The 8th Internet Identity Workshop came to a close last Wednesday afternoon. Although, one could easily make the case the workshop is continuous with the semi-annual events simply marking a swarm of activity that enables the network of both people and technologies to become increasingly connected and interoperable. At any rate, the swarm has temporarily dispersed.
One of my tasks at the workshop was to think through what we mean when we say “identity.” When we talk about “internet identity“– we produce this floating signifier and hurl it in the general direction of a swarm of streams of activity. The signifier in question seems to have landed in a hall of mirrors. However, an infinite loop is not always an indicator of error or system deadlock. Douglas Hofstadter, for one, embraces this hall of mirrors and posits that identity in its essence is a strange loop:
Like Godel’s logical statements, the brain also exists on at least two levels: a deterministic level of atoms and neurons, and a higher level of large mental structures we call symbols. One of these symbols, perhaps the central one which relates to all others in our minds, is the strange loop we call “I”. By the time we reach adulthood, Hofstadter writes, “I” is an endless hall of mirrors, encompassing everything that has ever happened to us, vast numbers of counterfactual replays of important episodes in our lives, invented memories and expectations.
One of the tricks of language is that we can form anything into a proposition–“Identity is ______”. Realism and Surrealism have the same underlying structure, any two things can be stuck together in the form used by a logical proposition. When we speak of internet identity, we’re talking about a family of related issues and technologies– and like any family tree, it has many branches, along with an odd cousin here or there. Yet, we seem to think we’re talking about something in particular.
The task of Internet identity seems to be an attempt to “solve the problem” of the fragmentation of identity as it manifests throughout the Network. We appear to live a fragmentary existence– pieces of you, pieces of me, lodge in various corners of the Network. And these scraps of data exist unconnected, they are potentially network nodes; but currently they don’t have the capacity for connection. The substance of their security model is their quarantine.
If we take a closer look at these fragmented selves scattered across the Network; we see a picture of actions, of gestures— made across that mesh of connections. A book was purchased here, a birthday present for a friend over there, a bank account ledger viewed on this date, and a social network stream sampled at that time. Each of these transactions have to be bound to you in some way– a username and a password on your side, a set of database entries on the server side, and a cookie to tie the two together. Imagine each of these fragments as an organ without a body, functioning with a specific purpose but unconnected to a general organizing principle.
There’s an old joke in the philosophy of identity, it goes like this:
To do is to be
To be is to do
Do be do be do
We’d like to be able to abstract “identity” from any particular transaction to create a transcendental identity. An identity separate from action, an identity that can be attached to no action or any action. When we speak in this way, we think of the “I” as something that can exist apart from the world, apart from the rough and tumble of our everyday concerns. We posit an “I” that can choose when and if it connects to the world. ‘User-centered’ identity systems tend to operate with this idea of the “I.” This is identity as a technical problem that can be solved by a higher level of indirection.
Before we get too far down that road to an identity abstraction layer, we might ask whether there can be meaningful identity outside of agency. Socrates, Sartre and Sinatra all associate being and doing. If we take a step back and look at the identity artifacts that we’ve collected, they all enable an action. My driver’s license enables me to legally drive a car. It also allows me to prove that I’m over 18 or 21. My credit card allows me to time shift capital from the future to the present. My passport enables international travel. My username and password at Amazon allows me to buy books and other sundry items.
If we continue to unpack this notion, we find that it’s a kind of practical identity we’re talking about. In these transactions and database records, we’re uninterested in who you are as a soul. We’re interested in current accountability and the risk characteristics of a transaction with a particular individual as it projects into future time. In this we stand with Locke’s understanding of identity: he thought the personal identity relation was, in effect, an accountability relation. Agency is accountable agency– meaning responsibility from this “now” moment to the next “now” moment for the collection of fragmentary organs without a body floating around the Network.
OpenID begins its life as a transcendental identity, potentially it exists as an unafiliated (user-centered) identity artifact within an identity meta-system. But as we begin to look at the uptake of OpenID and the usability of its workflow, we find something different. On the revised login screen, OpenID is covered over by the big commercial brands on the Network. Google, Microsoft, Facebook, Twitter, Yahoo, and Financial Institutions have provided us identity artifacts based on an action we’ve taken– each of these identity relations have enabled some capability. We have no interest in operating at a new identity abstraction layer, we prefer to use an existing relation as the pivot point for identity across multiple relying parties. OpenID disappears from the conversation and we’re interested in where we can use our Google ID or Twitter ID– we want to know which identity is the most powerful and will allow access to most of the services we generally access from the Network. Google’s identity has purchase in its cloud and the apps built within its cloud. Alliances (or conquests) between clouds will extend the authority of a particular identity. While we started with a “user-centered” system, with this model we seem to have reverted to a version of the feudal identity system we already inhabit.
Let’s return to the corpus of identity, the body that might contain these organs floating within the Network. Is there a possibility that a digital body can be instantiated outside the custody of the dominant clouds? Samuel Weber opened up this question about the constitution of the digital body by exploring the work of Brecht and Benjamin:
I will close by asserting simply that the digitality of the digital, which, as Negroponte as suggestively asserted, replaces atoms by bits, in an analogous manner points us towards the ever-present necessity of reconstituting those bits and pieces into some sort of body or reality, be it virtual. The power of the media today lies both in the technologies of dismemberment (of the analogical) and the possibilities of reconfiguration that ensue. No digitality however will ever fully relieve us of the task of reconfiguring the analogical, a task in which bodies, as the site of citable gestures, pointing elsewhere, will always have a singular role to play. Not the least of these bodies , nor simply metaphorical, is that political body known as the people. Only when the body of the demos is recognized as the analogical alibi of an irreducibly heterogeneous digitality, will the question of digital democracy will be approachable. And it is the history of theatrocracy that will have set the stage for this approach.
The connector that establishes identity (session or statefulness) in the traditional web application model is the cookie. It’s the little bit of text that binds you to the data. At the IIW, Craig Burton posited that the Selector will be the next historical marker in the evolution of the Network. His whitepaper detailing the transition from cookies to selectors is available as a PDF. In addition to a rich form of identity management, the selector and information card model enables something called action cards. And this is where we get back to the corpus of identity, an action card enables a capability on the Network. It’s not transcendental identity– the card, combined with a ruleset and datasource makes a concrete benefit available. In this model, the selector works with our cultural practices for analog identity rather than against them. Identity is a side effect of an enablement– to do and to be (in that order) are linked through the selector. (Sinatra sang ‘do be do be do’ not ‘be do be do be’).
Creating a digital identity without a digital body might have been a reasonable approach prior to the emergence of the Network. Just as we think of freedom as “freedom to” or “freedom from”– identity is identity for some purpose. The action card has opened a pathway, the capacity for a practical connection that will yield a networked identity with a superior security and privacy model. At the moment when the digital body acts, that’s when it requires an identity.