Anonymity, Independence and VRM

On the way home from a trip last Fall, with the kid asleep in the back seat of the car, my wife asked me to fill her in on a subject that had preoccupied me over the last several years, yet had remained opaque to her.  "Tell me about this whole identity thing", she said.

So I did.  I told her about the need many of us saw for identity services that were centered on individuals rather than organizations, about the need to equip individuals with instruments of independence, about changing markets from collections of customer traps to free and open environments where customers and vendors could converse and relate from positions of equal power and autonomy.  And so on.

She listened patiently as I ran down the various ideas and offerings forwarded by members of the Identity Gang and others who shared the same concerns.  Then she said, "I hear all this as More Identity.  I don't want more identity.  I want less.  When I'm online, I want to be anonymous.  I don't want anybody to know who I am until I have a good reason to tell them."

In other words, she wants anonymity to be the default, rather than a lucky grace of occasional circumstance.  Also, a decade of experience in the online world gives her no more reason to trust the Powers That Wannabe than she trusts the Powers That Already Be.

In all these respects her position is in agreement with David Weinberger's, which he detailed awhile back in Anonymity as the Default, and why digital ID should be a solution, not a platform. Here's how he sums it up:

The basic problem is, in my opinion, that the digital ID crew is approaching this as a platform issue.  Most places on the Web have solved the identity problem sufficiently for them to operate.  Some ask for the three digits on the back of your credit card.  Some only sign you up if you confirm an email.  Some only let you on if you can convince an operator you know the name of your first pet and the senior year season record of your high school's football team.  Sites come up with solutions as needed.

Good.  Local solutions to local problems are less likely to change norms and defaults.  But the push is on for an identity management platform.  It's one solution -- federated, to be sure -- that solves all identity problems at once.  If you want to change a social default, build a platform.  That's not why they're building it, but that will (I'm afraid) be the effect.  It's not enough that anonymity be possible or permitted by the platform.  The default isn't about what's permitted but about what's the norm.  If the default changes to being naked at the beach, saying, "Well, you can cover up if you want to," doesn't hide the fact that wearing a bathing suit now feels way different.  Yes, there's something wrong - and distracting - about the particulars of this analogy.  But I think the overall point is right: We're talking about defaults, not affordances.

There are serious problems caused by weaknesses in current identity solutions.  Identity theft is nothing to sneer at, for example.  But are we sure we want to institute a curfew instead of installing better locks?

Well, if there's one thing that the whole Identity Gang seems to have agreed upon, it's that there will never be one identity platform.  In fact, all of the proposed (and in some cases working) technologies at hand are approaches to what David calls local problems.  (Though the scope of some may be less local than others.) Microsoft's CardSpace is a way for individuals to manage their ends of the many different identities they bring to many different relationships online.  More importantly, it provides a way "to put the release of identity information under the direct control of computer users".

Those are the words of Kim Cameron, Microsoft's chief architect on the Identity case (see Independent Identity, in the September 2005 issue of Linux Journal), and the author of the Seven Laws of Idenity.  The first of those says "Technical identity systems must only reveal information identifying a user with the user's consent".  Seems to me this respects a user's wish to remain anonymous if they wish.  But does it support anonymity as a default?  Not sure.

Cardspace's compatible open source implementations, being worked out by the OSIS (Open Source Identity Selector) crowd, will do the same.  These approaches are, if anything, more respectful of one's autonomy and individuality than the collection of cards that currently inhabit our wallets (issued, as they all are, by organizations other than ourselves).

OpenID is an open source solution to the single-sign-on problem.  Higgins is an open source trust framework for solutions like CardSpace and OpenID.  None of these is a platform in the sense that it controls your digital selfhood.  In fact, Kim's 5th law of identity says "A universal identity system (or "metasystem") must channel and enable the inter-working of multiple identity technologies run by multiple identity providers".  In other words, it's not one system, or one platform.  Kim explains, "One reason there will never be a single, centralized monolithic system (the opposite of a metasystem) is because the characteristics that would make any system ideal in one context will disqualify it in another".

In any case, there is total agrement amongst the Identity Gang that there will be many Identity platforms in the world.  In fact, I would go beyond that (speaking for myself here) in saying that platforms are too often (in practice if not by definition) foundations for silos, and that what we all want and need are better relationships between any two parties.  By "better" I mean ones in which both sides have control over what they disclose, and the bases on which they can trust each other.  That control includes choice about whether or not one remain anonymous.

Yet nontechnical people reading the last few paragraphs are unlikely to be reassured.  Defaulted anonymity, for all its sometimes inconvenient costs, is still preferable to any "system" that sacrifices it.  One case in point is a cousin of mine who loves to take photographs and share them with people.  He does this by email.  When I asked him why he doesn't use Flickr or some other photo site, he said "I don't use any site that requires a password".  Why?   "They're a pain in the ass".

So I'd like to take a different angle on this -- one that will, hopefully, satisfy my wife, my cousin and Dr. Weinberger.

This approach begins with a different default: independence.  As Neo put it in The Matrix, "The problem is choice".  Are we equipped to be independent?  Meaning, do we have choice? I don't think so.  Not when big vendors still come at customers with battling silos and still call their markets "free".  Not when we still think only Google, Microsoft, Verizon, Congress or some other Big Player to solve our Big Problems for us.

The answers won't come from the outside.  That may be where choices are presented, but it's not where choices are made.  Choice is an inside job.  It's an expression of autonomy.  And that independence, that autonomy, must include the choice to remain anonymous.  Whatatever we end up doing with Identity, apart or together, the choice to remain anonymous must be supported.

Perhaps oddly, the context for anonymity is relationship.  If we look at markets as places where we have choices about who and what we relate to -- and how we relate to them -- anonymity is one of those choices.

I'll go back to the same use case I've used many times before: renting a car.  I would like to tell the car rental marketplace in Denver that I want to rent, say, a 4-wheel drive vehicle that seats six, has a roof rack, and plays MP3 CDs.  I would also like to tell vendors in the market that I belong to the Budget FastBreak, Hertz One and Avis Wizard clubs.  And, finally, that I'm not revealing my name or supplying any other identity-related information yet.  In other words, I'm still anonymous.  And I will remain anonymous until we're ready to do business.  And then I'll reveal personal information on a trusting but need-to-know basis.

Think about this for a minute.  Do any of these agencies need to know who I am yet?  Does trusting that I'm a good potential customer require that they possess a pile of personal identity information about me inside their CRM?

And how about what happens if I want a deeper relationship with a vendor than the one that its CRM will allow? I'm much more likely to be loyal to a vendor who actually relates to me.  (Rather than just, say, "personalizes" a deal by posting my name on a board out in the rental car lot -- a feature I may not want.)

Never mind that no CRM -- Customer Relationship Management -- system on Earth is interested in hearing such a request, or in appreciating customers' desires to remain anonymous until they are ready to reveal personal information on a need-to-know basis, or in welcoming relationships that are any deeper than a "loyalty program" or whatever.  It's not their fault.  All CRMs grew up in a lopsided industrial world where the whole relationship burden fell on vendors rather than customers.

But we don't live in that lopsided world any more.  Thanks to the Net and a plethora of technologies, protocols and other goodies, there is no reason why some of the burden cannot be borne on the customers' sides as well.

What I'm proposing is VRM -- Vendor Relationship Management -- that equips the customer to actually relate to vendors, and not just to buy stuff from them.  In order to do that, a high degree of control on the customer's side is required.

How do we do that? What form does it take? Is it code that lives in a card?  Can it be operated by cell phone? Will it require a broker of some kind?  Where do we start?

Well, those are all questions on the floor here at the Berkman Center for Internet and Society, where I'm now a Fellow and working on this very project: making VRM happen.

I'm looking for help, of course.  Some will come from colleagues like Mary Rundle, a Fellow who has been working the anonymity beat here at Berkman.  Some will come from developers like former Berkman Fellow Dave Winer, who has been thinking about this issue, and whose track record at Making Things Happen is legendary.  Same goes for Jeremie Miller (father of Jabber and XMPP http://www.jabber.org/), Joe Andrieu and Christopher Carfi.  That's in addition to Identity Gang members such as Kim Cameron, Paul Trevithick and Drummond Reed, who are all developers with Independent Identity goods on the table and more on the way.

I know this whole thing is still vague and not well-defined.  But that's also why I'm vetting it here in the Linux community -- and everywhere else I can.  Let me know what you think.  And, if you can, how you can help.

-- Doc Searls is Senior Editor of Linux Journal, a Visiting Scholar with the Center for Information Technology and Society at UC Santa Barbara, and a Fellow with the Berkman Center for Internet and Society at Harvard University.