Internet won't always be anonymous: ITU

Internet won't always be anonymous: ITU

Summary: Anonymity and the internet may appear to go hand in hand, but, according to International Telecommunications Union (ITU) head of corporate strategy Alexander Ntoko, it wasn't always that way, and shouldn't be in the future.

TOPICS: Security, Privacy

Anonymity and the internet may appear to go hand in hand, but, according to International Telecommunications Union (ITU) head of corporate strategy Alexander Ntoko, it wasn't always that way, and shouldn't be in the future.

Alexander Ntoko
(Credit: Michael Lee/ZDNet Australia)

Although many fight for the right to total anonymity on the internet, Ntoko has a different point of view. Speaking to ZDNet Australia at the Kaspersky Lab Cyber Conference 2012 in Cancun, Mexico, he believes that certain elements of personal information should be available online, since in person, this information is easily obtained. Information, such as knowing whether you're speaking to an adult or a child, whether they're in the same geographical location as you are and even what their physical features are, such as height and build, are examples of publicly obtainable information.

Ntoko said that this is how the internet actually started, and that it was never built with anonymity as a goal.

"When the internet started, it was a network which connected people who knew each other. There was no need for you to be anonymous, because in any case, the few people who were using this ARPAnet knew each other. You could tell from the IP address who was talking to you."

Now that the internet has been adopted as a core infrastructure that will likely be critical for future socio-economic development, Ntoko said that if certain measures like online identity are not established, users' rights could be eroded.

"Some governments will just make blanket decisions, and chop off a whole bunch of services because there is no way that they can identify who is behind them."

Ntoko said that while IP addresses used to provide some ability to identify a person, today this approach wouldn't be effective, since, unlike identities, IP addresses are almost bound to a physical location.

"Behind [a domain], there is some kind of an IP address, which ties you to a particular location," he said. "Your ID should be de-coupled from your physical location."

Ntoko said that this unfortunately meant that the transition to IPv6 — where, conceivably, every person could have an IP address — would complicate matters.

If or when IPv6 is fully implemented, IPv6 addresses wouldn't be able to be used for identity, as they continue to be bound to location, and can also be assigned to devices.

"We will be connecting devices — things — and, at a certain point, we need to make a distinction between people and things. Without any form of ID, we would have difficulties making that distinction. There are services that we would not be able to tell if we were providing to an application or to us."

Ntoko said that it may be possible for a company like Facebook to someday become a provider for online personal identification, but there would also be further challenges to overcome. These would include limited global use, due to governments being unwilling to trust Facebook or other organisations with the task, and, depending on where the company is based, whether an identity provider would comply with foreign data-protection laws.

Michael Lee travelled to the Cyber Conference 2012 as a guest of Kaspersky Lab.

Topics: Security, Privacy

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Remind me again how people can get to a leadership position with absolutely no practical knowledge?

    I would ask Alexander how he intends for this "identity" to be implimented. Would we have to update all sites in existence or just the most popular? I suppose we'll have to replace all routers now and rebuild TCP/IP so we can fit identities in the packet. Will he himself be writing the compatible APIs for PHP, Python, Perl, ASP.NET, et al. or will he start learning Ruby so he can write a Gem as a demonstration? Maybe he can wrap it up in a nice apache mod. Is the Arduino device I use for home monitoring an adult or a child?

    People that only view the internet in high-level terms with very little understanding of the technology behind it never cease to amaze with their outlandish theories on it.

    We literally already have a distinction for people and things, they are called usernames. I could have typed this comment on my phone, my desktop at home or at work, or at a friend's house.

    I'm all for a comprehensive identification solution that can be offered as a service to those that elect to implement it but this buffoon is talking about trying to shoehorn identification into levels of the network stack that it will never fit into.