Identity

One of the more difficult sets of issues in both offline and online worlds involves identity: how do I know who you are? how do you tell me who you are? who are you willing to be when you’re dealing with me? and so forth.

As Canadians know at the moment, proof of citizens’ identity has become a critical matter in our dealings with the United States. Must we have, are we prepared to submit, fingerprints, or iris scans in order to travel across the border? And then there is the near regression to absurdity of identity itself: identity with what? A passport depends upon a birth certificate which depends upon a declaration by another person, who in turn is identified with a driver’s licence perhaps…

It may be that one of the reasons the internet has proven to be so popular is that it seems to offer a chance to be reborn as someone new — or many different people, depending — or no one at all. I only need an ID I create and a password I choose to gain access to most places online. But this near anonymity (is there a word “polynymity”?) won’t last. For a whole bunch of reasons, the matter of who you are will be straitened fairly soon, I’d guess, certainly where anything of substance is at stake.

Commerce is one of those circumstances. And confidentiality of data is another. Lawyers deal in both areas all of the time, logging on to this database and that, sending data to this court and that (if not now then very soon). Identity is a two-sided problem, of course: there is the vendor’s wish for as much information about you as possible (age group, gender, occupation… Visa number); and then there is your frustration at having 16 passwords to remember or your constant worry that foolishly you have only one password for everything.

Identity 2.0 and federated identity are buzz terms for current attempts to solve both sides of the issue to the satisfaction of the user. It may be that you’ll have a databank account with all of your important information in it and from which you can draw portions as you see fit, all wrapped in credentials that your correspondent will feel comfortable accepting. However it happens, though, it does seem to be something that lawyers should pay attention to and should participate in the construction of.

For a truly entertaining introduction to aspects of Identity 2.0, you might take a look at the video of a presentation by Dick Hardt, of Sxip Identity located in Vancouver. (Simply excellent use of presentation software, by the way.) On a broader front, take a look at another Canadian’s site, Kim Cameron’s Identity WeblogHe’s “an Architect of Identity and Access in the Connected Systems Division at Microsoft, where he drives the evolution of Active Directory, Federation Services, Identity Integration Services, InfoCard and Microsoft’s other Identity Metasystem products.” (!)