Identification, Policy & Planning

Refining the elusive definitions of identity in the networked world

By Jianggan Li | 2 October 2008

Business organisations, NGOs, and governments are moving forward rapidly with identity management systems and programmes. A key to their success or failure is understanding how these systems work not just in technical terms, but in terms of their influence on the individuals they affect.

View photos

Related Categories

• IDENTIFICATION
• POLICY & PLANNING

From this Section

• INTERVIEW

Ultimately, the success of any identity management system depends not just on robust technical architecture and infrastructure, but also sensitivity to the human interests at stake in identity management. Understanding the whole universe of issues in identity management is important to anyone working on identity management programmes.

The starting point is identification theory. Despite its importance, there is a dearth of theoretical explanation for identification: what it is and how it works. How do people recognise one another? How do institutions recognise individuals, and vice versa?

Identification theory provides the answers. Four categories of identifiers help us sort among each other and organise the mental or electronic “files” we all keep on each other. Individuals and institutions use different kinds and qualities of identifiers that vary with the myriad purposes of identification.

Considering how readily we use it, identification is an extremely complex process. If often unconsciously, verifiers use sophisticated risk management techniques to identify people efficiently, demanding just enough identity information — and no more than is necessary—for each transaction. Identification systems ride on top of one another to further increase the efficiency with which people are identified.

It is only half the battle to know what identification is. The purposes of identification—its role in transactions and its effects on people—are just as important. Like identification processes, the consequences of identification have gone largely unconsidered. Few people know what identification does and what it does not do. Few people know when it works and when it fails. This hinders our ability to use it wisely and to set the most appropriate policies for identity management systems.

Identification is a sort of economic and social glue. It is there at the start of every relationship—between individuals, among businesses and people, between governments and subjects—and it is there at the continuation of every such relationship. Just as it
brings people together for good purposes, identification holds people together when things go badly. Identification ensures that the right person—the right physical body—is held accountable for bad acts.

Identification is almost always conjoined with record-keeping of some sort. Records organised by identity allow information to be used in deciding whether a person is pleasant company, financially sound, wanted by law enforcement, permitted to enter a building, or whatever the case may be. All organised record-keeping systems amount to surveillance systems of one kind or another. They can be used for good or for bad. Surveillance allows companies to provide consumers better service and lower prices—or to harass them with junk communications. Surveillance puts government agents in a position to capture terrorists—or to intimidate political dissenters.

Whatever the use, it is important to know that most formal demands for identification are either the front end of a surveillance system or the groundwork for the surveillance system that will be needed to make that identification requirement serve a purpose.

Western culture, and particularly the United States, prizes and protects anonymity—the withholding of identity information. When anonymity is the default rule, it puts individuals in a position to structure their relationships and lives as they wish, rather than having attachments imposed on them. Anonymity protects particular prized behaviors like free speech, dissent, and non-conformity. These values are important, but they are in tension with social and legal control, for example, and some societies put more emphasis on these values.

Today, identification cards sit at the “top of the heap” of identification processes, and they are at the center of identification policy debates. An identification card is best conceived of as a communications device that carries information from a person, through a card-issuing intermediary, to a verifier. It allows a person to be treated as “known” on a first encounter. Of course, the debate will move to various tokens and other form factors, but the issues are essentially the same.

Identification cards and tokens are at once ingenious and quite fallible. There are many weaknesses in this communication chain. A raft of recent public policy changes aims to shore up government-issued identification cards. Private identity management systems are also developing rapidly. These policies and systems will deeply influence the social systems in the countries where they are implemented and the personal security of individuals.

Life is changing on Planet Earth. Because of the rapid growth of digital communications, computing, and data storage technologies, the dominant motif of the modern era is the decline of practical obscurity.

For millennia, most information about people has been hard to come by. In 1950, you would have had a hard time knowing where you had lunch on November 7th of the previous year. Imagine trying in 1850 to retrieve the text of a letter you had written and sent in 1849. Today, your calendar and e-mails from last year are close at hand. Information like this is not just available to you, but to many others as well.

Indeed, more information about people is more available and useful to more people and institutions than ever. And the trend is continuing. It is easy to exaggerate the decline of practical obscurity as a pure negative. It is not. Along with concerns and harms, declining obscurity comes with many benefits. But it is a big change in the context of life and in the structure of societies that we must carefully consider and control. Identification policy is central to doing that.

Modern identification systems and techniques are naturally expanding the use of surveillance and increasing the use of dossiers. This benefits us in many ways, but it also threatens a society where the request for “your papers, please” — even if in digital form — is a dominant theme.

In very recent history, authoritarian governments in many countries have used identification systems to administer sometimes horrific programmes. Uniform identification systems permitted totalitarian governments like the Soviet Union and Nazi Germany to administer their monstrosities efficiently.

The costs of too-uniform identification systems are not just paid by historical victims of collectivism, war, and strife. Residents of peaceful and stable countries like the present-day United States pay a price as well: Identity fraudsters ply their trade using the essentially insecure identification policies and systems that the United States has backed into, without reflection, during the last 70 years.

A diverse identification system would at once protect against identity fraud, give people more autonomy and liberty, and act as a failsafe against broken democracy. Rather than a uniform government-created and -mandated identification system, different organisations and institutions should offer identification and credentialing services using a wide variety of techniques and methods, each suited to a particular purpose.

The way forward for identification policy and identity management is not easy to see, but the policies to pursue are essentially these: Identification should be used less, by businesses and governments alike. It has fewer benefits than we often assume and higher costs with each passing year. Non-identifying authorisation should be preferred when it can be used — and this is often the case. Finally, we should recognise that identification and credentialing are a valuable economic process, just like communications, payments, and credit reporting. A diverse, competitive identification and credentialing industry would be far better, and far more protective of liberty, than the uniform, government-monopolised identification systems on the advance today.