Exposing new frontiers of identity
The ways in which we're called to identify ourselves, online and off, is changing. The concept of 'identity' is no longer limited to formal identity systems, or identity credentials provided by state institutions like passports. Rather, we now live in a world where we develop and are provided with a variety of forms of digital identification, and new technologies and start-ups are leading a new emphasis on identity. This can be with or without our knowledge. Identity providers are becoming the gatekeepers to goods and services, this power leaves us open to exploitation by these companies.
What is the problem?
New identity providers, and ways of identifying ourselves, come along with new risks of exploitation. This includes the ways that we're tracked digitally, increasingly without our knowledge, across services and platforms is creating a new form of identity. The websites we visit may identify us as of a particular political group, or who the services we use may assign us as being of a particular gender, demographic or social group.
The new ways that we're being identified maintain the same risks which emerge from more traditional forms of identification: the risks of exclusion, exploitation and surveillance are still as dangerous as ever.
The challenge lies, in part, in understanding what the identity ecosystem should look like. We do not want to build a nightmare scenario in which are identities become valuable commodities. Identity is too important to be treated in this way: it is an intrinsic part of ourselves, but also increasingly a necessary practical requirement for us to live our lives. The key role that our identity plays means that it must not be used for exploitation: we must not allow our identity to become something that betrays us.
There are also many ways in which we can be identified without our knowledge, through a myriad of unique identifiers that are used to track and profile us online and off. The ability for a person to be anonymous - just a face in the crowd - is increasingly under threat, retaining control of the identity we want known is becoming increasingly challenging.
What is the solution?
Of course, there are times when it is entirely appropriate for there to be a requirement for people to identify themselves and be authenticated. In these contexts, it is essential that the measures used maintain a person's privacy, and - crucially - that reliance on single source of identity is avoided.
Companies that are providers of identity systems and companies and governments those that use these services, must put in place measures to minimise the risks.
But, equally, we must also limit these scenarios: the power and freedom of anonymity must be maintained. We have to be sure that the future development of this sector moves in a direction that protects the individual and their data, as well as respects their dignity and autonomy through effective and meaningful controls.
The entire sector needs a dose of humility: to understand that identity is not a magical solution to all of humanities problems. The sector has to rather understand that human identities are a complex, and perhaps unsolvable, problem. Systems have to be designed with the understanding that they will fail; the challenge is to design systems that fail well.
What PI is doing.
Privacy International is challenging the companies that assign us identities or are looking to exploit them. We are investigating their activities and pressing them for change.
We are engaging with the key international organisations pushing for digital identities, in order to make sure that the future developments in the identity sector are positive for everyone.
Through our own work and that of our partners, we are working to pressure governments to develop systems that protect the privacy of individuals and groups, while at the same time ensuring that the scope of the use of such systems is limited.