Context, Ownership and Responsibility, Part 2

Who owns your identity?

Most of our current “Identity Systems” are designed to allow and control access to some application. Most Government issued Identity Credentials (driver’s licenses, passports, Social Security Cards, etc.) were designed for use in one system (generally a manual system) and have been twisted for use in new and unexpected ways. Your driver’s license is now necessary to board a flight. A social security number is now necessary to enroll in school.

You can glean several insights from these observations. First, manual systems are more flexible and adaptable (I never expected those words to exit my mouth). Second, if the only identity tool your government issues easily is a driver’s license, then that will become the default identity credential for both business and government. Third, context is easily breached with physical credentials that must be personally and manually examined. Fourth, the context built into electronic systems credentials (like your Microsoft Active Directory record, or you Google mail account) is harder to avoid. They won’t accept your gmail account when boarding an airplane, or writing a check. These purpose built credentials are much harder to use outside their intended domain, or for their intended purpose.

Credentials are all created by organizations that want to identify their members. Governments want to identify their citizens and companies want to identify their workers and customers. The organizations don’t trust each other, so they individually produce and maintain their own identity credentialing systems. Typically, they don’t share, and they don’t trust. The result is that your Google identity is useless at Yahoo, and your employer company identity is useless at the airport, or the grocery store. The result is dozens of identities, most useless outside their original context. Personally I stopped counting my “IDs” when I reached 300.

So, who owns your identity? The naive among us might suppose that the individual is entitled to his identity, and that he owns it. If so, you’d get a lot of disagreement from the organizations. Doctors say they own the medical records, because they created it - literally wrote it in a file folder. Credit Reporting agencies will tell you that they own your credit file. The government will tell you they own your drivers license and passport — they just let you use them, and can demand their return at any time.

I think you can make a case that an identity, if not 100% owned by the individual, should at least be shared by the individual. Sharing would be an improvement over the current systems, where it’s 100% owned by the issuing organization.

Because Identity systems are owned by the organizations, they are created for the convenience and benefit of the organizations, and not for the convenience and benefit of the individual. You might say that the tools are company focused, and not people focused.

But, for people to own, or share ownership, of their identities, they need to take on some responsibility.

Filed under: Identification, Privacy