The analogy to Harlan Ellison’s classic story isn’t there at all. But somehow the phrase fits anyway. As I think about Jessie Stay’s post about the implementation of the “in_reply_to_status_id” parameter in Twitter, and the matching of the metadata element by Identi.ca, I keep coming back to J.L. Austin’s idea of the speech act. This new parameter is a connector that enables a network of conversation. The elements of a conversation are not objects, but rather speech acts of the subject.
“What does it matter who is speaking,” someone said. “What does it matter who is speaking.”
The 140 character limit of the Tweet and the Dent ties the form to the SMS. The SMS is tied to the phone and the transmission of voice. It’s the writing that’s closest to speech and the performative utterance. The Tweet/Dent is the combination of the speaker and the spoken. Identity is implied. When a micro-object speaks, does it remain an object like any other object?
I blame the terrorists. The movement to create national identity cards was given fuel by the attacks of 9/11 and the subsequent formation of the Department of Homeland Security. The “concept” is that by issuing government sponsored official identity documentation we would introduce a control point in the process of differentiating “us” from “them.” There is a lively debate about whether such a system could be spoofed to somehow allow “them” to acquire identity cards and pass themselves off as authentically one of “us.” There’s no question that such an identity card would create a glaring single point of failure– the program meant to get the ball rolling is called the Real ID Act.
Personal identity is the sameness of a same person in different moments in time.
A simple frame for understanding the potential problems with the proposal requires focusing on the idea of the One and the Many. (those seeking extra credit can explore Hegel vs. Locke and review the STI’s white paper on Digital identity.) Can one national root identity be made strong and authoritative enough to be the foundation for all digital identity instances? In the future, will you have a single root identity provisioned by your government? Will you co-own your identity with your government, or will they have a 51% controlling interest when it comes to anything important?
Digital Identity is a man-made thing, an artifact, that refers to a person, and is different from a person.
An alternative vision is based on user-centric ownership and assertion of identity. The claims an individual makes to establish her identity and reputation are validated by many different sources, both strong and weak. Rather than a single root, the foundation is rhizomatic, or a mesh of validated relationships and reputation. A government issued identity card can, and does, have a role in the mesh — the question is whether it should be authoritative or simply continue to contribute to the whole.
Yes, but how does an Identity Mesh help us fight the terrorists? Well, no one thing will be a silver bullet. But you could argue that assembling a complete meshed identity across multiple active relationships would be more difficult than compromising a single authoritative root identity. The conversation about personhood and identity systems is taking place in the context of Homeland Security. The unintended consequences of selecting this tactic to enhance our national security are vast. Ask George Orwell.
As we discuss how to mesh together identity across social networks there’s a shadow falling from overhead. While the concept of a metaverse doesn’t seem in the offing, we are starting to create an augmented reality through the combination of these services. Identity will be at the foundation and creating that foundation will be a political process not a technical one. In fact, the political must limit the technical if we are to preserve the inalienable rights of our democracy.
Randall Stross lets the cat out of the bag in today’s Digital Domain column in the NY Times. The internet’s identity infrastructure is based on the use of passwords– and passwords are broken. And OpenID doesn’t solve the problem because the problem of passwords isn’t solved, rather it is extended. The single sign-on that OpenID enables creates a single point of failure for the defense of personal identity. Are you willing to bet your life on a single shared secret?
Most of the current internet identity work has been done on low value information. The question is will the infrastructure we’re building extend to supporting high value information? At what point will medical, legal and financial information be part of the larger identity ecosystem? Do we really want a single, unified persistent internet identity, or will a two or three tiered system of identity and authentication be created:
Authentication artifacts or factors are generally described as:
Something you know (shared secret)
Something you have (security token)
Something you are or do (biometrics)
Location (not in two places at once)
Time (limited allowable hours)
A new factor is emerging based on social networks– a lot of low-value validated social connections could add up to a very strong authentication factor. The relationship card is a similar idea that establishes the value of an identity by the relationships bound to it. Clearly there’s a tie in to Vendor Relationship Management here.
Multi-factor authentication will require more than a shared secret; the real question here is about the human factors. What do we know about human behavior and passwords? Here are the top ten passwords:
password
123456
qwerty
abc123
letmein
monkey
myspace1
password1
blink182
(your first name)
I’m somewhat surprised that “swordfish” didn’t make the list. Passwords and the shared secret authentication ceremony are a high friction point for users of the Network. The easier it is for me to remember and use my password, in most cases, the less secure it is. Even though it’s possible with most authentication systems to create a highly secure password, if I can’t remember it, I can’t use it. We’re in the early stages of imagining and building new identity architectures. Information Cards have potential to move beyond the current ceremony while building on a the wallet and card metaphor– but adoption seems to reside on the other side of the event horizon.
Ultimately internet identity and authentication ceremonies will be a social, cultural and political challenge. Systems can be built and standards can be established, but getting humans to use them is another matter all together. Evangelizing new identity ceremonies will be as simple and complex as answering the question: what’s in it for me? The Internet Identity movement needs to start taking a hard look at the human factors of these new systems. Richard Thaler offers this mnemonic device to recall the most important six principles:
iNcentives
Understanding Mappings
Defaults
Give feedback
Expect Error
Structure complex choices
The concept of Choice Architecture and the Nudge could play a large role in the success or failure of these systems. In the end, it will be humans who will either find value in these new identity architectures, or will, with a shrug of their shoulders, ask the community to please try again.
The great american philosopher Steven Wright wrote this profound fragment about the Network and Identity, or maybe it was just a joke.
I woke up one morning and looked around the room. Something wasn’t right. I realized that someone had broken in the night before and replaced everything in my apartment with an exact replica. I couldn’t believe it…I got my roommate and showed him. I said, “Look at this–everything’s been replaced with an exact replica!” He said, “Do I know you?” — Steven Wright
You can look to Jameson or Baudrillard to learn about the simulacrum, but Wright really nails it. In the digital world the line between an original and a copy is blurred. That’s why it’s difficult to bind a unique digital identity to a person. And as Chris Anderson has noted, the cost, or lack thereof, of digital copies has disrupted the economics a number of industries.
This connects to a mystery about the iPhone. What’s the reason that copy and paste is missing? The underlying operating system is OSX, so it’s obviously supported. It’s a function has been supported from the very beginning of the computer. Perhaps it’s a signal of a new kind of limit being enforced on the digital world.
Imagine an abstraction layer up the stack from the digital. Imagine a new digital world where there are no originals and there are no copies. The iPhone only consumes pointers, names that point to a location. The location can be secured and access controlled, and a form of the old economics emerges. Sure, once you’ve downloaded a file, digital economics rule the day, but not on the iPhone. No copy and paste.
