Banks and credit card companies have been busy implementing multi-level “security” measures to protect you from “identity theft.” While most of us know that “identity theft” is a bad thing (theft of any kind is), many of us don’t know what’s really being taken by the thieves. It could be all of the money in our savings and checking accounts, all of the available credit in our credit card accounts, and our valuable financial reputation.
This financial identity is only one part of who we are.
Your identity is what sets you apart from all others. It is what confers upon you certain rights and responsibilities. To many people, one’s identity appears static and resistant to change. In reality, identities have many parts and none are static for long.
Here’s a video called Identity 2.0 Keynote (about 15 minutes long) that might help explain.
Many parts of our identities are not controlled by us, but instead are controlled by vast and powerful third parties, as I will show below. Few of our identities are actually in our own hands. At this time, several interesting technologies are being developed that give us tools to manage our identities in certain environments. Who we are can be context sensitive.
Here is a brief overview of some of the identities that we hold. This is not meant to be a complete list, and I invite your thoughts on this topic.
Our Inner Selves
This is all of the stuff that makes us uniquely who we are. It includes our bodies and health records, our beliefs (including our beliefs about privacy and civil liberties), and our personal needs and requirements. To varying extents, we know and control our selves.
We have reputations among our friends and colleagues who have learned to trust us (or not) in certain matters. This identity is formed by our actions, and is held by others who know us.
A Member of a Group
Many of us belong to groups, such as professional affiliations and organizations, churches, buyer’s clubs, and computer user groups. We may find it useful to identify ourselves as members (or non-members) of these groups. For example, much of the political discourse in the United States these days involves groups such as “the religious right” or “the liberals.” Military personnel are all part of a group. Our families are a group.
Citizens of our Country
In most cases, we are citizens of the country in which we reside. As citizens of the United States, for example, we have a national identity that consists of our social security number, our tax records, and our voting registration. Similarly, as citizens of a state, we have drivers’ licenses and state tax records, and possibly real property (and associated records). At the moment we do not have a national ID card, but our politicians have talked about implementing one.
Your Economic Profile
This identity is made up of your credit card purchases and financial decisions. To a large but not absolute extent, you control your buying habits. However, large corporations control your credit rating, your bank records and loans, and the future of your buying power.
This is the identity that takes a beating when “identity theft” occurs. The large corporations do not have political, economic, or social accountability for the problems that fall to us when databases are compromised. These corporations also do not have meaningful incentives to help us get our identities back in order once we discover problems. This is an area that needs to be addressed.
Our Federated Identity
Federation refers to trust relationships with identity service providers. Your federated identity is your assembled user information, stored across multiple distinct identity management systems, which is generally joined together by a single user sign-on process (SSO). Your login process may authenticate you (allow you to prove you are you), and may also authorize you to do certain tasks like modify files and change information. For example, our work login account might allow us access to all files in certain departments, but not others.
The Digital You(s)
This is where things are starting to get out of hand. Every time you sign up for another service such as an email account, a service such as Facebook or MySpace, a membership to a website, or make a purchase over the web, you have created a new identity. Mailing lists may or may not allow you to remove yourself from their lists, and may or may not retain records of your having been a part of their list service. As for the web, most websites have a policy to retain your information in the control of each company that owns that website. The databases of “membership” have become commodities which other companies can buy and sell, or assets which can bargained with in a merger or acquisition. This has not generally worked out in our favor.
Note that these many accounts are not federated, meaning that you can’t access them from a single sign-on (SSO) account.
Who is in Control?
Many people have been working on developing tools to help us establish some control over our various digital personae. We’ll be looking into these over time.