Currently there is no generic system for identification in cyberspace. It is not possible to identify an entity with certainty or to determine accurately whether an object has a specific characteristic. Digital environments have inherent differences from real space which cause this discrepancy. When implementing an identity system for cyberspace one needs to consider more than just the architectural nature of the system -- any system chosen will have social, economic, and legal repercussions which need to be also taken into account.
Identity is a unique piece of information associated with an entity. Identity itself is simply a collection of characteristics which are either inherent or are assigned by another. The color of a person's hair and whether or not another thinks he is attractive is part of a person's identity.
Interactions done in real space inherently carry the identity of the person originating the transaction. Generally, physical traits are carried along in a transaction -- for example when one purchases a book from a book store, the book dealer may remember the buyer's face or build.
The difference between real space and cyberspace is that the essence of any digital transaction is unbundling. Ones and zeros do not inherently carry any separate information along with them; a real space transaction carries along inseparable secondary information. Digital transmissions can only transmit content; there is no secondary information encoded in the transmission unless explicitly put there. Thus, for authentication purposes, additional information needs to be carried with cyberspace transactions for identity purposes.
Providing extra information in digital communication introduces the possibility for identity theft. Since nothing prevents the transmission of false digital identity information or the duplication of another's identity information, identity theft that would be extremely difficult in realspace is possible in cyberspace. To prevent these problems, the actual identity must not be transmitted along with the message; instead a verification scheme needs to be used to convince the recipient that the message was actually sent by the sender. This eliminates the need to send one's actual identity. The concept of verifying instead of revealing provides an extra layer of security to the sender.
The other point of insecurity is in the digital certificates that are issued to verify these characteristics. These certificates are meant to be used only by their owner, but if they are obtained by another party, then that party can falsify his identity, and represent himself as the individual for whom he has digital certificates. Architecturally, we must decide how to store and use these certificates. The certificates can be stored on a smart card for use on a computer terminal, or the certificates can be stored in an "identity server" locked via password or biometric information and available for transmission over the Internet.
In real space, it is difficult to selectively verify or reveal portions of one's identity: most forms of identification contain more information than is needed for any transaction. The unbundling which is possible in cyberspace allows portions of identity to be disassociated and verified by a third party. This not only creates the ability to verify via the least revealing means, but it also creates the framework for anonymous transactions -- it is possible to merely verify the proper information without ever distributing the name characteristic. Further, cyberspace users have control over the strength of the link between their real world and cyberidentities. That is, in cyberspace, users can unbundle identity from content and transactions.
Therefore, designers of an identity system for the digital environment need to consider whether or not to build a system that facilitates traceability -- i.e. whether or not to build a system in which it is always possible to trace one's cyberspace content/transactions to one's real world identity. This question is extremely important as it will not only affect the architectural design of the system, but it will also have side effects disturbing governmental, commercial, and social environments in cyberspace.
Forcing a mandatory link to identity (i.e. mandating traceability) provides properly authorized law enforcement with a crucial tool in criminal investigations -- the ability to determine with whom criminals are interacting. Law enforcement also will have the ability to monitor illegal activities and trade, and easily determine who is involved. However, commerce may also leave the United States if other nations provide anonymous transactions. The mandatory identity link will also stifle dissenting speech as citizens will be afraid to voice their opinions because everything they say can be traced to their identities.
Not providing the link is detrimental to law enforcement since they will have no means to track crime in cyberspace (especially once encryption becomes more widespread and law enforcement lose the ability to get the content of any transmission). Commercial and social interests can fulfilled if there is no traceability, except now both will have to coexist in an environment in which there will be a significant amount of criminal activity.
Another issue which needs to be considered by those designing a digital identity system is related to the ability to separate characteristics from identity. This may create a market for personal characteristics. A person may now have the ability to sell a personal characteristic to another party in exchange for goods or services. It may also be possible for companies to collaborate and share people's characteristics in order to recreate as much of the identity as possible for marketing purposes. Situations such as these need to be fully analyzed and appreciated before the design of a digital identity system can begin.
Even once designers of the digital identity system have resolved these architectural choices, there are a variety of barriers to implementation that must be overcome. Socially, many Internet users do not recognize the need for secure digital identity verification and they must be educated before they will adopt such a system. Economically, the financial incentives for building this infrastructure are complex, as an open-standard identity architecture is a public good and government intervention in the marketplace may be needed. Legally, liability rules for misuse and compromise of digital identity must be established.
Any decision to unbundle characteristics in the creation of a digital identity system cannot be made simply by choosing an architecture which is simpler or more elegant to impleent -- there must be a consideration of the legal, social and commercial ramifications this decision is going to have on the cyberspace community.
Return to conference page
Send comments about this site to 6805-webmaster@martigny.ai.mit.edu.
Last modified: December 2 1998, 10:34 PM