Net Identity: “Identity Crisis: Defining Self and Netizenship” Nick Hadfield ETEC 511 November 23, 2005 I am a technophile

. I am over 21, over 25, under 65, married, employed, Canadian, extroverted, and opinionated. Various aspects of my identity show themselves throughout my day, whether I am online or interacting with people face to face. Our real identities, or “self”, are worked out each day as we interact with people and are constantly being adjusted as a result of how others respond to our words and actions. Net identity, however, is an illusion of the real identity. It can be a mirror image showing others a vision of the real you, a shadow of your darker side, or an imaginative persona that you create, much like an author creates a literary character. Confusion over net identity and its ability to represent real identities in an online world has brought about an identity crisis. The current system fragments net identity into many individual parts, and holds them completely separate. Net identity needs to evolve to incorporate the fragmented identities into a “whole” to increase reliability and security and to allow for more seamless web interactions. The race is now on to see who will control your internet identity.

What is Identity? i·den·ti·ty: The set of behavioral or personal characteristics by which an individual is recognizable as a member of a group. (Dictionary.com)

As we grow from adolescence to adulthood we begin to discover who we are and who we want to be (Gray 1991, p. 475). Our personal identity forms as a result of such characteristics as our appearance, wealth, ethnic background and religion; many factors

make up your “self.” Some of the main determining factors of our identity comes not from the choices that we make, but rather from biological factors such as being either male or female. Our “self” comes from both biological factors that determine who we are, such as being male or female, tall or short, skinny or muscular, as well as social factors like our interests, education, friendships, and life experiences. A third component of our identity comes from what others say about us: are we thoughtful, tactful, charming, charismatic, boastful, or trustworthy? To compound the complexity of identity even further, we may have an identity that we show at work to other colleagues, another at home to family members, and still another at church. Much like your real-world psychological identity, your net identity also has many facets that compose the whole. In the real world personal interactions help give people a sense of who you are, your trustworthiness, your interests, etc., but on the internet there are no face-to-face interactions, making net identity illusive. Net identity does not have to be the same as the real world, and we are free to choose any identity. Whatever persona you decide can become your net identity. You get to start anew and reinvent your “self”. What your net identity will become is based more on freedom and choice than on pre-determined factors. Without the pressures of interacting with someone face-to-face revealing your identity, your net identity is more flexible. Similar to your sex being biologically determined, some aspects of your identity are predetermined because they are hardware based. Your net identity is therefore quite complex, with some of your identity being predetermined by the hardware you use. Other parts are more user-centered that can be developed or created by the individual over time, and other parts are based on what others say about you and the impression you leave behind.

Hardware Centered Identity When the Recording Industry Association of America (RIAA) started filing motions in court to get certain internet users identified, net anonymity took a serious blow. With the court ruling, the RIAA forced internet service providers to provide the personal information of certain IP addresses that they had monitored downloading protected content (McCullagh, 2004). This internet protocol address (IP) registers the computer visible on the internet, and is provided by the company that the user is paying for their internet service such as Shaw, Rogers, or AOL. When users wish to connect to the internet, they provide their billing information to the service provider, who then connects their computer and provides an IP address whenever the computer is logged on to the internet. This part of net identity is closest to what in real life is biologically determined; it is difficult to change or hide and is available for everyone to see. Every computer on the internet is assigned IP addresses to locate them: Amazon.com is 207.171.166.102, Flickr is 68.142.214.24, and I am writing from 207.102.81.4. Net identity problems arise, however, because IP addresses are assigned to computers, not to people. All internet activity by the computer is logged by the internet service provider, but not who is using the computer. There is no reliable system as yet to confirm the identity of the user. We have no system of fingerprint or retinal scans before logging onto the internet, just usernames and passwords. Because the IP address is mistakenly associated with an individual and not a computer, net identity problems have arisen; the RIAA has sued households based on the internet use of children who normally could not be sued under the law (Borland, 2003). To make the issue of net identity even more difficult, computers may be infected by a “worm” that takes control of the computer and allows a third party (such as a hacker) to remotely control the computer to send or

receive information via the internet. Furthermore, computers using wireless internet connections run the risk of people “listening in” on their internet connection. Using these methods hackers can find out passwords, personal information, and can copy the IP address of their target so it appears that the hacker’s computer is really that of their victim (Blackwell, 2003). Your hardware net identity can then become transferable, providing an insecure means of identifying your real identity. In the real world we carry many numbers that identify ourselves, such as our social insurance number and driver’s license number, but your IP address of your computer is more like your lawnmower: you may use it, your kids may use it, your neighbour may use it, or it may just get stolen without you even noticing.

User-Centered Identity “Digital identities consist of sets of claims made about the subject of the identity, where "claims" are pieces of information about the subject that the issuer asserts are valid” (Microsoft, 2005). Largely because of the anonymity of the internet, users can freely create net identities without limitations on everything from sex, gender, age, beliefs, interests, and location. They are free to decide who they want to be in this new online world and reinvent themselves. The user simply makes a set of claims about himself and sets about selling this identity to others. It is not uncommon, for example, for people to choose to become the opposite sex online (Suler, 2004). Virtual Community games such as “Second Life” and “World of Warcraft” allow for users to fully define their new identity; users can pick their race, sex, profession, and where they want to ‘live’. Users can move around and interact with other players in the game and reinforce their identity. The believability of their identity depends on the user’s ability to

convince people that they are who they appear to be, much like how your résumé describes you, but the job interview is where you attempt to convince your future employer that your identity and your résumé are both valid and valuable. As in the non-virtual world, if you are trying to be what you are not, eventually you will probably be found out. Various directed questions from other users have the potential to unmask your identity. Particular statements, such as culturally insensitive ones, said to other users may be inconsistent with your net identity (Beth C. 2005, p. 6). Other areas such as blogs and photo sharing sites require an identity that is at least close to your actual non-virtual identity. These online communities are more of an expression of your real ‘self’ in the online world. Photographs of your children, pets, trips, and friends may be displayed for others to see (and comment on) on an online photo site such as Flickr, which make it harder to choose an identity that is different from the ‘real’ one. For blogs to be effective over time, the content matter needs to be consistent, intelligent, and come with a depth of perspective. They need to develop over time as the writer encounters new ideas, and adjusts his writing to accommodate these new beliefs. Because of the amount of expression and dialogue inherent in blogs and photo sharing, identity masking or faking is made much more difficult.

Commercial Identity The third type of online identity is that of “what impression you leave behind”. Every web site that is visited, every item that is bought, and each e-mail sent leaves a glimpse of net identity behind. Every time you buy an item, that company obtains information about your shopping habits and may try to interest you in similar items through online advertising or e-mails. Amazon.com, for example, will have recommendations for

you when you visit their site based on your previous purchases and items that you have viewed. Your online viewing habits are turned into opportunities to sell you something. The more items that you purchase, the more information the company has, and the greater their picture of the net identity. On the darker side of identity impression there are tracker programs such as spyware to collect information about what web sites you visit, what your online buying habits are, and what programs you have installed on you computer. This allows an unknown company to become very intrusive and forcibly collect information on your net identity to aid their marketing of products (Spyware, 2005). Banks and credit agencies are concerned about net identity and verifying identity. Financial records, access to money transfers, and official identification papers are all serious liabilities to these agencies, and they have to ensure that their connections are secure, that you are providing the correct identification, and that you are who you say you are. Millions of netizens are victims of online bank fraud costing billions of dollars each year (Sullivan 2004). Phishing, or the practice of luring internet users to an authentic looking web site to steal passwords and personal information, is further confusing net identity. When unsuspecting users give out their personal and financial information it is virtually impossible for the banks and financial institutions to distinguish the real user from the fraudulent. Ever increasing security measures are taken to increase the reliability that the financial institution is dealing with their client and not being defrauded.

Crisis and Change Net identity is therefore in a crisis. Current net identity is illusive, temporary, and unreliable because “the Internet was designed without a system of digital identity in mind” (Microsoft, 2005). The internet was not conceived to be a massive consumer market

requiring a confirmed digital identity, and therefore users make due with spliced- in identity layers. They have to remember numerous usernames and passwords, and have great difficulties identifying legitimate and secure websites from those that try to “phish” for their information. Companies are suspicious of their users, users are suspicious of each other, and identity theft is rampant. Net identity needs to be rethought and reinvented as the internet grows. Dick Hardt (2005) describes our current system of online identity as Identity 1.0. Information about our shopping identity from Amazon.com is held by Amazon and not released to other companies where we also shop. As well, identity information from Flickr is not shared with EBay. These are closed systems. There is no sharing of information, and online identity is anonymous and illusive. We can be one identity with Flickr, another with EBay, and still another with World of Warcraft. Each time we go to a new site, we need to re-enter our information, so the company can verify who we say we are. Do we register as being trustworthy? Hardt compares this to a liquor store phoning the Government of British Columbia each time you go to buy alcohol; it is an inefficient system that wastes time, and is not user friendly. A different system is needed to verify identity, increase trust in online identities, and make it more transferable. The crisis in internet identity is forcing a change, but how that change is going to be made depends on your ideology.

Techno-Utopia A techno-utopian view of the new identity change would lead you to think that it will save both time and money, and will lead to a more equal power balance between people and companies as we work towards a common goal of greater connectivity and interaction. This optimistic view would see your online identity becomes synonymous with

your real identity; the two identities would merge into one as technology improves and decreases the barriers. Your official government identification would merge with your online identification, allowing for greater trust and more secure transactions. In this techno-utopian view, governments, business, and individual users would all want a single transferable identity due to the savings in time, money, convenience and security. Governments with techno-utopian views have already started the process of merging the real and virtual identities with Estonian citizens being able to vote for elections online through use of a National Identity Card, password, and phone with a card reader (Sheeter, 2005). Similarly, the United States just recently passed the Real ID Act (2005) to develop their own National Identity program, but it will take three years to implement, and does not yet attempt to control internet identity. With the Real Id card system in place, however, all that would be needed is for computers to have card readers to transfer the identity program into the internet.

Techno-Cynicism A techno-cynical view of identity change leaves much more room for freedom and privacy. A merge of online and real identities would allow for much greater control by governments, easier tracking of spending by companies, and very little anonymity. Each time you accessed the internet, bought something, or went somewhere; your actions could be tracked and recorded. Instead of a singular identity, techno-cynics would rather users be in control of their identity and choose to whom they show their identity. There would not be a singular identity, or even a singular net identity; users would still have different identities for their various interests on the net, but when asked to provide identification,

could choose which identification to show. This would be much like showing either a driver’s license or a passport at Canada-U.S. border crossings. In the techno-cynical view, users must be in charge of their net identity or else government and business will exploit the identity information. Dick Hardt’s Identity 2.0 proposal fits into this view because of its control over information. In Identity 2.0, the computer user is the one to decide whether or not to supply the identity information to the selected internet site. Identity 2.0 is the ability to take your identity from a credential provider and provide the identity credential to the online site. There would be no need to fill out shipping forms, Visa numbers, phone numbers, or your age, because your Identity 2.0 would contain all the information that you would need to present, much like showing your passport and Visa card. Kim Cameron’s work for Microsoft is also based in the techno-cynical view and focuses on the users’ control over their identity information (2005). Microsoft seems to have learned from their mistakes with Passport, and has shifted their technological view away from having Microsoft as the center for identity. The new “Laws of Identity” proposed by Kim Cameron for Microsoft are: user control and consent, minimal disclosure and constrained use, justifiable parties, directed identity, pluralism of operators and technologies, human integration, and consistent experience across contexts. What these new laws advocate is an identity system that is decentralized, user driven, and user controlled. Identity information is only given out by the user at places they want to be identified.

Change is Inevitable The current system of splintered internet identity is unfriendly and unsustainable. Internet users spend too much time verifying their online identity. Hardware identity is too

easy to copy, and identity fraud is rampant. Change is inevitable. Users like having control of their identity and the creativity that that entails, while many governments like the security of National Identity cards. The battle over identity control is quietly waging, and which ideology will win depends upon who engages in the argument. If the technoutopians win, net identity could become a centralizing force over the internet: wherever users go on the web, whatever email or blog they leave could be tracked. Net anonymity would be lost, causing a paradigm shift. Real world identity and net identity would combine into one system. If the techno-cynics win, we could have a continuation of the current problems with identity theft and fraud, and because it is being led corporately there will be competing identity systems, and a clear winner may not surface for years. Much like teenagers who go through an identity crisis, the internet has moved into these teenage years and must decide who will control net identity - users or government.

References:
Beth C. (2005). Sexism in the World of Warcraft. Unpublished Manuscript. Retrieved November 2, 2005 from: http://www.trinity.edu/adelwich/mmo/papers/beth_c.pdf Blackwell, G. (2003). Beware the Bandwidth Thieves. Retrieved November 1, 2005, from http://www.wi-fiplanet.com/tutorials/article.php/3085251 Borland, J. (2003). Child's Mother Pays RIAA to Drop Suit. Retrieved November 1, 2005, from http://news.zdnet.co.uk/internet/0,39020369,39116218,00.htm Cameron, K. (2005). The Laws of Identity. Retrieved November 13, 2005, from http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnwebsrv/html/lawsofidentity.asp Hardt, D. (2005). Identity 2.0. Retreived November 7, 2005, from http://www.identity20.com/media/OSCON2005/ McCullagh, D. (2004). Judge: RIAA can Unmask File Swappers. Retrieved November 7, 2005, from http://news.zdnet.com/2100-3513_22-5285605.html Managing Identities with "Infocard.". (2005). Retrieved November 13, 2005, from http://http://winfx.msdn.microsoft.com/library/default.asp?url=/library/enus/indigo_con/html/cd4f2fc4-68c7-46d4-a640-3d73c96cf0c3.asp Microsoft's Vision for an Identity Metasystem. (2005). Microsoft's Vision for an Identity Metasystem. Retrieved November 13, 2005, from http://http://winfx.msdn.microsoft.com/library/default.asp?url=/library/enus/indigo_con/html/cd4f2fc4-68c7-46d4-a640-3d73c96cf0c3.asp Sheeter, L. (2005). Estonia forges ahead with e-vote. Retrieved November 2, 2005, from http://news.bbc.co.uk/1/hi/world/europe/4343374.stm

Spyware. (2005). Retrieved November 13, 2005, from http://www.cibc.com/ca/legal/spyware-info.html Suler, J.R. (2004). Do boys and girls just wanna have fun? Gender Switching in Cyberspace. In Gender Communication (by A. Kunkel). Kendall/Hunt Publishing. Retrieved November 2, 2005, from http://www.rider.edu/~suler/psycyber/genderswap.html Sullivan, B. (2004). Survey: 2 Million Bank Accounts Robbed Criminals Taking Advantage of Online Banking, Gartner Says. Retrieved November 2, 2005 from http://msnbc.msn.com/id/5184077/ The Real ID Act. (2005). Retrieved November 13, 2005, from http://thomas.loc.gov/cgibin/query/D?c109:3:./temp/~c109UXQT29::