1. Content
  2. Index
  3. Search
  4. RSS/Subscribe

Ideating Identity · Wednesday July 11, 2007 by Crosbie Fitch

Who am I?

Well, I don’t know about you, but I think I know who I am. I’m me.

Ah, but, perhaps the question uses the word ‘who’ as discriminator, as in “Which person of many am I, and what means can I provide to enable anyone to demonstrate this?”

Tricky.

Identity in 5 Minutes

Consider twins. We can’t identify people 100% based on appearance, but it’s pretty good. We can’t identify people by their names – not only are there many called ‘John Smith’, but knowing that one twin is John and the other is Jack doesn’t actually help you identify John. Having a name or ‘identifier’ doesn’t constitute identity, it’s the label you can attach to the identity once you’ve apprehended it.

What we are left with is the only thing guaranteed to be 100% unique, an individual’s experience (their mind and its memories). And we can only corroborate this by referring to those who have intersecting experiences, i.e. who have memories of encounters with the person to be identified.

However, corroboration remains hearsay. We can never be 100% certain, we can only be confident according to how well we trust the words of those we consult, and this can depend upon how well we know them, or how well those we know know them, etc.

We find that identity coincides with reputation.

We also find that identity/reputation is not something that the individual possesses. Their identitiy/reputation is something possessed collectively, in part, by everyone they have ever met.

In correspondence or online, appearances are rarely available. We therefore need to create artificial appearances, artificial names, and artificial recordings of meetings/transactions and appraisals thereof. From these we can create artificial identities and reputations. These needn’t correspond to human beings, i.e. humans can control multiple artificial identities, and some identities may be entirely controlled by computer, whether AI traders or dumb proxies.

Online, we don’t record our identities, we record our experiences of everyone we deal with.

Identity/reputation is extracted collectively, ad hoc.

The Identity Reputation Duality1

I think we should disintegrate everything back to first principles, which also means decentralised and distributed. Deconstruct ‘identity’ and all preconceived notions related to it (especially IT based ones). It’s probably best to rewind one’s perspective back to a preindustrialised era too – just to be safe.

Identity is reputation and, for convenience, an associated name.

Identity is something an individual entity possesses only as a consequence of the fact that they are inescapably distinct from any other individual, by dint of a distinct experience (interaction with other individuals). Even a cloned identity will immediately diverge into a distinct identity from its fellow clones.

An individual’s identity is not constructed by the individual, but is a product of their relationships with others. Thus if they partition their relationships they can obtain separated/multiple identities.

However, identity is dependent upon the individual’s memory/experience of their relationships with others, because it is only through corroboration by shared memories/experience that the identity is sustained. A ‘Stepford wife’ becomes detached from their identity despite retaining their name and appearance. However, the identity they lost has not been destroyed – it remains intact in the minds of those they knew.

Incidentally, because it is a more familiar term and is less jarring to our understanding of how identity operates in human society, I will sometimes use ‘individual’ even though ‘identity’ is generally more accurate. We just need to bear in mind that a 1:1:1 correspondence of human:individual:identity is just the familiar case, i.e. to at least keep at the back of our minds that an individual is not necessarily human, and may possess multiple identities.

An individual’s name is a disambiguator only from the perspective of each individual it encounters (has relations with). The name only needs explicit disambiguation if two or more individuals need frequent reference in the discussion of one or more other individuals who know them. If I know two John Smiths I may need to use “John Smith the deputy prime minister” and “John Smith my brother in law”, which is often rendered unnecessary through context. However, each John Smith may have no other relations that need such disambiguation (everyone else they know may be unaware of another John Smith). Names do not need to be universally unique.

The uniqueness of an identity does not come from its name, but from the identity’s uniqueness. It means the identity is amenable to a unique name, but it doesn’t depend upon one. A unique address saves time in delivery, but again, the ‘wrong’ John Smith will recognise cases of mistaken identity and can disambiguate upon such occasions.

So, when we pare it right back, we find that identity consists only of a set of shared memories of interactions. A unique-ish appearance that helps us associate an individual with a unique-ish name that we associate with a set of memories of previous interactions with that individual. We don’t even need the appearance – it’s just helpful. Given a typewritten letter and a name, we can corroborate the letter/name with our memories for that named individual. For people we know well or who are otherwise distinguishable by the nature or content of their writing, the name can often be omitted, and we can still recognise the identity of the author.

However, it is the nature of human beings that identity is difficult to impersonate if appearance is involved (disguise can be tricky), so we may readily authenticate identity on appearance alone, and only worry if what should be self corroborating shared memories fail to corroborate. A new Stepford Wife, despite initial acceptance of authenticity obtained through identical appearance, soon triggers ‘corroboration failure’ alarms in the minds of those who presumed the presence of the previous identity.

So, identity is first protected from impersonation by the difficulty of reproduction of appearance (including voice, mannerism, smell, etc.), but secondly protected by the difficulty of reproduction of memory (non-consensually).

Why do we care about impersonation? Because 1) we don’t know that impersonation is occurring, and 2) we don’t know the identity of the impersonator. If we don’t know that impersonation is occurring then any decisions that we may make dependent upon an identity (and their reputation) become invalid – likely to be highly divergent with the decisions we’d make were we aware of the true identity (invariably the impersonators’ precise intention).

If we knew that impersonation was occurring, we’d at least be able to avoid making incorrect decisions. And if we also knew the impersonator’s identity then we need only decide whether their intention is fraud, benign substitution or humour.

Benign substitution is where impersonation occurs with the consent of the original identity (perhaps unable to be present) – hopefully undetectably (with risk of detection). This may be dishonest, but at least no harm is intended. All decisions are likely to be safe where the impersonator can sufficiently replicate shared memories and convey new ones back to the original identity. This also assumes a situation in which the original identity’s body or other associated property is not required to be present (unless it too can be sufficiently emulated).

The reproducibility of identity requires knowledge of shared memories:

  1. obtaining them via records (diary)
  2. obtaining them directly (from discussions with one or more of those who possess them)
  3. continued company with the identity to be impersonated and/or others with which they share memories

Humans are thus careful where they keep their diaries and what they put in them. They also keep track of who knows them and their friends the best, and ensure they can trust those that are close to them. Corroboration can invariably be achieved through exhaustive search of shared memories that haven’t been written down. And unshared memories are 100% private – for humans – hence Deckard’s easy demonstration to Rachel of her replicant nature by describing some of her undisclosed, private memories (Blade Runner).

So, an individual doesn’t hold their identity so much as half of it, which is a means of corroborating it. The other half is held by everyone they’ve ever known. This also means that the individual’s identity could be recreated if everyone they’ve ever known could collaborate. Even so, the individual could retain a secret that might demonstrate their superior claim to the identity over that of an impostor.

But, I’ve said from the start that an identity comprises reputation. This is because identity is more than a set of shared memories. Identity is ‘who you are as a person’ – in the eyes of those who know you. Thus identity is also reputation, a set of shared memories of the quality and strength of relationships. Trustworthiness (reciprocal exposure of risk, etc.), reliability, punctuality, number and value of meetings, interactions, transactions, etc.

Identity in Practice

I think this is enough to begin to get a glimpse of how a distributed identity/reputation system might look.

  1. An identity is a closed list of names of other identities with which this identity has had one or more relations with in the past, and attributes associated with each relationship. This can be secured by the owner of the identity with a human memorable password (which must nevertheless, withstand dictionary attack).
  2. Identities are online (http/soap) or near-line (e-mail) autonomous, interactive entities.
  3. Each identity has a non-unique, human readable name, e.g. “Fred Bloggs”.
  4. Each identity has a unique ‘appearance’, e.g. a universally unique public key (only disclosed per encounter).
  5. Any identity can be asked if it recognises an identity’s name, and if so, whether they have the same appearance (without needing to exchange the public key).
  6. Any identity can be asked for its subjective measure of another identity’s reputation.
  7. Any identity can be asked to disclose one or more ‘well known’/reputable identities with which it has had a relationship (referees).
  8. When two identities interact for the first time they exchange a secret (appearances/public key’s are exchanged to do this) and each demonstrates to the other ownership of their appearance (knowledge of private key).
  9. Upon the formation of a relationship, identities may exchange contact details: primary and secondary online locations (web service URIs), with backup near-line locations (e-mail addresses).
  10. If identity X suspects A knows B, X can ask A to corroborate B’s identity by immediately interacting with B and confirming knowledge of the secret previously exchanged.

Identities DO NOT contain any private data beyond qualitative measures of interactions.

Identities can make no truth assertions concerning other identities, except whether they have evidence that the identity is authentic and that they have had a previous relationship.

Identity is not a matter of private data retention, or trusting others to exchange the identity’s private data. Keeping some relationships and transactions secret is a separate matter.

The reputation of an identity is held by others. An identity records subjective reputations of others.

By interacting with several identities that one knows it should be possible to gauge a less subjective measure of the reputation of an identity that one expects to have a relationship with.

An identity could maintain a cache of identities it has explored a relationship with, but ultimately decided against.

1 Closely based on my post to the ProjectVRM mailing list on 2nd July 2007.

Harald K said 2673 days ago :

Man, I found you through the wikipedia page on Assurance contracts. As far as I can see the work you do is important and great, but I wouldn’t know if I wasn’t very familiar with the concepts before.

Your explanations are not exactly accessible, you know. It took me a while to figure out that this post was neither joking nor crazy (... right?).

I hope you have someone to help you with the marketing :-)

Crosbie Fitch said 2673 days ago :

Thanks for the perceptive comment Harald.
There’s very little that I publish that I expect will increase the size of my audience.
The FeedBurner subscriber count of zero should help assure readers that this is an esoteric blog where the author is the primary judge of quality.

I’m glad that I have at least one reader who is familiar with the concepts.

I apologise for my inaccessible explanations.

I do aspire to accessibility, but it is a long, uphill struggle.

I try sprinkling a little crazy humour here and there, but I’m pretty serious about what I write.

;-)

Scott Carpenter said 2672 days ago :

Now the subscriber count shows 2. I’ve been subscribing for some time but was using a built-in feed instead of Feedburner. (Does Textile have a plugin of some sort to redirect to the FB feed?)

Crosbie Fitch said 2672 days ago :

Hi Scott, I really wouldn’t want anyone to try and figure out how to fix the insignificant statistical vagaries of Feedburner’s metrics. It’s designed for bloggers who get at least 20 new readers every day.

Textile isn’t really a blog tool for those seeking blog fame and fortune. Unfortunately, it does attract the generic attention of comment spam so I’ve used the only captcha plug-in I could find.
I don’t think there’s much in the way of FB support – nor much demand.

Consider the FB subscriber counter a little amusement on my part.

Scott Carpenter said 2672 days ago :

Sure — I should have mentioned with my last comment that I realized the exact number wasn’t really the point — maybe I just wanted to say, I’m here! :-) Having the FB count on my site appeals to my neediness, but maybe it’s all just splogs that are subscribed. In any case, the number is best treated lightly.

(One feature that would be much more helpful here is a feed for comments on individual posts. I like to subscribe when I make comments so I can follow the conversation.)

Crosbie Fitch said 2672 days ago :

I presume you are e-mailed when I reply to this comment? If not, yes, it’s a bit naff.

Maybe there might be an option to create a feed for “all comments”? I’m not sure, but I’ll keep an eye out for it.

I’ll have another look at the FB vs Textile RSS subscription thingy too.

Crosbie Fitch said 2671 days ago :

Ok, Scott, I’ve discovered a treasure trove of plug-ins for TextPattern that I’d previously missed: Textpattern Resources

I’ve created a site-wide comment feed on the front page, and a per article comment feed.

TextPattern may not be the blog of choice for the bloggerati, but it’s very good and I’m glad I chose it.

Scott Carpenter said 2641 days ago :

Hey! I’m a little behind — I just noticed the new per-post comments feed in the IPistemology post and then found the announcement here. This is great — thanks! (Now I won’t be a month behind in the conversation.)

Bron Gondwana said 2375 days ago :

Coming along rather late, but I just wanted to reply to this bit:

… Even so, the individual could retain a secret that might demonstrate their superior claim to the identity over that of an impostor …

Actually, that’s bogus. If they have a secret that’s not known to anyone else, then the only person they can use that secret to prove their identity to is themselves. Kinda pointless.

Crosbie Fitch said 2375 days ago :

Possession of a secret need not necessarily be demonstrated by corroboration, but by an action that could only be performed by the possessor of the secret.

Thus, if with one’s distributed identity a code or digital signature is also supplied, then an imposter should be less able to demonstrate decryption of the code (despite otherwise having been able to recreate the identity). Each component of the identity may also be signed (not encrypted).

Ronny Ager-Wick said 2271 days ago :

This is brilliant! This is the research they should have done before they started using OpenID.
I landed on this page while researching OpenID here: idcorner.org/2007/08…
In essence, my conclusion is that OpenID must have been made by monkeys, for monkeys – thus only monkeys will use it…

However, it would be interesting to build an online trust/ID protocol based on the same principles as the society is based on, like you’re outlining here.



 

About

Contact

Recent Articles

Recent Comments

Projects

1p2U

Contingency Market

QuidMusic

Digital Art Auction

Free Culture Logo

Links

Progeny

Digital Constitution

1p2U

Digital Art Auction

QuidMusic

Contingency Market

Peers

ChipIn

Copycan

Digributor

EmanciPay

Flattr

Freinutz

Fundable

Kachingle

Kickstarter

LiberateIP

microPledge

PayyAttention

PledgeBank

RepliCounts

Strayform

Takoha

The Ransom Model

VODO

1p Subscribe