80 captures 11 Jul 1997 - 27 Jun 2018
About this capture
Organization: Internet Archive
The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine.
Collection: Around The World Crawl
Data crawled by Sloan Foundation on behalf of Internet Archive
Pooling Intellectual Capital:
Thoughts on Anonymity, Pseudonymity, and Limited Liability in Cyberspace
David G. Post(1)
Note: This paper has been published in the 1996 University of Chicago Legal forum [Citation: 1996 U. Chi. L. Forum 139]
"Crime on the Internet also presents the critical issue of anonymity . . . The development of secure, anonymous electronic mail will greatly impair the ability of law enforcement to track terrorist communications. For example, one Internet posting regarding the Oklahoma City bombing and bomb construction was sent through an 'anonymous remailer' -- a device designed to forward electronic mail so that the original sender is unknown -- probably to prevent tracing. . . . Although prior communication methods permit anonymous communications, those services generally provide one-to-one communications. It [is] both time-consuming and costly to use either the phone or mail systems to disseminate information wholesale, [which effectively prevent[s] wide-scale malicious use and limiting the harm that can be caused. On the Internet, by contrast, there are no monetary or technical impediments to worldwide dissemination of communications. Anonymous, worldwide dissemination of terrorist information must be of paramount concern to law enforcement and to ordinary citizens.(2)
I. Introduction and Summary
Over the past year or two, the ease with which individuals can communicate anonymously in cyberspace(3) has begun to sink in to our collective consciousness(4); enormous quantities of information about the activities of anonymous remailers are now available,(5) discussions of the implications of widespread anonymity have become commonplace in the popular press(6) as well as, increasingly, in the scholarly literature.(7) Calls for some form of state regulation of anonymity in cyberspace are becoming increasingly frequent,(8) which will, in turn, prompt increasing public debate about the costs and benefits associated with anonymous communication.
At least in the rather unusual circumstances of cyberspace, that debate must pay particularly close attention to anonymity's close cousin, pseudonymity. On the one hand, it will be difficult, and at times impossible, to distinguish pseudonymous and anonymous messages from one another; as a result, attempts to restrict or eliminate anonymous speech will a fortiori have an effect, intended or otherwise, on the availability of pseudonymous messaging as well. The costs and benefits associated with pseudonymity must therefore be part of the overall equation for assessing the wisdom of alternative schemes for regulating anonymous speech. But the benefits of pseudonymous speech may be quite far-ranging and quite distinct from the benefits normally associated with anonymous messaging systems. Pseudonymous speech is valuable in a way that anonymous speech is not and cannot be, because it permits the accumulation of reputational capital and "goodwill" over time in the pseudonym itself, while simultaneously serving as a liability limitation insulating the speaker's "true identity" from exposure. Using liability limitations as a mechanism to foster a particular certain goal -- the formation of collective enterprises capable of accumulating reputational capital -- is a device familiar from the corporate law context, and it is my contention that pseudonymous speech is capable of playing a similar role in cyberspace. The debate over the proper scope of anonymity regulation therefore needs to be broadened to take this feature of pseudonymous speech expressly into account.
II. Anonymity and the Law
The framework for the debate over anonymity in cyberspace appears to be reasonably well settled. On the cost side of the ledger, anonymous messaging makes it impossible for "law enforcement" --- broadly defined to include both public and private enforcement mechanisms -- to obtain information about the person or persons responsible for harmful behavior, thus making it more difficult, if not impossible, to punish wrongdoers or to force them to compensate the persons harmed by that behavior. And there is the attendant moral hazard problem: to the extent individuals may avoid internalizing the costs that their behavior imposes on others, widespread anonymity may increase the aggregate amount of harmful behavior itself.(9) On the other side of the balance, it is plain, as the Supreme Court noted some time ago, "that anonymity has sometimes been assumed for the most constructive purposes."(10) There are perfectly legitimate -- laudable, even -- reasons why individuals might want to engage in communicative activity without disclosing their identities, and profound public benefit that may be derived from allowing them to do so; by permitting individuals to communicate without fear of compromising their personal privacy and without fear of retribution, anonymity permits the injection of information into public discourse that might otherwise remain undisclosed -- information about the views of political dissenters, for example, or information that may help uncover the existence of illegal activity (i.e., "whistleblower" information) -- that otherwise would not be disclosed.(11)
This framework is undoubtedly a useful one, and these considerations are indeed necessary ingredients of any discussion of the regulation of anonymity in cyberspace, and I do not intend for my discussion to replace, or to repeat, this analysis. I want to inject a new set of concerns into this ongoing debate, to suggest that an analysis of these questions in the rather unusual circumstances of cyberspace brings a new suite of costs and benefits into play that have, perhaps, received little attention up to now (at least in this context), and that the existing analytical framework must expand to take these concerns into account.
New approaches to this problem will certainly be needed if only because we do not really have any existing law regarding truly anonymous communications or transactions, for the simple reason that such communications or transactions are, by definition, beyond the reach of ordinary legal processes -- a consequence of anonymity itself, i.e., the inability to identify the (anonymous) party responsible for the action in question. Consider, by way of illustration, the facts in McIntyre v. Ohio Elections Commission,(12) the Supreme Court's most recent brush with the legal issues surrounding the regulation of "anonymous" communication. Mrs. McIntyre distributed leaflets to persons attending a public meeting at the Blendon Middle School in Westerville, Ohio, expressing her opposition to a proposed school tax levy. Some of the leaflets that she distributed identified her as the author; others merely indicated that they expressed the views of "Concerned Parents and Tax Payers." She was fined $100 for violating Ohio Rev. Code Ann. sec. 3599.09(A) (1988), which provided that:
"No person shall write, print, post, or distribute, or cause to be written, printed, posted, or distributed, a notice, placard, dodger, advertisement, sample ballot, or any other form of general publication which is designed to . . . promote the adoption or defeat of any issue, . . . through flyers, handbills, or other nonperiodical printed matter, unless there appears on such form of publication in a conspicuous place or is contained within said statement the name and residence or business address of the chairman, treasurer, or secretary of the organization issuing the same, or the person who issues, makes, or is responsible therefor.(13)
The Court described the issue in the case as "whether an Ohio statute that prohibits the distribution of anonymous campaign literature is a 'law . . . abridging the freedom of speech' within the meaning of the First Amendment."(14) In the course of its opinion, the Court discussed -- at times eloquently -- the "important role in the progress of mankind" that "[a]nonymous pamphlets, leaflets, brochures and even books have played":(15)
"Anonymity . . . provides a way for a writer who may be personally unpopular to ensure that readers will not prejudge her message simply because they do not like its proponent. Thus, even in the field of political rhetoric, where the identity of the speaker is an important component of many attempts to persuade, the most effective advocates have sometimes opted for anonymity. The specific holding in Talley [v California, 362 US 60 (1960)] related to advocacy of an economic boycott, but the Court's reasoning embraced a respected tradition of anonymity in the advocacy of political causes. This tradition is perhaps best exemplified by the secret ballot, the hard-won right to vote one's conscience without fear of retaliation.(16)
And the Court concluded:
"Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority. It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation--and their ideas from suppression--at the hand of an intolerant society. The right to remain anonymous may be abused when it shields fraudulent conduct. But political speech by its nature will sometimes have unpalatable consequences, and, in general, our society accords greater weight to the value of free speech than to the dangers of its misuse. Ohio has not shown that its interest in preventing the misuse of anonymous election-related speech justifies a prohibition of all uses of that speech.(17)
But in what sense was "anonymity" the issue in this case? The Ohio statute indeed "prohibited the distribution of anonymous campaign literature."(18) But the actions that led to Mrs. McIntyre's punishment were of course not anonymous at all -- she went to a meeting of her neighbors and, acting in a manner such that her identity was evident to all, distributed a certain category of campaign literature (viz., literature without printed identification). There were, on reflection, two elements to the offense with which Mrs. McIntyre was charged: (1) anonymous communication (via a "notice, placard, dodger, advertisement, sample ballot, or any other form of general publication which is designed to . . . promote the adoption or defeat of any issue") and (2) some non-anonymous action sufficient to allow the perpetrator to be identified and charged with the offense. Both were required elements, but only with respect to the first did the Ohio legislature make a choice; the second is a consequence of a more fundamental requirement that rules can only be enforced by identifying some party against whom to proceed.
Both the presence and the absence of anonymity were thus necessary preconditions to enforcement of the Ohio statute. This is a bit odd, but it is little more than a theoretical oddity in a world -- such as the one the Ohio legislators surely had in mind -- where perfect anonymity is difficult to achieve and where the absence of perfect anonymity can, generally speaking, be counted on to resolve the enforcement dilemma.(19) But cyberspace is not such a world.
Thanks in large part to the easy availability of powerful cryptographic tools, the Internet provides the ability to send anonymous electronic messages at will. . . . [A]nonymously remailed email cannot, if properly implemented, be traced to its sender. In addition, two or more persons can communicate without knowing each other's identity, while preserving the 'untraceable' nature of their communications.(20)
In cyberspace, a law prohibiting anonymous literature is not only of questionable constitutionality, it verges on incoherence; if Ohio, or any other jurisdiction, seriously wants to prohibit such communications, something other than a law declaring it illegal to communicate anonymously will be required, for in cyberspace we can no longer overlook the fact that perfect anonymity fatally challenges the enforceability of any laws prohibiting perfect anonymity.(21)
In a sense, there can be no more significant question regarding the structure of a legal system than that regarding the control of anonymous speech, for true anonymity goes to the heart of any attempt to impose the rule of law on any set of activities. But there is no well-developed and self-contained "jurisprudence of anonymity" in the non-virtual world because the scope for anonymous action is relatively limited; it would be hard to argue, for example, that the Supreme Court's reasoning in McIntyre v. Ohio Elections Commission is in any way central to an understanding of the American legal system. But in cyberspace, one can hardly imagine a legal question -- from copyright infringement to the design of electronic banking and currency systems, from the regulation of obscene or indecent speech to the enforcement of libel law -- that is not affected by questions regarding the scope and availability of anonymous communications.
If we are going to create a jurisprudence capable of reflecting intelligently on the new questions posed by this phenomenon, we will need to draw on learning from an expansive array of what have previously been scattered subdisciplines. Privacy law and the law of free expression come immediately to mind, and will undoubtedly have a significant role to play in this formulation. My suggestion here is simply that we will find principles of great value for these purposes in other corners of the law that might not seem so obviously relevant,(22) viz., corporation law; but in order to see why this may be the case a definitional detour is required so that we can focus more clearly on the precise nature of the phenomena in question here.
II. A Definitional Framework
Discussion of these questions requires, first, that we more carefully delineate the distinctions among three related concepts: anonymity, pseudonymity, and traceability.(23) We begin with the notion that we can observe, and measure, the amount of information (24) contained in a message concerning the identity of the originator of the message. We can define an "anonymous message" as a message that provides the recipient with no information -- no reduction in uncertainty post-receipt when measured against the pre-receipt baseline -- concerning the identity of the message originator. This is a relatively straightforward and presumably non-controversial definition; if I am no less uncertain about the identity of the message originator after I receive the message than I was before, the message is an anonymous one.(25) The degree to which a message can be considered anonymous cannot, however, always be determined solely with reference to the text of the message but may require access to extra-textual information about message context. Imagine, for example, that each of 100 people receives the identical letter identified only as having been sent by "Your friend." Is that an anonymous message? For some recipients -- those who look at that identifying information and can extract nothing useful from it(26) -- it may well be. For others, that particular string of characters may be quite meaningful; they may know some individual who frequently communicates with them in this precise way, and the message is therefore to them not anonymous at all. Moreover, the amount of identifying information contained in a message is rarely a fixed quantity; relevant information may well often be available, but only at some additional cost or effort. This letter may be anonymous when I receive it, but there may be ways that I can obtain additional information that narrows down the list of potential originators. It may, for example, be covered with fingerprints from which, were I able easily to access both a fingerprint reader and a comprehensive database of fingerprints, I could obtain significant information about likely originators.(27)
We can define a second variable -- "traceability" -- to measure the ease with which additional information about the identity of the sender can be obtained. Traceability is, like anonymity, highly context-dependent; the cost of obtaining a given amount of additional identification information will vary, possibly greatly, from one situation to another. In the example above, the traceability of the message is technology-dependent, i.e., traceability will vary depending on whether the fingerprint reader and database is available to the recipient. More commonly, relevant identification information may exist in the hands of third parties (i.e., parties other than the originator and recipient); with respect to the anonymous e-mail, see supra note [ ], that may include both the individual who possesses information that may assist in identification the location and owner of the "someplace.org" domain(28), as well as the system administrator at that site who may have access to the database of user IDs. In the case of email arriving from an anonymous remailer, the owner of the remailer may retain the identification information that was present in the incoming messsage.(29) Where this is the case, the traceability of a message may then largely be a function of that third party's duty (or lack of a duty) to keep the information secret, and the ease with which disclosure can be legally compelled (by process, subpoena, warrant, or otherwise). It may be relatively easy for a law enforcement official to obtain the name and address of the individual who has been assigned the "yourfriend" ID, while the same information may be extremely difficult and costly for other individuals (including the recipient) to obtain.(30)
One final complication will complete this definitional framework. Assume for the moment a context in which these letters (or e-mail messages) are untraceably anonymous, i.e., where nothing in the message itself gives you any information about the originator of the message, and it is prohibitively costly for you to obtain such information. Assume further that you receive a series of such letters or e-mails, all bearing the same signature (electronic or otherwise). Over time, it becomes less and less constructive to think of these messages as merely anonymous, even though you may come no closer to identifying the actual, biological individual responsible for these messages. As you come to associate certain characteristics with the fictional entity associated with the identifier "your friend" -- grammar, spelling, style, forcefulness of rhetoric, reasonableness of argument, etc. -- it becomes increasingly useful to recognize that "your friend" -- whoever or whatever it may be -- is the message originator. "Your friend," in short, has become a pseudonym, and as should be clear from this simple example the distinction between anonymous and pseudonymous messages is a subtle one. The first time that a novel is published under the name "Mark Twain" as the author, one may appropriately regard this as an "anonymous" text, i.e., as the equivalent of publication under the name "Anon." or "John Doe." I obtain no more information about the identity of the "true" -- biological -- author of the book in the former case than in the latter. Why then is "Mark Twain" considered a pseudonym while "Anon." is not? The answer, of course, is that just as with "Your friend," over time the identifier "Mark Twain" comes to be associated with a distinct set of characteristics that may be considered assets -- "reputational capital" -- of the pseudonym itself. Without these associations there is indeed no meaningful difference between anonymity and pseudonymity; had Samuel Clemens chosen to publish each of his novels under a different pseudonym, that would have been the essential equivalent of publishing all of his novels under the single pseudonym "Anon.," or "John Doe." But by the time The Adventures of Huckleberry Finn is published, we can no longer say that designation of "Mark Twain" as the author gives us no information about the originator of the text; the originator of the text is the fictional entity Mark Twain.
Let me propose the following working definition: a "pseudonymous message" is a message that is anonymous in the sense I am using that term, i.e., that provides no information concerning the identity of the biological individual or individuals responsible for preparation or transmission of the message, but that contains some information about the identity of some cognizable entity that is the originator of the message.
III. Anonymity and Pseudonymity in Cyberspace
What light can this framework shed on the question of whether, or how best, to regulate the availability and use of anonymous messaging in cyberspace? In order to focus this discussion in a concrete way, let me start by setting up something of a straw man: Assume that the Ohio legislature were to attempt to ban anonymity in cyberspace by passing a statute with a disclosure provision identical to the one at issue in McIntyre, but one applicable only to electronic communications -- a law, in other words, requiring that all computer-mediated electronic communications disclose the "name and residence or business address of the chairman, treasurer, or secretary of the organization issuing" the communication, or the name and residence of the "person who issues, makes, or is responsible" for it.(31)
One aspect of this statute has received its fair share of attention, viz., the implications of this type of disclosure requirement on truly anonymous communication such as communication traveling in encrypted form through chains of anonymous remailers.(32)
An assumption may help to focus attention on some of the less obvious consequences of this disclosure requirement. In McIntyre, Justice Ginsburg left open the possibility that the disclosure requirement struck down in that specific context might be constitutionally permissible elsewhere:
"The Court's decision finds unnecessary, overintrusive, and inconsistent with American ideals the State's imposition of a fine on an individual leafleteer who, within her local community, spoke her mind, but sometimes not her name. We do not thereby hold that the State may not in other, larger circumstances, require the speaker to disclose its interest by disclosing its identity."(33)
Assume that cyberspace is one of those "larger circumstances." That is, assume that the harms flowing from the easy availability of truly anonymous messaging in cyberspace -- the ability to freely discuss terrorist tactics, or the comparative effectiveness of bomb-making formulas, etc. on the Internet without fear of any law enforcement interference -- have so substantially increased that they are precisely equal to the benefits flowing from such speech.
This assumption may not be correct. It enables us, however, to disaggregate the effects of this hypothetical statute on truly anonymous speech from its effects on pseudonymous speech by imagining a context in which the cost-benefit balance is in equipoise in regard to truly anonymous communication, and then asking: what other costs and benefits might be associated with this statutory disclosure provision?
Having thereby assumed away what might be regarded as the more difficult, and perhaps the more interesting, question regarding this statutory provision, what else need we consider in order to evaluate the wisdom (or lack thereof) of Ohio's action?(34) We might begin by analyzing the consequences of this statutory scheme for pseudonymous speech; indeed, I have made the assumption regarding the heightened cost of truly anonymous speech precisely in order to focus attention on the wider consequences of this ban for pseudonymous speech. Note first that, at least under my definitions, pseudonymity is a subset of anonymity; a pseudonymous message is an anonymous message, containing no information about the "actual" identity of the message originator; it does, however, contain certain other identifying information. That being the case, eliminating the entire category of anonymous messages -- "banning anonymity" -- effectively eliminates all pseudonymous messages as well.(35)
The McIntyre Court implicitly recognized that this was the case, as evidenced by its frequent references to the Federalist Papers and other pseudonymously published material(36) in support of its analysis of the benefits that society derives from anonymous communication. The Court observed that the "respected tradition of anonymity in the advocacy of political causes" is "most famously embodied in the Federalist Papers, authored by James Madison, Alexander Hamilton, and John Jay, but signed 'Publius,'"(37) and that the Federalist Papers are "only the most famous example of the outpouring of anonymous political writing that occurred during the ratification of the Constitution."(38) I have no doubt that the Justices of the Supreme Court are capable of distinguishing between anonymous and pseudonymous communication should the need arise; but in regard to this statute the need did not arise, precisely because the statute had identical effects on both forms of communication. Anyone found distributing the pseudonymously published Federalist Papers in Ohio (including, but not limited to, Messrs. Madison, Hamilton, or Jay) would have suffered the same fate as Mrs. McIntyre. As a result, the Court correctly took into account the costs of suppressing socially valuable pseudonymous works when evaluating Ohio's prohibition on anonymous communication, and concluded, in effect, that the aggregate social costs of eliminating both forms of speech were not outweighed by the State's asserted interests.(39)
Is it so obvious that the Ohio statute would have banned distribution of the Federalist Papers? Recall the relevant statutory language:
"No person shall write, print, post, or distribute, or cause to be written, printed, posted, or distributed, a notice, placard, dodger, advertisement, sample ballot, or any other form of general publication which is designed to . . . promote the adoption or defeat of any issue, . . . through flyers, handbills, or other nonperiodical printed matter, unless there appears on such form of publication in a conspicuous place or is contained within said statement the name and residence or business address of the chairman, treasurer, or secretary of the organization issuing the same, or the person who issues, makes, or is responsible therefor.
Clearly, the Federalist Papers do not comply with the statutory disclosure requirements: no "name and residence or business address" is set forth in that publication. But notice that the pseudonymous author ("Publius") could not have complied with this disclosure requirement; even if "Publius" were a "person" within the meaning of the statute, it had no "residence or business address," and if it were deemed not a "person" but an "organization issuing the communication," it had (as far as we know) no "chairman, treasurer, or secretary." whose name could be disclosed. "Publius," in other words, was not the kind of entity permitted by the Ohio authorities to engage in this form of public discourse, for the Ohio statute explicitly required that communications come exclusively either from "persons," or from "organizations" that have a particular structure (i.e., that have an identifiable "chairman, treasurer, or secretary").(40) By calling for the disclosure of certain information, the statute implicitly required that the information exist; if the information does not exist, the statutory requirements could not be complied with. Although the statute ostensibly regulated only the disclosure of certain information, it was in fact in the first instance regulating the kinds of entities that would be allowed to participate in the public debate; any association of individuals -- the "Concerned Parents and Taxpayers," or the shareholders of "McDonalds, Inc.," or the members of the Class of 1998 of Blendon Middle School or of the faculty of the Georgetown University Law Center -- was more than welcome to do so, provided that it first satisfied the condition that it organize itself in such a fashion that it have a "chairman, treasurer or secretary." Only then, after the relevant information was created, could the second statutory requirement -- that the information in those categories be disclosed -- be applied.
Viewed in this light -- as a requirement that certain organizational formalities be complied with before action under an organizational pseudonym can be taken -- the Ohio statute more closely resembles a species of "corporate law," a regulation of the way that individuals may combine their collective efforts into organizational forms and take action of various kinds. This may seem a rather strained reading of this statute, and it is certainly not the reading that the Court gave to it; but that may simply reflect the fact that the Ohio authorities chose to prosecute Mrs. McIntyre, the individual caught distributing the offending leaflets, rather than "Concerned Parents and Taxpayers," the "organization" ostensibly responsible for preparation of those documents.(41) On reflection, we should not be surprised by the close link between questions regarding regulation of pseudonymous communication and corporate law (or any other means of regulating "legal personhood"). Pseudonymity, after all, is the process by which non-human entities are given names under which they can take action, and the body of corporate law is only the most obvious way in which legal system controls the recognition of such entities:
[P]hysical human beings are not the only entities protected at law, nor the only entities that have rights. And routine doctrines of standing (the analysis of who -- or what -- may bring a lawsuit or complain about an asserted violation of rights) have traditionally comprehended more than individual, physical, human beings.
Most obviously, corporations, partnerships, and associations have substantive rights, and have the procedural right to bring suit. They also have rights to due process of law, to have those substantive rights enforced. Companies sue, and can be sued; they have lawyers and can invoke first amendment rights to free speech. All of this is quite separate, by definition and intent, from the rights and liabilities of the individual human beings who jointly own the company.
The law abounds in further examples: we find a plethora of specific entities with rights and standing to sue or be sued, and quasi-entities, or procedures which dispense with the need for the specific real humans who have the real interest in the lawsuit.(42)
We are surrounded by pseudonymous communication issued by fictional beings every day; though we do not generally think of corporate speech as an example of pseudonymous speech, it is clear that it falls within that category. When I receive an advertising flyer from my local McDonald's restaurant, identified only by a prominently placed corporate logo (the familiar "golden arches"), the message is an "anonymous" one, inasmuch as it contains no information at all about the identity of the individual(s) who may have typed it up, reproduced it, or placed it under my door. But it is equally clearly within the subset of pseudonymous messages because the presence of the logo provides contains a great deal of information about the recognizable (corporate) entity responsible for preparation and distribution of the flyer.(43)
The syllogism, then, is as follows: the regulation of anonymous communication is inextricably linked to the regulation of pseudonymous communication, and the latter is, in turn, inextricably linked to the regulation of the varieties of "legal persons" that the law will recognize, the kinds of collective entities that will (or will not) be permitted to engage in public discourse or other activities. In fact, the relationship between pseudonymity and these latter questions can profitably be extended still further. We are well acquainted with the notion that some collective entities (called "corporations") that are granted fictional legal personhood are formed by the operation of statutory provisions that grant to the individuals participating in those entities (shareholders) limitations on their liability for the entity's actions, provisions that allow those individuals to contribute tangible assets to the collective entity while remaining (relatively) secure in the knowledge that only those contributions, and not any other of the individuals' assets, are at risk when the collective entity acts.(44) Pseudonymity itself is a means, independent of these statutory provisions, for accomplishing much the same limited liability goal for participants in collective communicative activity. By definition, a pseudonymous communication contains no information about the identity of the individual(s) truly responsible for the communication; to the extent -- but only to the extent -- the communication is untraceably pseudonymous, damage to or depletion of the tangible assets belonging to the actual speaker(s) may be avoided by virtue of the fact that (by definition) there is no feasible way to identify those speakers or to locate and seize their tangible assets. If I am unable to determine the true identity of the individual or individuals constituting "Your Friend" or "Mark Twain" or "Concerned Parents and Taxpayers" (or the identity of the shareholders of "McDonalds, Inc."), I can look no further than the assets of the entity itself , if any (or, perhaps, to some third party) for such compensation.
This is also true, to be sure, of anonymous speech; indeed it is but a restatement of the rather obvious point that truly anonymous speakers may avoid being held accountable for any harms arising from their speech. But pseudonymity brings potentially offsetting benefits into play; by serving as storehouses of reputational capital, pseudonymous entities can add value to social interaction in a way that anonymous speech does not.(45) And it is on the nature of that additional value, I suggest, that our attention will need to be focused if we are to intelligently regulate anonymity in cyberspace, for just as in the corporate context, where limited liability is adopted as a conscious societal strategy to encourage the pooling of physical and financial assets, to induce individuals to take collective action of a kind that is deemed socially useful, so, too should our rules regarding the extent to which pseudonymous communication is to be protected in cyberspace be informed by our view of the social benefits produced by these pseudonymous entities and of the extent to which this form of limited liability is required to induce "investors" (i.e., participants in these pseudonymous entities) to pool their intellectual capital into such entities. Even given my initial assumption -- conceding a heightened potential for harm from truly anonymous speech in the special circumstances of cyberspace(46) -- our understanding of the overall balance between costs and benefits of a ban on anonymity is not complete until we examine the effect that this ban may have on the formation of collective pseudonymously-speaking entities. A simple ban on anonymity (such as the one the hypothetical Ohio legislature has tried to imposes) denies us the benefits that may be gained from the activities of entities of this kind; a more nuanced approach may enable us to capture at least some of those benefits while simultaneously minimizing the harms attendant on an anonymous messaging system. We have a long history of attempting to strike that balance in our corporation law, and I propose that we may need to begin developing a form of corporate law for cyberspace, rules regarding the formation of these entities and the protections that they will be afforded, in order to competently address the (seemingly unrelated) question of the regulation of anonymous speech. We need, in other words, to ask a series of questions about our hypothetical ban on anonymity that have little (if anything) to do with the continued existence of anonymous remailers or the mechanics of chained encryption. Are the kinds of collective entities that can be formed in cyberspace sufficiently valuable that we should provide individuals with inducement, in the form of limited liability, in order to form them? If so, how might our rules regarding traceability be fashioned to maximize those benefits? In what contexts should we allow, or require, any form of "piercing the pseudonymity veil" (and how might we ensure that the information required to perform that operation is available)?
I would not suggest that designing limited liability/pseudonymity rules in cyberspace will be appreciably easier than in the real world, where there is something of a "consensus that the whole area of limited liability, and conversely of piercing the corporate veil, is [sic] among the most confusing in corporate law."(47) Many commentators have suggested abandoning limited liability in the corporate context altogether; others have come to its defense on assorted grounds.(48) I am not attempting to persuade you even that any form of limited liability of this kind is to be encouraged in cyberspace -- but only that the factors that bear on resolution of that question are the same as those that should inform our efforts to regulate anonymous communications. I will content myself with the following observations regarding what I believe to be some of the features that this analysis will need to have. First, it seems plausible to assert that the unique characteristics of cyberspace so enhance our ability to pool intellectual capital into entities of this kind that the benefits to be gained by allowing and encouraging these forms of intellectual undertaking are likely to be substantial. One of the ways in which cyberspace appears to be different than the non-virtual world is precisely the remarkable and astonishing ease with which collective entities of various kinds -- some of which look like little that we have previously encountered -- can be formed; there are, at present, no registration requirements, no forms that need to be filled out, no approval that needs to be obtained, in order to call these entities into existence. The fundamental characteristic of cyberspace is that it is a network (or, more properly, a network of networks); everyone in cyberspace is connected to everyone else through the magic of interconnectivity protocols,(49) and can communicate instantaneously on a one-to-one, one-to-many, many-to-one, or many-to-many basis with a constantly shifting (but enormous) population of other individuals. In the space of an afternoon, I can join a dozen (or a hundred) ongoing associations by subscribing to individual listservers or Usenet discussion groups, I can form a dozen new such associations myself with a few lines of code inserted in my Internet Service Provider's system, and I can set up a dozen aliases on my provider's mail system through which I can communicate (and invite friends and colleagues to help me formulate the messages that will go out under each of these aliases).(50)
Fictitious entities of this kind, speaking through pseudonyms, are ubiquitous in cyberspace, a remarkable feature of the new landscape that we sometimes take for granted.(51) Two (or more) heads are -- surely in some circumstances at least -- better than one, and the prospect for more creative uses of this ability for individuals to pool their intellectual capital with great flexibility and with a minimum of start-up or transactions costs into a wide range of new kinds of actors and entities -- what Howard Rheingold has called "grassroots groupmind"(52) -- each capable of establishing a unique identity and accumulating its own specific reputational capital -- is a profound and exciting feature of this environment.(53)There is a "democratizing" impulse at work here, a relatively sudden increase in each individual cyberspace citizen's ability to participate in public collective action without formalities or legal barriers of any kind, and just as the doctrine of corporate limited liability itself developed as a means of encouraging individual entrepreneurial participation in the economic life of the nation,(54) so too should the benefits of the increased availability of new forms of public participation be weighed carefully before any regulatory measures are adopted regarding anonymity.(55) The question is not whether there are costs associated with the activities of these entities (for surely there are), nor whether those costs could be lowered by imposition of a stringent traceability regime denying all participants in these entities the liability shield of pseudonymity (for that, too, is clear); the question is, rather, whether we may need to bear those costs in order to reap the benefits from these "groupmind" activities. I have no answer to this question (and this paper is nothing more than an attempt to focus the groupmind of those interested in the proper scope of anonymous speech in cyberspace on the task of beginning the analyses required to sensibly address this question), but such considerations should surely give us pause when confronted with any effort to eliminate anonymity -- and, by extension, pseudonymity -- in cyberspace (such as that embodied in my hypothetical Ohio statute).
Second, we should be particularly solicitous in cyberspace of mechanisms that, like pseudonymous speech, can serve as vehicles for investment in reputational capital. Cyberspace resembles a "state of nature" in many respects, notably in the absence of effective centralized mechanisms for the enforcement of legal rules,(56) and, as Rubin has persuasively argued, in such an environment institutions that allow "firms" (i.e., collective entities of various kinds) to accumulate and protect reputational capital are of paramount importance.(57)
Note also that pseudonymity functions as a limitation on participants' liability in another way: by speaking through a pseudonym (and, again, to the extent, but only to the extent, that the pseudonym is an untraceable one), the intangible personal assets of the speaker or speakers -- their own private reputations and the constellation of personal characteristics associated with their true identities -- are shielded from any damage or diminution resulting from the action of the pseudonymous entity. The storehouse of intangible reputational capital of that entity -- "Publius" -- may become depleted without any effect on Alexander Hamilton's reputation, and vice versa. One characteristic of reputational capital, or the privacy interests that may be affected by disclosure of individual identity, is that the value that they possess for the individual is not easily transferable to third parties; it may not, for example, be possible to draw on the reservoir of reputational capital belonging to the individual participants in a pseudonymous entity for the purpose of compensating anyone who might have been harmed by that entity's actions. If you have been harmed by the actions taken by, say, the pseudonymous entity Cancelmoose, disclosure that Cancelmoose is actually Johan Helsingius, the proprietor of a well-known anonymous remailer in Finland, and Mother Teresa, acting in concert, will not, standing alone, compensate you for that harm. That disclosure may, however, damage the reputational capital that those two individuals can draw upon in their other efforts, and it may persuade others that the risk of participating in enterprises of this kind is not worth the possible cost to their own reputations or privacy interests, but those costs are not paid over to you as the aggrieved party. In some circumstances, of course, this information may be of instrumental value in obtaining that compensation by allowing you to locate the responsible actors and to proceed against them as individuals; but in other circumstances -- if, for example, you are unable to obtain jurisdiction over the individual participants whose identities have been revealed, or there is no cause of action for the harm you have suffered under the laws of the jurisdiction in which they are located -- it will not, and the loss of value associated with the disclosure of this information is not matched by any corresponding gain to the aggrieved party. This calls for an exploration of alternative traceability rules(58) that can perhaps be carefully drawn to maximize the likelihood of compensating victims of unlawful conduct -- such as third party insurance or bonding requirements that allow redress to be achieved without exposing participants' personal identities to risk(59) -- while simultaneously minimizing the losses that may be attendant upon disclosure. Protecting the valuable "limited liability" features of pseudonymity need not, in other words, necessarily mean that harms imposed on third parties by pseudonymous entities must go unredressed.
We have, up to now, taken few steps to regulate anonymous speech in cyberspace -- indeed, it is unclear how one would go about implementing and enforce such regulation -- but attempts to take such steps are surely on the horizon. The harms attendant upon anonymous speech are often more easily recognized and more spectacular(60) than the sometimes subtle benefits it may produce. Having begun this essay with reference to calls for the regulation of the availability of anonymous speech in cyberspace, I have ended with a call for the development of a corporate law for cyberspace as a means towards accomplishing that regulation in a reasonable manner. This connection has been made before, in a different context and on the basis of different considerations; Curtis Karnow has suggested that cyberspace requires the recognition of a new corporate entity, the e-person:
"The corporation was molded to its modern form by extraordinary developments in trade and economics. I suggest the extraordinary developments in technology, and specifically the information, or digital, revolution, gives rise to a new legal entity: the electronic persona.
The new entity is bred between the anvil of free flow of information, and the hammer of security and privacy. As with the development of the corporate form, the central function of the new legal entity is simultaneously to (i) provide access to a new means of communal or economic interaction, and (ii) shield the physical, individual human being from certain types of liability or exposure. . . ."
For Karnow, legal recognition for e-persons is intimately connected with assuring privacy for those who act in cyberspace;(61) I have tried to suggest that these e-persons have another role to play of facilitating collective action and the creation of reputational capital. E-persons have already begun to speak and act in online communities, notwithstanding (or, more likely, precisely because of) the fact that the legal system has paid them little mind, and we have only begun to understand the form that they may take or the values that they may embody -- or the harms that they may cause. But we surely need to tread lightly in this area lest we, perhaps unintentionally, disturb the development of these potentially most intriguing and valuable arrangements.
1. Visiting Associate Professor of Law, Georgetown University Law Center, and Co-director, Cyberspace Law Institute. Email: [email protected] or [email protected] My thanks to David Johnson, Mark Lemley, Michael Froomkin, and the pseudonymously named "Perry the Cynic," for comments on earlier formulations of the ideas presented here, as well as the participants on the Cyberia-L listserv generally for their contributions to my thinking on these questions. As is customary, I bear all responsibility for the manner in which those ideas are expressed.
2. Testimony of Robert S. Litt, Deputy Assistant Attorney General, Department of Justice (Criminal Division), Senate Committee on the Judiciary Hearings on "Terrorism, Technology, and Government Information: Mayhem Manuals and the Internet," May 11, 1995.
3. The term "cyberspace" was coined by the novelist William Gibson. Gibson, Neuromancer 51 (1984). I use it here to mean the global aggregate of digital, interactive, electronic communication networks; cyberspace thus includes the constituents networks comprising the global internetwork (the "Internet"), as well as the Internet itself as a separate, emergent phenomenon. A number of "technologies" are intentionally excluded from this definition: for example, non-interactive media (current television broadcasting and cable network systems), or non-networked computer applications (playing a videogame, for example, or using a computerized spreadsheet). Similarly, although one can imagine an analog interactive network -- indeed, one doesn't need to imagine such a network, for a good example is provided by the worldwide telephone network -- that, too, is not, for my purposes, part of cyberspace. These exclusions are intentional; for reasons explored in more detail in Johnson & Post, Law & Borders: The Rise of Law in Cyberspace (forthcoming, Stanford L. Rev.), this definition captures those distinctive characteristics of the new "place" that, taken as a whole, have the most substantial effect on the applicable laws governing conduct within the medium.
4. Only a short while ago, Hardy, in his pioneering discussion of law in cyberspace, could write that "[a]pparently anonymous remailer computers on the Internet exist in Finland, for example," citing a personal conversation with Mike Godwin, counsel for the Electronic Frontier Foundation. Hardy, The Proper Legal Regime for Cyberspace, 55 U. Pitt. L. Rev 993, 1011 (1994).
5. A wealth of information about anonymous remailers can be found online at http://www.cs.berkeley.edu/~raph/remailer.list.html; http://www.cs.berkeley.edu/~raph/remailer-faq.html; http://www.csn.net/ldetweil~/; http://chaos.taylored.com:1000/1/Anonymous-Mail. Information about one of the more prominent remailers, the anon.penet.fi service, can be obtained by electronic mail at [email protected] See generally Froomkin, Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Databases (Paper presented September 21, 1995 at the Conference for the Second Century of the University of Pittsburgh School of Law), available online at http://www.law.miami.edu/~froomkin.
6. See, e.g., Arthur, "Pornographers on Internet skilled at covering tracks; Network impossible to censor," The Independent, July 27, 1995, p. 3 (discussing the "enormously difficult task" of tracking down pedophiles who "can use 'anonymous remailers' -- computers which receive messages and strip off the details of their sender, before forwarding it elsewhere on the network"); Lavin, "Anonymous Service an Internet loophole As governments try to limit content, global resistance grows," The San Diego Union-Tribune, July 25, 1995, p. 7 (discussing the anon.penet.fi anonymous remailer service, the "electronic-publishing equivalent of offshore banking"); Rowe, "Censorship glossary; pertaining to computer online services," Playboy, July 1995, p. 48 (describing anonymous remailers); Nowicka, "Innovations: Vice squad cleans up the superhighway," The Daily Telegraph, June 27, 1995, p. 16 (describing discovery by West Midlands vice unit that "[c]hild pornographers conceal their actions by sending encrypted images, or having their electronic address removed by an anonymous remailer"); Arthur, Super informant highway set up on the Internet; Police open route for anonymous electronic mail," The Independent, May 13, 1995, p. 7 (describing initiative by police force to encourage "anyone with information about crimes in the West Mercia [U.K] area . . . to post electronic mail to the police" via anonymous remailer); Lewis, "Despite a New Plan For Cooling It Off, Cybersex Stays Hot," NY Times, March 26, 1995, p. 1 (describing the difficulties of tracking down traffickers in pornographic material on the Internet because users can "easily route their messages through so-called anonymous remailers who hide their identities"); Editorial, "The Electronic Poison Pen," Sacramento Bee, March 12, 1995, p. F4 (describing potential for use of 'anonymity servers' to foster criminal activity). See generally Post, "Knock Knock, Who's There," American Lawyer, December 1995, at 106.
7. See, e.g., Branscomb, Anonymity, Autonomy and Accountability: Challenges to the First Amendment in Cyberspace, 104 Yale L. J. 1639 (1995); Hardy, supra note [7 ] at 1009-1011; Long, Comment, Who Are You? Identity and Anonymity in Cyberspace, 55 U. Pitt. L. Rev. 1177 (1994); Karnow, The Encrypted Self: Fleshing Out the Rights of Electronic Personalities, 13 J. Marshall J. of Computer and Info. L. 1 (1994); Froomkin, Anonymity and Its Enmities, 1995 Journal of Online Law art. 4 (available at http://www.law.cornell.edu/jol/jol.table.html); Lemley, Rights of Attribution and Integrity in Online Communications, 1995 Journal of Online Law art. 2 (available at http://www.law.cornell.edu/jol/jol.table.html); Froomkin, supra note .
8. Opening the Senate hearings cited in note 2, Senator Arlen Specter remarked:
"Among those who communicate on the Internet are purveyors of hate and violence. Among the full text offerings on the Internet are detailed instruction books describing how to manufacture a bomb. The most widely known manual is the 'Big Book of Mischief.' This 93-page document details explosives formulas, how to purchase explosives and propellants, and how to use them. . . . Anyone with access to the Internet can obtain this recipe for disaster, even a 10-year-old child who can find a glass container and some gasoline. . . . There are also electronic mail discussion groups where information on bombmaking can be traded anonymously. One disgusting example is this anonymous message posted on an Internet electronic bulletin board shortly after the Oklahoma City bombing: 'Are you interested in receiving information detailing the components and materials needed to construct a bomb identical to the one used in Oklahoma. The information specifically details the construction, deployment, and detonation of high powered explosives. It also includes complete details of the bomb used in Oklahoma City, and how it was used and how it could have been better.' The individual who posted this message, who cowers in anonymity, deserves condemnation for using the Internet to suggest how the Oklahoma City bombing 'could have been better.' This is just one of many other examples. . . . Among the issues before us are the extent of such usage of the Internet and whether anything can or should be done to curb it."
Similarly, Section 502 of the recently-enacted Telecommunications Act of 1996 includes a provision that amends 47 USC 233 to make it a federal crime for anyone to "utilize a telecommunications device, whether or not conversation or communications ensues, without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person at the called number or who receives the communication." (emphasis added)
9. See, e.g., Branscomb, supra note , at 1642 ("[T]here are . . . many valid reasons supporting prohibition of anonymity. Disguising the sources of messages or postings relieves their authors from responsibility for any harm that may ensue. This often encourages outrageous behavior without any opportunity for recourse to the law for redress of grievances. Law enforcement officials or lawyers seeking to file a civil suit might not be able to identify an individual to hold responsible"); Long, supra note , at 1179 (noting the argument that "anonymity will allow a user to hide behind a number, rather than a name, and will discourage users from taking responsibility for their own communications," thus "effectively encourag[ing] the posting of illegal and abusive messages to the Net"; Froomkin, supra note , at paras 44-54 (discussing the "dark side of anonymity" and the various "unsavory possibilities" under an anonymous messaging system). Justice Scalia, dissenting in McIntyre v. Ohio Elections Comm., 115 S.Ct. 1511 (1995), summarized this case against anonymous speech: "I can imagine no reason why an anonymous leaflet is any more honorable, as a general matter, than an anonymous phone call or an anonymous letter. It facilitates wrong by eliminating accountability, which is ordinarily the very purpose of the anonymity.").
10. Talley v. California, 362 U.S. 60, 65 (1960).
11. See, e.g., Branscomb, supra note  at 1642 ("There are numerous situations in which anonymity seems entirely appropriate and even desirable. Psychologists and sociologists point out that people benefit from being able to assume different personae. It is therefore natural that individuals use electronic communication to disguise themselves, as in costume balls in the multiuser dungeons that Howard Rheingold describes. . . . The media often cite 'a prominent source' who does not wish to be identified, and pseudonymous authors have long been with us, sometimes in the past to prevent disclosure that the writer was female for fear her work would not be published were her gender known. . . . Anonymity has also been protected in cases in which actual retaliation or harm may ensue if the source of the writing is known, as in the case of whistle-blowers or political dissidents under authoritarian regimes.") (citing Rheingold, The Virtual Community 145-50 (1993)); Froomkin, surpa note  at 23 ("[A]nonymous electronic communication greatly enhances the privacy of the author. This is a good to the extent that privacy itself is a good, and while privacy may be a good, it is not wholly good or costless."); Long, supra note , at 1178 ("Abused as a child, an adult decides to share his story with a support group. A young woman who has tested positive for HIV discusses her feelings with others affected by the AIDS virus. After observing illegal activities at his company, a man debates the implications of 'blowing the whistle' on his employer. A dissident in China publishes some of his banned writings. For privacy reasons, all four individuals wish to remain anonymous. These scenarios would not be unique in today's society, except that they are occurring daily over an extensive computer network known as the Internet").
12. McIntyre v. Ohio Elections Comm., 115 S.Ct. 1511 (1995).
13. McIntyre, 115 S.Ct. at [ ] (emphasis added).
14. McIntyre, 115 S.Ct. at [ ].
15. Id., at [ ], citing Talley v. California, 362 U.S. 60, 64 (1960).
16. McIntyre, 115 S.Ct., at  (internal quotations and footnotes omitted).
17. McIntyre, s115 S.Ct., at  (citations omitted).
18. McIntyre,, 115 S.Ct. at [ ].
19. In the non-virtual world, to have achieved truly anonymous action Mrs. McIntyre would have had to go to considerable trouble and expense -- at the very least, purchasing her own printer or photocopying machine (so as to avoid having to use the local photocopying supplier, who could identify her after the fact) and arranging for some form of distribution other than passing out handbills at a public meeting. Cf. McIntyre, 115 S.Ct. at  (noting that the case "demonstrates [that] the absence of the author's name on a document does not necessarily protect either that person or a distributor of a forbidden document from being held responsible for compliance with the election code.").
20. Froomkin, supra note , at 7 (emphasis added). Froomkin provides an excellent primer on the ways in which a combination of strong cryptography and the existence of "anonymous remailers" -- mail services that "delete all the identifying information about incoming emails, [and] substitute a predefined header identifying the remailer as the sender or using a cute tag such as [email protected]" -- enable users to achieve virtually unbreakable anonymity. Id., at 8 - 16. See also sources cited at note .
21. This is not to say that the availability of anonymous communication in cyberspace cannot be regulated in any fashion. The decentralized architecture of cyberspace, and the difficulties of applying physically-based notions of personal jurisdiction on an environment in which physical boundaries are difficult if not impossible to identify, may make direct enforcement of legal norms against individual violators more difficult once the means to accomplish such violation is widely disseminated; but as Perritt has noted, this "naturally shift[s] attention to intermediaries who are more likely to be readily identifiable, subject to the jurisdiction of traditional legal institutions, and financially able to pay compensation for injury." Perritt, Computer Crimes and Torts in the Global Information Infrastructure: Intermediaries and Jurisdiction (Paper presented at the Univversity of Oslo, 12 October 1995) (on file with author). See also Elkin-Koren, Copyright Law and Social Dialogue on the Information Superhighway: the Case Against Copyright Liability of Bulletin Board Operators, 13 Cardozo Arts & Ent LJ 346, 399-411 (1993) for a particularly enlightening discussion of the relationship between decentralized systems and intermediary liability.
22. The way in which the developing law of cyberspace requires analysis that cuts across otherwise separate legal subdisciplines is insightfully discussed in Katsh, Law in a Digital World (1995). I have elsewhere suggested that this may be an example of a more general phenomenon brought on by the profession's decreasing dependence on an information-retrieval system (the West American Digests) requiring placement of all identifiable propositions of law into pre-defined, and relatively static, categories. See Post, The Law is Where You Find It, American Lawyer (March 1996, forthcoming); see also Berring, Collapse of the Structure of the Legal Research Universe: The Imperative of Digital Information, 69 Wash. L. Rev 9 (1994); Berring, Legal Research and Legal Concepts: Where Form Molds Substance, 75 Cal. L. Rev. 15 (1987).
23. This framework expands upon the one first proposed by Froomkin, supra note 5.
24. "Information" is used here in the information-theoretic sense, in which it is defined as a "reduction in uncertainty" attributable to a particular message. Uncertainty (or "entropy") can be measured by the "Shannon index":
H = - p(i) log2 p(i),
where p(i) = probability of the ith event. For example, in the toss of a fair coin, p(heads) = p(tails) = 0.5. Prior to the toss, our uncertainty can be measured as:
H (before coin toss) = - [ (0.5)*log2 (0.5) + (0.5)*log2(0.5)] = -[(0.5)*(-1) + (0.5)*(-1)]=1
After we observe the results of the toss there is no longer any uncertainty -- ex post, the probability of one outcome (e.g., heads) is now equal to 1 (with zero probability for the other outcome), and the uncertainty equals
H (after coin toss) = - [(1.0)*log2(1.0) + (0.0)*log2(0.0)] = 0 + 0 = 0
The reduction in uncertainty -- i.e., the amount of information we receive from tossing the coin -- is the difference between these two values:
R = Hbefore - Hafter = 1.0
By convention, the amount of information produced by such an equiprobable binary choice is taken as the basic unit of information (a "bit"). Generally speaking, uncertainty takes on its smallest value, zero, when one message is certain to occur (i.e., has a probability of 1) and all other messages cannot occur (i.e., have a probability of zero); intuitively, there is no information in a message that is a priori certain to occur. Conversely, uncertainty takes on its maximum value, log2(N), when the N messages in the set are equally likely.
Applied to the question at hand, an anonymous message is one in which the uncertainty (regarding the identity of the sender of the message) before the message is received is equal to the uncertainty after the message is received; in that case, we can say that the message contains no information about identity inasmuch as there has been no reduction in uncertainty achieved by receipt of the message. See, generally, Shannon and Weaver, The Mathematical Theory of Communication (1949, reprinted 1975); Feinstein, Foundations of Information Theory (1958); Mansuripur, Introduction to Information Theory (1987).
25. A qualification of this definition might be helpful. One can imagine truly anonymous messages in this strict sense -- messages containing no information whatsoever about the originator of the message -- it is probably more constructive to think of anonymity as a continuous, rather than a binary , attribute of messages; after all, even messages we ordinarily think of as "anonymous" contain some information about the author, e.g., graffiti scrawled on a subway platform informs us that the author was literate and was physically present on that particular platform at some point during the period since the platform was last painted, all of which probably effects a significant reduction in our uncertainty about the identity of the author by ruling out the vast majority of individuals in the world as possible authors. In order to talk constructively about anonymous messages, we can think of there being some threshold of uncertainty-reduction, and define an anonymous message as one in which the amount of information regarding the originator of the message falls below this threshold.
26. More precisely, this refers to those recipients for whom the string of characters "Your friend" contains no uncertainty-reducing information, see supra note , at all.
27. To put this example in the cyberspace context, imagine that instead of a letter we receive an electronic mail message bearing the return address "[email protected]" Again, this may be anonymous upon receipt; we may again, however, be able to obtain some information about likely originators. We may, for example, be able to obtain information about the identity of the owner of the domain "someplace.org," from whom we may be able to obtain the domain's database of e-mail IDs containing the name and address of the individual to whom the "yourfriend" ID was assigned. This would, obviously, effect a significant reduction in our uncertainty regarding the message originator.
28. The Internet Assigned Numbers Authority (IANA) is responsible for the overall coordination and management of the Internet Domain Name system. See Jon Postel, Domain Name System Structure and Delegation RFC 1591 (March 1994) (available online at http://www.internic.net/rfc/rfc1591.txt). See also A. Cooper & J. Postel, The US Domain, RFC1480 (June 1993) (available online at http://www.internic.net/rfc/rfc1480.txt). IANA has delegated the administration of IP address registrations to InterNIC Registration Service, which in turn has contracted for the provision of administration services with a private firm, Network Solutions, Inc. ("NSI"), which maintains a database of the names of the administrators of each registered machine. See Postel, op. cit (Section 3); A. Rutkowski, Generic International and Domestic Institutional Considerations for DNS Naming and Number Administration, Internet-Draft rutkowski-dns-role-00.txt (Nov 1995), available online at http://www.internic.net/internet-drafts/draft-rutkowski-dns-role-00.txt; see generally Burk, Trademarks Along the Infobahn: A First Look at the Emerging Law of Cybermarks, 1 U. RICH. J.L. & TECH. 1 (1995), available online at http://www.urich.edu/~jolt/v1i1/burk.html, for a general description of the Domain Naming System; see also Bush, Carpenter, & Postel, Delegation of International Top Level Domains, Internet-Draft ymbk-itld-admin-00, available at http://www.internic.net; RFC 882, "Domain Names -- Concepts and Facilities" (available online at ftp://ds.internic.net/rfc/rfc882.txt); RFC 883, "Domain Names -- Implementation and Specifications" (available online at ftp://ds.internic.net/rfc/rfc883.txt).
29. This phenomenon was most clearly illustrated in February 1995, when officials of the Church of Scientology, engaged in a series of disputes with individuals who had been using the anon.penet.fi anonymous remailer to post documents to the alt.religion.scientology Usenet group that, according to the Church, contained copyrighted and trade secret information, enlisted the aid of the Finnish police and obtained a warrant for a search of the anon.penet.fi database. See Froomkin, supra note , at ; Post, "The First Internet War: Scientology, its Critics, Anarchy, and Law in Cyberspace," Reason, April 1996 (forthcoming). Information on this incident is available at http://www.cybercom.net/~rnewman/scientology/home.html#PENET.
30. As a general matter, information about the identity of the author(s) of a e-mail message does not appear to be protected under U.S. law; the Electronic Communications Privacy Act, 18 USC 2510 et seq., prohibits (with certain exceptions) the disclosure of "the contents of any . . . electronic communication," id., at 2511(c) and 2511(e)i); the name or address of the originator of the message is not similarly covered by the statute. Accordingly, it does not appear that third party system operators have a statutory duty to disclose, or to refrain from disclosing, such information.
31. The scope of Ohio's jurisdiction to impose this hypothetical statutory scheme is an important and complex question, see Perritt, Jurisdiction in Cyberspace (Paper presented at Villanova Law Review Symposium, October 28 1995) (on file with author), as is the question of how any such rule would be enforced against violators in cyberspace. Any comprehensive attempt to analyze the consequences of this statute would need to address these questions, but I will not do so here, in order to focus attention on a different set of issues.
32. See note 21.
33. McIntyre, 115 S.Ct. at 1524 (Ginsburg, J. concurring).
34. Note that I am not asking precisely the same question the Court in McIntyre asked with reference to the real world equivalent of this statute, viz., whether it complies with the First Amendment of the US Constitution. Whether this hypothetical statute is constitutional as applied to electronic communications is of course an important question; but for reasons examined in detail elsewhere, see Johnson and Post, Law and Borders: The Rise of Law in Cyberspace, [Stanford Law Journal, forthcoming] and reasonably well-summarized by the aphorism that "the First Amendment is a local ordinance in cyberspace," I prefer, in the global context of cyberspace, to direct my attention on the underlying policy question of the wisdom of such a scheme rather than its compliance with any particular set of "local" standards.
35. Even were something short of a total ban on anonymous messaging attempted, it is likely that there will be difficulties distinguishing between these two subsets of anonymous messages -- what I will call "truly anonymous" (i.e., non-pseudonymous) and pseudonymous messages -- because the distinction between them is, as noted above, necessarily context-dependent. Characterization of a message as falling within one or the other of these categories cannot always be accomplished solely with reference to the message text itself. As in the examples above, we may only be able to determine whether an electronic mail message from "Your friend" or "Mark Twain," is pseudonymous from the historical context in which the message is embedded, the process by which strings of characters have, or have not, become associated with particular identifying characteristics. It is unlikely that we will be able to capture that context in any rule that attempts to regulate the transmission of anonymous messages; this contextual information is likely to be invisible to anyone monitoring message content. Therefore, any such rule will be unlikely to distinguish between truly anonymous and pseudonymous messages, and corresponding likely to sweep all forms of pseudonymity into its enforcement web as well.
36. The Federalist Papers, of course, are within the subset of anonymous works that can be considered pseudonymously published; the "true identity" of the authors is not revealed in the communications themselves, but the entity responsible for authorship -- "Publius" -- is conspicuously communicated.
37. McIntyre, at [ ] fn. 6.
38. McIntyre, at fn. 6. The Court went on to note that "Publius's opponents, the Anti-Federalists, also tended to publish under pseudonyms: prominent among them were 'Cato,' believed to be New York Governor George Clinton; 'Centinel,' probably Samuel Bryan or his father, Pennsylvania judge and legislator George Bryan; 'The Federal Farmer,' who may have been Richard Henry Lee, a Virginia member of the Continental Congress and a signer of the Declaration of Independence; and 'Brutus,' who may have been Robert Yates, a New York Supreme Court justice who walked out on the Constitutional Convention. A forerunner of all of these writers was the pre-Revolutionary War English pamphleteer 'Junius,' whose true identity remains a mystery." Id. (citations omitted). See also Talley, 362 U.S. at 65 ("Even the Federalist Papers, written in favor of the adoption of our Constitution, were published under fictitious names. It is plain that anonymity has sometimes been assumed for the most constructive purposes.").
39. McIntyre, at [ ] (discussing the two state interests proffered by Ohio is support of this statutory provision: the "interest in providing the electorate with relevant information" and in "preventing fraudulent and libelous statements").
40. The statute also permitted publications "issued by the regularly constituted central or executive committee of a political party, organized as provided in Chapter 3517 of the [Ohio] Revised code," provided that they bore "the name of the committee and its chairman or treasurer." McIntyre, at [ ].
41. Had Ohio proceeded against this collective entity (that we may assume had neither a business address nor a "chairman, treasurer or secretary" within the meaning of the statute), the organizational defendant could have argued that the statute unconstitutionally abridged the freedom of speech by shutting out certain entities from participation in the public debate; in such a posture, the case would have more closely resembled First National Bank of Boston v. Bellotti, 435 U.S. 765 (1978), in which the Court more directly confronted the question of the constitutionality of prohibiting certain legally-recognized entities from participating in communicative activities when it struck down a Massachusetts statute prohibiting any corporation from expending funds "for the purpose [of] influencing or affecting the vote on any question submitted to the voters, other than one materially affecting any of the property, business, or assets of the corporation."
42. Karnow, The Encrypted Self: Fleshing Out the Rights of Electronic Personalities, 13 J. Marshall J. of Comp. & Info. Law 1, 3 (1994); the classic treatment of these questions is Fuller, Legal Fictions (Stanford Univ. Press, 1967)
43. That information may, or may not, be reliable or trustworthy; a competitor may have forged the McDonald's logo, for example. The reliability of this information is, at least to some extent, a function of the legal protection afforded to this form of information via, e.g., trademark law.
44. A fundamental principle of corporate law is that shareholders in a corporation are not liable for the obligations of the enterprise beyond the capital that they contribute in exchange for their shares. See Model Business Corp. Act @ 6.22(b) (1985). Limited liability was not always the rule in American law, see Presser, Thwarting the Killing of the Corporation: Limited Liability, Democracy, and Economics, 87 Nw. L. Rev 1148, 1155-1156 (1992); (discussing historical background of adoption of limited liability statutes); Blumberg, Limited Liability and Corporate Groups, 11 J. Corp. L. 573, 587-91 (1986) (describing early American law providing for shareholder liability), but it has been accepted in most American jurisdictions since the mid-nineteenth century. Id. at 591-95 (limited liability was the rule by the middle of the nineteenth century with several exceptions that continued into the twentieth century). See Thompson, Piercing the Corporate Veil: an Empirical Study, 76 Cornell L. Rev. 1036, 1039 (1991).
45. See Posner, Privacy, Secrecy, and Reputation, 28 Buff. L. Rev. 1 (1979) ("Reputation has an important economic function in a market system (or in any systems where voluntary interactions are important). It reduces the search costs of buyers and sellers, makes it easier for the superior producer to increase his sales relative to those of inferior ones, and in these ways helps channel resources into their most valuable employments -- a process at the heart of the market system. This role is not limited to explicit markets; it is just as vital to the functioning of the 'marriage market,' the market in friends, the political market, and so on."). See also Hanak, The Quality Assurance Function of Trademarks, 43 Fordham L. Rev. 363 (1974); Landes & Posner, Trademark Law: An Economic Perspective, 30 J.L. & Econ. 265 (1987).
46. See supra, page .
47. Easterbrook & Fischel, Limited Liability and the Corporation, 52 U. Chi. L. Rev. 89, 89 (1985). See also Ribstein, Limited Liability and Theories of the Corporation, 50 Md. L. Rev 80, 81 (1991) (limited liability is "one of the most controversial issues in corporate law"); Hansmann & Kraakman, Toward Unlimited Shareholder Liability for Corporate Torts, 100 Yale L.J.1879, 1931 (criticizing limited liability and veil-piercing theory as "vague and largely unprincipled"); Thompson, Piercing the Corporate Veil: an Empirical Study, 76 Cornell L. Rev. 1036, 1037 (1991) ("Piercing the corporate veil is the most litigated issue in corporate law and yet it remains among the least understood"); Blumberg, The Law of Corporate Groups: Procedural Problems in the Law of Parent and Subsidiary Corporations 8 (1983) (noting the plethora of "irreconcilable and not entirely comprehensible decisions" in this area and that "[f]ew areas of the law have been so sharply criticized by commentators")
48. These arguments are summarized in Thompson, supra note , at 1039 - 1045.
49. The best known of which is, of course, the Internet Protocol suite. See Perritt, What is the Internet (available at http:\\ming.law.vill.edu); Quarterman, the Matrix: Computer Networks and Conferencing Systems Worldwide (1990); Krol & Hoffman, What is the Internet, Internet Engineering Task Force RFC 1462 (available at http:\\ds.internic.org>); Reinhardt, Building the Data Highway, 19 BYTE 46 (1994); Malamud, Exploring the Internet: A Technical Travelogue, (1993); Quarterman, and Hoskins, "Notable Computer Networks," Communications of the ACM, vol. 29, no. 10, pp. 932-971.
50. See Volokh, "Cheap Speech and What it Will Do," 104 Yale L.J. 1805 (1995). I have described this phenomenon in the context of the ongoing battles in cyberspace between the Church of Scientology and some of its critics over alleged unlawful postings of copyrighted and trade secret material:
[R]elations between [Scientology's] adherents and critics have never been pleasant; passions run feverishly high on both sides, and the Scientologists have often been accused of dealing, shall we say, rather harshly with their critics.
But at least until July 17, 1991, there was no truly organized opposition to the Scientologists's teachings and tactics, no true community of the disaffected. How could there be? Building an anti-church, after all, takes just about as much administrative and operational savvy, not to mention money, as does building a church. But that feature of the landscape changed dramatically on the date mentioned, when a Scientology critic, Scott Goehring, formed a discussion group -- "alt.religion.scientology" -- on what is called the "Usenet" network portion of the Internet. . . . Suddenly, in the 30 seconds or so that it took Goehring to type out his request, and the $0.05 or so it cost him to transmit that message to the computers responsible for Usenet network configuration, there is a place where the disgruntled can meet to exchange ideas and information -- a new community, one of the literally hundreds of thousands of such communities that have sprung into being on the Internet over the past few years.
Post, The First Internet War: Scientology, its Critics, Anarchy, and Law in Cyberspace, Reason, April 1996 (forthcoming). We may often describe a Usenet group such as alt.religion.scientology as a "place," as I have in the above excerpt; but it may also properly be considered a "person" or an "association" consisting of its members at any given time.
51. The use of "screen names" on commercial online services is virtually universal, and though we often assume that there is one individual standing behind each such name, that assumption is usually just that -- an assumption, without any particular foundation. As noted above, see supra note , the ideas in this paper were developed during a number of online discussions with "Perry the Cynic," [[email protected]]; I have not been able to confirm that this is, or is not, a single individual.
52. Rheingold, The Virtual Community, chap. 4 (Martin Secker & Warburg, 1994) ("[P]eople are using computer-mediated communication to rediscover the power of cooperation, turning cooperation into a game, a way of life -- a merger of knowledge capital, social capital, and communion. The fact that we need computer networks to recapture the sense of cooperative spirit that so many people seemed to lose when we gained all this technology is a painful irony.").
53. My favorite example of this phenomenon is the Cancelmoose, a fictitious being operating pseudonymously in cyberspace and that has taken a lead in issuing "cancelbots" -- commands that cancel postings to Usenet newsgroups -- in response to reported instances of "spamming" (bombarding numerous newsgroups with copies of the same message). One answer to the question "Who is Cancelmoose[tm]?" is provided in the Frequently Asked Question ("FAQ") file for the Usenet newsgroup news.admin.net-abuse (Nov 15, 1995 version) (available online at http://www.smartpages.com/bngfaqs/news/announce/newusers/top.html).
"Cancelmoose[tm] is, to misquote some wise poster, 'the greatest public servant the net has seen in quite some time.' Once upon a time, the moose would send out spam-cancels and then post notices anonymously to news.admin.policy, news.admin.misc, and a.c-e.n-a. The Moose stepped to the fore on its own initiative, at a time (mid 1994) when spam-cancels were irregular and disorganized, and behaved altogether admirably-- fair, even-handed, and quick to respond to comments and criticism, all without self-aggrandizement or martyrdom.Cancelmoose[tm] quickly gained near-unanimous support from the readership of all three above-mentioned groups. Nobody knows who Cancelmoose[tm] really is, and there aren't really even any good rumors. However, the moose now has an e-mail address ([email protected]) and a web site (http://www.cm.org.)."
See Wittes, Law in Cyberspace: Witnessing the birth of a Legal System, Legal Times, January 23, 1995 p. 1 (describing Cancelmoose as "widely seen not as a censor but as an enforcer of the accepted rules of Usenet. . . . Cancelmoose is a fascinating example of the Net's self-government because of the care he takes to avoid going beyond the community's consensus on which cancels are legitimate. He posts a justification for each of his cancels on a newsgroup devoted to net abuse, including in that justification a copy of the original message and a list of the newsgroups from which the spam was removed. He also includes information allowing sysops to override the cancels. . . . Cancelmoose also takes pains to emphasize that the content of messages does not influence his decision whether or not to cancel them."); Savetz, "Terminators: Net Guardians are Launching Cancelbots to Devour Unpalatable Spam," Internet World June 1995 at 80. Cancelmoose has also been described as an "Internet terrorist,""the first lawman of the electronic frontier," see Katz, "Snapshots: Moose on Loose," The Guardian, Dec. 22, 1994, p. 8, and, interestingly, as "a hacker's program." See see Copilevitz, "Imposter Using Internet to Make Author's Life Miserable," Dallas Morning News, Dec 21 1994, p. 5A. Whether the Cancelmoose is a single person, a collective entity acting under the name of Cancelmoose, or lines of code -- a "hacker's program" designed to take action against particular kinds of spamming incidents -- is, as far as I am aware, not known and may well be unknowable given today's technology (and the absence of Net-wide rules governing the obligation to disclose personal identity). Whatever it may be, it has, of course, its own home page. See http://www.cm.org.
54. See Presser, Thwarting the Killing of the Corporation: Limited Liability, Democracy, and Economics, 87 Nw. L. Rev 148, 155-157 (1992); Presser, Piercing the Corporate Veil, section 1.03; Halpern et al., An Economic Analysis of Limited Liability in Corporate Law, 30 U. Toronto L. J. 117, 118 (1980) (discussing the arguments in support of limited liability in England regarding the effects of limited liability on the "investments of savings by the middle and working classes").
55. See Froomkin, supra note , at  (discussing the Internet as a "radically democratizing tool"); see also Elkin-Koren, supra note 21.
56. The notion of the "state of nature," of course, dates back at least to Hobbes; see Hobbes, Leviathan, chaps. 13-14 (1651) ("[D]uring the time men live without a common Power to keep them all in awe, they are in that condition which is called Warre; and such a warre, as is of every man, against every man. . . . If a covenant be made, wherein neither of the parties perform presently, but trust one another; in the condition of mere nature, . . . it is void; but if there be a common power set over them both, with right and force sufficient to compel performance, it is not."). See Kronman, Contract Law and the State of Nature, 1 J. Law, Econ. & Org 5,6-9 (1985) (defining the state of nature as the situation "[w]hen two individuals (or groups) exchange promises and neither has the power to compel the other to perform, and there is also no third party powerful enough to enforce the agreement on their behalf"). The global nature of the electronic networks constituting cyberspace, and the absence of a "common power to keep [participants] in awe," make it plausible to suggest that cyberspace has many features that resemble the state of nature. See Post, supra note .
57. Rubin writes:
"[P]rivate mechanisms for soving the problems associated with opportunism in transactions [are] limited in their power; they cannot achieve an optimum. Without efficient government enforcement, it will be impossible to ralize all potential gains from trade. . . . On the other hand, it is possible to underestimate the power of such [private] mechanisms. In a world where trade is legal but contracts are not enforced, . . . reputations can become public knowledge, giving much more power to these [private] mechanisms. . . . There are three classes of private mechanisms to make agreements credible. All three rely on reputation."
Rubin, Growing a Legal System in the Post-Communist Economies, 27 Cor. Int. L.J. 1, 17-18 (1994). The importance of reputation for facilitating social interacation in environments of this kind have led some commentators to call for enhanced protection for trademark rights in cyberspace, see Burk, supra note [28 ] at par. 69, or closely related "moral" rights of attribution and integrity, see Lemley, supra note , at paras. 21-30, closely paralleling Rubin's call for such protection in the context of the newly-emerging Eastern European democracies. Rubin, op. cit. at 35-36 ("The most important assistance governments can give to pivate firms to create reputation capital is a willingness to enforce trademark property rights.").
58. Because of the key role that rules regarding intermediary liability play and will play in cyberspace, see supra note , and the critical importance of traceability in determining whether pseudonymity plays an effective role in limiting liability, see supra [p. 23], it is likely that whatever regulation is imposed in an attempt to control anonymous or pseudonymous communications is imposed on network intermediaries via, e.g., rules regarding their duty (a) to collect verifiable identifying information from subscribers, (b) to turn over that information in specified circumstances, and (c) to refuse to carry communications that come from systems that do not abide by similar traceability rules.
59. This is equivalent to a corporate law with a "minimum capitalization" requirement but without a corresponding absolute right to inspect shareholder lists. Nearly all states give shareholders some right to inspect corporate records, which may include the shareholder list, upon proper showing of need. See, e.g., Del. Code Ann. tit. 8, 220(b) (1993) (providing that any stockholder shall have the right to "inspect for any proper purpose" the corporation's list of stockholders, and defining "proper purpose" as "a purpose reasonably related to such person's interests as a stockholder"); Rev. Model Business Corp. Act 16.02(c) (1984) (allowing inspection of the shareholder list if the inspecting shareholder makes his demand in good faith and for a proper purpose and shows that the records are directly connected to this purpose); Cal. Corp. Code @ 1600 (West Supp. 1986) (providing that shareholders holding at least 5 percent in the aggregate of the outstanding voting shares of a corporation have "an absolute right" to inspect and copy the record of shareholders' names and addresses). See also SEC Rule 14a--7, 17 C.F.R. 240.14a-8(c)(8) (1992), under which a shareholder conducting an independent proxy solicitation may require the corporation to choose either to mail the soliciting shareholder's proxy materials to other shareholders (at the shareholder's expense) or to provide a shareholder list to the soliciting shareholder.
60. The day will surely come when law enforcement authorities report that a serious crime was planned by means of anonymous electronic communication, and it is equally certain that the popular press will react with horror and that calls for a prohibition on this kind of activity will intensify.
61. Karnow, supra note , at 11-13 ("Rights are conferred on epers for the same reason they are conferred on humans in the physical world: because there are powerful forces that we wish to restrain; and we cannot restrain those forces with countervailing raw power. We need a consensus that such raw power shall not ipso facto have its way. . . . Epers must be allowed some room, so that literal ownership of (i) the means of communication and (ii) agglutinated information does not thereby confer rights with respect to the content of the communication and the dissemination of the information. . . . [E]pers are most useful when we need to communicate but still need a shield: when we want to maintain intact the ramified divisions of our social and economic lives. For privacy is not truly a matter of an absolute barricade; it is instead inhibiting the spillover of information from one place to another. . . .Here we find the central contribution of the eper. . . .Epers can provide the anonymity that this compelled exposure would destroy. Multiple epers can conduct business and-- this is the point-- keep information segregated. Epers are related only through the human progenitor, and that link can be encrypted. In a universe of utterly accessible mutating data, epers help ensure both access and privacy."); see also Lemley, supra note , at par. 40 (discussing the need to protect pseudonymously named epersons in oder to protect the "virtual community" from damage).