Dave Kearns takes on anonymity

 Dave Kearns of The Virtual Quill (and many other venues) has joined the anonymity scrum (even though he was already in it) :

“Anonymity as default,” which I mentioned in the previous post, is taking on a life of it&#39s own. Now Tom Maddox has posted in his Opinity weblog, commenting on Ben Laurie&#39s commentary about Kim Cameron&#39s mention of Eric Norlin&#39s post concerning David Weinberger&#39s original thought that “Anonymity should be the default.”

(I&#39ll just sit here and whistle for a moment while you follow that set of links)

The point I wanted to mention was Maddox’ statement:

We need to begin with anonymity/pseudonymity as the default, Laurie&#39s ‘substrate choice’. Otherwise, whatever identity system we employ, we&#39ll always be trying to get the cat back in the bag (or the scrambled egg back in the shell)

The fallacy here is that he seems to believe that there can be an “identity system” in which anonymity is a choice! And not only a choice, but the default choice. But without a unique identifier for each object in the system, there is no identity system. And with a unique identifier there is no anonymity within the system. Rather, the default should be PRIVACY for all objects, with any dispersal or publishing of identity attributes only done with the consent of the entity if it&#39s sentient, and the entity&#39s controller if it isn&#39t.

Maddox is correct that once the data is published you can&#39t unpublish it completely. That argument shouldn&#39t be overlooked. But it&#39s equally as important to realize that the “anonymity bandwagon” is out of control and headed for the cliff. Privacy is the key, and privacy should be the issue.

I have trouble with Dave&#39s use of the phrase, “within the system”.  What is “the system” in a multi-centered world with an interpenetrating mesh of domains?  Put another way, just because an object has a unique identifier, do entities dealing with the object have to know that?

Things may have unique identifiers that are known to some identity authority / domain (even infinitesimilly small ones) but these authorities don&#39t have to release them when identifying things to other parties. 

Would an example help? 

Suppose some company – let&#39s call it Contoso.com – runs Active Directory as its local identity infrastructure.  Active Directory identifies all of the machines and people in Contoso&#39s “domain” with a Security IDentifier (SID) – basically a unique id/domain pair.  But when I am dealing with someone from Contoso.com, I probably don&#39t give a darn about their SID, no matter how useful it may be to their local AD system.  Dave, do you care about my SID? Knowing you and loving you, I think you&#39ve got better things to worry about!

In the world of web services, which will be a vast mesh where identity reaches beyond domain boundaries, the definition of what is “within the system” becomes very ambiguous. 

The SID makes sense “within the system” thought of a narrow domain manager.  It normally doesn&#39t make sense “within the system” thought of as a connecting mesh of entities that happen to interact with many domains. 

In this bigger world, I may be interested in the fact that someone is an employee of Contoso, byt totally uninterested in anything that uniquely identifiers them as an employee – even if such unique identification is necessary for some other purpose.

For example, if I call 411, I speak with a representative of the phone company.  I don&#39t know her or his name, or number, or location, or anything else.  I just know the person I&#39m talking with works on behalf of Verizon – and that is all I really want to know.

Yet knowing they are an official employee is still a matter of identity! 

Is this anonymous?  I would say so.  It “has an unknown or unacknowledged name”, as my pathetic online dictionary puts it (I&#39m travelling).  So it is anonymous, but it is identity.

This is all part of the notion that an authority can make claims about a subject – and that this is done through a set of assertions.  Given this, we need a name for the “empty set” of assertions. 

So far, we call it anonymity.  We believe this will ring a bell in more peoples’ heads than “empty set of assertions”.

If we now combine this thinking with the second law (minimal disclosure) – we come to the notion that if more is not needed, the identity set should be the empty set.  This is what I think people are talking about when they say the default should be anonymous.

2 thoughts on “Dave Kearns takes on anonymity

  1. Pingback: » Should the online world reflect the "real" world? | Digital ID World | ZDNet.com

  2. Pingback: Ruminations on Identity » Do you really think you are anonymous?

Leave a Reply