Digital identity is a result of the information age. Distributed computing and high-velocity information transfer as an underlying part of, or the purpose for economic activity has created a need for rigorous identification of both source and recipient of communicated information. That velocity and distance-created ignorance between parties has exacerbated a need for authentication certainty that was not required to the same degree before this new world’s ascendancy. Heightened and increasing value of information for its own sake is a key factor in this paradigm shift; and identity-related issues arise because raw data is attached to someone or something.
Information “ownership” dogma is at the root of the digital identity challenge. Particularly when the information is about people, highly visible issues such as privacy, security, and rogue use of it are thorny bushes to dodge. Universal confusion about (a) who’s property information is, (b) how it is controlled, and (c) what rights others have to it engender dogmatic position-taking. A while ago, Jamie Lewis, of Burton Group, posted a paper called Ends and Means: Identity in Two Worlds. The paper exposes the dichotomy of thought and position in digital identity between consumerist and corporatist views, and how the twain shall meet eventually in some state of balanced dissatisfaction. I point to it because, as I hope to show, underlying its thesis is the dogma of the information construct.[1]
The confusion raised in the last paragraph is far from easily remedied, and, what’s worse, any proposal to do so is certain to be at least partially wrong. Mostly the proposals will be wrong because they are bound to the context of their creation. More than that, however, “personal information” is unique among types of information as it defies categorization and containment. The legal perspective, for instance, is merely one look at the beast, and its notion of “information as property” generally does not hold in this case.
There are two primary sides to this story. In the first position is the notion that information about me is mine. I have created it; it is specifically about me; and it emanates from me outward to the rest of the world. Here, although the extent to which my “property” rights will be enforced is fluid, the driving force is that I “own” all information about me and distribute it to others with the (implicit) understanding that they will use it to serve me only in ways I authorize, then forget it. Consider, as a specific case, how you provide income and personal/credit information to a financial institution, or your medical history to an insurer. Let’s call this Libertarian-leaning view the Subjectivist position.
At the other extreme is the position by which all information about me belongs to somebody else. Which is to say that no information about me exists by my creation: all knowledge about me is either perception formulated by a third party or description granted by an external authority. I may assume this information as property and propagate it, but it was in the first instant the creation of another every bit as much as a painting is an expression of the artist not the subject. The formulation example is satisfied by a record of my purchasing activity or an observed consumer preference; an authorization example is a registration or account number.[2] Let’s call this more Fascist view the Objectivist position.
There are many real examples of both these information dogmas in everyday life. Yet neither prevails as the definitive stance on personal information. The reasons are not merely vagaries in law, but moreso the custom that has evolved through centuries of interaction and negotiation among ourselves. These processes are localized not universal and therefore inform our view of personal information at the deep, cultural level. And culture is a much bigger hurdle than economic or commercial problems. There are, of course, many shades of gray between black and white, and it is in those gradients between purely Subjectivist and Objectivist positions where our ongoing negotiations are likely to settle for a time. What might that look like?
First, let’s accept that personal information is understood and perceived differently than information property (e.g., trade secrets), regardless of where or how it is being used: i.e., on behalf of an individual as the individual or by an individual as the agent of an organization. The consumer/citizen perceives personal information as his/her property to control and distribute to all others conditionally. Organizations that use or need information about individuals to create efficiencies or value in their products/services, however, prefer to believe that information is theirs irrespective of how it was originally obtained. Privacy and similar legislations are today being imposed on this dichotomy in favour of the Subjectivist view giving more strength to the individual. This is unworkable in the long run because those with the means and need are being inhibited and restricted.
What will likely result in this environment is not dissimilar to information usage development up until the present Internet-based Electronic Communications (IBEC) structure became a force. That is, the individual will be the “owner” and controller of personal information “property” to the extent that (s)he feels warranted – probably extending through to but not including preferences and the data of corroborated bread crumb droppings (e.g., loyalty program participation, etc.). After a painful bought of delusion during which this owner (and various interest groups) attempt to exert sweeping control over information distribution, reason and practicality will prevail.
The delusion will fade with the realization that the Subjectivist ideal is attainable only at the cost of retreating from the information-fuelled modern world of convenience and service. Let’s remember that individuals and organizations are not mutually exclusive parts of this system. Thus the Subjectivist narcotic will wear off on individuals as they feel pressure in their role as agents of the corporatist interest. We will en masse renegotiate with ourselves to achieve a satisfactory compromise – without ceding control to our darker angels.
At some level we all know that the individual will ultimately quite happily provide personal information in parts to various audiences and interested parties, such as business firms and governments, under a culturally-consistent “restricted use license.” The social contract we’ll have made with ourselves will be to protect the unleashed information through self-regulation and market economics: using our individual and collective power of choice to promote good behaviour and penalize bad.
It is an imperfect system, as all human systems are, but it will work for a time. Its end is, however, sewn in its own fallow from the outset. It is the story of the tragedy of the commons: there will be abusers, as there are today and always have been. But, also implicit in this system is democracy and choice. We will insist on mitigating the risk of capitulation to the Objectivist position by diversification: ensuring there are always alternatives among which to choose. Which brings us to the mechanics of digital identity.
Briefly, we ought to get used to the idea of a digital identity topography that is situational and contextual; that makes information control and system mechanics negotiated; and that provides for many substantially interoperable alternatives that support the negotiated solutions. We further ought to anticipate government participation in the form of regulation and assurance of global digital:physical identity integrity with many private enterprises providing identity credentials for various purposes. Regardless, when you pick your digital identity religion, from Big Brother to federation to proprietary closed systems, be aware of and understand the information dogma that drives it.
Notes
[1] Also, refer to André Durand’s Three Tiers of Identity and Doc Searls’s Making Mydentity for how this might manifest itself.
[2] Note that credit cards always remain the property of the card issuer. 2