Although anonymity is a cherished part of Internet tradition, it contributes significantly to the problem of Online Trust outlined in my previous post. Anonymity eliminates signals that online community users could use to gauge each other’s trustworthiness.
A trusted credential would re-establish signals for trustworthiness, without completely eliminating anonymity. In the offline world, people use passports (or driver’s licenses) to establish their identity—or verify that they are who they say they are. Banks, schools, foreign countries and individuals alike can trust passports because they are issued by a trustworthy central authority—in this case, the government. A similar online credential could be used to establish someone’s identity online. Using this credential:
- Users with verified ages could gain access to age-restricted sites, much the same way that adults gain access to offline bars using their driver’s licenses.
- Users with verified ages, marital status and photos could present this credential to potential dates on online dating sites.
- The online credential could be one of many tools that e-commerce sites use to reduce fraud. Similarly, peer-to-peer auction and exchange sites can reinforce their ratings systems with an online credential.
Important differences are needed to accommodate the nature of the online world, however. People online have come to expect anonymity in their interactions. A passport or driver’s license would reveal unnecessary information -- home addresses and often social security numbers. This would not be advisable.
Thus, unlike a passport, an online credential should be customized by its user, to reveal only the aspects of his identity he is comfortable revealing towards particular audiences. The user retains all other aspects of his anonymity. For instance, the user would have no reason to reveal his last name on an online dating site.
There are three objections about an online credential that appear plausible at first glance -- but are actually trivial. First, a critic might argue that an online credential would not “eliminate” online fraud. More specifically, an online credential does not directly address online fraud as a problem -- just because someone has a credential does not mean that that person is trustworthy. This critique, however, misses the point. A credential may not directly target fraud, but it provides a tool that works in combination with human judgment. A credential provides online clues that replace offline non-verbal cues. It levels the playing field between fraudsters and honest netizens. Overall, in combination with human judgment, this credential could help significantly reduce malfeasance, reducing low-effort fraud opportunities generated by the lack of any system whatsoever. This moves fraudsters into detectable exceptions -- instead of not knowing if any particular person having equal probability of being good or bad.
Second, an online credential would have to be relatively frictionless. No one would use a credential that is monumentally difficult to establish. For instance, consider a credential that is generated by showing up in-person at a government office with official documents, waiting in line for three hours -- and then having to be fingerprinted. The government office is only open 9 to 4, so people would have to take time off of work or school. No one would go through this hassle unless they absolutely had to. This experience describes what legal immigrants go through to gain permanent residency (i.e. a Green Card). It is doubtful that people would jump through the same hoops simply to establish an online credential. Thus, an online credential would have to be established through a relatively pain-free process -- preferably generated from the comfort of peoples’ own homes, during their own time. This is certainly possible (as I will outline in a future post).
Third, an online credential provider would have difficulty verifying identity credentials. Offline government entities use in-person identification, combined with difficult-to-forge documents, to verify people’s identities. This is difficult in the online setting, which provides neither in-person identification nor high-security documents. What if a person lied about his age, location, etc. to the credential provider? As the Internet is global, how do you provide a universal solution that can verify anyone, anywhere? Considering that many children use the Internet, how do you identify this age group -- which does not show up in public record databases or credit bureaus?
The final concern is indeed valid – and difficult to solve. Thus, it has been the focus of our research. My next blog focuses on this issue: verifying self-asserted identity data.
Posted by: |