aestetix, a researcher of online identity issues and one of the enthusiasts that created the Nym Rights group, gave a great talk at Shmoocon 2013 event entitled “Beyond Nymwars” highlighting the various facets of online names use within the identity-related context.
Before I start I just want to thank everyone at Shmoocon, all the Shmoocon staff for putting this together, because conferences are hard to do, so can we get a big round of applause for all of them? And if anybody here is not having a good time, can you raise your hand? Ok, that guy needs to be taken out and shot. Alright, fair enough, smack him on the head with a beer bottle. That’s right, cool.
Welcome to Beyond Nymwars and thank you all for coming to the talk. I will get into a whole bunch of stuff, and, by the way, I have a lot of material; I’m going to do my best to keep it within time, and if I run out of time with no time for questions, I’ll probably be up in the lobby, so feel free to come up and ask me things later. And if I seem to gloss over some parts of it – that’s why, feel free to come up and ask follow-up questions, please, because it’s becoming a life passion for me, as we’ll see.
I want to open up with a couple of quick questions. First: how many people here have a name? What about you, guys, you’re not raising your hands, you don’t have names? So, my next question: who here does not have a name? What is this, Schrödinger’s cat or something? Come on! You’re all numbers, ok. My third question: does anyone here have a name that they’ve given themselves? Half the crowd, ok, more than I thought.By the way, this is my own artwork (see right-hand image): I spent about an hour in Photoshop learning a bunch of different things, so if it sucks, blame me. This is a juxtapose of Darth Vader, the Evil Empire and Anonymous. By the way, I assume everyone here heard of Anonymous. Anybody who hasn’t? They’re anonymous, yeah, exactly. Ok, so here is another entity (left-hand image): I’m curious if anyone has heard of Google. There’s a lot of great things about Google, and no, this talk is not bragging about Google completely, just so you know. There’s a lot of great things that they do, and one of the things they did, actually, it was 2 years ago, I guess, Summer, July of 2011 – they introduced this thing called Google+. Has everyone heard of it, Google+? Anyone who hasn’t? It’s a unifying social network competing with Facebook, all this other stuff. And Google+ seemed to be an answer to all kinds of things. I hate Facebook, I don’t know about you guys, and I wanted to see something come along and take down Facebook. I was really excited, I was advocating that all these people use it, and then this happened to me. I don’t know if you can see it on the screen (see right-hand image), but it basically says: “After reviewing your profile we determined that the name you provided violates our Community Standards”, that’s what they call it. And this is how I discovered this thing called the “Real Names Policy”.
By the way, just to show how together Google was at that time – the link, it was a dead link, it was a 404. Figures, right? That’s kind of where I got the inspiration and started looking at all these different facets of identity and where things break, where they work, and maybe try to rally people and have discussions about it.
I don’t know that I necessarily have any answers for you, guys, but I can share things that I’ve learned, my experiences that I’ve had, and as you see up in the upper right corner, I’ve helped form a group called: “Nym Rights”, where we want to get people to discuss this stuff and see what does identity mean to anyone of you. That’s kind of the point of all this.
So, the thesis statements of this talk:
2. This is something that’s become a real passion of mine – there’s no such thing as a “real” name. Legal names – sure; real name, I think, is actually a dangerous concept.
3. As I’ll show with evidence, imposing a singular identity is not only harmful – it doesn’t work.
There’s kind of an institutional effort to push people into a single name right now, and there’s some issues they I have with it. In any case, has anyone here heard of NSTIC? A few people, ok, great.
So, NSTIC is known as the National Strategy for Trusted Identities in Cyberspace. And it’s kind of this initiative by the Obama administration to try to address the challenges that we’re looking at right now. How many people know that passwords are totally broken? Has anybody here been compromised because of a weak password? Ok, you guys are honest, that’s good.
One of the things that we’ve seen, especially in the last two years with Anonymous and LulzSec and all the password dumps, is that classically we’ve had tools that do password brute-forcing and such, but now, with like 2 or 3 million dumps of passwords for emails and such, the people who are writing these tools actually have real-life passwords that they can work from and construct patterns from and figure out how people actually create their passwords. For example, how many of you know somebody who has a password that’s their dog’s name or something?
Right! And there’s all kinds of other issues: identity theft and things like that. In fact, NSTIC has a whole bunch of different working groups, or committees, as they call them. They address security, privacy management, outreach, things like that. I came along and I’m like: “Well, this looks really interesting, we should make sure that they know about nyms and nym rights and all this other stuff, and names, and how they work”, because it turned out they hadn’t really address all of that.
So there was a plenary that happened a couple of weeks ago: I went there on the 5th through 7th of February, and we had a 4-hour-long discussion about nym rights and how names could work into this government initiative, because…how many people see that and think like: “Fucking scary real ID or, you know, tracking and stuff like that?” How many get freaked out when they see that? All of you need to join and make sure that doesn’t happen. We’ll get into that more in a second.
By the way, I am going to cover some basic myths of identity and things that people think about pseudonymous and anonymous identities. All of those myths that I will cover were things that were brought up in the discussion, so it’s not like I’m bringing up strongman because it’s convenient to make my points. I had to make all of these points at the plenary a couple of weeks ago with the people who are in charge of trying to figure this out for the government and the private sector and everything else. So, just keep that in mind.So, where does Nym Rights fit in NSTIC? (see rigt-hand image) I like to call these the threat levels: you got the top threat level, which is – I guess the threat level at yellow, the super happy one, the green one, where you have where we fit in; we’re trying to have open discussions with governments and corporations and figure out how we can set things up to make sure that everyone’s prospective agency is respected.
And then you have the middle level there, the “Lawful Intercept” – NSA surveillance, things like that. And then you have the third level, that crazy NSA/state surveillance. So, the third level, aka Threat Level Red, whatever you want to call it, that is what a lot of people think of when they hear: “National Strategy for Trusted Identities in Cyberspace”. They hear “rigid horrible things in real ID and tracking and all this other stuff”, and that’s what we’re trying to make sure doesn’t happen.The problem with that (see left-hand image), on the left side there, that’s the current makeup of the NSTIC community: the tall purple thing you see is the big corporations that are involved in it, and it’s about 500 representatives there. And on the right, the little tiny green sliver is the regular people. And this could mean privacy groups like the EFF and Epic that could be like somebody like me: I have joined as aestetix as a member of NSTIC, which means anybody can do it, right? You don’t even have to be a US citizen, I’m serious; a lot of people just don’t realize this.
And what we’re trying to do with this outreach – see the one on the right? See how it’s like 5000 on the green side of all the ordinary regular people, and maybe still 500 corporations? It’s not that anything bad or malicious is happening; it’s just that we need to make sure that people’s voices are heard. So, think about this as we go through that these are really important discussions, if identity is important to you, then this might be something you’re interested in.