[Dave Birch] The International Telecommunication Union (ITU) has issued a report "digital.life"  calling for more "joint efforts" to set up a coherent digital identity scheme that should be able to facilitate on-line interactions while protecting data and alleviating privacy concerns.  What caught my eye was that the report asks for digital identity management that is based on the use of "partial identities" depending on context and user choice.  This sounds very much like the real-digital-virtual identity model that we use whereby different groups of virtual identities are bound to different digital identities.

The report was drafted by a team of analysts from ITU’s Strategy and Policy Unit, covering chapters on "going digital," lifestyle, business, identity and living in the digital world.  Chapter 4, called "identity.digital" will be the one of most interest to blog readers.  It’s not bad: it covers a lot of the main issues in a fairly readable way and section 4.3.3 covers the benefits of pseudonymity as an operational mode, making the critical point that it should be up to individuals to determine the subset of their attributes that is communicated in order to effect a transaction.

Technorati Tags: ,

If you’re wondering what pseudonymity means in practice, here’s a simple example that I often use.  Imagine walking into a shop to buy something with your bank card.  The bank card has a computer chip on it and when you punch in your PIN at the checkout, the chip tells the merchant’s till that the PIN is correct.  Therefore the merchant’s till is happy to accept the bank card, you take your goods and walk out.  Where did your real identity come in to this?

This is a pseudonymous transaction: the first party (you) wants to perform a transaction that requires knowledge of your identity (to access your bank account) and the second party (the shop) doesn’t know that identity but trusts a third party (the bank) that does.  Authenticating the digital identity, by punching in a PIN, turns the account number attribute into a credential that the bank can trust and it can then process the transaction.
Note that in this case, where the bank knows who you are but the shop doesn’t, the virtual identity stored in your card is a pseudonym or, in the language of the European Commission Directive on Digital Signatures, an “indirect identity”.  Incidentally, since the bank knows who you are and guarantees the payment, there’s no reason why your real identity should even appear on the front of the card: then if you drop it in the street, a potential identity thief doesn’t know who it belongs to. The moral of the story: knowing who people actually are is not always necessary to do business with them, and the reason that you are often forced to disclose who you are is because of legacy implementations.  In fact, as Forum friend John Browning once wrote in Wired magazine, the true identity of a counterparty may be the least important credential in a commercial transaction.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: