Terrell has some excellent thoughts on the convergence of all the nodes of identity management. Briefly, he’s talking about,
“…a system that plays by all the rules and ‘just works’ for the simplest of use cases today, and is ready to scale up and handle the use cases of tomorrow. I’m envisioning a wrapper – a specification that defines how data should be held and managed for an individual.”
And I think he’s right that we’re rapidly approaching the point where all the elements will be in place for a workable framework managing the various aspects of our digital lives, seamlessly (which he details very nicely in his post). He ponders,
“Is anyone going to see any value in this OpenLifeBits model besides the geeks among us?”
What this makes me think about is the driver’s license. It’s a pretty basic chunk of modern life, into which it’s integrated in a lot of different ways – air travel, need a DL # for bank acct., buy beer, get into a show, etc.. It’s easily enough procured by most people, but consists in the procedures required to get and maintain it and the materials and capacities it’s composed of, elements that’d be totally obscure to people a generation or two ago. Near-universal access to cars, driving schools, a massive and mostly-legally-mandated insurance system. And then there are the little, useless things – laminated plastic, holograms, magnetic data strip, cheap on-the-spot digital color photograph – that are still kind of amazing. And it all works, basically.
At its heart, it’s fundamentally a technological protocol that over time everyone’s learned how to acquire and use to such an extent that it’s basically invisible. It’s evolved to take over new, strange responsibilities because it was just there do it. And that’s really the model here – just as the driver’s license became the central node of identification as we came to spend more and more of our time on the road, a single digital sign-on/handle/location/whatever will emerge to be our works-well-enough node for digital identity and whatever welded-on functions come after.
All a roundabout way of saying that I think that, yes, people will see value in this, in not having to remember lots of different passwords and also in there being a unitary system for not just management of identification but remediation for identity theft and fraud.
Terrell again says,
“Additionally, the legal questions around ownership of data and the contractual obligations of those you share your information with remain unanswered questions. I have a hunch though that a lot of these types of questions have precedent – just not with the specifics of personal data archives.”
As laid out in two excellent papers by Michael Madison and Matthew Hodge [PDF], this case law here is a mess. There are a lot of possible precedents for all of these questions, and how that unfolds is going to depend on a number of factors like where the initial legal challenges are brought (probably better in the 9th Circuit than the 4th, but even the 9th has issued some infuriating rulings on these issues), when which issues trickle their way up to the Supremes, and what the Court looks like, then. In sum, we probably can’t count on a particularly workable solution emanating from the courts anytime soon.
And so, I think that there’s a role for the state here, not necessarily in being the repository for all this information but in doing what states do best: setting the rules for the functioning of a market. Not even specifying what goes in the wrapper, or what the wrapper’s made of, but in specifying how it functions as a protocol within all of the various other legal and practical structures of everyday life.
Moreover, I think that beginning to address these issues now, before some truly, truly scary and non-user-centric model gains hegemony, is the right move.
What would that look like? The key issues to address as I see them are privacy and property, and they’re very interrelated. I’ll explore this further in the future, but there are a few points that leap out to start:
- individuals are surrendering their privacy and identity in their digital lives, and aren’t being compensated particularly well for it – surrendering ownership to of these commodotized rights to private actors
- in those digital lives, in issues not relating to themselves, individuals take a pretty fluid idea of property and ownership – implicitly or explicitly eschewing claims of ownership of private actors over all manner of digital data, who feel in turn not well compensated for their products being freely available online
I’m not suggesting that MP3s are the same as Fourth Amendment rights. The latter are, and ought to be, far more valuable… really a rather amazing understatement, actually. But the patchwork of legal precedents, practice, unequally powerful interested actors and fast-changing technologies leads to strange outcomes. Citizens’ Fourth Amendment protections are violated daily as a matter of basic commerce in our digital lives, with little or nothing in the way of recourse, while record companies are able to receive legal judgments valuing individual digital copies of songs in the thousands of dollars. Something doesn’t add up.
The basic tenets of any solution here will be a framework that above all recognizes the real (both operative and desired) boundaries between private and public – between the digital individual and the sea of other ones and zeros in which they daily swim – while allowing for a seamless navigation of that sea of conversation, commerce and governance. It’s a conversation that needs to happen, and one in which people already have opinions (even if they aren’t clear on the technological particulars). So let’s have it.