I’ve been following and participating in a series of activities and projects relating to the ever difficult questions surrounding electronic identity management, and I’ve decided to post a few entries to clarify my own thinking. To start off, I’m interested in answering the question: what is identity?
From a formal logic point of view, identity is the assertion that:
“For any two things x and y, if all the properties of x are the same as all the properties of y, then it follows that x is y”.
So how does this help us?
Firstly, to make explicit what we are doing when we “identify” someone or something. Spotting and identifying a friend in a crowd is a semi-conscious process of matching up the person in front of us to our memory of them. “I didn’t recognise you with the beard” – one of properties of x has changed, and we mentally update our memory database entry of y.
In other words, we carry out a process of matching properties of a person (hair colour, eyes, shape of face, voice, etc) with our memory ‘record’ of the person.
This brings us to the second consideration: in most situations we base the matching up on only a small number of properties of a person, but in the real world – and this is crucial to the debate about electronic identity – we can iterate this matching-up process over and again until we are satisfied: “is it really you? my, you’ve aged? you’re hair’s longer, the beard fooled me, but those eyes and the voice are definitely you…or am I confusing you with your twin as ever?”. If a set of properties are not sufficient to uniquely identify, then we look for helpful extras.
This can often go in the other direction too: in the sense that, in many situations we don’t really need to ‘identify’ the person as such, but only some property relevant to a particular situation: “Sorry, women aren’t allowed into the sauna until 12 today; men only” or “There’s no way he is 18 years old, I’m not selling alcohol to him”. In both those cases, a single property is relevant to the situation but they are both nonetheless concerned with ‘identity’.
So… what is the “point of identity”? It is that point at which the identity of a person can be asserted with accuracy on the basis of examination and validation of a set of properties of the person (or indeed any other entity) sufficient for the particular situation. In other words, identity always has context: what is good for identifying someone in one situation may be insufficient, or more than required, in another.
What if we are not able to “refine” or expand upon our initial set of identifying properties? We need to have access to additional propertes in order to make a unique identification, if that is required. In the real world, this is usually possible and more-or-less straightforward – when the set of properties is insufficient to uniquely identify, then we come back for another round, with more properties: “I’m sorry but we have three Peter Brown’s listed, could you give me your date of birth and I’ll make sure I retrieve the correct record…”, “No, that’ll be my son you’re looking for…”.
And this is where the problems start with electronic identity…