Me, myself and I

Are we simplifying our identity too much, or not enough in the digital age?

By Stephen Wilson

With the silly season upon us, I hope you don’t mind a change of pace in this issue, with a deep look at identity.  At one level this can be a bit of philosophical fun, but at another, it can and should affect the way we do identity management.  

We may be in the midst of a true paradigm shift, to a new worldview based on a plurality of identities.
Here I’m using the infamous ‘p word’, paradigm, in its proper context, as popularised by philosopher and historian Thomas Kuhn in his book The Structure of Scientific Revolutions (1962).  It describes in science sets of prevailing assumptions and theories that add up to an accepted worldview - the sun and planets revolve around earth, or disease is caused by imbalance in bodily ‘humours’.  Paradigms are not inherently bad, but they carry implications which can go unchallenged. 

I suggest we’ve been saddled for years with the tacit assumption that deep down we each have one ‘true’ identity, and that the way to resolve rights and responsibilities is to render that identity as unique.  This “singular identity” paradigm has had an unhelpful influence on smartcards, PKI, biometrics, and federated identity management. 

Federated identity is a sort of mash-up of the things that are known about us in different contexts, for example, drivers’ licences and the way they’re presented to bootstrap a new relationship.  But there is a serious category error when this real world experience is extended superficially to federated ID.  A licence might evince your ‘identity’ when joining a video store but it does not persist in that relationship.  It does not become your identity as a video store member. For that, you have a new membership card.

A less trivial example is your identity as an employee of Company X.  HR may want to see your drivers licence, to make sure they get your legal name correct, but thereafter, you carry an ID badge for Company X – your identity in that context. You don’t present your drivers licence to get in the door of your workplace.

Federated ID assumes we need one identity only.  The ‘Identity 2.0’ movement stresses the multiplicity of our relationships; the popular but utopian conference presentation by Dick Hardt1 shows vividly how many ways there are to be known.  But he goes a step too far when he seeks to create a single, albeit fuzzy, ‘uber identity’ that mops up all relationships and transcends all contexts. 

The alternate view is that each of us actually exercises a portfolio of separate identities, switching between them in different contexts.  This is not an academic distinction; it really makes a big difference where you draw the line on how much you need to know to set up a unique identity.

Kim Cameron’s Laws of Identity2 promote the plurality of identity.  They include a new definition of digital identity as “a set of claims made by one digital subject about itself or another digital subject”.  But Cameron recognises that it “does not jive with some widely held beliefs – for example, that within a given context, identities have to be unique”. 

When you change jobs, you really do have a new workplace identity.  Likewise, one’s identity as a bank account holder is quite different from one’s identity as an employee. Try this thought experiment: Your identity as an employee is suddenly destroyed when you are made redundant. How would you like your bank to know about this state of affairs before you’ve had a chance to make plans, evaluate your options, get another job? Your right to privacy could be deeply affected in a world where we arbitrarily hang different ‘roles’ off the one uber identity.

Ironically I suspect that the singular identity paradigm is a child of the computer age.  Before the Internet and the advent of IdM, we lived happily in a world of plural identities – citizen, spouse, employee, customer, account holder, another account holder,  and so on ad infinitum.  It was only after we started getting computer accounts that it occurred to people to think in terms of one ‘true’ identity plus a constellation of ‘roles’; or to use orthodox jargon, one authentication followed by multiple authorisations.  So the irony is that very modern advances like the Laws of Identity might take us back to the way identities were before the Internet.

I said at the beginning that a paradigm can have implications that go unchallenged. Let’s consider the possibility that the singular identity paradigm has enabled, without anyone noticing, the rather too easy acceptance by security experts of biometrics.

The idea of biometric authentication plays straight into the orthodox world view that each user has one ‘true’ identity. The appeal of biometrics must be based on an idea that what matters in all transactions is the biological organism - but it’s not. In most real world transactions, the ‘role’ is all that matters, and it’s only under rare conditions of investigating frauds that we go to the forensic extreme of locating the organism.

There are huge risks if we go and make the actual organism central to routine transactions.  It would make everything intrinsically linked, implicitly violating Privacy Principle No. 1: Don’t collect personal information if it’s not required.

Why is the security community, which is proud of its caution, so willing to embrace so quickly the risks of biometrics?  It may be because we’ve been inadvertently seduced by the idea that a single identity is sensible. 
Now, which identity am I going to wear to that Christmas party?  Have a safe and festive holiday, and a happy new year!

Footnotes:
1www.sxip.com/videos.

2www.identityblog.com/?p=354.

Stephen Wilson is a leading international authority on identity management and information security. In early 2004, Stephen established Lockstep Consulting to provide independent security advice and to develop new smartcard solutions to identity theft.