When talking with Brad Templeton at Supernova, he put perfectly the misgivings about even the best of the digital ID systems that I’ve been trying to express for years. In The Paradox of Identity Management, Brad says, “If you make something easy to do, it will be done more often.” Thus:
The easier it is to give somebody ID information, the more often it will be done. And the easier it is to give ID information, the more palatable it is to ask for, or demand it.
Because it’s easier, more merchants will ask it of us. We will thus give away more and more personal information.
Brad goes on to connect this with fears about how this technology might be (= will be) used by tyrannies.
I continue to believe that we are best off addressing the identity problems locally, at the edges, rather than by putting in place a new layer or infrastructure. Let sites continue to design their own solutions to their own problems. If the credit card companies need stronger authentication, then let them handle it. If you want single sign-in, then get yourself a password manager like RoboForm. There are just too many unintended consequences of monkeying with something as basic as identity. And we should be especially concerned that the demand for identity management is coming mainly top down, not bottom up.
Doc responds to Brad. Doc hopes that VRM (vendor relationship management) can overcome the “market power asymmetries” that are at the heart of Brad’s (and my) concerns. Doc writes:
In a VRM system, IDM (identity management) provides (perhaps even defaults) to the choice not to provide data the customer would rather keep private, including names, addresses and every other piece of information not required to do business at hand. And let’s face it, in many (if not most) retail transactions there is no reason to give the vendor anything more than our money.
First, I’m surprised that defaulting to keeping info private merits only a “perhaps even.” I think this may have been a slip o’ the pen on Doc’s part.
Even so, Doc is ignoring the existing asymmetry. If Amazon is your favorite place to buy books, if Amazon requires more info than you think you want to give, you may be willing to pay the price. If it asks for personal info in order to “improve your shopping experience,” you may give it even if you don’t see its relevance. And if every bookstore on the Web decides it wants to ask for more info than it did before, you will start to take that as the norm. I believe that’s a predictable result — as per Brad’s paradox — of making it easy to give out personal information.
In fact, it seems to be a requirement for VRM to succeed. As Doc concludes: “VRM cannot succeed unless it overcomes Brad’s Paradox. If it makes that jump, it will bring IDM systems along for the ride.” But, since VRM is all about letting vendors know more about your preferences and intentions, it really doesn’t overcome the paradox. It depends on making it easier to give out personal info so that it can be done more often.
Doc makes the case for the benefits of keeping vendors well-informed. It would mean, for example, that we aren’t subjected to pointless, annoying ads for stuff we wouldn’t want anyway. And I may well be willing to trade my biography for that. (Of course, I would also want to be able to control how much sharing a merchant does of the information I’ve entrusted with it.)
I am more concerned about the effect of Brad’s paradox on social and political forums where anonymity is currently, and thankfully, the default.
Here‘s the much less elegant and clear way I put it just about a year ago when arguing for keeping anonymity as the default:
[Tags: anonymity digital_id brad_templeton doc_searls vrm digital_rights ]
My fear is that we are in the process of building a new platform for identity in order to address some specific problems. We will create a system that, like packaged software, has defaults built in. The most important defaults in this case will not be the ones explicitly built into the system by the software designers. The most important defaults will be set by the contingencies of an economic marketplace that does not particularly value anonymity, privacy, dissent, social role playing, the exploration of what one is ashamed of, and the pure delight of wearing masks in public. Economics will drive the social norms away from the social values emerging. That is my fear.
I have confidence that the people designing these systems are going to create the right software defaults. The people I know firsthand in this are privacy fanatics and insistent that individuals be in control of their data. This is a huge and welcome shift from where digital ID was headed just a few years ago. We all ought to sigh in relief that these folks are on the job.
But, once these systems are in place, vendors of every sort will of course require strong ID from us. If I want to buy from, say, Amazon, they are likely to require me to register with some ID system and authenticate myself to them…far more strongly and securely than I do when I pay with a credit card in my local bookstore. Of course, I don’t have to shop at Amazon. But why won’t B&N make the same demand? And Powells? And then will come the blogs that demand I join an ID system in order to leave a comment. How long before I say, “Oh, to hell with it,” and give in? And then I’ve flipped my default. Rather than being relatively anonymous, I will assume I’m relatively identified.
Categories: Uncategorized dw