15 Oct 2013

Identity crisis – are we swiping away our own freedom?

At first sight the glossy corporatism of Apple‘s latest product launch has little in common with the murky world of the so-called “dark web”. Yet both have highlighted an issue that’s fast becoming one of the most thorny in technology: identity.


One of the iPhone’s new features – fingerprint-swipe security – has raised concerns among some privacy groups. They believe fingerprint security is dangerous because it forces you to reveal your permanent identity. They argue that, while you can change your phone, your password, etc, you can’t change your fingerprint, so once you render it up to Apple, it gives the company (and potentially law enforcement) a single point of identity which can be used to track you forever.

It’s a sentiment that would find favour among many users of the dark web, a network of websites only accessible using special software. That software confers anonymity on its users, and in the wake of the revelations about government snooping online, there’s been massive growth in the number of people using it to hide their identities.

Since its beginnings, the internet offered up the opportunity of abandoning our real-world selves and creating new online personas – a prospect encapsulated in the famous New Yorker cartoon “On the internet, nobody knows you’re a dog”
This free-wheeling approach to identity has found expression in everything from Second Life (where users created 3D online versions of themselves, often cosmetically enhanced to ludicrous proportions) to gaming avatars, forum usernames and hacker nicknames.

Yet now I see a growing alliance of opinion that the idea of flexible, mutable online identities should be seen as a brief episode in the early, exuberant days of the worldwide web. The online world is now a serious business, they argue, and its users need to grow up and stop creating fantasy alter-egos.

Leading the charge (perhaps most worryingly for internet libertarians) is the government. It’s spearheading a “digital by default” agenda, which means all government services should be available online. It’ll save money, they claim, and is therefore a vital part of the austerity drive.

The problem is; if everything from benefit claims to passport renewal is to happen online, the government must sort out the identity issue. After all, you don’t want someone else claiming your government pension, do you?

One solution, of course, would be identity cards. But no-one wants to go there again, especially not the Conservatives who criticised Labour’s plan for ID cards while in opposition.

So, Government Digital Services, part of the Cabinet Office, has given the identity issue a classic, Tory free-market spin: private companies will now be responsible for verifying your identity online, before handing you over to government departments’ websites where you can renew your driving licence, pay your taxes etc.

So who will be responsible for working out who you really are online? Well there’s a list here – and that’s just for starters.

I’ve got a few concerns about this: what security standards will these companies be using? Who audits them? (as I understand it, things like the ISO 27001 standard are “self-certification” processes – not entirely reassuring), if something goes wrong and my identity is stolen, who do I sue? How will these companies monetise the data?

But my main concern is that we may end up sleep-walking into an online world where multiple identities are no longer possible. That’s because once we are given a “government approved online identity” by one of these companies, it’ll be very hard to avoid using it. Online retailers and banks, for example, will very likely demand that we use our government ID to access services – after all, why would we refuse?

From there, there will be pressure for all online services to demand we use our government online ID. Once the argument is made that this will prevent online bullying or “trolling”, there will be a clamorous media campaign to get government IDs used on sites like Ask.fm.

The concept of forcing singular identities on internet users appeals to a wide selection of very, very powerful interests – not just law enforcement and the intelligence services, but especially rights holders who’ve seen their revenues damaged by piracy perpetrated, of course, anonymously.

I understand the arguments, but I also see problems. As someone who faces a slight but tangible risk of being attacked online, I have worked hard to separate my work and personal identities. I accept that my work profile may be targeted – but it is not acceptable for my friends and family to suffer, so I keep those connections firewalled off.

I fear (and I think it’s a rational fear) the prospect of a singular identity for me being held by a private company over which I have limited control. But mostly I fear the lack of open, honest debate around identity – an issue so live, so current, yet almost invisible even among the tech press.

Follow @geoffwhite247 on Twitter