Contemplating Anonymity, Authentication and Privacy
There was a typically insightful article in the February 17th issue of The Economist entitled “The End of the Cash Era” which explored the coming age of electronic money, balanced with the nagging question of the steady loss of an individual’s ability to preserve anonymity.
We are in one of those unsettling times of transition where policy, law and individual preference have not caught up with the realities of technology. According to Ian Kerr (see http://www.idtrail.org/) “we are seeing a shift right now from a world where anonymity was the default, to one where authentication is the default.”
Consider a day in your life. You do things – walk down the street, go shopping, surf the web, sit at your office desk and work, go for supper at a restaurant, watch television. You can classify all of these activities, as follows.
- Many of your activities are observed. Historically, observation of your activities was transitory or ad hoc, but they were witnessed. Generally, your activities were anonymous unless you were carrying out your activities with friends or relatives, or unless someone went to the effort of finding witnesses who could identify you.
- Many of your activities result in transactions that are recorded. Historically, the record of your transactions would contain sparse detail, it was improbable that the party in your transaction could do much with that information, and it was not possible that all the various parties with which you transacted could share and search that information.
- The remainder of your activities which are not observed or recorded are private, although it is possible that if you keep private records of these activities, they could be obtained by others (either through legal or illegal processes) and would cease to be private.
The advances of electronic technology and its diffusion have made the observation of personal activities and recording of personal transactions very low cost. And, with fewer goods and services exchanged on a cash basis, the authentication requirements around the use of electronic money means that transactions are no longer anonymous. The attachment of identity to transactions means that identity can be matched across transaction domains, and that “islands of data” can be aggregated to compile quite a bit of information about you as an individual, without you knowing it.
Very soon, you and your friends will have cell phones that will implement “mobile payments”. Your cell phone will also be GPS equipped. So, anyone monitoring the cell phone system will know where you are every minute of the day, who you are with or talk to, and what you spend your money on. The arrival of digital television – whether cable set top boxes or by satellite – means that the anonymity of analog television is gone; the service provider company now knows everything about your TV habits. And, with the advent of the triple play (phone, internet, television) virtually your entire life has become digitized to a single service provider.
My concern is that we, as individuals collectively, have not been involved in the decision to obliterate anonymity in our transactions with the market, as the default position. As society, we have a centuries old practice of transactional anonymity which was enabled by the acceptance of money, i.e. currency backed by the state. Our system has evolved such that, in order to obtain convenience, we have somehow given up anonymity through the use of credit or debit cards, customer accounts, loyalty cards, and so on.
We are now reaching the point where we may loose transactional privacy. And that requires some thought before we go much further. It is natural that our society, as a complex adaptive system, let the current state emerge. It is equally natural that we question what has emerged, and change again if doing so is to our benefit.
For example, can we create methods of authentication that preserve privacy? Can I find a way to be authenticated and yet anonymous at the same time? Or can we find a new definition for anonymity, i.e. a way that I can be anonymous for commercial transactions but not so for certain aspects such as safety, health and security?
Can we shift back to a world where anonymity is once again the default position, while still providing the authentication we need to access network and other resources? Or, can we get much better at identity management? Perhaps my real issue is not so much to be anonymous, as it is to maintain explicit control over who uses my identity and for what purpose.
We should not be using the solutions to technology problems, e.g. authentication, as the basis for designing our society of the future.
Reads: 1664 | Today: 3 | Last: 31.01.2012 - 23:43
