<-- digital ecosystem | Transhumanist Terminology | disassembler -->
An alternative identity, secured through the use of strong crypto, the
digital pseudonym is a mainstay of transhumanist thought. In its strongest
form it offers the possibility of precisely controlling how much of your personal data
leaks out to others. Victims of horrific crimes will be able
to discuss their experiences without fear of being identified, the politically
oppressed will be able to speak out without fear of torture or death at the hands
of the local jack-booted thugs, those with different artistic
sensibilities from their surrounding
community will need not fear humiliation or ostracism. It is the hard-core privacy activist's
wet dream.
Most variations of the idea revolve around the widespread use of several
advanced encryption applications; public key encryption, anonymous
digital cash, and effective trust networks are all required for the
emergence of digital pseudonyms. While all of these are technologically feasible
today, a lack of necessary legal and social infrastructure will prevent the
emergence of digital pseudonyms for the forseeable future.
The core of the digital identity (any identity, not just "pseudonyms") is a
pair of large numbers--the private and public keys of a public key encryption
system. With these it is possible to establish that a message is from who it
says it is from (authentication), it is possible to prove that someone said
something even if they later deny it (non-repudiation), it is possible to detect
changes made to a document after it has been signed (integrity), and it is possible
to exchange messages with someone with no possibility of being listened to (privacy).
Each of these functions contributes to the identity in its own way but integrity
and privacy are of less consequence in the matter of digital identities than are
authentication and non-repudiation.
The first function, authentication, by definition establishes the actual identity
of the sender of a message. It does this not by identifying a specific individual,
but by reliably tying two or more messages together as having originated from the
same source. Since it can be verified that the same key signed message A as signed
message B it can be verified that the same person authored both (or, at least, is
willing to be held responsible for the contents of both). This allows for the creation
of trust over time even between individuals who do not "know" each other in the
traditional physical sense; it allows for the emergence of reputation and future
consequences without which a functioning social framework cannot exist. It is possible
to examine someone's prior messages and to use them as a guide to the reliability,
intelligence, trustworthiness, etc. of the sender.
The second function, non-repudiation, is essential to functioning of the framework
that authentication allows. A contract is of little use if one of the parties
can later claim to have not signed it. Past messages cannot be used to indicate
reliability if they can't be tied to a specific source. Digital signatures have been designed
to make repudiating a signed message impossible, at least if you want to continue to
use a particular identity.
The other features of encryption, integrity and privacy, are not as interesting in
the context of digital identities. While it is a hard and fast requirement that
messages not be alterable after signing it is more of a fundamental encryption issue
than one specific to digital identities. Privacy in the encryption sense falls into
the same category, even though a vastly stronger social form of privacy is the
whole point of digital pseudonyms.
Public key encryption, then, provides the actual digital identity used as the pseudonym.
It provides the mechanisms for verifying that two messages are from the same source,
that the contents of the message are as the sender intended, and that the sender can't
later claim to have not sent the message. But this isn't enough, it turns out there is still
a more fundamental problem to be solved.
A far more insidious problem is how to determine who to trust in the first place. It's
all well and good to be able to refer to your past interactions with someone as a guide
to how they'll behave in the future, but that doesn't give you any guidance on whether you
can trust someone the first time you go to deal with them. You can't just trust other
signed testimonials, digital identities are so easy to create that all of the testimonials
could originate from the same source. You can't automatically trust every identity you
come across, not unless you'd like to find you and your wallet soon parted. At the
root, the problem here is that even if you can verify that the encryption is good you still
know nothing of the underlying intention.
Once again there is a technical solution to the problem which has not yet been widely
deployed. Trust networks such as the one implemented by Advogato (although there are
numerous others) can provide a
mechanism to verify someone based on their past interactions with others. These networks
work by having Tom vouch for John, John vouch for Mike, and Mike vouch for Susan. You
can presumably trust Susan if you trust Tom. Properly implemented a trust network of this
sort is demonstrably resistant to attack by malicious agents; the better of them are resistant
to attack even if some of the attackers are highly trusted members of the network.
Even this leaves a problem, and it is likely to be this that prevents the emergence of
cheap, throw away identities even if public key encryption and trust networks were to
become widely adopted. Nobody is going to want to do any sort of business with a newly
created identity. Without an established place in several trust networks and a history of
interactions an identity is going to have serious problems functioning in even a limited
capacity. Even if banks were to open accounts to purely digital customers, they
aren't going to open accounts for an identity with no history (money laundering regulations
guarantee this); customers aren't going to do business with a random email address that
has no references, no matter how good the encryption (look at Ebay and the difficulty some
first time sellers have); even retailers and service providers will effectively refuse to work
with newly established identities by only accepting payment in forms controlled by
large banks (such as credit or debit cards).
Establishing a new identity will be an expensive and time-consuming business.
It starts with small transactions that provide low enough risk to the counter party
to overcome their reluctance to deal with an identity with a short history. Given enough
small transactions the identity will slowly find itself becoming more trusted and, thus,
being able to engage more fully in a digital society. But this requires the time and attention
of the individual that owns the identity, and in the end I doubt you'll see individuals
with several identities that they change depending upon whim or context.