For several years now there has been a shift in the way people look at privacy on the Internet. It is deplorable to see how personal information is increasingly considered to be some sort of currency. The dominant behavioral marketing business model on the Internet offers free services in return for personal information. The width and depth of the information collection however is often unknown to users. As a consequence, people do not fully contemplate how much they really ‘paid’ for certain services with this new currency. On top of this, the demand for personal information is increasing, whereas it is not always clear what benefits users get in return.
There are, nevertheless, several good arguments defending the collection of some personal information. In an online shopping, banking or healthcare context it is obviously necessary that both parties can identify each other to some extent. But up until today there has not yet surfaced a clear and uniform system in which the flow of personal information can be controlled. As a matter of fact, it is possible to talk about a certain identity-paradox on the Internet today. On the one hand there are plenty of ISPs that possess the most detailed profiles of Internet users (eg. social networks, search engines, ad networks, etc.). On the other hand, plenty of Internet players still have difficulties ensuring themselves that a certain user really is who he says he is. It seems as though personal information is massively collected online, while it is often very hard to determine (with absolute certainty) the physical identity of the user(s) behind it. Actually, in many cases ISPs do not have a direct interest in knowing this. Thus, the paradigm “on the Internet, nobody knows you’re a dog”, remains valid in some sort of way. ISPs know what kind of person you are, but not who you are. Briefly, today the online identity environment seems to be an opaque no man’s land where chaos governs and different players (some with questionable motives) try to determine the rules.
Together with an increasing government interference, this are the main reasons why some authors (eg. Clippinger, 2007) vigorously plead for the introduction of an ‘identity layer’ on the Internet. This layer would not only allow identification but should also provide methods for identity management and privacy protection. The way Clippinger describes the preconditions of this new layer (eg. the seven laws of identity enumerated by K. Cameron) has to be encouraged in my opinion. As more and more day-to-day activities take place online, it becomes increasingly important to allow individuals to effectively control their identity and what personal information is to be shared online, just like they can in the offline world. The proposed identity layer would provide such an environment, in which it will be possible for users to efficiently manage and control the flow of their personal information on the Internet.
As “it takes technology to fix a technology”, a bottom-up approach is preferable. Only a limited role should be given to the government, who should just provide a policy framework and some general principles. Once more it appears that ‘code is law’ (Lessig, 2006). The core of this identity system should be developed by the sector, the market itself. The identity layer would necessarily be universally applicable and should especially be construed on an open source basis where different players build upon the same uniform platform. Only in such a context it is possible to guarantee flexibility, alertness and responsiveness which are critical to provide maximum security. “Engagement, not isolation, is the road to security through the recognition of mutual interests” (Clippinger, 2007). Only when technology is the product of those who are subject to it, maximum legitimacy and effectiveness will be achieved.
Concluding, it may be clear that a major change in the present online identity landscape is required. On the one hand there is an increasing need for a system that securely proves identity. But on the other hand, a stop must be put at the unbridled collection of personal data by third parties. The emergence of an identity layer on the Internet would solve these issues. Not only will the present inflation of personal information as a currency be stopped and the lurking dangers of government surveillance and online discrimination be reduced, in the proposed solution everyone will be able to effectively proof (part of) his or her identity to whom he/she wishes henceforth.