How to shine a light on the internet fakers

Giving evidence to select committees restores my faith in parliamentary democracy. The questions are well informed; partisan allegiances undetectable; the mood, usually, of high seriousness.

This month I lowered the tone. The digital, culture, media and sport committee, chaired by Damian Collins, is investigating fake news, so I started my evidence by showing how easy it is to impersonate people and organisations on the internet. A few days earlier, I had set up a Gmail account in the name damian.collins.mp.office@gmail.com. Then I used that email to set up Facebook and Twitter accounts in his name. For good measure I also started setting up a website (damian-collins-mp.org.uk) and another one in the name of the committee. All this took about ten minutes.

Given an hour, I could have easily gone farther, using photos and other material to make the website look convincing. I could have loaded it with genuine documents (and added a few fakes). Assuming I made no money from it, none of this would be illegal. And it would be quite hard for anyone in contact with my handiwork to know that they had gone astray in the cyber-jungle.

Instead, I took screenshots of my prankishness and deleted it all from the internet. Mr Collins can rest easy. But we cannot. The fakery that plagues our online lives stems from anonymity. It is hard to prove who we are, hard to know who we are dealing with and hard to know if we are navigating correctly. Anonymity enables the fake websites and email accounts which are a boon for cyber-criminals (who, for example, can easily send bogus invoices from seemingly correct addresses). Purveyors of disinformation and deceit use anonymity too. We treat what we see on our screen as real, without realising that cranks, crooks or unscrupulous political operators such as Cambridge Analytica may be directing it towards us.

It is tempting simply to demand a ban on malevolent material. But policing content is tricky. Tastes differ. One person’s cruel hoax is another’s biting satire. The boundary between truth and falsehood is often more blurred than we think. Irresponsible invention or lively speculation? Indefensibly tendentious or punchily phrased? Slanted reporting, or a simple tale, powerfully told? In a free society, the less such questions go to the courts, let alone to politicians, the better.

Instead, I told the committee, we need to push faceless sources of information to the sidelines. Anonymity has its place (in clandestine human-rights work, for example). But it should not be the default setting on what has become the central nervous system of modern civilisation.

Some elements of proper identity authentication already exist. Twitter awards a blue tick to the accounts of those whose identity has been verified. My bogus Twitter account in Mr Collins’s name would lack that and be easily spotted as a fake or parody. But such verification should be a right, not a privilege, and should extend beyond the news-addicts’ playground of Twitter into the mainstream of the internet, to Facebook, Google and the other big providers of communication services.

Establishing credibility should be easy. Transferring a penny via internet banking when you open an email or social media account would be one indicator of realness. Making a phone call from a proper telephone would be another. Other bricks in the identity foundations could include proof that you pay taxes, vote, have a credit rating or a passport. Ideally, none of these pieces of personal data would be actually handed over: the point would be just to show that you possess them. The result would not be totally foolproof but it would be enough to deter almost any conceivable impersonator.

We need a similar system for websites. Anyone who registers an internet address and buys space on a computer to host it should be asked some questions about their realness. A street address, a phone number? Who is in charge? How have they paid? If a determinedly anonymous webmaster supplies no such information, that is his right, but the site should be flagged as such. I showed the committee the red screens that warn us not to visit a site if it risks infecting our computers with malware. We should get similar alerts if we click on a page which has wilfully concealed its origins.

This would instantly make life more difficult for the manipulators. We would see from our email inboxes and Facebook pages whether the people we are dealing with are real. We would have a much better idea about the links we click on. A sizzling titbit of scandal is less appealing when you know that it is coming from a purported “news site” which lacks an editor or an address, or from a “friend” who cannot verify his existence.

We should take the same approach to advertisements. We need to know who is trying to reach us and why. That will require one big shift: to accept that anyone placing an ad has largely lost their right to privacy. When we click on an ad, we should be able to see who has paid for it and how it is being targeted. The companies that sell advertising space should maintain this data in a central, publicly accessible register.

Such changes would mean inconvenient, costly and embarrassing upheavals for the internet behemoths. But given the havoc these companies’ current arrangements are wreaking on our lives, we and our politicians should insist on them.

Edward Lucas

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *