IdentityProviders

ThoughtStorms Wiki

Context: OnIdentity

Originally posted on BeingOnQuora https://beingon.quora.com/Identity-Providers

Part of TheUltimatePlatformWar

See more on ProofOfHuman

My friend, VinayGupta is a brilliant futurist / disaster management guru and ... er ... officially magician to the US military. He once wrote a very interesting paper (TheLongPeace) on how the US could maintain Pax Americana : a global acquiescence to US military domination, minimizing the continuous eruptions of resentment in the form of terrorist "startups".

Some of it resembles traditional "hearts and minds" policies, but one section stands out as more radical : a suggestion that the US offers "identity services" to citizens of foreign countries :

A first concrete instance: what if American embassies the world over issued extremely hard identity credentials to people - US citizens or otherwise?

This is a function typically strongly associated with conventional nation states, but in this age of ICT, there are no technical problems in issuing a biometric identity card to any person who asks for one. Obviously such a card is more limited than, say, a passport. The US Govt. has no access to the criminal files or identity databases of the country of origin of the person requesting an ID. It does not vouch for government knowledge about you, only that you are this person and no other. Such a card might not even bear a name, only vouch for recorded biometric uniqueness. However, these secure biometric identity documents unambiguously state that the US Govt. has established that this face goes with this US-issued identity number, fingerprints and retinal scan. In many chaotic situations, these credentials would become the gold standard for identity verification, much like the extraterritorial dollar is the definitively hard cash.

Obviously such an identity credential has many positive security implications. Also consider its utility to, say, a college professor in an impoverished, unstable country trying to conduct business abroad. Possession of a US-backed digital ID could differentiate a real business transaction from an attempted fraud.

Correctly managed and designed, acting as an identity credential provider is a service, not an intrusion. This becomes even clearer when dealing with refugees, IDPs, citizens of utterly failed states and many other groups who lack solid enough identity credentials to gain access to international financial infrastructure or other services delivered by the global economy.

[snip]

The digital ID card system examined earlier can also extend to support for property rights databases - particularly for small land holders. This service could be provided relatively cheaply using GPS and satellite data, helping keep people on their land, safeguard their property, and perhaps join the global economy if de Soto's ideas on property rights at the bottom of the pyramid are correct. Higher level financial infrastructure like stock markets may also fall into the category of services which the US Govt. could support in the developing world at reasonable expense for very broad positive consequences.

Gupta, wearing his military consultant hat, diagnoses the strategic potential of being an identity provider to the world.

The US government, so far, doesn't seem to have stepped up to adopting the suggestion though. But you all know who has, right?

Avoiding the Platforms

I post a lot of music to Music-Share (https://myoozik.quora.com/), so a few weeks ago I was flattered to be invited to join the team at music blog : Humans VS Robots (http://hvsr.net/). Right up to the point in our discussion where my contact said

So: if you are still interested, please subscribe to the site with your Facebook account (hope you have one). Then I will give you the "staff member" privileges.

My response :

Ah ... right. So here's where it all falls down. :-) I am interested in contributing but I'm afraid I closed my Facebook account two years ago on principle. If that's the only identity account you work with then I'm sorry to say that I won't be able to contribute. Is this a temporary measure which you'll be revisiting in future?

They immediately suggested that I could create a "dummy" Facebook account, just to be my identity.

You know what? I actually did create a new Facebook account, with the unimaginative name of Anne On. (I became something like Anne On number 432). But then I re-read In Which Eben Moglen Like, Legit Yells at Me for Having Facebook (http://observer.com/2011/12/in-which-eben-moglen-like-legit-yells-at-me-for-being-on-facebook-2/) and decided not to take things further. Fortunately, HvsR upgraded their system to include Google and Twitter as identity providers. And now everyone is (I hope) happy.

Now, don't get me wrong. It's merely a historical quirk that I decided to make a stand against Facebook but still have a Gmail account. I am categorically NOT trying to say that Facebook are worse or more problematic than Google. I'm also not making a big issue of how principled I am. I'm not. I'm as much as of a hypocrite as you're probably imagining. And I'm definitely not trying to say that Facebook's hegemony over new online blogs is equivalent to the America's hegemony over the rest of the world. (Weeeeeeaal ... not much anyway. 'cos, after all, America hasn't figured out the future yet.)

But it's worth thinking about, isn't it?

In 2015 it is the most natural thing in the world for creators of a new blog to assume that contributors would have Facebook and use it. In 2005, in the Web We Lost (http://dashes.com/anil/2012/12/the-web-we-lost.html), it would have been normal, on being invited to a joint blog, to just create an account on the blog itself and have the blog's own database storing my identity credentials. This was absolutely standard. Today, new software is being written that doesn't even have that capacity. And is merely a tenant on Facebook (et al) identity provision. It doesn't end there. Recurrency (https://recurrency.us/faq)is a new startup to help enable retrospective payments to artists after you've consumed their work. It's not a new idea, perhaps just another tip-jar, perhaps a company that will evaporate within a couple of months of my writing this. Or it might take off and become yet another important way for money to flow through the internet.

However, it's another site which is built on external identity providers : Facebook / Instagram / Twitter. I can't even get paid on Recurrency with my Gmail account. If it wasn't for Twitter I'd be excluded altogether if I refused to submit to Facebook hegemony.

Imagine if the next PayPal were built on the existing identity platforms?

Let's get back to global geopolitics. I'm a UK citizen. And we've never been keen on ID cards and ID numbers; a guy I know was one of the founders of NO2ID (http://www.no2id.net/).

But the government keeps trying to push ID cards on us. In the name of fighting terrorism. Or illegal immigrants. Or fraud in the benefit system. Or whatever the fashionable justification of the month is.

My libertarian tendencies are against it. But the UK government is quite right.

Ever since the Roman empire conducted censuses and William the Conqueror compiled the Doomsday book, state power lies partly in knowledge of who its citizens are.

The flip-side of Gupta's intuition for the US military is that any nation state that cedes ownership of the map of the social territory to an external identity provider / mapper, is giving up power to them.

In fact, the nation-states might have already lost.

Facebook IS the global identity provision superpower. With Twitter and Google in second and third place. Already they have more, and better mapped, citizens than any nation-state in the world. Attempts by the UK (and perhaps the US) to build the information infrastructure to enable similar feats, are tending to fall behind. ("Government IT" is renowned for running over-budget, over-time and providing poor user experience.)

Rather than Gupta's benign vision of providing helpful identity services, the US military's response has been to try to co-opt the corporate identity platforms through the NSA. It's undoubtedly an uncomfortable situation for the hosts, having a tongue-eating louse installed in their mouths, but it doesn't kill them and they can continue to slurp-up our social data while feeding the parasite.

That may be a stable symbiosis : the dominating nation states firmly installed in the data-centres of corporate platforms while the other nation-states (the ones not fortunate enough to have world-beating clouds headquartered in their countries) watch their life-blood of social knowledge draining away.

Or maybe the strengthening corporate immune systems will rebel and find ways to kick out the parasites, becoming a power to themselves.

Or maybe we keep pushing all those new platforms that are building themselves as tenants of the identity giants to support real distributed id protocols (https://www.mozilla.org/en-US/persona/)that don't allow any individual corporation or nation to own the social graphs.