[Dave Birch] Chat rooms are a great place to start thinking about digital identity. Especially where children are concerned. I started thinking about this again while I was dipping into the privacy vs. anonymity debate that is swirling around our corner of the Internet yet again. If we (ie, the digital identity illuminati) can solve the chat room problem, then we’ll really have achieved something.
Chat rooms were in the news recently because UK users of Windows Live Messenger or MSN Messenger can now click a new button in the chat application to contact police with reports of suspicious behavior and instances of inappropriate sexual conduct online (eg, any mention of having viewed Celebrity Love Island). But how do you know who was being “inappropriate”?
This brings us back to the fundamental chat room paradox that we touched on last month. To restate… Your kids want to go in a chatroom and you will only let them go into the chatroom if you know (in principle) who everyone else in the chatroom is, but you won’t let them go into the chatroom if they have to disclose who they are. So in an “open space”, you want to everyone else to disclose their identity but keep yours secret, just in case of one the other people who has disclosed their identity is lying and is actually someone else (so that if they do something bad, the police can’t catch them).
My head hurts.
I think the solution to the paradox, as I consistently maintain, is to take pseudonymity seriously. The problem isn’t the chat rooms themselves, but that no-one knows who is in them: it’s a problem of identity that pseudonyms could solve. We generally take proving identity in the real world generally means proving who we are, but in the chat room we can clearly see the problem in a digital identity context. It’s not who you are, but what you are: are you an adult, UK subject, Manchester City fan, British Airways customer or a single parent?
Suppose that teenagers were given avatar by their school, or their parents’ bank or as in an interesting pilot scheme for children in care, a charity (for example, the Who Cares Trust, who presented on a version of this idea at the 4th Digital Identity Forum back in 2003). Now suppose that the pseduonym (ie, public key certificate) contained a few unforgeable credentials (“I am between 14 and 18”, “I am male”) but that the children could choose any name they wanted for the ID (“I am David Beckham”). This gives the best of both worlds: the kids can log on to appropriate chat rooms, but no-one else in the chat rooms (nor the chat room operators) will know who they really are.
My bank could give me an avatar of Donald Duck, but I couldn’t use it to get up to no good because if a police warrant asked my bank who “Donald Duck” is, it would tell them: and naturally the chat room operator — such as Microsoft — would only accept pseudonyms from reputable organisations such as my bank. Thus, no-one in the chat room would know the real identity of the participants but none of the participants could get away with any illegal behaviour. In just the same way, a travel agent might be happy to accept my BA Executive Club pseudonym, which leads us back into the world of federation etc..
I can’t believe how long ago it was that we started to use the “chatroom paradox” as a way to help clients think about some different aspects of identity and identity-related business. Seven years on, and I’m still writing magazine pieces about the chatroom paradox (I’ve just finished one for another journal) and the problem still isn’t fixed and the politicians and regulators still see security and privacy as opposite sides of a crazty balance.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers