Universal identification is futile

Bruce Schneier blog post Anonymity and the Internet has interesting points on Internet security. I can agree many of them.

Universal identification is portrayed by some as the holy grail of Internet security and that anonymity is bad. According to the blog this is not the case. The problem is that universal identification won’t work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.

Imagine a magic world in which every Internet packet could be traced to its origin. Even in this world, our Internet security problems wouldn’t be solved. Mandating universal identity and attribution is the wrong goal. Accept that there will always be anonymous speech on the Internet. Accept that you’ll never truly know where a packet came from. Work on the problems you can solve:  software.

The whole attribution problem is very similar to the copy-protection/digital-rights-management problem. It’s impossible to make specific bits not copyable, it’s impossible to know where specific bits came from. Bits are bits. They don’t naturally come with restrictions on their use attached to them, and they don’t naturally come with author information attached to them. Any attempts to circumvent this limitation will fail. Business model developers and law enforcement and others need to learn understand this.