This post is one in an ongoing series (starting here) in which I am developing the concept of ‘Informational Identity’. Your name, your legal identities, your digital identities, are all the same kind of thing: information tools created to pick you out of a crowd, to refer to you when you are not present, to bind your will to virtual worlds. These Informational Identities are related to each other in a directed graph whose nodes are privilege domains and whose edges are the authentication by the ‘tail’ nodes of credentials issued by the ‘heads’ for the credentials’ secondary purpose: demonstrating that the issuers were satisfied at the time of issue that they knew who you were.
In my last post, we explored the asymmetry of the user-domain owner relationship. That asymmetry is the structuring feature of personal identity privacy issues.
As we saw, knowledge of your personal identity attributes requires instrumentation, observation and reporting. That reporting is most frequently a point-in-time snapshot of some of the attributes. It may be observation for some period of time, with a continuous stream of reporting. I can’t think of an example of perpetual reporting except for contrived ones, such as the implantation of a device broadcasting your location that remains in place for life – although I supposed for many today’s smartphone is a close approximation of that.
While the reporting has to originate at an observer, the report itself may change hands many times before it gets to the domain owner.
Personal identity privacy issues begin with instrumentation.
A salient feature of modern life is that instrumentation of our existence is getting both more prevalent and finer-grained. Cell phones give us personal location data. Fitness bands give us steps and heart rates. As of 2011 there were an estimated 1.85 million surveillance cameras installed in the United Kingdom – each citizen was captured then on an estimated 70 cameras a day. That number is likely much higher now. And some of the cameras are networked, and further instrumented with sophisticated facial recognition software enabling individuals to be tracked with some degree of accuracy.
With the vast number of domains containing and sharing personal identity snapshots, and the increasing number and frequency of observations, Orwell’s Big Brother is becoming real.
By virtue of the nature of communications technology, there is always some exposure or potential exposure for a user simply in communicating with a domain.
In person, the instruments are their eyes, ears, sense of smell. The environment in which you meet may be further instrumented with cameras, microphones, even more sophisticated instrumentation (both low and high tech – there are dogs who can smell and identify illnesses), whose telemetry may be recorded and associated with your identity record by the domain owner. You may leave fingerprints and DNA behind.
Remotely, the communication channel itself may be instrumented, from the required return address on US Mail to the phone number you are calling from to the location of your smartphone. Even more sophisticated instrumentation is built into smartphones, such as altimeters, gyroscopes, microphones and cameras that can be remotely accessed.
The resource or privilege domain itself may be instrumented. The tools you use in a domain, the so-called systems of engagement, are frequently instrumented to capture your behavior. A desire to capture, analyze and act on the vast volume of personal behavioral data generated by users interacting with popular web sites was the primary driver of the big data revolution.
Obvious personal identity privacy questions obtain: does the user have the right to know their communication or engagement experience is instrumented, and open to observation? Do they have the right to know when they are being observed? Do they have the right to know why, how, and to whom those observations are being reported?
The answer to all three questions is is yes, no, and maybe.
There is not comprehensive legislation that speaks to all kinds of instrumentation and observation.
Let’s take video surveillance for example. Informational Identity credential your birth certificate, domain owner Uncle Sam. There are no federal laws about video surveillance. (This passage is closely paraphrased from UpCounsel.com.) Domain owner a state. State law varies. Some states make it illegal where you might reasonable expect complete privacy, such as in bathrooms. In some states as long a there is a public notice posted that such surveillance might be going on, it is legal. So if you go in that changing room and there is such a notice, remember to smile. Domain owner a business, credential your employee ID. Almost half of employers have video surveillance in the workplace. There are some laws that may obtain in specific circumstances. But by and large, open season.
In remote communication or access the user may have some control. You can block the use of location on your smartphone by a given app. But did you know your location may be reliably inferred from other instrumentation on the phone even if you have the GPS and location turned off?
You may know that you can dial *67 before an outbound call and block Caller ID going to the number you dial. If you did, did you also know that that doesn’t block it if you call an 800 number? Commerce rules.
The point is, there is no easy way for an individual to know in a given situation whether or not their personal identity is being instrumented, observed and reported.
And there is a patchwork of overlapping domains, each with different laws, rules, policies and conventions, so there is also no easy way for them to know what their rights are in such a situation.
We haven’t even gotten to privacy issues about what a domain owner can do with your data once they have it. We will look at that from our Informational Identity perspective next time.
Stay tuned.
Health IT Architect 