The report was drafted by a team of analysts from ITU’s Strategy and Policy Unit, covering chapters on "going digital," lifestyle, business, identity and living in the digital world. Chapter 4, called "identity.digital" will be the one of most interest to blog readers. It’s not bad: it covers a lot of the main issues in a fairly readable way and section 4.3.3 covers the benefits of pseudonymity as an operational mode, making the critical point that it should be up to individuals to determine the subset of their attributes that is communicated in order to effect a transaction.
If you’re wondering what pseudonymity means in practice, here’s a simple example that I often use. Imagine walking into a shop to buy something with your bank card. The bank card has a computer chip on it and when you punch in your PIN at the checkout, the chip tells the merchant’s till that the PIN is correct. Therefore the merchant’s till is happy to accept the bank card, you take your goods and walk out. Where did your real identity come in to this?
This is a pseudonymous transaction: the first party (you) wants to perform a transaction that requires knowledge of your identity (to access your bank account) and the second party (the shop) doesn’t know that identity but trusts a third party (the bank) that does. Authenticating the digital identity, by punching in a PIN, turns the account number attribute into a credential that the bank can trust and it can then process the transaction.
Note that in this case, where the bank knows who you are but the shop doesn’t, the virtual identity stored in your card is a pseudonym or, in the language of the European Commission Directive on Digital Signatures, an “indirect identity”. Incidentally, since the bank knows who you are and guarantees the payment, there’s no reason why your real identity should even appear on the front of the card: then if you drop it in the street, a potential identity thief doesn’t know who it belongs to. The moral of the story: knowing who people actually are is not always necessary to do business with them, and the reason that you are often forced to disclose who you are is because of legacy implementations. In fact, as Forum friend John Browning once wrote in Wired magazine, the true identity of a counterparty may be the least important credential in a commercial transaction.
My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]