Online Identity – On The Line

Background and Overview: Your Online Identity – On The Line

Today, a national and global dialog is heating up about the definition, scope and application of identity – your identity.  Everybody’s identity.  In the new playing field of a networked world, what is the appropriate balance between surveillance and control vs privacy and freedom?  Where is the line to be drawn between ownership of personal information and the economics of advertising and marketing?  What rules will govern, who will make those rules and how will the technologies apply the rules in reality?  Can the old principles animating the US Constitution survive the transition to a digital age, or must the philosophy of sovereign and self-governing people give way to a centralized and tightly controlled but very safe and effective matrixed environment?

Codification of Principles, Values and Law

In his seminal book “City of Bits“, published in 1995, my mentor Bill Mitchell posed the concept that computer code is becoming legal code.  The concept was popularized and wonderfully evolved by Larry Lessig (who credited Bill in his book “Code is Law”), but for me, the original formulation of the concept has continuing power, relevant and perhaps points the way forward.  Bill wrote:

Out there on the electronic frontier, code is the law…You are either embraced by the system (if you have the right credentials) or excluded and marginalized by it right there in the street. You cannot argue with it. You cannot ask it to exercise discretion. You cannot plead with it, cajole it, or bribe it. The field of possible interactions is totally delimited by the formally stated rules.  So control of code is power…Who shall write the software that increasingly structures our daily lives? What shall that software allow and proscribe? Who shall be privileged by it and who marginalized? How shall the writers of the rules be answerable?

Bill’s take on the elemental dynamics at work are spot on, and they don’t just apply to code in general.  This encapsulates the grand deals about to be struck regarding identity.  Yes, YOUR identity.  And this manner of approaching the key policy, technical, business and raw political elements of the open questions around digital identity could not be more timely.  Most people are unaware that the United States and Europe are in the midst of foundational policy and economic decision making about how identity and personal data will work.


In the United States, the National Strategy for Trusted Identities in Cyberspace (NSTIC) has been launched by the President, funded by Congress and is about to be transitioned to a private sector governance body that will have much responsibility to determine the shape of things to come.  More information about NSTIC is available at the Department of Commerce’s NSTIC program site, and a group I helped found and support called provides more educational and community involvement channels to learn about and engage with NSTIC.

Reexamining Old Premises

The coming of the Internet has re-surfaced fundamental questions about identity and the nature of being a person in community.  Long settled and implied assumptions about identity are being re-assessed, as old premises are increasingly found wanting or inapplicable, such as the use of common names as a key way to “know” another person.  The advent of digital identity, and the novel ways of being and interacting with others online is forcing a fresh look at first principles and long standing social compacts.  Expectations surrounding privacy, individual rights, obligations, accountability and basic tenants of behaviors are all in flux at a large scale.

Identity is at once intuitively simple and yet too complex to completely define or codify.  For people, the concept of identity quickly collapses with basic notions of self-hood, autonomy and existence itself.  At the same time, everybody knows what identity is, and can understand it innately.  We inherently discern identity of people, starting with an individual person, who can be visually distinguished from other people, places and things, extending to the name and traits of that person, and including vast arrays of characteristic relationships, experiences, personality nuances and perhaps even an ineffable “sense” or “energy” unique to each person.  At more abstract layers, reputations, key events and sociological overlays create more dimensions of identity. The least abstract and potentially most powerful – and dangerous – element of identity is a unique identifier.

Identifiers, Roles and Core Identity

What is at the center of your identity?  Is it your name?  Is it your finger print?  Is it the sum of your relationships and roles? Is it your social security number?  Some believe it is a person’s “soul”.  Some assert there is absolutely nothing of note at the center of identity, and identity is merely an accumulation of otherwise meaningless facts.  Still others hold that identity is precisely what we – as a society and also as individuals – declare it is, and it means what we declare it means.

Clearly, there are imponderable and basically philosophical issues at play, but for practical purposes, it is possible to designate something called a “Core Identity” as an anchor point for each individual human being.  The US jurisprudential underpinnings rest on the precept that individual citizens are the indivisible unit of sovereignty, are the source point for legitimacy of government by their consent, and are the level at which the fundamental rights and duties exist – to vote, to practice religion, to freely express and so on.  Lately, many such rights and obligations have been extended to “legal persons” such as corporations, and yet it is the human being that is uniquely and explicitly the entity that rests of the center of the bargain called our Constitution.

Core Identity and Personae

An analysis of law, practice and logic strongly suggest each person has a “Core Identity” for which there is one-per-person, and each person has more than one “Personae”, including clusters of particular roles and relationships and associated attributes and identifiers for each Personae.  A “Work” Personae, for example, would include in my case nearly 100 different log-in accounts on a wide variety of systems, applications, services, networks, etc.  I have perhaps 10 distinct “Roles”, each with several identifiers and attributes, accounts and relationships.  Just today I received my new MIT ID Card, complete with a number.  I was “provisioned” into may different computer systems, physical access systems and my digital footprint for this Personae is growing by the hour.  My Personae as “Architect” of identity trust frameworks includes roles as consultant to the insurance industry, a large city, a large department of defense agency, a large non-profit, a think-tank and so on.  My Personae as a yoga practitioner again yields many roles within the related communities (from music, to organizer, to technology provider, to student, teacher and many others) and many, many online accounts, and particular sub-identities.  Yet… I have but a single Core Identity.  There is, in the end, just one me.

The space will be a place where these topics will be explored, key players will be interviewed and their writing highlighted and where citizens of the Internet will have ample opportunity to have your say.  After all, what is at stake is your very identity.