When it comes to security and privacy, one of the starkest anomalies of our social common sense lies in this contradiction: On the one hand, government and industry are intensely concerned about cybersecurity, breaches of which have to date caused tremendous havoc while not yet causing the mass casualties that targeted attacks on elements of critical infrastructure could yield. The pressure on enterprises and government operations is to “better secure” their networks, systems and data. In some cases, government will even sue enterprises for data breaches. On the other hand, the government agencies at the epicenter of the cybersecurity concern have been shown to participate in the very activities they are trying to defend against. They have engaged in massive breaches and compromises of internet security. When faced with the commercial reaction — Apple’s security on iOS, for example — to implement strong encryption and enable user control over the keys (i.e., no corporate back-door), security agencies cry foul and demand that these firms create a weakness for government exploitation. Add to this the fact that these agencies cannot themselves control the actions of the individuals working for them. Edward Snowden is the most obvious example of an individual who — to draw on Mikko Hyponnen’s analogy in The Internet is On Fire — pulled a fire alarm and walked away with a trove of classified data. But the better examples of the challenges of insider security come from the far more mundane and everyday abuses driven by personal concerns and errors. These may not occur “every day,” but demonstrate that even the most security conscious organizations on the planet suffer failures. The logical argument against back-doors is that it’s just a matter of time before some individual reveals the secret, using or allowing it to be used it in an inappropriate way.
The madness will continue until we break away from this broken conversation.
+ChrisMessina’s Thoughts on Google+ piece raises a number of interesting issues, particularly with respect to digital identity and privacy. Messina notes that he joined Google in part to ensure that “the future of digital identity should not be determined by one company (namely Facebook).” He goes on to give his sense of why digital identity matters: “Digital identity unlocks universal personalization (i.e. better ads), payments and commerce (i.e. Snapcash), environmental adaptation (i.e. an Uber that plays your Spotify music), communications (i.e. Path Talk), and access (i.e. Sosh Concierge). Today’s most exciting apps are barely scratching the surface of what will be possible when there are years of preferences data stored up on each of us, that we can leverage at a moments notice, in any context.”
Explained below: We need to separate the management of individual identity from the operation of digital services that manage status functions, and we need to find a way to place the individual in firm, confident and inalienable control of their digital identity.
The Candy of Convenience
Our collective fascination with use cases that highlight convenience is blinding us to something far more important: Digital identity is the key to liberty. Our drift into a world in which we have little choice but to allow enterprises — Google, Facebook, Wyndham, HomeDepot, your employer, the government — to manufacture and set the terms of use for the identities we use when we engage with them, puts both the enterprise and the individual in a bad place. The drift, that seemingly inexorable movement in a direction with which many are uncomfortable, is driven by the daily compromises we make to offer and take the candy of convenience and instant gratification.
The Fundamentals (How Identity Connects with Liberty)
In its simplest terms, an individual’s identity is a collection of status functions, and the history of transactions associated with those status functions. As John Searle says in a 2013 lecture on consciousness (see note 1 and Youtube link below), “we live in a sea of status functions.” Oversimplifying… a status function reflects that the individual associated with the identity has been granted, or have granted themselves, to allowed to do do something, or proscribed from doing it. The most obvious and pervasive status functions are rights, entitlements, benefits, capacities, etc; these form a “skeleton” of identity, and enable us to negotiate our way in the world. They constitute individual elements of social power (Searle calls this “deontic power”). A few simple examples: a driver’s license is an indicator that the state has entitled the individual to drive a car; a credit score is an indicator of financial capacity, and the ability to borrow; a Facebook account is an indicator of membership in a publishing community, and the capacity to build and project a social identity on a ubiquitous platform. Take the driver’s license away, and the individual can no longer drive. Take the credit score away, and the individual can no longer borrow at preferential interest rates. Take the Facebook account away, and the individual can no longer be part of a ubiquitous platform. When status functions are taken away, or degraded, so too is the individual’s liberty.
The Importance of Managing Your Identit(ies)
An individual’s capacity to govern and control the use of digital identity is central to the cultivation and maintenance of reputation. Each time a digital identity is used — to withdraw funds, to publish something in a public or less-than-public space, to authorize something — the resulting transaction becomes part of the identity’s reputation. The individual’s eligibility for new status functions (or the continuation of existing ones) increasingly depends on that reputation. A simple example: A few years ago, I spoke with a visa adjudicator at the U.S. Department of State who reported a new adjudication practice of reviewing social media records. One of her anecdotes included a case where a young European applicant for a nanny visa wrote on her Facebook page that she had no intention of being a nanny, but would instead travel and work elsewhere in the U.S. Visa denied.
Why This Matters
At one level, within the last ten years, we have shifted into a new world where we have little choice but to participate in social media, learn new skills for actively cultivating and managing the projection of our identities in the digital world, and adopt new principles of accountability. We’re living through a historical shift in the way we understand and self-consciously define the self, a lifelong activity in which we require secure means of claiming and managing our identity.
At another level, we have drifted into this new world with a pattern in which every enterprise requires that we identify ourselves when we engage with them. Their concern isn't so much identity, as it is controlling access to the value they provide and create. Since individuals don’t generally “bring their own identity,” (or are uncomfortable using social login… see Note 2 below) enterprises have established practices of enrolling individual identity claims, creating accounts, and imposing ways that the individual will subsequently authenticate. And so we have ended up in a world where we have dozens, and sometimes hundreds, of digital identities. In each case, the enterprise decides what risk it is willing to take with respect to identity fraud, and what compromises it is willing to make for the sake of making its offering easy to access. In many cases, this means minimizing identity assurance, and using lowest common denominator authentication practices. Those choices put the individual, their digital identity and reputation at risk. Even if we follow so-called best practices for password hygiene, even if we use tools like 1Password or Lastpass, the resulting mess is too complicated and time-consuming for individuals to manage effectively. When one of those dozens or hundreds of user accounts is compromised, and someone else is able to impersonate us, our reputation is placed at risk in ways that jeopardize liberty.
Another basic problem with the notion that the Googles/Facebooks/Twitters of the world could or should be identity providers is that their core business is about enabling the convenience and instant gratification (universal personalization) in a way that is economically driven by its connection with identity. They monetize what you do with your identity, and so there's a financial incentive to maximize transparency. And the more you rely on their platform, the harder it is to say "no" to a change in the terms of service. Facebook is a great example. Sure, you can say "no"... just by terminating your use of the service. Saying "no" in that way becomes much harder if FB is both your identity provider, and your publishing platform.
Our lack of effective control over digital identity reflects a situation in which we have little ability to govern privacy — how we share information about ourselves, or how we govern how others may use the information we have shared. The resulting lack of practical privacy facilitates distortions that place our reputation at risk. Since our reputation is pivotal to establishing and maintaining eligibility for status functions, the lack of an effective capacity to manage identity and privacy is a threat to individual liberty.
What we Need
What is needed is an identity platform operated on behalf of its users by an enterprise whose sole mission focuses on enabling secure individual control of digital identity. The challenge is that such an enterprise must avoid the business conflicts of interest that emerge when it has a financial interest in monetizing personal data and individual transaction histories through advertising or other third-party oriented services. We need to separate the management of individual identity from the operation of digital services that manage status functions, and we need to find a way to place the individual in firm, confident and inalienable control of their digital identity, and of the identity and agency of their things.
Notes
Note 1… on Status Functions
I’d like to express my gratitude to Fernando Flores and the Pluralistic Networks team for bringing a Youtube-captured John Searle lecture entitled “The Normative Structure of Civilization” to my attention. It’s a crisp articulation of the role of language (language is the platform of civilization) in the creation of consciousness and culture, and a convincing story about the connection of the domain of physical science with the domain of social science. One of my take-aways from this lecture is the concept of “status functions”, which I used to clumsily describe as “rights, benefits, entitlements, permissions, capacities, etc.” In Searle’s account, “status functions” are actually richer than this… “We live in a sea of status functions…” and status function indicators, which include wedding rings, uniforms, passports and driver’s licenses.
(If the introduction doesn't hold your attention, please skip to 8:12, where the lecture begins.)
Note 2… on Social Login
While I appreciate what I assess as good intent on behalf of some of the firms who have created social login as a “free” component of the range of services from which they profit, my sense is that this will forever be great for convenience, and compromising for liberty. While there exist technical means of “blinding” (the identity provider cannot see who the relying party is), and while OAuth mechanisms are a giant leap forward, there are numerous reason for discomfort with respect to popular implementations. These include sometimes not-so-subtle little power grabs by Relying Parties (let us post to your Facebook account); unclear-as-to-purpose requests for access to your contacts; and the sense that the Identity Provider can maintain a record of where you logged in. More importantly, as we see in the periodic revisions to Terms of Service by firms like FaceBook, the enterprise retains the power to unilaterally impose new conditions and terms. The user has a choice of accepting… or terminating their use of the service. That means that if we become overly dependent on a particular social login, the consequences of objecting to a change in Terms of Service become widespread, damaging and disruptive. This imbalance of power between enterprises and individuals is unsustainable in a culture that is shifting towards consumerizing power.
