What is a Digital Identity? « OISTE: Organisation Internationale pour la Sécurité des Transactions Electroniques

HomeWhat is a Digital Identity?

What is a Digital Identity?

A new sense of reality: life Online

In the Internet, you may decide to create an avatar personality, a desired alter ego, or work using a pseudonym to blog, chat, Google, Skype and tweet. You can even exist in “the book of friends” with a fictional identity. Love online, flirt online, shop online, gamble online: in the Internet everything is just one click away. But beware. It is for your own interest to educate yourself about the risks that exist in this world.

The case for not being identified in Internet

The design of the Internet tends to favour anonymity. There are many transactions in Internet where digital identification is not necessary. In fact, a very influential policy paper argues that progress on digital identity management has to respect a space for anonymity[1]. The use of pseudonyms or fake identities is in fact a widespread practice. Recently, Google+ tried to go against the stream and enforce real name registration, sparking all kinds of reactions, amongst them, from Danah Boyd, who wrote on her blog that real name policies are an abuse of power[2]. Some of the arguments advanced refer to the physical security of political opponents to authoritarian regimes or the freedom offered by Internet to individuals belonging to disadvantaged minorities of interacting with other users without the barriers of social prejudices.

The buck stops here

The moment you want to perform economic transactions, deal with state authorities or conduct business on the Internet, matters become serious. You cannot fool around with your identity and you do not want to do business with people you cannot identify.

Identity is context dependent

Our identity or the identity of others, which is an issue with deep and complicated philosophical and psychological connotations, is dealt with in our physical world in a relatively simplistic fashion: it is a civil matter, ruled by law.

Identity as a human right

International legal instruments, such as the Convention on the Rights of the Child state that… “The child shall be registered immediately after birth and shall have the right from birth to a name (article 7)… “States Parties undertake to respect the right of the child to preserve his or her identity, including nationality, name and family relations as recognized by law without unlawful interference” (article 8).

The Universal Declaration of Human Rights states that… “Everyone has the right to recognition everywhere as a person before the law (article 6). In other words, each individual has a distinctive identity, first and above all, as a subject of law.

In fact, our physical world is segmented as per people’s legal identity. If you are a child, there are attributions and limitations. If you are a teenager, the law frames your rights, duties and obligations. Whilst in cyberspace, “nobody knows that you are a dog”[3].

Digital identity as a problem

The engineers who designed Internet did not build-in the means to know to whom and to what you are connecting. But this does not mean that Internet is a no-man’s land with zero security. There are different levels and providers of security.

Furthermore: at the highest levels of the world’s governance, the issue of digital identity management has become a priority: the USA government published in April 2011 a paper titled “National Strategy for Trusted Identities in Cyberspace. Enhancing Online Choice, Efficiency, Security and Privacy”; the OECD has published several papers and recently published the booklet: Digital Identity Management: Enabling Innovation and Trust in the Internet Economy; the European Union finances several research teams working on the subject, among them, Global Identity Networking of Individuals (GINI), who recently published their results: “A User-centric Framework of Identity Management Services” India has launched a most ambitious programme to provide its 1.2 billion citizens with a universal identity number” (UID) tied to biometric markers and digital technologies, solving simultaneously the challenge of creating a national registry and a digital identity; China’s State Council Information Office tackles the issue by expanding a program requiring real-name registration online.

International governmental organizations such as the International Telecommunication Union (ITU) have a working group dealing with the issue of digital identity management: Study Group 17 . The ISO, International Organisation for Standardisation, has produced international standards for different aspects touching upon digital identity management and Internet security.

On the non-for profit sector, there are several groups working on digital identity management, among them : OpenId and Kantara Initiative with new ramifications such as OAuth. ITU on its 2007 paper Report on Identity Management Ecosystem and Lexicon identified 12 organizations working on digital identity management standardization; 6 doing research and other 20 working on related activities. The same document contains 23 pages listing Identity Management Terms and Definitions.

Digital identity as your problem

This is all very good. It sounds reassuring. But ask yourself the question: have you got your own digital identity under control? Are you aware of having followed a coherent, security-oriented procedure each time that you sign-up, type your password, give your home address and provide your credit card details? Are you aware of the number of people, businesses, organizations and entities that have privileged access to your private, critical personal information? Do you know whether your personal information is shared with other people or entities you never imagined or wished were mingled to your life? Are you sure that your e-mail box is private and that no-one, except you, is peering over your e-mails?

What are your options?

There are not many options really. Either you let others deal with the problem hoping that they will find a suitable solution or you take matters into your own hands and get yourself a robust digital identity based on military-enhanced cryptographic technology.

The OISTE Foundation prone a solution to the riddle of digital identity management based on the use of Public Key Infrastructures (PKI), the most effective technology against identity theft and hacking available on the market.

[1] Anonymity is an option that needs to be kept open, states the White House’s “National Strategy for Trusted Identities in Cyberspace. Enhancing Online Choice, Efficiency, Security, and Privacy”.

[2] See http://www.zephoria.org/thoughts/archives/2011/08/04/real-names.html). Danah Boyd is Senior Researcher at Microsoft Research, a Research Assistant Professor in Media, Culture, and Communication at New York University, a Visiting Researcher at Harvard Law School, and an Adjunct Associate Professor at the University of New South Wales. Her blog, http://www.danah.org/, on digital sociology is very popular.

[3] Famous caption of a cartoon by Peter Steiner, The New Yorker, July 5, 1993 (Vol.69 (LXIX) no. 20)

Standards