This is a book about footprints – digital footprints to be precise. For the most part, unlike footprints in the sand, digital footprints are largely invisible and are about where we have been, for how long, how often and the inter-relationships. Digital footprints are a capture of memories and moments and are built from your interactions with mobile, web and TV. Digital footprints are not about your identity, your passport or bank account.
While the idea of digital footprints has existed for some time, this book extends the current body of knowledge on this subject in two specific ways, by considering the digital footprint as part of a real-time feedback loop and the impact of mobile devices on digital footprints. In an open loop system the digital footprint is part of behavioural or targeted marketing based on collecting and analysing data, but the closed loop model, as described within, is an entirely different animal and raises a provocative question: Is your digital footprint yours or someone else’s business?
In conventional terms, digital footprints are the digital ‘cookie crumbs’ that we all leave when we use some form of digital service, application, appliance, object or device, or in some cases as we pass through or by, this happens regardless of whether we are actually cognisant of this. We intuitively accept, when forced to think about it, that these traces exist and we somehow expect that, over time, the waves will wash over the digital footprints to erase them like the ones on the beach – but they are not. Like everything on the web, digital data cannot be washed away, it remains forever, but we could actually benefit from taking control of our own digital footprint.
This chapter provides a context to identity, privacy and other widely debated issues that get bundled together as part of the digital footprint. There is both good and some very poor work available on identity and privacy; this summary is presented as an overview to provide the context of how identity (physical and digital) and privacy are related and connected to MY DIGITAL FOOTPRINT. In the simplicity of this big picture, I hope to highlight some of the key themes that lead to the black holes of debate and strong opinion without glibly or underemphasising some, rightly, contested issues.
Identity is not simple, but, at a very high level, it provides the person on the street with a name, driving licence, bank account, credit history, social security and certain certification from both government and non-government organisations. Whilst identity for the average person is seen as regulated and institution-controlled; privacy is emotional, a preference, determined by status but constrained by regulation and law. Digital versions of identity and privacy are in the most terms not even considered by Mr Average; leaving a digital footprint as a term that is not even contemplated. Defining MY DIGITAL FOOTPRINT is therefore complex, but this book suggests: collection, store, analysis and value created from digital data from mobile, web and TV. Additional collect points for data such as Near Field Connection cards (NFC) (e.g. Oyster in London) and non-web financial transactions will be added at a later stage.
The following chapter outlines the links between digital and physical identity connections and dependencies, as set out in Figure 1 below. This section then leads on to the connections between identity and MY DIGITAL FOOTPRINT.
Identity is split between ‘digital’ and ‘physical’. This split is important as there is a need to explore their different and similar characteristics. As explained later, MY DIGITAL FOOTPRINT (in this book) only relates to the digital side, but digital identity does have some strong dependencies on physical identity.
Digital and physical identities are related through certain bridges and bonds. These are couplings that allow the two forms of identity to have value. Bridges are direct connections that allow someone to use either form of identity for a single purpose, such as using your bank card for digital and physical transactions. Bonds are not the direct relationship between the digital and physical, but are bonds which allow the two to be related, as certain key information is held in both that allow the connection to be made. Both bridges and bonds have certain dependencies. These dependencies are privacy, risk and trust.
Digital and physical identities are also related to each other by either relationships or reputation. Facebook, MySpace, Friends reunited, Plaxo, Linkedin deliver relationships between the physical you (what you did and with whom) and the digital you. Indeed, you could see this as ‘bond and bridge’. As you trust someone from the past, you connect with them, this restores your relationship and improves your reputation (you are who you say you are).foot
The purpose of this book is not to explore these connections but to observe that they exist, as this is needed to help define what MY DIGITAL FOOTPRINT is, in relation to certain traits and characteristics of identity.
Figures 2 and 3 separate physical and then digital identity into certain traits and provide an outline of each.
Physical identity can be broken down into many traits; this list is only for example and highlights certain contentious issues. Again, this is not exhaustive coverage as there is an enormous body of work available.foot
The certificates produced by government (birth, marriage, driving licence, passport, social security). These documents are a stable proof of who you are. Fraud is possible and allows someone to take over your identity. Depends on original certification (provides evidence of history) and in some instances a match in a central database.
The physical characteristics of you: eye colour, skin tone, iris, fingerprint, blood group, height, DNA, speech and style. Technology is continuously improving which allows you to use your body to identify and confirm that you are who you say you are, it does not relate you to others or history (aka certification).
This trait of physical identity relates to organisation-based identification, such as your password and log-in ID, library card, entrance pass, phone number and utility bills. These organisations have satisfied themselves that you are who you say you are and provide an extension of your certificated proof. This has obvious and deep links with identification and authentication below.
A major part of identity is value. Value is achieved as you can provide identification to enable you to extend and expand the services you want. The eternal question is related to if you are providing evidence that is fraudulent and to what degree you can step back to warrant truth. Identification in this sense for true identity experts is validation.
Authentication sits across several other physical traits as it is about the evidence that you are who you say you are. At a simple level this would include your card and PIN for accessing your bank account.
One of the purposes of identity is to enable you to start and continue to trade; either to buy goods and services for yourself or your organisation. As a trait it is important as it brings relevancy to the level of identity required by providing a hurdle to overcome and quantifies risk.
Our focus now turns to digital identity, which has different traits to physical identity. It is worth remembering that whilst digital is different, it is bridged and bonded to physical. Whilst exploring digital, part of the mind should remain cognitive of the fact that digital doesn’t, in many aspects, exit without the physical.foot
Digital identity, like physical, can be broken down into several inter-related traits; this thirty thousand-foot list highlights certain contentious issues. Again, this is not exhaustive coverage as there is a wide range of detailed insights available. It is worth noting that digital identity allows users with the desire to build their own identity, a different identity or augmenting the one given to you by the church, society or government.
These are some of the many objections to digital identity and include:
The Data Protection Act and similar law and regulation. This is a body of work designed to protect the user. In many cases it introduces a high overhead and often does not have the tools for enforcement.
Surveillance. Usually first up. Being watched and identified, this data then stored and used against you. Some benefits but fear, uncertainty and doubt reign.
Re-identification. A difficult topic, where data has been anonyised but can actually be reconnected to the original user. You don’t want to give your home address, but your GPS-enabled device embeds information that allows re-identification. Usually takes some work, but in reality quite easy.
Tracking (things and people) like surveillance – tracking allows you and your objects to be found, identities and details of their routes and routines. ‘Big Brother’ state and companies trying to control your life.
Storage. If data is centralised it cannot be secure and has to be backed-up (copied) for business continuity processes. If de-centralised, who owns it and how is it managed? As a barrier, security is about complex balance between user experience and protection.
One ID. It is impossible to change passwords every week. Having one ID is what the user wants for user experience, but is the worst nightmare for security. A balance that is not in balance.
This trait focuses on the technology and implementation. Some characteristics inter-relate with barriers.
Sign-in and passwords: Provide an essential part of digital identity. Management of sign-in and passwords is very difficult (open ID, one ID) etc, and have approaches to offer a better user experience, but this is at the risk of security
Overhead. Anyone who works for a corporate who has secure ID log-in will immediately identify with overhead. This is all about the layers of improving security at the cost of user experience.
Complexity. Every part of identity is complex and inter-related: there are no simple answers. Just imagine trying to ensure that your company has a database of all staff and that they have a physical reference related to each member that is checked, allocated, aligned and protected. This data is then guarded, protected and tracked. You now want to introduce a new access method to your buildings and network, how do you secure the old and the new, and guard against errors in the old data, clearing holes in the new?
Management. This captures the management requirement for the user to store and hide log-in, passwords and ID. [Technology management of solutions comes under implementation management.] Running digital identity for individuals only becomes more complex and more open to abuse. Management also covers executive management functions where current directors’ fiduciary duties mean that their company brand and professional reputations are on the line as well as criminal proceedings for any breach.
Bypass. Without users this would disappear. The weakest part of any digital ID is admin bypass. Users lose log-in, ID and passwords, somehow recovery and access has to be administrated. The admin of bypass adds even higher levels of complexity.
Collection. Even at the most basic level, collection of data to build a map of behaviour is well established. Our finance market provides a warning about past performance and is not a good indication of future performance. Commercial and non-commercial organisations can gather data today without cost (Web 2.0) and this collection (what is collected, from who, the types of data and from what devices – mobile, web and TV) opens up new possibilities. Collection is not difficult!
Storage. As an implementation trait this is easy to understand (also see storage within the barriers section previously). Storage and the last topic, security, make storage a complex implementation issue. Federation and peer-to-peer look good at the outset, but the public has no idea what the industry is talking about or if the balance is in their favour.
Security. This is how to secure, and keep secure, digital identity.
This trait is about what needs to be managed.
Person/persona. There is a difference for a user between something that is linked to the person, this being physical (money) and persona (second life, world of warcraft). Whilst both should be viewed to have equal value to the user and should be protected to the same degree, there is a difference in the linkage to what would happen if stolen. One is unbounded (access to a bank account gives many opportunities) and bounded (the world of warcraft is limited to selling ID or taking power).
Degree and level. To what degree or level is there a necessity to protect and manage digital identity? As with person/persona above, there is a variation, which links to implementation. However, if you could trade between the person and persona, and they had fundamentally different degrees of management, integrity, security, risk, trust, or privacy – should the trade be allowed or will it bring everything to the lowest common dominator?
Voluntary/forced. Forced is the requirements your bank and your corporate give you, for good governance reasons. Voluntary is open, and provides simplicity for ID access to your Plaxo, Linkedin, MySpace, Live and other 2.0 accounts. Management [forced] is easy to implement and deliver; voluntary, as per degree and level, may bring down secure systems if the two have to cross.
Transparent/forced. A topical issue with UK Government presently (May 2009). Expenses that have been hidden are easy to defraud. Transparent and open allows for inspection and the collective approval. Should your digital ID be approved not by you or an organisation (forced) but by your social network?
Open/closed. As per voluntary and transparent, should the system by which digital ID is verified and delivers integrity be open or closed? Open allows the possibility for bypass and creation of false identities as the system is understood. Closed, you would never know. Is open/closed the question, or should it be about development methods, requirements or agile iteration?
Control. As a management trait this is hidden in here as it is controversial. Control is required by the state and organisation as there is a belief that this provides for enforcement and delivers security. Control is interrupted by the user as controlling. There has to be a balance between integrity (below) and control.
De/centralised. As a management trait this is an important topic as centralised is easy to understand and as easy to break, and has links to storage and bypass. Decentralised offers an interesting alternative; however, introduces complexity and knowing your data may be stored on someone else’s machine (even encrypted and only in part) may not engender participation and trust. Again a balance.
Integrity. Managing integrity (data, personal, corporate, governance), as per all the previous points, is a challenge especially if an inspection or regulation body is empowered to maintain standards (and what standards?).
This trait of digital identity brings out the aspects of value that can be created, within the context of the barriers, implementation and management traits mentioned over the last few pages.
Benefits. Whilst understanding the conflicting issues mentioned in brief above, the rational for spending time on this topic and having a digital identity is to have benefits for the user. Benefits for the user include being able to trade and barter for goods and services in an easier and more user-friendly environment, reduce and prevent crime, improve medical diagnosis and recovery, remove virus and spam, and deliver context, personalisation and other benefits in a web, mobile and TV world (the screens of life).
History. There is no evidence that the author attended Little Green Junior School, nor certificates, and in the past 30 years all records will have been destroyed. Personally there are a few text books left that could help. My Facebook profile shows a picture of me at age 10 with the class of 1977 on our French exchange trip. Suddenly I have history, developed and delivered and validated by my community.
Reference. As per history, my Linkedin CV provides references about my work from the community, not made up by me.
Anonymity. Digital identity does deliver personas and anonymity.
I hope that this highlights that whilst physical identities are centralised in their systems for design, development and control, they're mainly about an organisation or government keeping people out or getting people into a system; the emerging softer identities of the digital footprint are de-centralised 'starfish'-types of identities with peers and peer-groups providing reputational validation and authorisation, rather than authorities, (your boss, the government, the bank).foot
This print function will only print the screen visible section to save paper - please don’t print out the entire book as it is an environmental waste of paper and ink. If you need a printed version please purchase the book. Thank you for your understanding