CTO Articles
Published in IT World
June 06, 2006
Identity is dead. Get over it.
Some years ago, Scott McNealy quipped that electronic privacy is dead and that we need to get over it.[1] Like many good one-liners, the assertion is an over-simplification but has enough piercing truth to it, to get heads nodding.
It is of course, possible to make things private for any given definition of "private" and any given definition of "things". Sweeping generalizations are easily tripped over with specifics. Now, rather than dive down a rabbit hole trying to define terms like 'privacy', I would like to take a different tack.
Would you agree with me that in many cases, comprehensive electronic privacy is really, really hard? You would? Great! Now let us proceed to the interesting question: what does 'really, really hard' actually means?
I have a pragmatic definition for it. Something is 'really, really hard' if it is theoretically possible but just is not worth it, economically speaking. It is really hard to travel to the stars today, not because it is impossible but because it would take such a long time that it just doesn't make economic sense. It is theoretically possible to send a terabyte of data over a 56k telephone line but it would take so long that it would not make economic sense. You get the idea.
In the world of electronic privacy, the phrase 'really, really hard' (read 'not worth it') occurs regularly. It is theoretically possible to give everyone who sends you an e-mail an e-mailing kit which (a) takes a blood sample and a retina scan (b) uses their DNA fingerprint as a public encryption key (c) puts a sworn affidavit in escrow and (d) pays a risk insurance premium for you in case you act upon the e-mail in some way but find that the information therein was not what you believed it to be.
All of this is possible but it just isn't worth it. Now, what do innovative human beings do when faced with something that is really, really hard like this? They find work-arounds, compromises, partial solutions, anything that will allow even partial progress is better than nothing...
Which brings me (at last!) to the point of this article. A key part of the overall concept of privacy is the concept of identity. Who sent me this e-mail? Did they really send it? Can I safely act on it and in the future be able to prove that they sent it? And so on. Hard problems, one and all.
Is there a work-around? A compromise? A partial solution? I think there is and I think it is taking shape around us at the moment. What if all identities on the Internet were treated as being, at best, pseudonyms for real people? What if, in order to protect themselves in electronic transactions, people create mazes of aliases for themselves? A wholesale usage of the artistic concept of a 'nom de plume'?
Look at all the Web 2.0 companies popping up and the maze of identities that are being created on them - one for each service. Is this a crazy state of affairs? Possibly, but given that Internet wide identity services are really, really hard, perhaps it is not so crazy after all.
Perhaps the death of electronic privacy (if it ever truly existed on a large scale) is creating a second casualty. Perhaps identity too, is dead?
Is it time to rethink it or time to just get over it and move on?
[1] http://www.google.ie/search?q=privacy+is+dead+scott+McNealy