9 May 2014

Is it possible to create a digital identity based on trust?

I’m in the middle of reading David Birch’s thought-provoking book Identity Is The New Money. He makes an important point: that the main reason we need money is to give us enough trust to trade.

For example, the café owner who sells me my lunchtime sandwich doesn’t know who I am or whether he can trust me, but he doesn’t have to because the £5 note I give him is backed by the Bank of England, and that’s a trustworthy institution (for most people, anyway). Money is simply a token of trust.

What if, Birch argues, we were able to instantly confirm the identity of the person we are interacting with, and therefore calculate whether we can trust them? Money as we know it would be redundant: we’d no longer need tokens of trust since we’d have the real thing.

It opens the way for a utopian future of seamless, quick, easy transactions of all sizes, operating globally and without the need for the clunky old banks with their safes full of cash. And technology is playing a leading role in creating parts of that potential future.

08_trust_g_w

In fact, identity (as I’ve blogged before) is fundamental to many of the challenges the internet throws up, from crime to child protection to the movement of government services online. If only we could absolutely, accurately identify everyone online, we could sort out a lot of problems – or so the logic goes among many powerful groups.

Birch outlines three levels of identity: personal (my own sense of self), social (my identity defined by interactions with others) and legal (me, as defined by the state). Perhaps, given the rise of social networks, our social identity might one day be used for payments? Perhaps if all my Facebook friends tell the café owner that I’m trustworthy, he’ll simply hand me my sandwich and accept a bank transfer later on?

But there’s a problem here: if a business owner is offered a choice of the three identities above, guess which one they’d prefer? Of course, the legal identity – because it’s the surest one. And that’s why, whatever happens with identity, there will be an inexorable drive towards pinning us all down to those key pieces of identification: passports, addresses, bank accounts (and increasingly, biometric credentials). Trust only goes so far, and as we’ve discovered with our Data Baby experiment, making transactions without a physical address is tricky.

Why is this a problem? A recent experience of mine is illuminating: when I work from home I use a laptop, and some of the hacker websites I access are frequented by people who may have malicious intentions (if not now, then potentially in the future). I don’t want them to know my real identity, nor to expose my home IP address (which is shared by my co-tenant), so I use a pay-as-you-go 3G dongle.

Problem is, the hacker sites are classified as “adult content” and the 3G dongle must be unlocked to access them. To unlock it, I have to give an address. I tried giving a fake one, but the mobile phone company looks up the details on Experian and spots that I’m lying.

So avoiding using my legal identity is tricky. Perhaps my social identity might come to the rescue? Perhaps my Facebook chums could tell the mobile network that I’m a grown-up? For me, that’s potentially worse: it’s one thing exposing my legal identity to nasty hackers; it’s another thing for them to know the names and IDs of my friends and colleagues.

Perhaps there’s a solution to all this, but for the moment I see little to counter the trend that pushes us towards a single, verifiable identity, and that’s not necessarily something we should all welcome.

Follow @geoffwhite247 on Twitter