For most Web users, the right to remain anonymous on the Internet is not yet a pressing concern. But privacy is becoming a hot issue as electronic commerce takes off and businesses seek to effectively target customers.
As businesses realise the Web is not just a sales arena but also a gold mine of data, Net users are finding that the Web can reveal incredibly detailed personal information about themselves, usually without their knowledge or consent.
Very few laws regulate, much less prohibit, data-gathering activities.
Several high-profile cases last year showed that even when companies knew such activities raised serious legal and ethical questions, they went ahead regardless. For example, Intel's Pentium III chip and Microsoft's Windows 98 could track individual users' activities across the Net, while the RealPlayer music program sent back information on the music to which users were listening. As technology develops to the point where such information can be harvested from databases all over the Internet, then blended to produce concise profiles of individuals, more Net users are looking at programs that allow them to move around the Net anonymously.
Such programs let people roam online without leaving an electronic trail of information that can reveal sites they have visited, queries they have placed on search engines, where they live or work, their e-mail address, and purchases they have made on the Net.
The identity-hiding programs are different from encryption, which lets users encode the information they send.
"Regardless of what you want [to reveal], or what the local laws may be, everything that can be linked together will be. It's happening pretty unsubtly on the Net today," says Mr Ian Goldberg, founder and chief scientist of Zero Knowledge, a company that offers an anonymity program.
He points to the recent merger between online banner advertising giant DoubleClick and Abacus, a company that tracks consumer purchases from mail order catalogues.
In the past month DoubleClick has come under attack for surreptitiously gathering information on Web users through banner advert placements. DoubleClick has 11,500 client companies, while Abacus tracks more than $2 billion (€2.05 billion) in consumer purchases annually. The merger allows the two databases to be combined, with unprecedented opportunities for socalled "consumer profiling".
Industry experts believe most individual Americans already have various bits of personal information scattered across more than 200 separate, unlinked databases.
Mr Goldberg, speaking at a packed seminar at last month's RSA Security Conference in San Jose, California, says that consumer privacy is not the only reason to have anonymity on the Web. Remaining identity-less protects whistleblowers from companies, shields political dissidents from governments, and could prevent insider trading that can result from people analysing e-mail traffic to and from companies.
Mr Goldberg says anonymity also prevents "the dossier effect"- human resource departments investigating potential employees by searching sites like Dejanews.com for archived postings to discussion lists like UseNet. Some credit investigation agencies also compile information using the Net, and can accidentally link a name with a similarly-named person's actions - not uncommon in the US, where such mix-ups routinely cause major headaches for wrongly-identified individuals.
"We're trying to avoid linking all your actions to your true name," says Mr Goldberg. "The thing about true names is you only get one, and it's very, very hard to clean it, if it gets tarnished."
On the Internet, as in the real world, people can choose various levels of "nymity" to match a given "nym" - any form of identity from a number to a nickname to one's true name. Mr Goldberg places those levels on a "nymity slider" - a scale that ranges from "complete nymity" (e.g. a true name associated with a house purchase) to the complete anonymity one has when making cash transactions.
In between there are the more interesting bits, he says - "linkable anonymity" connected to prepaid phone cards or store club cards, and "persistent pseudonymity", such as noms de plume or nicknames in an online chatroom.
But anonymity poses problems as well, says Stewart Baker, a partner with Washington DC law firm Steptoe and Johnson and a specialist in privacy and encryption issues. "The problem of trust in the anonymity industry is a big one," he says.
Unless people feel completely confident that a program totally guarantees anonymity, they will not use it.
In some cases anonymity is seen as a threat and liability, he says, and as a result, suppliers of anonymity programs could find themselves carrying civil or criminal legal liability for misuse of their product.
He says "crooks will use [anonymity programs]" to remain untraceable on the Net. Then, anonymity would probably contravene a 1994 US federal Act requiring that all networks come wiretap-ready. Both the FBI and the authorities in the UK are arguing for open access to all "transaction data" - information on who is associated with emails, and where they are being sent.
Regulatory agencies will oppose anonymity - the Securities Exchange Commission will fight anonymous trades online, while governments will reject anonymous banking transactions.
Such realities will create tension as privacy becomes a complex and major issue, believes Mr Baker, who also spoke at a conference session. "Industry and government are going to find themselves on both sides of the privacy issue," he says.
Mr Baker told the conference most people are willing to surrender their privacy at a surprisingly low cost. For example, to much embarrassed laughter he pointed out that conference attendees had been willing to have their name badges swiped through readers on the exhibition floor simply to get a mug, cap or other freebie from exhibitor companies.
"We all fight hard for our privacy in the abstract, then we give it up for airline miles," he said.
Mr Baker believes that people ultimately will simply accept loss of privacy is the price of living in a Web-enabled world. "What we think of as a shocking violation of our privacy, after it occurs a few times we just develop a callus to it," he says.
klillington@irish-times.ie.
