Two months ago I wrote a blog post about how the Internet affords us not only a semblance of anonymity, but also the opportunity to maintain multiple identities.
Essentially, each email address and login pseudonym that we choose can be used to embody a different persona. This is unlike the “real” world, where our driver’s license, Social Security number, and passport are all tied to one, identifiable individual (except in cases of intentional fraud, of course).
The idea for a National Internet ID system was surfaced in the “Cyberspace Policy Review” document from the Obama administration in 2009. Most of the review concerned national security matters. The authors noted that “the digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than security” and made a number of recommendations to strengthen the protections against cyberterrorists.
Among the recommendations was one to develop an identity management system for individuals on the Internet.
Although couched with privacy-enhancing descriptions, I think it is fair to say that the objective is to facilitate commerce on the Internet.
Under the proposals, you would be able to login once only. You would then be able to roam around the Internet without having to enter separate user-ID/password combinations at each site you visit. Essentially, Google, Amazon, and Facebook would all share the same login. Your Internet ID would “authenticate” your identity, which, at least in theory, would reduce fraud, a major problem for Internet-based businesses.
The program has been assigned to the Commerce Department to implement, and has the backing of large companies such as Google, PayPal, Symantec, and Verizon. (While the government is spearheading the proposal, it would be voluntary and implemented by private companies.)
Indeed, it would certainly make life on the Internet much easier, both for individuals and for the sites that we want to access. No more long lists of login IDs and passwords. No more expensive “help” desk calls over lost passwords.
So far, there does not seem to be much opposition to the idea. The ACLU is concerned that it could develop into a “national ID card” and perhaps with good reason. Originally, and by law, Social Security numbers were to be used only for taxes and the like; now, I cannot even change my cell phone plan without providing the “last 4 digits of your Social.” This sort of mission creep will inevitably occur with the National Internet ID as well.
Something like the current proposal will probably come into being over the next two to three years. Before it does, however, I do think that we should reflect on what it means to individual privacy on the web.
Marketing’s Holy Grail
Essentially, under this structure there would be one login for all websites and a single ID that would follow us from place to place. That means that, quite literally, everything we do on the web could be tied to this one ID. This is the holy grail of marketing. No longer will they have to use tracking cookies or the like to implement “behavioral targeting” – they will know exactly what we are doing online, all day long.
Regardless of whether we are using our PC in our office or in our home, our laptop in Starbucks or our smartphone on the street corner, all of our defenses — such as deleting cookies or using different email addresses for different functions — will be passé.
It certainly won’t be long before the National Internet ID is cross-referenced with Social Security Numbers, which will inextricably bind our online and offline worlds together. The resulting virtual database will know far more about us than we know about ourselves.
For something that started off being described as a “strategy that addresses privacy and civil liberty interests, leveraging privacy-enhancing technologies for the nation,” it gets a bit scary, doesn’t it?
What do you think?