When Google Knows You’re Not a Dog: Electronic Identity and Social Media

When Google Knows You’re Not a Dog: Electronic Identity and Social Media

Image Source:  lawfareblog.com

Image Source: lawfareblog.com

These past few months I got to join a seminar on Social Media and Public Policy, led by Sanford grad Matt Perrault, now Head of Global Policy Development at Facebook. It’s been a terrific experience. From that source, musings on the potential impact on the social media landscape of evolving personal identification policies. Am I who I say I am? I can usually satisfy that question with a plastic card, 2 3/8 by 3 5/8 inches in size, featuring my name, the date of my birth, and a scowling, fluorescent-lit semblance of my face. As any college freshman knows, it’s not hard to fake. Transactions requiring a higher level of security might shine a purple light on my ID, swipe a credit card, or ask for a utility bill, passcode, social security number, or name of my first pet. Still not sure? Trace my fingerprints, map the pattern on my iris or the reflectiveness of my retina, or take a snapshot of my DNA.

Aside from the last set (which are resistant to error, just hard, slow, and expensive), any two of these are more secure than the sum of their parts. It’s easy enough to steal my ID card and easier still to guess the name of a hamster (it’s Stuart), but hard to do both at the same time. Taken to a further extreme, this is the principle behind electronic identity cards.

Electronic ID card can mean a lot of things. Here it means a system that combines a pocket-sized physical object, a cache of personally identifying data that exists apart from that card, and a simple means of linking the two. At least eighteen countries now have electronic ID cards, including Germany, Israel, Mexico, and Pakistan. The world leader in electronic ID cards remains Estonia. Since 2007, Estonians have been using the cards to make bank withdrawals, buy train tickets, pay tuition bills, file taxes, and even vote online.

Here’s how Estonia’s electronic ID card works: At birth, every Estonian citizen is assigned a digital birth certificate which includes a few unique numeric codes and some biometric data (eye color, fingerprints). At fifteen, that data is linked to an ID card. The card has a photo and some basic information printed on its front, but it also includes a digital chip that stores some of the data and allows easy connection to the rest of it. Instead of signing their tax returns, Estonians scan their ID card and punch in their pin code. Tax refunds take about an hour.

Advantages, disadvantages, and implications of electronic ID cards

The advantages of electronic ID cards are mostly obvious: They’re convenient and reasonably secure. On the flipside, they have met resistance on privacy grounds. This is notably true in the United Kingdom and the United States, where a strong emphasis on civil liberties has preempted any comprehensive national identity system.

As of last fall, the UK instituted something called the Verify program. Much like the Estonian ID, Verify allows users to confirm their identity by scanning an array of sources, in this case mostly credit statements and utility bills. Verify goes to great pains to avoid storing any of this information on government servers, instead pulling from private companies, namely Experian and Verizon. Verify has met with some predictable opposition from privacy advocates, but on the whole it has been warmly received. This suggests a degree of comfort, in a political climate very similar to our own (US) climate, with privately operated databases at times when the intrusion of Big Brother would be unwelcome.

A related concern pertains to the security of the chips in electronic ID cards. If exercised without sufficient encryption, such chips might broadcast personal information to anyone with a scanner. This was the case with a botched round of post-911 US passports. More sophisticated cards appear to be sealed off from easy detection, but decryption tends to advance faster than the production of hardware, such as the cards, which are renewed only every five or so years.

Estonian officials have argued that their system has only strengthened privacy. While I am unlikely to know when the state pulls my file, Estonians receive an alert every time their records are accessed. One political candidate caught his opponent illegally searching for campaign dirt this way.

Electronic ID’s and social media

“On the Internet, no one knows you’re a dog,” reads the caption of a 1993 New Yorker cartoon. Social media platforms facilitate the process of creating an internet identity. Some care more than others about establishing a link between your internet and real world identity. That is, some do try to check that you’re not a dog, while others really only care that you’re the same dog each time you log in.

In both cases, electronic ID cards might remain distinct from social media platforms, or they might become fully integrated. The answer will be a function of the cards’ ubiquity, ease of access, and security.

For instance, Google currently has an optional two-step verification process. Rather than just logging in with a password, you can opt to login with your password plus a verification code that’s sent to your phone number. This same function could be performed with an electronic ID card like Estonia’s and could be equally convenient. But it wouldn’t be much more convenient—smartphones are pretty handy for a high proportion of Google users—so the cards would have to be widespread to justify the change. This is an example of how electronic ID cards might perform the “same dog” function.

On the “not a dog” side, electronic IDs are more promising. Facebook could use electronic ID’s to ensure that not only am I the same person who created a profile for Peter McElroy, I am the person who that profile accurately reflects. The photos, the hometown, and the birth date all match the name, and the name matches me. Even on platforms where anonymity is prized, like Reddit, electronic ID technology could be used for backend verification, such as to make sure the user is over eighteen.

Business networking and employment recruiting sites could offer instant background checks. So could dating sites. Without getting too starry-eyed, this all involves a fundamental reshaping of the way we look at internet identity. A degree of uncertainty, of not knowing whether we are being deceived, has been at the center of many platforms as a matter of course. Electronic ID technology could allow users to pick and choose when they want room for self-invention and when they just want to be really sure that the user they’re chatting with is not a dog.

Interview with Professor Tana Johnson

Interview with Professor Tana Johnson

Sanford LAC presentation event

Sanford LAC presentation event