greenpoint design

Identity and the Web

The issue of identity verification has been around as long as there has been an Internet. Anonymity and global reach are two things that helped the net become the predominant medium of communication on this planet. Anonymity provides the freedom to fail and the freedom to say stupid stuff. Anonymity also gives license to all manner of nefarious activity and network abuse.

According to a Symantec study published last year, 90 percent of all email is now spam. And a 2009 Canadian study found that the cost of computer security intrusions nearly doubled from 2008 to 2009.

Anonymity is an anathema to the transactional web. In order for the internet to continue to be a viable communication medium and platform for business transactions, there must be a simple and sound method to verify identity across the web. This is not a new idea, but it’s been in the news a lot recently with Facebook’s recent retreat from using user data to create the social graph.

At issue are two aspects of identity: basic verification and a wider construct of identity that is created from our network of friends and acquaintances,  our likes and dislikes and the way we spend our time. The first is a requirement of any transaction — proof that you are who you say you are — this verification has been provided by credit card companies for over 50 years now.  The second is a much more personal type of identity, one that is  about who we think we are.

This new type of identity is largely a product of a networked world that logs every mouse click, text message, purchase and comment along with user-created social networks. Facebook CEO Mark Zuckerberg’s announcement of an “open graph” at the F8 developers’ conference in San Francisco last month was a logical step forward to link Facebook data with members’ activity on the wider web.

What Mr. Zuckerberg didn’t count on was that users might want to control the construction of their own identities and that the web community as a whole might prefer that the central repository of identification data were non-proprietary. Zuckerberg clearly did not read Kim Cameron’s Seven Laws of Identity, or take into account Microsoft’s failed Hailstorm experiment.

Yet the need for verifiable identity persists.  Symantec’s recent acquisition of Verisign’s authentication business looks to do for business what Zuckerberg proposed to do for consumers. Google has also resurrected the old Unix finger command for Gmail users (see Webfinger).

A host of other groups are working on the same problem. The just concluded tenth annual Internet Identity Workshop brought together some of the usual suspects in Mountain View, California, without arriving at a solution.

Whatever system of identity verification is ultimately adopted for the web, it must — as Cameron’s 7 Laws  decree — put users firmly in control and operate as a metasystem, drawing from many different identity repositories and contexts.

Facebook and the Fleeting Crowd

Trendmongers at the New York Times and The Wall Street Journal have noticed a funny smell at Facebook lately — the unique odor given off by the death of an expired fad. Virginia Heffernan’s piece in the NYT Magazine, Facebook Exodus, put it most succinctly: “Is Facebook doomed to someday become an online ghost town, run by zombie users who never update their pages and packs of marketers picking at the corpses of social circles they once hoped to exploit?”

It wouldn’t be the first time a world-uniting social network was reduced to a footnote in the annals of internet history (remember Friendster or Dodgeball?). Creating something as ephemeral and fragile as a community can be a tricky thing. Putting a value on that social grouping is even more difficult.

Depending on who you talked to, Facebook CEO Mark Zuckerberg’s refusal of a $1 billion buyout offer from Yahoo in 2006 was either a stroke of genius, or an act of incredible hubris by a kid who didn’t know any better. A June 2009 article in Wired, The Great Wall of Facebook, made much of the potential revenues of the network with 200 million registered users, but also noted that Facebook burned through an estimated $75 million in 2008, not including the capital it took in from investors like Microsoft and Digital Sky Technologies. The actual worth of the privately held company has left many analysts guessing, as noted in Facebook is Worth … What, Exactly?

In the real world, community is usually defined as a group of people living in the same place or sharing common interests. Online, common interests typically supplant location.  Other characteristics of a sustainable online community are:

• It fulfills a need for information or support; it must sustain interest
• It fosters interaction and dialog
• It allows users to control their own self-representation, or identity, through profiles or other means
• It has some moderation or self-regulation
• Some would also add that a successful community must have a purpose; it must reward the time put into it.

Arguably, Facebook has all of the elements of a successful online community. In its first draft, Facebook was tied to the real-world community of the Harvard campus, a group with shared interests and extensive offline interactions. As it expanded off campus, Facebook added great functionality, making it really easy for anybody to set up a personal web page and share photos and stories with their friends. Giving users the ability to accept or deny friend requests also promoted a sense of control and self-management over one’s social sphere (even while forcing some awkward choices).

So what has gone wrong at Facebook? Maybe it’s a victim of its own popularity. Clay Shirky in Communities, Audience and Scale (2002) makes the point that when communities grow beyond a small group in which most members know each other, they become audiences. This would account for some of the creep-factor felt by Facebookers today: the most active members seem to be performing their lives instead of actually living them.

Or maybe Facebook no longer provides much useful information. Maybe your extended circle of friends isn’t interested in what you had for breakfast, the fact that you’re hungover, or that the Quentin Tarantino character you most resemble is Jules Winnfield from Pulp Fiction.

Perhaps Facebook fails on the point of purpose: it just doesn’t reward the time you put into it. Or it could be just the fickle nature of online attention: Facebook has lost its cachet and the digerati have moved on.

Pre-emptive Recycling

A big part of information management is filtering out the crap you don’t need. This morning, NPR’s excellent Marketplace program mentioned an IM tool whose time has come: Catalog Choice.

Catalog Choice is a way to opt out of many of the catalogs that are crammed into your mailbox each day. Each year some 19 billion catalogs are mailed to Americans. And each year 18.9 billion of us chuck them straight into the recycling bin. That’s a lot of wasted paper, time and energy. Catalog Choice gives consumers the option to say “no thanks” in advance.

Unlike the National Do Not Call Registry, which is maintained by the FTC, Catalog Choice is a private non-profit venture. The project is funded by the Overbrook Foundation , the Merck Family Fund and the Kendeda Foundation. The well conceived and easy-to-use site design was done by Makalu Media.

Privacy, Liberty and the Transaction Economy

Some elaboration is required on two items in the last post. By suggesting that anonymous e-mail and handwritten signatures be retired as old and useless technologies, I am not saying they should be outlawed or forbidden. There is a place for anonymous communication and everyone has a right to protect their privacy to the extent that they see fit. However, in today’s machine-mediated, transaction-based economy, participants must validate their identity or lose trust and risk being shut out of many exchanges.

If I buy a pair of sunglasses from a man who has set up a table on a street corner, I do not need to know the man’s name, or even the provenance of the sunnies. I can try on the sunglasses, assess the fit and judge for myself if the lenses are adequate. Then, if I am satisfied with the sunglasses, I hand the man $5 and the transaction is complete.

That exchange would not happen on the net. If I wanted a pair of discount sunnies, I’d check established retailers first — companies that had been in business a few years and had built a reputation for fair dealing. If I wanted a better discount I might go to ebay, but I’d take a close look at the sunglass vendor’s trust ratings and the number of transactions he had done. Likewise, the seller would require assurance that I was paying with real currency. That identity check would be performed by a credit clearinghouse like PayPal or Visa. Without a mutual verification of identity and reputation, that transaction would not happen.

The distinction that needs to be made here is between voluntary and involuntary identification. In arguing for better identification technology I am advocating a safer marketplace where transactions flow more easily — a space where I choose to yield some of my information in order to participate in certain transactions. However, better identification technology also increases the chances that my identity will be taken from me involuntarily.

Last week I had some business in a Midtown office building. In addition to the usual security checks that have become so common in post-911 New York, I was asked for my photograph. The digital photo that the security guard took was printed on a sticky-backed paper ID badge along with my name, which became my day pass to the building. I submitted to that rigamarole because I had business transact there. Although, one has to wonder how long that information will stay in the building’s database or if it will migrate to other information repositories (the persistence of information will have to be a topic for another post).

Not everyone is so compliant. Three years ago Italian philosopher Giorgio Agamben famously declined to come to the United States to lecture because he refused to submit to the identity checks performed at our borders. Similarly, Michel Foucault made a career railing against bio-politics and surveillance, most notably in the Discipline and Punish. The notion that our personal information is no longer our own has even filtered into the popular culture with movies like Minority Report, which had the chilling tagline “You can’t hide. Get ready to run.”

These are legitimate concerns and they should not be overlooked. By the same token, it’s foolish to wish away technology that already exists. The tools themselves — retinal scans, biometrics, integrated databases — are value-neutral; they either work or they don’t. It is the application of the information these tools gather that posits moral questions.

As a member of modern society, working in information design, I can’t realistically opt out of the networked marketplace. I can, however, demand control over the information that pertains to me, especially ambient information that is not strictly transaction-based. This would entail a revision and expansion of the Fair Credit Reporting Act, which has been patched many times since its first passage in 1970.

Legislation is famously slow to catch up with technology, especially in the information space realized by the net. A better safeguard of our liberty is an awareness of how information is gathered and used and a constant assessment of its value in transactions.