Last week, we spoke about anonymity and privacy, and in so doing we brushed past the concept of identity. The problem of identity has been with us for quite some time, as a species and as a set of societies. Newer technologies, such as the telephone and the Public Internet do not make the problem harder or more intractable, but they sure do make it a lot easier to actually see.
Actually, there are multiple issues of identity. Not the least of which that the word itself encompasses a number of conflicting meanings. In one sense, your identity is who you are without your age, name, gender, appearance, job, nationality, race, or home. What’s left is the core identity — the person that you are. For the process of identification however, that meaning is pretty useless. Identification focuses on what you are to determine who you are.
Unfortunately, as we’ve discovered over many generations, that really isn’t much good either. If it were, there wouldn’t be so many dead people casting votes in elections.
The usual standard of identification is to assemble a set of non-unique qualities. Your name is likely not unique, nor your address (there may be several people living there) or phone number or job or your date of birth, gender and so on. Put them all together, however, and they seem to do a pretty good job of distinguishing you from anyone else.
Unfortunately, that really only works one-way. This form of identification distinguishes a person from everyone else. It just doesn’t prove that you’re that person.
If it did, there’d be no such thing as an identity thief.
Identity theft goes back hundreds — some say thousands — of years. People have assumed the identity of others for all manner of nefarious purposes. Just because you’re in possession of identity documents, doesn’t mean that that is who you are, and that’s not even beginning to touch on the issue of faked documents.
Photo ID is supposed to help – but it doesn’t much. Do you really look all that much like the photo on your driver’s license or passport? Could there be dozens of other people who would resemble that photo just as closely? Probably, yes. Dozens or hundreds. With a little hair dye, maybe thousands would pass muster. Then they turn up for renewal, get their photo taken, and then the photo is of them, not of you.
Fingerprints have been suggested, but it has been shown that these are easily faked, not terribly unique, and frequently quite sloppily matched. Likewise even retina scans are of doubtful utility. They’re not as unique as they were once thought to be, and useless for roughly 30% of the general population.
How then can we even begin to identify users online, or in virtual environments? Do we even need to?
Well, yes. Users with their computers turned on tend to break laws no more nor less readily than people who don’t switch them on. In practice, however, it turns out that malefactors are easy to find, if people can be bothered to put any effort into it. Two Second Life copyright infringers were tracked down easily and relatively cheaply despite their having made every effort to conceal or fake their identities in dealings with others. The lack of a definitive atomic identity tied to their online identity proved to be no barrier.
That only leaves us with, for want of a better term, preventative identification. That would be things like, for example, age verification. Let’s start with the fact that age-verification in the atomic world doesn’t work, as a rule. Fake IDs abound, and it isn’t very hard to obtain one. As a result, minors routinely gain access to facilities that would otherwise be barred to them.
Having firmly violated the rules in person, we’re now going to trust that they can’t do the same thing online? That’s just daft. Because at the end of the day, we’re relying on them presenting documents to us (that may or may not belong to them) to prove that they are who they say they are, and that they are what age they say they are. Credit cards are available to all-ages now in many countries, and other forms of documentation are usually no harder to get than your mother’s handbag.
Linden Lab’s plans to move the most extreme Second Life content to an Adults-Only continent, available only to the age-verified potentially suffers from all of these flaws, while simultaneously clustering the content in a single set of locations, where it would be paradoxically easier to locate.
And this wouldn’t really be a problem, except that in many jurisdictions you are liable for exposing a minor to many things. Even if they lied to you (or to an age-verifier), and had the identity documents to back that up. You might be able to separately sue them for fraud, but frequently the law doesn’t care if they defrauded you.
And that’s ultimately the issue people are trying to solve, even though it seems there is no solution in sight.