You are Hitler1488Boy and I claim my £5
We can fix the social media problem, if we fix the digital identity problem
The issue of social media accountability and anonymity continues front and centre. I was listening to the BBC’s popular radio show “Any Questions” recently when the panel was asked about the very serious topic of threats and abuse on social media that appears to be forcing some people out of politics and preventing worthy candidates from entering the public sphere. A couple of the panelists said that online anonymity needs to end. You can see their point. But requiring people to disclose their personally-identifiable information to unaccountable social media platforms is not the solution. It is , frankly, none of Twitter’s business who I actually am. So how can they stop me from posting rape threats to female politicians?
Free speech that needs to be bounded on free platforms sounds like a immovable object meeting an irresistible force, but it really isn’t. There is a way through this, and it comes from understand how digital identity works (or, at least, should work). What we want is a system where people can have free speech (putting to one side what this really means for a moment) but where they cannot simply post hate speech in the best of cases and death threats etc in the worst of cases.
Here’s a tweet that illustrates the problem…
also cool how when hitler1488boy gets banned, twitter just lets the same person create hitler1488boy2 10 minutes later
— McVillain (@mcmillen)
There are actually three problems here: the first is that nobody knows whether hitler1488boy is actually a real person or a bot operated by agents of a foreign power, the second is that if hitler1488boy is a real person nobody knows who that real person is and the third is that if hitler1488boy breaks the rules then nobody knows whether hitler1488boy2 is the same person as hitler1488boy. I think that, in the presence of a practical digital identity infrastructure, these are easy problems to solve.
How?
Well, I wrote about this same problem a couple of weeks ago in a different context, which was the racist abuse of footballers. According to The Daily Telegraph, “[English soccer team member] Maguire urged Instagram and Twitter to make users identify themselves in the same way as betting apps after his teammate Paul Pogba was subjected to a torrent of ‘disgusting’ racial abuse from anonymous trolls”. He’s wrong about this, but the spirit of his complaint is fair and needs to be dealt with.
Many other people seem to think that we should do something about this. Following Mr. Macguire’s analysis, the historian Damian Collins MP (chair of the Digital, Culture, Media and Sport select committee in the UK Parliament) said “Account verification should be more widely available and become the norm. I think accounts should be verified, it can’t be right that cowards and racists can hide behind the anonymity of social media to attack people, often using multiple bogus accounts”. This is an interesting observation that jumbles two different issues together: proving the account “David Beckham” points to a specific person, and proving that the specific person it points to is the former Manchester United winger David Beckham. The first is about attaching attributes to a real-world entity, the second about is about the reputation of the real world identity. Thinking these two things through separately is, I think, a key to finding a workable solution to the social media mess, but back to that later.
Another MP, the lawyer Norman Lamb (chair of the Science and Technology select committee) also commented, saying that if social media companies did not act to clean up abuse then the incoming online regulator should take action. It’s not clear to me what he means by “clean up abuse” since it seems implausible that Twitter could monitor billions of messages every day to remove those that cause any offence to anyone.
(I assume Mr. Lamb doesn’t want them to remove tweets calling for human rights in certain countries, for example).
It’s not a new or interesting idea to try to link social media accounts to government-issued identity, as they do in (for example) China. A while back, to pick on one example, the noted entrepreneur Mark Cuban adumbrated Mr. Maguire by saying that “It’s time for @twitter to confirm a real name and real person behind every account, and for @facebook to to get far more stringent on the same. I don’t care what the user name is. But there needs to be a single human behind every individual account”.
Now, just to be clear, forcing people to use “real” names online is a bad idea. One example that springs to mind to illustrate this is when the dating platform OKCupid announced it would ask users go by their real names when using its service (the idea was to control harassment and promote community on the platform) but after something of a backlash from the users, they had to relent. Forcing the use of real names in a great many circumstances will mean harassment, abuse and perhaps even worse.
You can understand why. Why on Earth would you want people to know your “real” name? That should be for you to disclose when you want to and to whom you want to. In fact the necessity to present a real name will actually prevent transactions from taking place at all, because the transaction enabler isn’t names, it’s reputations. And pretty basic reputations at that. I think that online dating, frankly, provides a useful way of thinking about the general problem of online identity. In this case, just knowing that the object of your affections is actually a real person and not a bot (remember, in the famous case of the Ashley Madison hack, it turned out that almost all of the women on the site were actually bots) is probably the most important element of the reputational calculus central to online introductions, but after that? Your name? Your social media footprint?
There are plenty of places where I would not want to log in with my “real” name or by using any information that might identify me: the comments section of national newspapers, for example. “Real” names don’t fix any problem because your “real” name is not an identifier, it is just an attribute (refer back to the David Beckham example) and it’s only one of elements that would need to be collected to ascertain the identity of the corresponding real-world legal entity anyway.
What social media needs, and what will help with Mark Cuban’s actual problem with being sure that there is a “single human” behind an account, is not that Twitter should “confirm a real name” but that Twitter should have the ability to determine whether you are a known real person or not: who you actually are is none of Twitter’s business. That information shouldn’t be in Twitter. It should be under lock and key somewhere else (more on this later). If Twitter gets hacked, the hackers should not be able to obtain any personally-identifiable information. And if you think that is a wildly unlikely scenario, you aren’t keeping with current events since a couple of days after the original version of this article was published, the media reported that precisely this scenario had already happened:
The US Justice Department has charged two men who used to work at Twitter with accessing personal information on critics of the Saudi Arabian regime, which they collected and passed on to Saudi officials
Two former Twitter employees have been charged with spying for Saudi Arabia — MIT Technology Review:
This is only about identitfying people. The problem with bots on social media is just as serious as the problem of threats to MPs. Without commenting on the politics of an individual issue, I could have chosen any of a thousand examples to make this point. Here’s just one, from the UK press yesterday: “Almost all of the ten most active Brexit Party supporters on Twitter appear to be automated bots, according to new research”.
The way forward is surely not for Twitter et al to try and figure out who is a bot and whether they should be banned (after all, there are plenty of good bots out there) but for Twitter et al to give their users the choice. Why can’t I tell Twitter that I only want to see tweets from real people that can be identified? It’s none of my business who the person actually is and it’s none of Twitter’s business either. But if someone knows that @dgwbirch is a real person, that’s enough. Harry Macguire can read my tweets in comfort, knowing that if I commit a criminal offence then the police can go to someone to find out who I am.
Someone You Know
So who is that someone who knows whether I am a real person or not? Working out whether I am a person or not is a difficult problem if you are going to go by reverse Turing tests or Captchas. It’s much easier just to ask someone else who already knows whether I’m a bot or not.
There are plenty of candidates. There’s the Post Office I suppose. And the school. And the doctor. In fact, there are lots of people who could testify to my existence. But the obvious place to start is my bank. So, when I go to sign up for internet dating site, then instead of the dating site trying to work out whether I’m real or not, the dating site can bounce me to my bank (where I can be strongly authenticated using existing infrastructure) and then the bank can send back a token that says “yes this person is real and one of my customers”. It won’t say which customer, of course, because that’s none of the dating site’s business and when the dating site gets hacked it won’t have any customer names or addresses: only tokens. This resolves the Cuban paradox: now you can set your preferences against bots if you want to, but the identity of individuals is protected.
What is crucial here is the IS_A_PERSON attribute. Twitter, for example, should mark my account as of unknown origin until it sees this attribute. Of course, Twitter will want to see it in the form of a verifiable credential signed by someone who they can sue if it turns out I’m not a person after all, but you get the point. When I sign up to Twitter I am “unknown”. When they get a valid IS_A_PERSON credential from me, then my status changes to to “known”. Once I am known, then I can go on to be verified if I want to be but, since neither Twitter nor Barclays what relevant reputation I might want to project across the social media platform then they will have to be pointed somewhere else to get this.
Look, here’s a diagram that I originally drew for something that I was working on for a business case for a financial institution in this space. I think is sums things up nicely.
Most normal people, I imagine, will leave their Twitter account in the default setting of “known only”. Some people might want to go tighter with “verified only”. If nutters want to post racist abuse about footballers, then they will be posting it to each other and the vast majority of us will never be bothered with them again.
(When I last tried to get my account verified at Twitter, they turned me down. They didn’t say why, but presumably they thought that some of my tweets must have been machine-generated or something.)
This approach attacks other problems as well. When hitler1488boy gets banned from Twitter, and tries to open another Twitter account, he or she will have to get another bank account because Twitter has already seen the cryptographic token from their bank and blocked it. Now that doesn’t make it impossible for hitler1488boy to continue to post abuse, but it does step up the friction.
Look. This is an important issue that I have been posting about for years, to no avail. Anne Marie Slaughter summed the situation up in the FT last year, saying that “with the decline of traditional trusted intermediaries, and the discovery that social media account holders may well be bots, we will crave verifiability”. This is absolutely spot on, and we need to construct the networks capable of delivering this verifiability or we collapse into a dystopian discourse where no-one believes anything. The knee-jerk “present your passport to use Twitter” is not the way forward. Technology means that we can deliver verifiability in a privacy-enhancing manner, so let’s do it.
