Thinking Outside the Privacy Box
By Jeff Sayre
When it comes to issues of privacy and identity, the Web continues to experience growing pains. People speak of privacy and identity management as if they were separate issues. I believe that managing your personal identity is tantamount to managing your privacy. In effect, what is termed Privacy 2.0 and Identity 2.0 are really one and the same thing.
The reality is that, when looking at these supposedly disparate issues from the viewpoint of the individual, the differences disappear. And when looking at the topics of privacy and identity, in my opinion, the only viewpoint that matters is that of the individual.
So, privacy management tools and protocols are nothing more than identity management tools and protocols. Why is this the case?
In David Kirkpatrick’s book, The Facebook Effect, Facebook founder Mark Zuckerberg states that “Having two identities for yourself is an example of a lack of integrity.” What Zuckerberg is actually saying is that having two accounts on Facebook, or any other social network, is a problem. Whereas this can be a real issue, Zuckerberg makes the same mistake that most people make—conflating a user’s account with their identity.
Identity is not a username and password combination. Identity is not your OpenID, WebID, Facebook, or Twitter account. Those are simply identifiers, of which a user may have many different ones across the Web, one for each social network site. In fact, as mentioned above, it is possible that a given individual might have more than one account, more than one identifier, at a given social network. These alternate accounts (referred to as alts for alternate “identities”), are just another aspect of the individual’s overall identity. Alts are not separate identities—no matter how much the owner of an alt identifier tries to make it.
The IdentitySpace is that part of a user’s identity graph that they personally generated. It is the subset of their identity graph that they create, and therefore should own and have sole access to controlling.Now, even if a user has carefully selected to join only those sites that offer the option to register via OpenID Connect, their single OpenID is not their identity. It is just an identifier. So, OpenID Providers are not identity providers, they are identifier providers.
What is identity on the Web, then? Identity is your presence strewn throughout the Web. It is the sum total of all your verified activity on the Web (blog, forum, and social network posts, video, music, and photo uploads, etcetera), your associated interactions with others, and their comments about and interactions with you. That makes up what can best be thought of as your identity graph.
When we talk about privacy control on the Web, then, we are not talking about the ability of users to totally control their identity graph. Obviously, a given user can theoretically control only part of their identity graph. Why is this the case? Because each user can exert only so much control over what someone on the Web thinks and says about them. That part of their identity graph is controlled by others.
So what are we trying to accomplish by allowing users partial access to and control over their identity graph? What kind of privacy, identity controls can reasonably be provided to users?
The IdentitySpace: Privacy and Identity in a Semantic World
From a user’s perspective, identity control on the Web is about offering fine-grained control over the data that they personally generate. It is not about offering tools to control their entire identity graph, to control the subset of their identity graph generated by others.
The IdentitySpace is that part of a user’s identity graph that they personally generated. It is the subset of their identity graph that they create, and therefore should own and have sole access to controlling.
Do users have any options for managing that part of their identity graph that is created and controlled by others? Yes. It is called reputation management and there are some fee-based services that offer users some concrete means with which to do just that. But in a free society whenever two or more people are involved in creating an identity graph, it will never be possible for each individual to be able to control their entire identity graph.
This last issue is where a user’s Web of Trust (WOT) can help. By carefully choosing with whom a user interacts, they can build a network, a web, of trusted individuals. This web of trusted individuals can more easily vouch for the user’s reputation than a more loosely defined network of associates. This Web of Trust can also be used as part of an authorization framework that utilizes FOAF+SSL and WebIDs.
In my perfect Web world, the IdentitySpace would be a global, distributed, decentralized dataspace which any one person, corporation, or government could access. The ACLs of each unique IdentitySpace–the datasets created, owned, and controlled by an individual user–would determine what subset of data a given query would return and how and where that data could be used. Individuals would be free to release more of their data for use, or restrict its consumption.
The key here is that users remain in control of their primary, personal data no matter where their Internet journeys and sojourns may take them. While a user would have little control over what other people may post about them, they would maintain control and ownership over the data that they personally generate. They would control their IdentitySpace.
There are existing ontologies and protocols in the Semantic Web stack that can readily be adopted to offer users the fine-grained identity management that they desire. A wonderful summation of these technologies can be found here.
My Related Articles
- Flowing Your Identity Through the Social Web
- Web 3.0: Powering Startups to Become Smartups
- Repackaging the Promise of the Social Semantic Web
- Regaining Control of Privacy and Identity: It’s up to Each Individual
- Privacy in the Facebook Era
A thought-provoking presentation on open source, freedom, privacy, and identity. It’s by Eben Moglen, the founder, Director-Counsel, and Chairman of the Software Freedom Law Center.