Fifteen years ago, cartoonist Peter Steiner drew two dogs sitting in front of a computer, one saying to the other, "On the Internet, nobody knows you’re a dog." This iconic adage, cute in its day, is now a warning. Originally posted by Bruce McConnell on governmentfutures.com in 2008.

Criminal, terrorist and nation-state cyber attacks against banks, technology companies, online merchants, individuals and government agencies cost the U.S. economy $400 billion annually, focused most often on stealing business and military secrets, and personal data.

While historical analogies are dangerous, I am often reminded of the evolution of the automobile industry. From their earliest days, cars were used in crimes. And yet today, law enforcement can track a suspected vehicle’s ownership, consistent with the Fourth Amendment.

In cyberspace, not knowing for sure what person or device is on the other end of the line has serious downsides. It erodes overall trust, limits users’ ability to secure their own systems, hinders effective governmental response, and causes organizations to collect more personal data than they really need.

Yet there is important value in anonymity in cyberspace. People need to be able to visit, say, a government health information site without sharing detailed personal information.Whenever the government requires more personal identification, there is a potential threat to freedom of speech. As Supreme Court Justice Stevens wrote in a majority opinion in 1995, "Protections for anonymous speech are vital to democratic discourse." There is a danger that creating greater certainty about who is online could increase the already excessive, unwanted and unauthorized surveillance and profiling of individuals that is conducted today by governments, businesses and criminals.

A zero-sum game between security and privacy is both undesirable and unnecessary.

We can find a balanced way to enhance security without throwing away our privacy rights. Not every transaction demands the same amount of identifying information. Organizations should tailor the amount of identifying information they collect, keeping it to the minimum needed for a specific situation. At the same time, those information collectors should keep an auditable record of what information has changed hands.

As Scott Charney, Microsoft’s head of trustworthy computing, suggests in a seminal paper on end-to-end trust, "It may be possible to know something about someone without knowing who they are." We can build systems that verify, for instance, that someone is a minor–and allow them to play in certain online worlds–without requiring they reveal additional personal data. That limit could help protect kids from cyberspace predators.

Government is already deeply involved in securing cyberspace. It must work closely with industry to make authenticated cyber identity a reality.

President Bush’s recent classified directive on cyber security is said to create a comprehensive approach to the problem. A first test of the program will be measuring how much it enhances both freedom and security.

(A longer version of this post appeared in Forbes.com.)