements.  Intermediaries can and should do better in that regard.  The study has contributed much to our appreciation of COPPA and the regulation of privacy online more generally.  I am hoping that legislators and regulators are paying attention.


Internet Thugs Misappropriate the Hacker Moniker

I’d like to pick up on Olivier Sylvain’s post on the cyber mob Anonymous and take it in a slightly different direction.  Let’s step back to get a sense of the group dubbed Anonymous. The group originated on 4Chan’s /b/ forums and now has a serious presence on the wiki Encyclopedia Dramatica, YouTube, and Internet Relay Chat forums.  The group may now compromise several groups with different aims (see here for a discussion of splinter group more interested in so-called “pranks”, or in my view bigoted attacks, than strident “political activism” like DDos on PayPal, Visa, and the like).

It’s difficult to see how the group and its various permutations warrant the breathless admiration of journalists who dub them “hacktivists.”  A little step back to the original hackers of the early 1960s.  As Howard Rheingold explains (and Patricia Wallace concurs in her work), the term was coined to describe people who “create computer systems.”  The first people to call themselves hackers ascribed to an informal social contract called the “hacker ethic.”  This ethic included these principles:

“Access to computers should be unlimited and total.  Always yield to the Hands-On Imperative.  All information should be free.  Mistrust authority–promote decentralization.”

The original hackers were motivated by altruistic concerns.  Indeed, we owe a debt of gratitude to their broader community for helping design the Internet.  Our guest blogger and celebrity computer scientist Steve Bellovin was a key player in that community: in 1979, Bellovin, then at UNC for graduate school, and Jim Ellis and Tom Truscott, Duke grad students, created the first link between Duke and UNC, which later became Usenet, the oldest global virtual community.

Let’s compare the original hackers to the group(s) Anonymous, which exemplifies the destructive side of cyber anonymity.  From its beginnings, the group took its name because it believes its collective identity serves as a mask, letting them do and say things that would otherwise be out of bounds.  According to a YouTube posting from a group member, “We are Anonymous, a “people devoid of any type of soul or conscience” who form “a nameless, faceless, unforgiving mafia”—“we ruin the lives of other people simply because we can.”  Anonymous members describe themselves as “unencumbered by pointless ethics, foolish moralities, or arbitrary laws or restrictions.”  When Anonymous members engage in offline “raids,” they hide behind the Guy Fawkes mask design made famous by the film of Alan Moore’s graphic novel V for Vendetta.

The group (or part of it) has been rightly called an “Internet Hate Machine.”  Much of what it does is for the “lulz.”  It has attacked African Americans, women, LGBT individuals, Jews, and Muslims.  It urged members to “search and destroy” a popular female video blogger’s online identity.  The group hacked into her online accounts, posted doctored photographs of her being raped, and took down her videos.  On Encyclopedia Dramatica, group members listed feminist websites that should be shut down with distributed denial-of-service attacks and “image reaping”—flooding sites with traffic to use up their allocated bandwidth.  Members updated the wiki as they accomplished their goal.  Read More


Hacktivism, Anonymity, and Privacy

On Friday evening, within hours of posting U.S. Marshal Service mugshots of alleged members of Internet “hacktivist” group Anonymous, became the target of a relentless “distributed denial of service” or DDoS attack. According to a statement released by TPM founder and publisher Josh Marshall on TPM’s Facebook page, visitors could not access the site a little after 5 p.m. eastern time. While no one knows for sure, TPM has inferred that Anonymous or people affiliated with the group are probably responsible for the attack.  (That TPM turned to Facebook to publish a statement is ironic because Anonymous has vowed to shutdown the social networking site later this fall.) The TPM site remains down as of this posting.

According to Marshall, TPM filed a Freedom of Information Act request for the mugshots earlier this summer, and posted them as soon as they obtained them. For the past six years, according to Marshall, the news site has routinely “published mugshots of numerous people accused or convicted of various crimes” that are the subject of its reporting. I’ve clicked through the photos of hypocrites and hucksters in elective office as well as random mugshots of mobsters and celebrities to satiate an admittedly morbid curiosity. TPM, as with many other major news organizations, knows this. The questions for TPM are ethical and legal: what is it about these admittedly alluring photos of the smirks, glares, and shock typical of mugshots that adds to the story, and justifies the ostensible invasion of privacy?

Read More


Identifying Those Responsible for a “Living Horror” and Its Signficance for Proposed Federal Law

In what can only be described as the worst side of humanity, the bulletin board Dreamboard hosted a members-only sharing of child pornography, particularly of children under 12.  New members could join the board only if they posted child pornography.  Members had to continue to post images of child porn every 50 days or face removal.  The rules of the board, printed in English, Russian, Japanese, and Spanish, included: (1) “Keep the girls under 13, in fact, I really need to see 12 or younger to know your[sic] a brother,” (2) “don’t avoid nudity in previews. I will NOT accept you if there’s no nudity.  And my definition of nudity is pussy or anal in the shot.  You just waste your own time if you don’t do this.  Because you will not get in, if you don’t follow the rules.”  One section of Dreamboard was titled “Super Hardcore,” and the rules required images and videos of “very young kids, getting fucked, and preteens in distress, and or crying. . . . If a girl looks totally comfortable, she’s not in distress, and it does NOT belong in this section.”  This part of the site featured images of adults having violent sexual intercourse with very young children, including infants.  One file was entitled “2yo assfuck she cries for mommy nasty pthc pedo 1 yo 3 yo 4 yo.”  The board amassed over 120 terabytes of violent sexual rape and abuse of children.

According to the rules of the site, members were to use encryption technologies to prevent detection.  The rules specified precisely which encryption technologies and proxy servers should be used and which should be avoided.  Members did not use their real names, but instead screen names to conceal their identities.  All of this suggests that the board went to great lengths to secure their anonymity.

Early this month, Attorney General Eric Holder, Jr. announced that federal investigators has charged 72 people for violating child pornography laws and more than 50 people have been arrested in the United States.  The defendants included doctors, lawyers, police officers, and a Navy commander, according to the Ellis County Observer.  Thirteen of those charged have pled guilty, and four members have been sentenced between 20 and 30 years.  Around 600 people from around the world were members of the bulletin board, which has been shut down.  The bulletin board used a server in Atlanta.  As Assistant Attorney General Lanny Breuer explained, the site “was a living horror.”  John Morton, director of Immigration and Customs Enforcement, declined to say how investigators overcame the technological precautions used by some of the members.  He did tell the New York Times: “To those inclined to abuse small children, know this: this isn’t a place on the Internet or the planet in which you are truly safe.  It may take us some time, it may take us some effort, but we will find you regardless of a screen name, a proxy server or an encryption effort, period.” Read More


Outside Reviewers Stay Anonymous!

Outside reviews of manuscripts are important to many publishing enterprises, from scholarly books and articles to general interest works of nonfiction.  Honest, objective and impersonal assessments are vital. 

That is best promoted when the identity of the reviewers is held strictly confidential, by editors and reviewers alike, with editors sharing only the substance of reviews to enable improving a manuscript. 

Contrary to this normative ideal, reviewers often seem to feel free to identify themselves, and even editors are sometimes sloppy in leaking identifiying data.   In just the past year, I have personally had several different unfortunate examples.  The upshot is the same: outside reviewers must stay anonymous.

Read More