Identity is Hard, Let’s go Shopping.
Kim Cameron, in the course of saying nice things about us (thanks, Kim!) says: “In my view, the identity problem is one of the hardest problems computer science has ever faced.” I think this is true, and I’d like to tackle why that is. I’m going to do that in a couple of blog posts, because I think the subject is broad and complex, and I’d like to offer some perspectives into that chaos.
I’ve been saying for a while that people like to pay for privacy, when they understand what the threat to their privacy is, and how the solution works. Thus, they buy curtains. Curtains work very well to enhance privacy by stopping passers-by from looking through your windows. Another part of that talk is that privacy means a lot of different things to people, ranging from ‘the right to be left alone’ to ‘informational self-determination’ to ‘abortion.’ I believe that identity displays very similar properties in how widely the term is used.
Identity is a problem because it means so many different things about who we are, and how we perceive ourselves, others, and our relationships with them. Identity also entails a set of business relationships, and the experiences and reliance that entities embed into those relationships. Finally, identity entails a set of government relationships, some of which are about citizenship, or various sorts of temporary presence or exclusion, or moneys flowing to or from the government. Sometimes, these relationships overlap in various ways.
This relates to Zooko’s “Decentralized, Secure, Human-Meaningful” triangle. Zooko looks at the digital systems for dealing with identifiers, and the properties those identifiers can have. I want to start from the variety of relationships, and the way people think about the relationships, then move to identifiers. Replacing the actual relationship with a digital identifier often creates issues, because the two differ.
As we encode various forms of identity onto computers, we make choices about identifiers and representations. Some of these choices are now such second nature that actually listing the details them seems bizarre: “My mail client sends a message to firstname.lastname@example.org”* vs “I send mail to mom.” We have internalized the idea that an email address is a good identifier for a person. We tend to internalize these representations fairly easily, even when its not a good idea. “123-45-6789 applied for this credit card,” that must be Alice Example.
I’ll talk more about the issues of assigning trust or reliance to identifiers, rather than people, in another post.
(* My mom is not named Alice, nor is her SSN the one listed. My mom is also not Midus Unknown, who posted, and may be, or be represented by, “1 Superman-1sm.”)