[Dave Birch]  Ben Laurie has previously pointed out that identity management systems are not the only way you are identified and tracked.  And this is a problem, because if society chooses a particular kind of identity management system — perhaps one which responds to European sensibilities around privacy and data protection — but has to deliver it on top of a surveillance infrastructure, then society’s choices are subverted.  In other words, there must be a substrate of anonymity to make higher level choices about pseduonymity or conditional anonymity valid.  So, as Ben puts it, the choices we make for identity management don’t control what information is gathered about us unless we are completely anonymous apart from what we choose to reveal.  But is this a realistic architecture for the real world?

Technorati Tags: , , ,

Our friends at the Institute for Prospective Technological Studies (IPTS) published a report coming to the same conclusion: that a prerequisite for achieving unlinkability of actions at the application level is support of anonymity by the network.  So, there are many good reasons for having infrastructure that provides anonymity.  That’s not the same
Anonymity sounds attractive: after all, who wants their boss to know which web sites they’ve been visiting or the department of health to know that they’ve been looking at fast food advertisements.  And there are certainly cases where anonymity is critical, not only for political dissidents.  Look at the often-discussed example of a whistle-blowing nurse in a hospital.  But people generally want anonymity for themselves, not for drug-dealing nazi child pornographers.  Therefore people won’t accept anonymous infrastructure: they expect "the authorities" to be able to track down miscreants.  This is another restatement of the fundamental problem that we have previously discussed as the chat-room paradox.

So if people don’t want anonymity for other people, but do want it for themselves, then some form of conditional anonymity, pseudonymity or escrow must form the only acceptable compromise.  Therefore digital identity policy for the mass market (for, as an obvious example, national identity management schemes) must be largely about which of these alternative to "absonymity" (I know, it’s not a real word, I made it up) is to be implemented and how.  An immediate challenge to this view is that the general public would find it too confusing, but I’m not so sure.  Interacting under assumed names may seem odd to older persons (although they would presumably understand privacy issues) but the the new generation of consumers, it seems natural: I remember at one of the first Digital Identity Forums, Steve Bowbrick gave a very good talk on how teenagers were using multiple e-mail addresses to segment between school life, home life, friends life and so on. To them, pseduonymity is the natural state online interaction, isn’t it?

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public. [posted with ecto]

Leave a Reply

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: