Plurality of identities

While Kevin Cox (On Line Opinion) argues for one electronic identity and a host of relationships, a subtly but fundamentally different view is that we actually possess many identities, and that it is better all round to retain the ability to keep them all separate. This is not actually a radical proposal. I believe that most of us are pretty comfortable almost unconsciously treating, for example, identity as a citizen differently from identity as a bank account holder, or identity as an employee.

Judging by the work of others in the field, we may in fact be in the midst of a true paradigm shift, to a new worldview based on a plurality of identities. And here I’m using the infamous “p word” - much loved by consultants but derided by almost everyone else - in its proper context.

The term “paradigm” was popularised by the philosopher and historian Thomas Kuhn, in his seminal book The Structure of Scientific Revolutions (1962). Kuhn described paradigms in the sciences as sets of prevailing assumptions and theories that add up to an accepted worldview, such as the old idea that the sun and the planets revolve around the earth, or that disease is caused by imbalance in bodily “humours”. Paradigms are not always bad, but they invariably carry deep implications that can go unchallenged and influence broader systems without us being aware.

I suggest we’ve been saddled for years in the IT world with the tacit assumption that deep down we each have one “true” identity, and that the proper way to resolve rights and responsibilities is to render that identity as unique; that is, to get to the bottom of who the person “really is” before bobbing back up and checking what role they are acting in. But this search for the “real” identity can go too far.

When it does, it can expose far more of our selves than is warranted, and it can make it fiendishly difficult to disentangle our digital lives. The “singular identity” paradigm has had a deep and unhelpful influence on smartcards, biometrics, and the very trendy "federated identity" movement.

Federated identity is a sort of mash-up of the things that are known about us in different contexts. Usually the end point of federating one’s identities is a single definitive statement of who you “really” are. To argue the case, proponents of federated identity usually cite drivers’ licences and the way they’re presented to bootstrap a new relationship.

They liken the use of a driver licence to “build up” a new identity as if the more proof of identity you can aggregate, the more trusted and more widely recognisable you will become.

But there is a serious category error when the real world experience of identity cards is extended superficially to federated ID. A driver licence might evince your “identity” when joining a video store but it does not persist in that relationship. It does not become your identity as a video store member. For that, you will receive a new membership card, and the driver licence is left aside.

A less trivial example is your identity as an employee of Company X. The HR department may want to see your driver licence on your first day on the job, but that’s mainly to make sure they get your legal name correct. Thereafter, you carry an ID badge for Company X, which is your identity in that context. You don’t present your driver licence to get in the door of your workplace.

The question asked and answered by federated ID is: how many identities do we need? Only one! The new “Identity 2.0” movement stresses the multiplicity of our relationships. A very popular and beguiling but ultimately utopian conference presentation by the movement's leader Dick Hardt shows vividly how many ways there are to be known (see here). He’s right - I am at the same time a licensed driver, an employee, several bank account holders, a football club member, a university alumnus, a frequent flyer and so on. But Dick Hardt goes a step too far when he seeks to create a single, albeit fuzzy, “uber identity” that mops up all relationships and transcends all contexts.

The alternative view is that each of us actually exercises a portfolio of separate identities, switching between them in different contexts. This is not an academic distinction; it really makes a big difference where you draw the line on how much you need to know to set a unique identity.

I remember once visiting my bank to deposit cheques into my business account. It happens that my personal account was at the same institution, and they had without telling me “federated” my multiple identities. The teller asked me which account I wanted the cheques to go to - my mortgage, my credit card or my debit account? I was truly shocked, especially as I had handed over the corporate key card. The cheques were not for me, Stephen Wilson, they were made out to my company. The fact that I am a signatory to the company bank account is completely immaterial to the arrangement that treats the company account as a different entity. There is centuries of company law that tells us that the identity of the corporation is not the same thing as the identity of any of its employees.