At the Innovation Edge Conference in London recently, Tim Berners-Lee, often credited as the "father" of the Web, made the point that information overload, not to mention downright misinformation on the internet, compromises its usefulness as a tool for information and research (or, you might argue, for social interaction in general). While this probably isn't news to anyone involved in information security, the views of a major player and pioneer are always worth listening to. One point that was raised very briefly was the "incivility" so common in the blogosphere, and it would have been interesting if that issue had been discussed at greater length, but I can't expect Berners-Lee to share all my obsessions. :)
One of the disadvantages of contributing to an anti-malware company blog is that you can expect certain topics to attract attacks based on the assumption that antivirus vendors are incompetent, dishonest, avaricious and so on. I don't actually think we (well, most of us) are, but even I didn't, I don't think most people would be so outspoken (to put it politely) in a more "real-world" context. A very readable paper on the topic was presented at an EICAR conference in 1998 by Mich Kabay, in which he points out that "Anonymous and pseudonymous communications are inherently associated with an increased incidence of antisocial behaviour through deindividuation" (that is, reaction to a "crowd" context where the individual may be less constrained by socialized inhibition) and alludes to the "Theory of Nymity". There are some problems with deinviduation theory as it was presented in the 1970s and 1980s that have denied it universal acceptance, and the mid-90s writings of "Detweiler" on nymity have been contentious. And, of course, the advantages of anonymity and pseudonymity were exploited long before the rise of the blog in newsgroups, mailing lists and so on.
That said, the Internet is peculiarly well-adapted to concealing, obfuscating or counterfeiting identity: indeed, a remarkably high percentage of the attacks on security that are likely to interest readers of this blog are dependent on this blurring of identities (of machines as well as of people) - 419s, spam, phishing, botnets, spoofing, hoaxes... I don't think it's too far-fetched to suggest that the ease of distancing one's identity from an (even mildly) antisocial action is a major contributor to the abrasive nature of interactions in some forums. From there, it's a short step to active dishonesty, or worse, though I don't deny that anonymization and pseudonymization are, in other contexts, positive measure against breaches of human rights, privacy, civil liberties and so on.
Much of the experimental research into deinviduation and anonymization seems to be rooted firmly in the physical world: for example, by observing the behaviour of individuals within crowds or with the outward trappings of identity removed or nullified. Perhaps more research in an online context would inject some life into the debate.
Certainly we cannot afford to ignore the consequences of an online world where the distancing of identity from consequences and victim from attacker weaken normative restraints on behaviour. Kabay noted that "Individuals, families and schools have a role to play in integrating cyberspace into the moral universe of children" and I don't disagree for a moment. However, it's also clear that much older, normally well-socialized individuals can also lose their moral compass in an on-line context, and that inability to extrapolate from real-world ethics and morality to electronic transactions is a major issue. So, to look at the problem from the other end, is the inability to apply the same scepticism that we apply in the real world to what we read on the 'net...


More...