The Future of Identity in the Information Society: Challenges and Opportunities, K Rannenberg, D Royer, A Deuker (eds.),
School of Law
University of Edinburgh
This is Book Review published on 18 September 2009.
Citation: Rodrigues, R., ‘ The Future of Identity in the Information Society: Challenges and Opportunities’, Book Review, 2009(2) Journal of Information, Law & Technology (JILT), <http://go.warwick.ac.uk/jilt/2009_2/rodrigues>
The Future of Identity in the Information Society: Challenges and Opportunities, K Rannenberg, D Royer, A Deuker (eds.), (Springer, 2009, Hardcover, ISBN 978-3-540-88480-4)
This book does exactly what it states on its cover (and much more). It lays out the core research results (representative of five years of research work) of FIDIS (Future of Identity in the Information Society), a multi-disciplinary undertaking funded by the EU as a Network of Excellence (NoE) under its sixth framework programme and involving twenty four leading institutions ranging from government, industry and academia at its culmination point. More information on FIDIS can be found at <www.fidis.net>.
The book, edited by Rannenberg, Royer and Deuker, is reasonably well structured – it begins with an introduction to theme of identity, looks at the nature and conceptualisation of identity in a evolving world, sets forth identity use case scenarios, and tackles topics like high tech identity and emerging technologies, identity and mobility, interoperability in identity management systems, profiling and ambient intelligence, identity related crime and forensics, privacy and identity, concluding with a discussion on the future of identity. The Appendices of the book are also valuable resources for knowing more about the FIDIS Consortium, the FIDIS deliverables (Working Papers), the contributors, and as put by the editors themselves, the outreach activities of FIDIS (e.g. the proposal for a common identity framework in Appendix D) and a simplified glossary of terms. More vitally and refreshingly, the book is interspersed with vignettes; theoretical scenarios that present what to some extent is and in the future may (or may not come to) represent the future of identity.
There are some common threads that run through the entire book: technology impacts and challenges identity; identity has a complex, multi-faceted and evolutionary nature; the privacy dogged challenges of identity and identity management; and the need and call for a holistic approach to tackle identity issues.
In Identity of Identity, Nabeth while acknowledging the difficulties of defining identity and putting it ‘into boxes,’ makes the case for studying identity in a multi-disciplinary manner. Coming strongly through in his arguments, is the case that defining identity can be done in multiple manners. Nabeth presents different approaches used in the conceptualisation of identity (formal and informal). Formal conceptualisation is largely related to explicit forms of conceptualisation, while the informal forms are characterised by imprecise elements like narratives (cases, stories and scenarios). Also set forth are other conceptualisation tools like wikis, blogs, social book marking, tagging, social networking, virtual worlds, information aggregators. This chapter also sets forth how experts are preoccupied with two approaches to identity – the structural (identity as representation) and the process perspectives (identity for identification). It goes on to explore the multi-facetedness of identity and explains the various dimensions of identity, their terminology, sets out some use case scenarios of identity online.
Virtual Persons and Identities is focussed on virtual persons or virtual entities. A large part of the chapter delves into pseudonyms as particular forms of virtual identity. There is a section that studies virtual persons from the general legal perspective, drawing on the legal practice of according rights to abstract entities. Important conclusions are: different virtual entities may have different legal status and personhood. There is an in-depth exploration of trust and trustworthiness in an attempt to set the scene for how trust is a key issue in relating to virtual persons.
In High-Tech ID and Emerging Technologies, identity management systems are at the fore. A very rich overview of identity management and identity management systems is made in this chapter. Technologies like Public Key Infrastructure, Electronic Signatures, Biometrics, RFID and Credential Systems are covered in terms of how these systems work, and what their strengths and weaknesses are. Other technologies that support identity management like Trusted Computing, Identity Protocols, Service Oriented Architectures, Digital Rights Management are also explored along with emerging technologies like Ambient Intelligence and Human ICT Implants. The most significant highlight of this chapter is its call to supplement legal frameworks for new identity technologies with a simultaneous tackling of the social and ethical issues that such technologies create.
Mobility and Identity aims at studying mobility and identity and this it does in good measure. Mobile identities and its technologies are laid bare in a very revealing summarisation of the subject. The chapter summarised the FIDIS perspectives on mobility and identity through exploring technological, legal, sociological and economic aspects of mobile identity management. It also lays out futuristic requirements for mobile identity management systems.
Interoperability is a key issue in identity management. This is well investigated in Approaching Interoperability for Identity Management Systems, which makes the case for understanding interoperability beyond its technical aspect, taking into account other formal (policy, law, regulation) and informal aspects (behaviour and culture). The chapter sets out stakeholder based empirical findings on interoperability issues that bring forth adequately the risks and challenges of interoperability.
Profiling and AmI begins with a presupposition that ‘profiling is the conditio sine qua non for the realisation of the vision of Ambient Intelligence’ (AmI) (p 273). This chapter while defining profiling[as the ‘process of ‘ discovering patterns’ in data in databases that can be used to identify or represent a human or non-human subject (individual or group) and/or the application of profiles (sets of correlated data) to individuate and represent an individual subject or to identify a subject as a member of a group (which can be an existing community or a ‘discovered’ category’(p 275)], neatly sets out the process and applications of profiling (e.g. biometric, location-based, web, user profiling, consumption based, occupational) and hazards of profiling. Boldly, it then goes on to set forth ‘a vision for Ambient Law’ (p 295) – what is termed as ‘law by design’ (staying faithful to Lessig’s Code as Law and Nissenbaum’s Values in Design). The reasons cited in support of Ambient Law are many: firstly, the inequality in the relationship between data subjects and data controller, an ongoing and ever increasing loss of user control, the authoritative capacity of law to protect, and the overall failure of data protection legislation. Ambient Law is envisaged as more than ‘an automatic application of legal rules,’ and this is what adds an exotic flavour to the concept. This chapter uses and develops on much of the profiling theme in the book on Profiling the European Citizen: Cross-disciplinary Perspectives (Springer, 2008), edited by M. Hildebrandt and S. Gutwirth, which one might find it useful to refer to, either in the first instance or for a more comprehensive study of the subject of profiling.
In Identity-Related Crime and Forensics, the taxonomy of identity-related crime developed under the FIDIS auspices is presented. While recognising that there are lawful and unlawful uses of identity, some identity problems are highlighted: identity collision, identity change, identity obstruction, identity restoration. Identity-related crime is categorised. Identity-related crime is also explored in its surreal (film based) and real contexts. The film based analysis proposes that films paint very drastic, negative and unrealistic visions of identity-related crime and pose a danger to how identity-related crime is perceived and acted upon. The chapter also studies the technical aspects of identity-related crimes like nature of attacks, vulnerabilities. In addition to this, it limitedly, looks at the legal aspects and measures used to deal with identity-related crime. Assuming that identity forensics is the mirror image of identity-related crime, the forensic aspects of identity are explored. The chapter concludes with a section on forensic profiling.
How personal data privacy can be maintained amidst the widespread trends of personal data disclosures at different levels is the theme of the chapter on Privacy and Identity. This chapter goes into the murky world of unique identifiers (ID numbers), permeates into the privacy issues of public/statistical databases. It also sets forth some technical and organisational solutions that are envisaged as aiding the preservation of privacy.
Finally, in Open Challenges –Towards the (Not-So-Distant) Future of Identity, Rannenberg and Royer conclude with a final note about the future of identity, and recognise that identity remains a daunting prospect for the future too, given its complex nature, a reasoning one can very well agree with. Four dimensions for future work are elaborated and considered from the perspectives of what action needs to be taken, how that action could be taken and the considerations to be taken into account: Identity Reference Architectures, Identity Management and Privacy, Identity Management and Multilateral Security and Identity in the Internet of Things.
The vignettes (illustrative scenarios) that run throughout the book need particular mention at this point. The vignettes were structured around the FIDIS use case scenarios (in FIDIS Deliverable D12.5) and are also stated to be tinged with their writers’ personal experiences and futuristic visions. The vignettes revolve around the life of a family (what one may conclude to a certain extent to be an overtly privacy oriented family, with the main protagonist Frank being a bit too privacy keen-and-aware). The vignettes paint a high tech picture of a futuristic society and technology-reliant world – a world where individuals are preoccupied with control (though they may not be in control), the power of information reigns supreme and automation is the new cool. The vignettes show endless possibilities of an identity and identity management based life of convenience and possibility. At the same time, they set forth some already evident and possible dangers and threats of an identity based world - surveillance, automated decision making, denial of services, the diminution of humanness, to mention a few. There are also some stomach churning ideas for instance, implanting babies in the umbilical cord with a chip and giving parents the power to permanently chip their children. On the whole, the vignettes are a stimulating and thought provocative educational aid and research aid.
What must be cautioned against is that these vignettes be not taken in similar light as are the morbid identity crime related films which paint gloomy identity doomsday scenarios and prejudice effective thought and action, a concern which is expressed in the book itself (see the chapter on Identity-Related Crime and Forensics). Also, the placement of the vignettes is not to be taken at face value – a vignette that precedes a chapter is not only about that chapter but may contain issues that relate and deal with other chapters in the book.
On the whole and despite the European focus of the book, it has international appeal (both for academia and industry), particularly those most interested in identity and identity management, for its comprehensiveness and coverage of issues from a multi-disciplinary perspective. The book will prove a handy, resourceful and insightful guide to future research in the area.