The Future of Identity in the Information Society

The ever increasing digitisation of information has led to an Information Society, in which more and more information is available almost anywhere and anytime. The related digitisation of personal characteristics and personal information is progressively changing our ways of identifying persons and managing our relations with them especially in virtual interactions, e.g., over the Internet. As the Internet has opened new spaces for (virtual and supplementary) lives, supplementary digital identities, so-called virtual identities are being created for reasons of security, profit, convenience or even fun (e.g., for leisure communities). What used to be a ‘natural’ identity, e.g., the personal appearance of an individual at a counter, is now as virtual as a user account at a web portal, an email address, or a mobile phone number. These virtual and multiple identities and the paradigms behind them are feeding back into the ‘physical’ world, offering a mix of physical and virtual plural identities and processes to deal with them. Both the new artefacts as well as the new processes challenge the traditional definitions of identity. At the same time identities are subject to diverse forms of management in business, administration, and among citizens: There is almost no week, which does not see a new initiative aiming at ‘better’ identification of citizens, customers, consumers, or entities in general. In this context ‘better’ can have many different meanings, often depending from the point of view of the respective stakeholder: States and their administrations try to identify ‘their’ citizens, while citizens want to be able to influence the respective identification, e.g., its rationale, its degree, its process and last but not least the information flow around it, starting with the question whether or not identification is needed for a transaction or for participating in a certain element of life in society. The core question and often the source of conflict is who owns how much identity information of whom and who needs to place trust into which identity information to allow access to resources.

The objective of this chapter is not to bring the answer to the ultimate question ‘what is identity?’, — an almost impossible undertaking given the complexity and the constant evolution of the subject — but rather to present, more like on a journey, different angles that can be used to define this concept, in particular in the context of the Information Society. Starting first at describing how this conceptualisation can be conducted in the traditional way of theori-sation well known by the academics, this chapter then indicates how less formal approaches such as narratives can be used to help to understand the concept. It also introduces how the new ‘social tools’ originating from the Web 2.0 can be used to stir the intelligence of experts from different horizons so as to generated a meaningful and practical understanding of the subject. The second part of the chapter is used to illustrate how each of these approaches have been operationalised by presenting a series of models and scenarios presenting different perspectives and issues that are relevant to the subject, and a collaborative Web 2.0 knowledge infrastructure that was used in FIDIS to facilitate the conceptualisation of identity by a group of experts.

What is a virtual person? What is it used for? What is its added value?

Virtual persons sometimes describe avatars and new forms of identities in online games. They also appear in other contexts; some authors use them in the legal domain. Within FIDIS, the concept of virtual person has been extended in order to better describe and understand new forms of identities in the Information Society in relation to rights, duties, obligations and responsibilities.

Virtual persons, as other virtual entities, exist in the virtual world, the collection of all (abstract) entities, which are or have been the product of the mind or imagination. The virtual world — not to be confused with the digital world — allows a unified description of many identity-related concepts that are usually defined separately without taking into consideration their similarities: avatars, pseudonyms, categories, profiles, legal persons, etc.

The legal system has a long experience of using abstract entities to define rules, categories, etc., in order to associate legal rights, obligations, and responsibilities to persons that can be considered instances of these abstract entities in specific situations. The model developed within FIDIS intentionally uses a similar construction.

In this chapter, after having explained the model, we apply it to pseudonyms. Then we explore the concept of virtual persons from a legal perspective. Eventually, we introduce trust in the light of virtual persons.

Technological development has undeniably pervaded every aspect of our lives, and the ways in which we now use our identity related information has not escaped the impact of this change. We are increasingly called upon to adopt new technology, usually more through obligation than choice, to function in everyday society, and with this new era of supposed convenience has come new risks and challenges. In this chapter we examine the roots of identity management and the systems we use to support this activity, ways in which we can strive to keep our digital information secure such as Public Key encryption and digital signatures and the evolving yet somewhat controversial role of biometrics in identification and authentication.

With an eye on the ever changing landscape of identity related technologies, we further explore emerging technologies which seem likely to impact on us in the near to mid-term future. These include RFID which has more recently come to the fore of the public consciousness, Ambient Intelligence environments which offer convenience at the potential cost of privacy and human implants which surprisingly have already been developed in a medical context and look set to be the next major step in our ever burgeoning relationship with technology.

While identity management systems for the Internet are debated intensively, identity management in mobile applications has grown silently over the last 17 years. Technologies, such as the still-growing Global System for Mobile Communication (GSM) with its Subscriber Identity Module (SIM) identification infrastructure, are foundations for many new mobile identity management related applications and services. This includes location-based services (LBS), offering customised and convenient services to users (e.g., friend finder applications) and new revenue opportunities for service providers (e.g., location-based advertising).

However, even though the opportunities seem to be endless and technology manageable, challenges arise when looking at advanced aspects of mobility and identity such as privacy, regulation, the socio-cultural aspects, and the economic impacts. To this regard, the interdisciplinary nature of mobility and identity is imminent and needs to be explored further. By learning from the diverse field of challenges, new mobile communication systems can be created, allowing for more privacy-preserving service provision and a more transparent handling of mobile identities.

This chapter presents three scenarios for mobile identities in life, work, and emergency situations: Mobile Communities, Traffic Monitoring, and Emergency Response via LBS. Based on these scenarios is an analysis of the specific properties of Mobile Identities, leading to a description of the FIDIS perspective on mobility and identity. Then a deeper analysis of the technological aspects of mobile networks gives the basis for the following closer look from the legal perspective on issues such as data protection and from the sociologic and economic perspectives. An outlook on the future challenges of mobility and identity concludes the chapter.

Establishing interoperable systems is a complex operation that goes far beyond the technical interconnectedness of databases and systems. Interoperability emerges from the need to communicate data across different domains for a specific purpose. Transferring the data may represent a technical challenge because of different protocols, standards, formats and so forth. However, the most difficult challenge lies in reconciling and aligning the purpose, use and other changes consequent on transferring that data. Changes in data ownership and custodianship have an effect on power structures, roles and responsibilities and on risk. In the first part of this chapter our aim is to develop an understanding of the term ‘interoperability’ as it currently applies to the area of identity management. We propose a three-fold conception of interoperability in IdMS, involving technical, but also formal-policy, legal and regulatory components, as well as informal-behavioural and cultural aspects. Having noted the official EU/government agenda as regards interoperable IdMS, the second part of the chapter is concerned with the perspective of other important stakeholders on the same topic. First, the views of experts from private and public sectors across Europe are presented. Following this, the perceptions and attitudes of EU citizens towards interoperable IdMS are discussed. Together, the findings presented point to the crucial challenges and implications associated with the sharing of personal data in the provision of eGovernment, eHealth and related services.

Some of the most critical challenges for ‘the future of identity in the information society’ must be located in the domain of automated profiling practices. Profiling technologies enable the construction and application of group profiles used for targeted advertising, anti-money laundering, actuarial justice, etc. Profiling is also the conditio sine qua non for the realisation of the vision of Ambient Intelligence. Though automated profiling seems to provide the only viable answer for the increasing information overload and though it seems to be a promising tool for the selection of relevant and useful information, its invisible nature and pervasive character may affect core principles of democracy and the rule of law, especially privacy and non-discrimination. In response to these challenges we suggest novel types of protection next to the existing data protection regimes. Instead of focusing on the protection of personal data, these novel tools focus on the protection against invisible or unjustified profiling. Finally, we develop the idea of Ambient Law, advocating a framework of technologically embedded legal rules that guarantee a transparency of profiles that should allow European citizens to decide which of their data they want to hide, when and in which context.

With the ever-increasing importance of identity and identity management in the information society, identity-related crime is also on the rise. Combating crimes like identity theft and identity fraud, not in the least with the help of identity forensics, is a key challenge for policy makers. This chapter aims at contributing to addressing that challenge. It summarises the findings of five years of FIDIS research on identity-related crime and identity forensics. A typology is given of the various forms of identity-related crime. After an analysis of relevant socio-economic, cultural, technical, and legal aspects of identity-related crime, potential countermeasures are discussed. We then move on to forensic aspects, with a critical analysis of pitfalls in forensic identification and case studies of mobile networks and biometric devices. Next, forensic profiling is discussed from a wide range of perspectives. The chapter concludes with lessons drawn from the five years of FIDIS research in the area of identity-related crime and forensic aspects of identity.

The current mainstream approach to privacy protection is to release as little personal data as possible (data minimisation). To this end, Privacy Enhancing Technologies (PETs) provide anonymity on the application and network layers, support pseudonyms and help users to control access to their personal data, e.g., through identity management systems. However, protecting privacy by merely minimising disclosed data is not sufficient as more and more electronic applications (such as in the eHealth or the eGovernment sectors) require personal data. For today's information systems, the processing of released data has to be controlled (usage control). This chapter presents technical and organisational solutions elaborated within FIDIS on how privacy can be preserved in spite of the disclosure of personal data.

Identity was a multifaceted and challenging topic, when FIDIS started to work on it, and it will be multifaceted and challenging in future. It has relations to aspects, such as societal values (e.g., privacy), societal phenomena (e.g., crime), application areas (e.g., eGovernment and mobile communications), technologies (e.g., High-Tech IDs), and last but not least scientific disciplines. In each of these areas FIDIS worked on identity, and it became clear that each of the areas is changing, keeping identity a dynamic and multi-faceted field. It may actually get even more aspects in the future, given the fact that none of the questions have disappeared during FIDIS' work so far, but new aspects showed up, e.g., with new technologies showing up. So even after 5 years of FIDIS, not all questions are answered. Some dimensions for future work are discussed in the following sections of this chapter including: The discussion of these topics is especially focusing on the questions: ‘What is to be done? How can it be done? What needs to be considered?’, for shaping the future of identity in the information society and to adequately address its underlying challenges and opportunities.

In all cases standardisation (as it happens globally in e.g., ISO/IEC JTC 1/SC 27/WG 5 ‘Identity Management and Privacy Technologies’) and regulation (e.g. on data protection and privacy) are of importance and usually trigger more research questions, once the first research results are on their ‘radar’.