weblogsky | jon lebkowsky
-->

« Worldchanging book design | Main | Habeas corpus »

January 18, 2007

Identity standards = police state?

McChris at infobong.com responds to my "sock mob" post, where I suggest "a standard identity framework with strong and meaningful authentication" as a solution to sock mobbery and other pollution of the commons by astroturfers and worse, who take advantage of the ability to create rootless and inauthentic multiple identities for all kinds of mischief – gaming and spamming the rest of us. [Link] Says he:

In order for a standardized identity system to be effective against a problem like sock mobs it would first need to be mandatory (either at the blog level or across the Internet) and, secondly, it would need to be verified through some kind of governmental identification system like driver’s licenses or social-security numbers. (I imagine that you could use credit-reporting agencies, but that would be even worse.) A universal identity system would introduce privacy problems that would exceed the value of eliminating sock mobs. There are privacy problems on a high level, where social institutions could store, share, and retrieve comments and content posted by an individual, but the lower-level privacy problems would be worse. Do we want prospective employers or dates to be able access and verify everything we post online? Most users post different information about themselves on a site like MySpace than they would on LinkedIn, would we want these tied together? Do you want a troll to be able to see each comment you leave to a blog? I don’t think so. Identity systems would allow society to police mass actions like sock mobs, but they would also police users at an individual level.

My responses...

In order for a standardized identity system to be effective against a problem like sock mobs it would first need to be mandatory: My understanding of standards is that they aren't mandated, but adopted cooperatively because they offer (per Wikipedia) "mutual gains in a coordinated action." I've never heard anyone in the group working toward a standard identity framework use that word "mandatory."

secondly, it would need to be verified through some kind of governmental identification system like driver’s licenses or social-security numbers: This isn't necessary, and I don't think anyone's proposed it. The way to do it would be to have a system of brokers who provide registration services, have some means of verification (probably built into the payment process, e.g. verification via credit card), and have a validation service. Such brokers already exist, such as 2idi, where I'm registered as =jonl.

there are privacy problems on a high level, where social institutions could store, share, and retrieve comments and content posted by an individual, but the lower-level privacy problems would be worse. Do we want prospective employers or dates to be able access and verify everything we post online? Isn't this already the case? If you wanted to overcome this "problem," you'd have to remove that other clear threat to privacy, the search engine, no?

Most users post different information about themselves on a site like MySpace than they would on LinkedIn, would we want these tied together? This is actually a non sequitir... if a value of myspace is an ability to create a separate, more casual persona, that's a service they could offer. Myspace would know who you ware, would be able to connect your identity to an authentic person via a login that would be validated by the framework - but this doesn't have to be public-facing in such a way that the two personas would be visibly connected via search etc.

Identity systems would allow society to police mass actions like sock mobs, but they would also police users at an individual level. "Police" is an interesting term to use here. The act of "policing" is often a good thing - enforcing rules and providing protection, but it can also be a bad thing in the context of a "police state," were police power is exercised arbitrarily or abused.

It's probably worthwhile to think about this - how police (or police functionalities) can protect, or can persecute – and sometimes do both. (How often do we see police portrayed as thugs hired to protect the rich and persecute the poor?)

Our experiences and our media biases may favor one perception or the other, but the reality is complex. And despite evident abuses by police, we generally accept that police should exist, and we depend on the integrity of various institutions – e.g. government offices and the courts – to ensure the fairness and integrity of the police function. On the Internet, we traditionally depended on system and user integrity, but (tragedy of the commons) that's beginning to fail us; spam and abuse are epidemic. It's not surprising that we think about policing-as-protection, but it also follows that we worry about policing-as-persecution. As you can gather from what I've said so far, I'm not paranoid about an identity framework that's built as a standard, because I think the folks who are working on it are aware of privacy issues and including them as a factor in developing the technology and systems the standard requires. But I think it's worthwhile to keep the privacy question prominent in the discussion.

posted this at 10:16 AM
Share on Facebook| email to a friend

Post a comment




Email this entry to:


Your email address:

Message (optional):


 read weblogsky! latest posts:
Memory

Interactive Austin 2008

Keith Olbermann and the violent cosmology of the new news

No more lost cities

Newborn

Conversation with Clay Shirky

Multitsking Virus, part 2

David Brooks on "Neural Buddhists"

The Multitasking Virus

"Jon Lebkowsky of Polycot Talks about the Early Days of Web 2.0"

Subscribe to Weblogsky: Jon Lebkowsky's Blog Subscribe to RSS feed for Weblogsky
Subscribe in Bloglines

Add to Google
Add to My AOL
Subscribe in NewsGator Online
Add to Pageflakes
Add to netvibes
Subscribe in Rojo