Friday, March 11, 2005, 6:26 PM

Strong Identities Can Be Anonymous

Just because a digital identity is strong, does not mean it cannot be anonymous.

An is a digital identity that is not linked (or bound) to a known legal entity (person or otherwise).

A , which represents an entity, is a digital identity which, when participating in multiple transactions, results in high confidence that it is the same entity involved in all the transactions. The "stronger" the digital identity, the "higher" confidence.

Thus, you can have (1) an anonymous identity that is not strong (e.g. for posting stuff low importance stuff on the web), (2) a strong identity that is not anonymous (e.g. for signing legal documents online), (3) an identity that is not strong or anonymous (e.g. email provided by your ISP), or, (4) an anonymous, strong digital identity (... I can't think of an example, but I'm sure someone can).

Why am I blogging this? Well, Stefan Brands just wrote Identity Bloggers: meet the Privacy Bloggers, recommending that digital identiy bloggers be familiar with privacy issues (which I agree with). However, Stefan goes further than I would by suggesting that
... whenever we talk about digital identity management, we are literally talking about moving around personal information, which is subject to privacy regulations and societal anxiety.
This is only the case when the digital identity in question is not anonymous. (Which, admittedly and unfortunately, is the norm today due to the ad hoc evolution of our "identity systems".)

Conversations about identities can be fairly independent of privacy if we decouple the discussion from the issue of whether there should be bindings between identities and legal entities. The privacy debate starts once bindings have been established ... and is centered around who gets to do what (read/store/distribute) with which bits of information in transactions... and it will be, in part, a "religious" debate, depending on your information dogma.

Perhaps the point at which the privacy debate starts to impinge on the digital identity discussion is around the question of should digital identity systems be required to implement support for anonymity. Once the ability to be anonymous is forfeit, the holder of an identity can only achieve a guarantee of privacy legislatively, and not technically.

o Stefan Brands, Identity Bloggers: meet the Privacy Bloggers (
o Alex Cameron, Beyond the Panopticon: Architectures of Power in DRM (
o P.T. Ong, Support for Anonimity (
o P.T. Ong, Information Dogma (

Updated (March 18):
o Stefan Brands responds in Identification and anonymity are not opposites (
o Johannes Ernst points this way in Anonymous Digital Identities (

0 Comment(s):

Post a Comment

<< Home