How Do You Forge A Digital Identity?

Although many people have their Social Security Numbers memorised before heading off to college, and some people can recite their driver’s license numbers from memory, those numbers are not our identities. Even our given names — which are at the heart of our society’s concept of identity — can be changed if we want; courts are generally directed to grant such a change unless there’s clear evidence of intent to mislead or defraud.

So how does one assert an identity in a digital environment, and how can that assertion be verified? That’s difficult enough in a society that accepts the right of the national government to control identity, as is common in Europe. [Editor’s note – steady now PJ…]. In the United States, it’s infinitely more complicated because, thanks to the Tenth Amendment, the job of defining one’s identity is left to the individual states.

But that definition by the state only applies to our physical selves, and our identity documents are not at all useful online. For better or worse, we define ourselves online in multiple ways; for example, there are two or three email addresses that I use as identifiers, a Google ID or two, and so forth. This keeps me from putting all my eggs in one identity basket, but makes it difficult to prove that “pjc@eweek.com” is the same person that “pjc@foo.com is.

Nationally or privately driven?

Should there be a nationally driven digital identity? In some ways, it sounds like a good idea. We already accept that the federal government, through the State Department, has the sole authority to issue passports. But by accepting that authority, we tacitly agree that the federal government has some say over where we go and what we do when we get there. That’s the problem with having a digital identity that’s driven by the goals and requirements of government; the good news is that the likelihood of such a government-driven digital ID being put into use is somewhere between slim and nonexistent.

Instead, the private sector is rapidly stepping in to provide digital identity, but that has its own pitfalls. For starters, a privately issued digital identity may not have the universal acceptance that a government-issued ID as part of its very nature. Second, that private sector digital ID is subject to the rules of the issuer.

Facebook serves as a rather credible provider, thanks in large part to its half-billion-strong membership. That may not be a substantial fraction of the 6.9 billion people on this planet, but it’s a healthy share of the online population. Facebook’s authentication architecture, which is based on the OAuth 2.0 specification, makes it possible to sign in to another website, which hands over the authentication to Facebook.

The social marketplace

One company that has found Facebook’s social network to be invaluable is e-commerce site Etsy, which focuses on handmade and vintage items, and offers a marketplace that connects buyers and sellers of such items. Last year, Etsy began providing its users with gift suggestions via Facebook.

As Jason Davis, lead scientist at Etsy, noted, “One thing we try to do is connect people to people; we have a million active members, which is a fraction of Facebook. The fundamental assumption here is that buying gifts is hard.”

“The idea,” Davis explained, “is that in two clicks, you connect with Facebook. We analyse information about all your friends: their profile information, their activities, their interests, their likes, their favorite bands and musicians, movies and whatnot. From all this information, we ask ‘which one of these entities are available on the Etsy marketplace?’ and, moreover, ‘which of these things that your friends like are popular on the marketplace; which do we have high-quality items for?’ We analyse that across your friends and make a set of recommendations, up to 20, that show something that [they might] like.”