Virtual Identity: An American Blind Spot

America’s march into the era of homeland security is a chilling prospect that must be embraced. I know from the ’60s even our government, like every other, is capable of violating citizens’ rights, including the right to privacy. Vigilance must be constant. Three cheers for the ACLU and The Nation!

Still, September 11 did happen. It reminded us privacy also means anonymity, cloaked messages, and untrackable money transfers.

The informational solution is identity management. In everyday terms, that means access is controlled via combinations of registration, verification, and authentication handshakes between two or more machines. The security industry adage is enrollment enables entitlement. Under such a regime, users are empowered with a machine-readable identity that handshakes its way into and out of protected systems. No one can be anonymous. Instead, everyone’s knowable and accountable.

It reminds me of the century-old thinking of Oliver Wendell Holmes, the U.S. jurist who conceived and coined both “the right to privacy” and “the duty of publicity.” The former is the right to keep personal activities from being disclosed or revealed in public. The latter is an individual’s obligation to identify themselves in their public activities. That’s how people become accountable. Public opinion has no impact on anyone who’s anonymous.

Law-abiding, freedom-loving Americans should embrace the opportunities and responsibilities afforded by identity management, even if prompted by September 11. What good are freedoms if they can only be exercised anonymously?

Marketers should encourage them, too, even though it likely means giving individuals more control over their personal information. Which is a good thing. We want consumers to present themselves, to make themselves known and knowable. Unfortunately, the potentiality of virtual identity is difficult to grasp in the United States because, despite Holmes’s thinking, the prevailing conceptual framework is different.

In the U.S., information policy has been handled piecemeal — by case law, regulatory decision making, and special purpose legislation — over the course of decades. In terms of substance, it has largely been limited to balancing cost-benefit compromises between individual privacy and commercial freedom. Western Europe is better prepared. There, individual consumers have information rights.

Two decades ago, the Organisation for Economic Cooperation and Development promulgated a comprehensive and demanding set of regulations for the tasks of notifying, collecting, using, storing, accessing, and correcting personal information. They’ve been widely embraced, enacted, and enforced by national governments. When regulations proved inadequate to protect individuals in certain circumstances, many Western European countries created informational rights for their citizens, in some cases inalienable rights and in a few cases rights codified into constitutional amendments. Perhaps Europe’s experience with police-state abuse of information systems enabled governments and citizens to quickly embrace and enact into law principles of informational self-determination.

That kind of perspective and that dimension of the situation are hard to get to from the current agenda in America. The leading U.S. initiative today is focused on dividing information into sensitive and nonsensitive categories, then applying more rigorous procedures to the former, less rigorous ones to the latter. Make no mistake: S.2201, the Online Personal Privacy Act, is important legislation. But in a certain way it frames privacy protection as a negotiated settlement between government and business. The empowered individual is not part of the solution.

In a Direct Marketing Association (DMA) comparison of studies of U.S. public opinion on online privacy, all but one have this very same blind spot. The empowered individual is not on the radar screen. The exception is Harris Interactive. Its surveys asked about the control of personal information. Respondents rated consumer control higher than both business and governmental control.

The question and the finding challenge the prevailing paradigm of business versus government arguing over a passive consumer. A Pew study, one the DMA compared, candidly admits including the individual among the solutions “distorts the results greatly.” Similarly, findings showing consumer preferences for technological solutions users control themselves are, for no apparent reason, turned inside out into the conclusion consumers trust no one.

An individual empowered with a virtual identity is outside the conceptual frame. It’s hard to seize what you can’t see. The scope of both public discourse in America and private business need to expand to include and advance this concept. The raw materials are at hand.

Europe’s protective infrastructure for informational self-determination has proven worthy and workable since the 1980s. It became clear in the last decade the root promise of networks (the Internet and others) is that power resides in, and grows exponentially with, intelligence distributed to the nodes. As we enter the 21st century, the impetus of a more secure homeland takes society — and each of us individually — into an era of authenticated and accountable identities.

It would be ironic if America, of all countries, had the most difficulty grasping that the individual empowered with a virtual identity should be and needs to be in the solution framework for us all.

Len is off this week. He returns April 21. Today’s column ran earlier on ClickZ.

Related reading