- 1 1. What is a digital identity and why is it important?
- 2 2. What is different when we are online?
- 3 3. We are leaving a trail online
- 4 4. What are the opportunities and risks linked to digital identity?
- 5 6. What kind of Digital Identity for tomorrow?
1. What is a digital identity and why is it important?
“Who am I?”: You have surely asked yourself this question in your life. People have been fascinated by the definition of their identity for thousands of years. Today we have to answer the question about our identity from an additional perspective: the digital point of view. As we have seen in the introduction, the Internet is a technology that connects computers and devices all over the world and gives people an easy way to stay in touch with family and friends. It allows you to get access to online shopping or participate in politics and governance. By doing this you become visible to others due to your activities on the Internet. A digital identity is created. But what is a digital identity? We will make a distinction between a digital identity in the narrow sense for authentication and in a broader sense for all traces a human being leaves on the Internet. In a narrow sense, a digital identity is used for the process of identification. The digital identity can be thought of as a key and the service one wants to use the Internet as a lock.
|Information on an entity used by computer systems to represent an external person, organization, application, or device.||Your password, fingerprint or token for authentication. (ie ‘your digital key’)|
|The complete set of digital characteristics that you leave on the Internet||Every trail you produce online by using a device linked to the Internet.|
|Online Identity/Persona||A partial identity created by you to represent yourself in a specific situation||A social network account or your online blog.|
|Identifier||A way of referring to a set of characteristics||Your email address (myID@me.com)
or user name (RaulB) or an account number (7633)
|Profile||Information collected by others about your actions and characteristics||A search you conducted for “discount shoes” or a list of websites visited|
Based on: Internet society document is-identity overview-20110218-en Like your physical identity, your digital identity consists of many information. And like the physical identity it can only be understood correctly when the context is clear. Your digital identity on a social media platform consists of information other than your digital identity in your financial institution. And with your state authority you hold other information again. That is the reason why we should distinguish between three players, their ambitions and possibilities. First and foremost there is you, the user and the people around you, your social and professional community as well as the society you are part of. Let us imagine that you sit in front of the computer for the first time in your life. Where do you start? Perhaps you have friends who have gone far away and you want to stay in contact. You can choose email or a messaging platform to write and read messages, send photographs and files etc.. Before you can do so you have to give the email service or messaging platform some information about you. In return you get an account and in most cases you set a password for it. Then you are able to communicate with your friends. Another common activity on the internet is shopping. It connects you to the second important stakeholder: companies. You can visit websites that offer you a variety of products and services. If you want to buy them you usually have to create an account that is directly connected to a bank account or indirectly via a payment provider like a credit card or online payment systems like paypal. This way you are able to order something and pay for it without sending real money. The bank assures the vendor that she gets her money from you. The trade can be concluded. Last but not least: When you buy airline tickets for travel abroad via the internet you need a third type of ID. Besides you and an airline a third party is directly involved: states. Now you have to give further information about you, for example you passport number, date of birth, address and nationality. This is necessary because you will cross a border to another state and both states want to check the identity of the passengers. And the reconciliation of data between the states is (mostly) done digitally. Digital Identity is a fascinating topic with deep implications for us all. In the following pages we will dive into the following questions:
- What is the difference between a physical and digital Identity?
- What different features do digital IDs have today?
- How might Digital Identity evolve in the coming years?
- What are the opportunities and risks linked with the different kinds of digital identity?
2. What is different when we are online?
Let us remember the three examples from the beginning: sending an email, buying goods on the Internet and buying a ticket for a flight abroad. All actions can happen in the real world without directly using a computer. So, what is the difference on the Internet?
You can write a letter on paper, put some photos in an envelope, write the address on the envelope, and put a stamp on it to pay for the service. The postal company is only responsible for transport and does not know the contents accordingly. You as the sender can remain anonymous. What is different in the digital world? If you want to use an email service, you must create an account. You write the message on the computer or smartphone, enter the email address and press send. The process is easy and in most cases free of charge. At the same time all activities could be tracked and recorded because the information is digital. Of course, it depends on the service provider you choose - some put high priority on protecting the content - and the laws in your country. But the digital nature of the information makes it more easy for someone external to access it. And this is not limited to emails. It is also true for communication on social media platforms. Digital Information can be easily copied and accessed from virtually everywhere on the planet. Let's take a closer look at the second example: online-shopping. In the offline world you can go into a shop, choose what you like and pay with cash. For example, you go to the bakery, by bread with a bank note and go home. As long as you buy everyday article without age restriction (eg alcohol, cigarettes) you can stay anonymous. In case age restriction is involved and you are young you might have to show some documents to verify your age.
If you want to buy something on the Internet you have to create an account on the website you are on. Here you usually enter your name, address, age, email address and further information about how you want to pay. If you buy on the website of the vendor it normally takes three parties to complete the transaction completely digital: you, the vendor and a finance institution that verifies that you can pay for the goods. So you also need a digital account at a financial institution. In most countries the laws for having an account are quite strict and directly linked to a legal identity. This way the vendor can be sure that he gets his money in exchange for the goods or service, because she trusts in the financial institution involved. It guarantees that legal standards are fulfilled. In this example, you used two different digital identities in combination. Source: World Economic Forum - A Blueprint for Digital Identity: The Role of Financial Institutions in Building Digital Identity.
But in many cases we use Internet intermediaries instead of the online shop of the vendor. What happens then? Internet intermediaries are companies like Ebay, Amazon, Facebook or Alibaba. These companies combine offers of many vendors on their platforms. This way there is just an indirect contact between you and the vendor, because the intermediaries are in the middle. Source: Diplo Foundation. At the same time you establish a third digital identity on the platform. Since the vendor only gets the information about your purchase, but the internet intermediaries can track all your activities and purchases, they have a much bigger database about you than the vendor. By using the platform of an Internet intermediary you use three digital identities (your e-mail, your profile on the platform and your bank digital identity) and feed all of them with information about you.
You might already suspect it: Buying a ticket of an airline needs a fourth digital identity. What was already mentioned above can be transferred to the last business case as well. Due to the high security standards that is defined worldwide it is necessary for the airlines to check the identity of every passenger within strict rules. In order to fulfill this task, users must obtain the relevant documents from states to participate in air traffic. This ‘legal identity’ is in many countries also a digital identity. Therefore, up to four digital identities are nowadays easily used to buy a plane ticket.
How many at the end?
Are this all your digital identities? No, we see that every company that interacts with you via Internet uses a data set of your activities to fulfill the service that you expect as customer. So there is a key question for the future: Will we go on piling up digital identities? Or will we be able to connect and fuse them into one single Digital Identity? And who will be in charge of managing this/these identities? You? The state? A company? Another third party?
3. We are leaving a trail online
Data starts being collected from the moment we are connected. And in the future not only when we use a computer. The Internet of Things (IoT) will do a great part in keeping track of you. Internet of Things means that literally ‘every’ object will be connected to the Internet and a more or less constant information flow about the state of the object will be tracked. This of course is not necessarily linked to the user but it does not take much imagination to think about such use cases. For example, if you want to drive a car and you use a key which you can use with your fingerprint you can be tracked by the car. Since future cars will be online most of the time, you have to trust the car manufacturer with your data. The same can be said about video surveillance in public by the state. Today’s technology allows states to track every person in public. As mentioned before, this is one of the most great advantages of having a digital identity: It allows you to seamlessly and easily use a broad number of services and goods. Think about your mobility: Thanks to the integration of your data you can plan a trip from A to B in a single app and pay a single ticket but use a car, a bus, a bike and then an e-scooter from different providers without having to bother. This collection of personal data can represent a risk in the long run: Citizens are profiled and they can’t take back what they have done a long time ago: data can harm us in the long run (think about that stupid photo of you from 10 years ago that is still online and on which you have no control). Right now, only laws - such as the EU’s General Data Protection Regulation (GDPR) - provide guidelines on which data can be collected, and for how long it can be retained by the collector. It is one of the world's most stringent data protection law. But data can still be collected and processed – assuming it is with our knowledge, and in many cases, with our consent. This at least is the idea behind the law. But how will we handle the data of, for example, the deceased? A study has shown that by 2070 there will be more profiles of the dead than of the living on Facebook. Other platforms might have similar problems. And how do we want to be remembered after death? The digital identity gives us the possibility to store parts of our life as pictures, messages and activities beyond our deaths. Do we need something like a testament to our digital identity? When there were only printed texts and pictures, copyright clarified who was the owner of these records. This regulation has been softened and must be redefined as a result of technical progress.
We have seen that digital identities are very useful to make processes quicker. You are able to send and receive messages within a blink, compare and buy products within seconds or travel around the world thanks to you digital identities. It helps you live the life you want. At the same time it can be misused by others. What happens when the wrong people know personal things about you? Why might it be a problem that companies want to know ‘everything’ about you? What happens when you travel to a country where your former online activities are not legal?
For individuals and groups
Many of us are in constant touch with family and friends thanks to the Internet. The Internet also allows us to communicate with fellow citizens of our country and even at a global scale in an instant. Information can spread immediately; people can coordinate and communicate easily. This is a wonder. In early 2010, the so-called Arab Spring led to the downfall of governments in the region. The anti-government movements were highly relying on social media to coordinate and spread information. More recently a global protest movement called ‘Fridays for future’ emerged. The Internet helped the movement gain such popularity that on Friday, September 20, 2019, an estimated 4 million people demonstrated for more climate protection worldwide. At the same time, the people involved in these movements can be massively threatened online for their opinions and actions. More dramatically, they can be more easily identified and threatened physically. Social communication platforms can also be misused for mobbing and denunciation. We have very little control over the information that other people spread about us. Perhaps you have heard of examples in your society where the opinion of a single person or a group leads to hatred by others on the Internet. One future consequence could be that you might be too afraid to voice your opinion online because you fear others may use it against you on the Internet. Remember that in the digital world information may be accessed from everywhere: Distribution is much broader. And at one point it could overlap back to the analog world.
The power of your online identity for you and for others
Now let's take a closer look at your interaction with companies. Having an online identity linked to a company - in this case a “profile” - give you access to a world full of potentialities. With a profile you get offers based on your preferences and on the products you are searching. You access a system of recommendations to discover new products, new songs and movies, that are based on what you like. Also having a profile allows you to trade directly by putting items to sell, by buying second hand gear and clothes. Having a profile on a social media platform gives you the opportunity to communicate with the world. You can publish and share. You can get attention on causes that are important to you. You can grow a vast network of friends and supporters. You can even make a living out of it if enough people follow you. You can meet your soulmate and connect with people having the same interest as you. An online profile makes a lot of things much easier: No need anymore to go to the counter at the bank, no queue at the museum entrance, at the train station, etc. No need to carry a lot of cash and heavy change. When you are online profiting from all theses services, something is happening at the same time: Everytime you connect to a website, one or more institutions get what they want most: data for a digital profile. Companies have developed various methods to collect data about Internet users, for example the so-called cookies. With them, they are able to track online activity. And with the help of algorithms, programs to analyse the data, they are able to get a clear picture of what you do or what you are looking for. A study claims that Facebook only needs 150 of your likes to know you better than your family members. To put it in more general words: Companies know parts of your digital identity better than humans know your real identity. What do companies do with these profiles? A profile with personal preferences is produced with this data; this profile is updated with every action on the Internet. This is good because then you don’t have to enter all information from scratch when you visit a website and want to pay something. At the same time one possible use of the profile is to influence your next online action by providing good recommendations or ads. That is one of the major business models of the most valuable companies in the world. Already, 35 percent of what consumers purchase on Amazon and 75 percent of what they watch on Netflix come from product recommendations based on such algorithms. These data can also be used to spread disinformation and misinformation effectively (see the next part on the question of information and disinformation). The highly industrialized countries use high personnel expenditure and technical means to ensure the safety of their citizens. Counter terrorism is one reason why many states have built big databases of personal data. These data are important for the daily business of the police and intelligence services. With these digital identities, countries can control frontiers and easily transfer the data in the event of a request, arresting criminals and countering threats. They can also give their citizens access to a broad palette of services to make their life easier: Think about e-government applications: Getting a new driver's license, paying taxes, getting social aid, etc. At the same time there is a risk of having a systematic and arbitrary exclusion or persecution of minorities by the state due to digital identities. So what might be good for one group might bring disadvantages for others. Data can also be used to track and control the population in a way never known before. Actually, states define what data they collect and how they use these data to give access to services and rights and privileges, or deny them. And technical progress makes it possible for states to generate comprehensive profiles with a lot of information.
Is your data safe?
So digital identities and the information they hold about you are very valuable. But are they safe? Actually this is one of the major challenges about it: Personal Data is under risk for different reasons. First, hackers might be able to steal them. Hackers are people who use the Internet with a lot of technical expertise. For example they are able to attack computer systems of companies or governments with the goal to steal the data. The more personal data an organisation has, the bigger a target it is for hackers. Data which ends up in the wrong hands can be sold and then used without your agreement to learn about your habits, preferences, and behaviour, making this data extremely valuable. This became apparent in September 2019, when data on almost the entire population of Ecuador has been leaked. Also many companies have been hacked and the data of their users circulated. Second, many companies are globally active and have many opportunities to choose the legal background they want to work with: This means that they may use your data according to the legal framework that is best for them, not for you.
6. What kind of Digital Identity for tomorrow?
This chapter has shown us that digital Identities are both a blessing and a risk. But how do YOU want to handle that in the future? For you personally but also as citizens and society? Do you prefer to have one or many digital Identities? Who should be in charge of keeping the data? What to do with your trail online? What should be the rights and responsibilities of the different stakeholder? Let’s discuss.