Let me take you back to a time when an English-based international terrorist has been arrested for a murder overseas (using a bomb manufactured in Birmingham), leading to newspaper stories about the activities of a foreign fifth column, based in London but planning assassination worldwide. There ensues a government panic about the ease with which the terrorists are able to travel. This panic becomes linked with more general concerns over the identification of individuals. The British Foreign Secretary announces new rules for identity documents (including a higher price), public anger leads to new legislation being proposed, but the government’s bill is defeated and the prime minister resigns.15 Welcome to 1856. The British government has just launched the passport.
Since Lord Palmerston’s government lost that vote, mainly because of public resentment about French pressure fanned by the popular press,16 we’ve invented human rights, laser beams, microchips, universal suffrage and the Internet. Yet we have not invented a new version of identity and we (the British) are not at all happy with the old one either. Not all cultures feel the same. If you live anywhere else in Europe, you expect to be able to potter down and open a bank account with an ID card, not with printouts of utility bills, and you do not expect criminals to be able to open mobile phone accounts in your name (for a while the fastest growing category of identity theft in America).
It is certainly the case that these deep-seated attitudes in Britain mean that ID cards have only a ‘parasitic vitality’.17 In other words, they can never take root in the English body politic of their own accord but only by growing on the back of another, much bigger, issue. Thus, it was on the back of that Piedmont anarchist’s attempt to murder Emperor Napoleon III and the collapse of the British administration16 that the passport became the identity document we know today.15 Up until then passports had been general documents, not even including their carrier’s name, and the only way to obtain one had been to know the Foreign Secretary personally. The Earl of Clarendon, Secretary of State for Foreign Affairs at the time, said that the ‘British Government attached no importance to passports’ (so it is a wonderful irony that the anarchist mentioned above, one Felice Orsini, had in fact travelled to Paris on a passport issued to a Thomas Allsop seven years earlier by Lord Palmerston himself!18).
Post-industrial passports
Fast-forward to the post-industrial economy, and talk about an ‘Internet Passport’ is common but profoundly misplaced. Identity in the modern part-mundane, part-virtual world is utterly different to the ‘simple’ notion of identity rooted in our Victorian concept of passports and identity cards. There is no point in developing an electronic version of a piece of stamped, security-printed paper with a photo and personal information written on it for inspection. I’m not sure any such electronic version is capable of overcoming British or American resistance to identity cards, seen as instruments of state oppression associated only with foreign regimes, a view simply encapsulated in this idea that consistent identification of individuals is a necessary, although not, of course, sufficient precursor to a police state.19
Perhaps it is the mental model of identity itself, the essentially Orwellian conception of identity and surveillance that is wrong. Generally speaking, when critics lambast an identity scheme as Orwellian, they are thinking of an omniscient all-controlling state in which perfect surveillance, zero privacy and the total control of information combine to end terrorism, crime and even ‘thought crime’. Yet in criticizing schemes on these terms, I think that critics are sharing and propagating the same outdated identity paradigm, a paradigm that is rooted in paper and cardboard, where a person’s identity is seen as being singular and fixed, like a card in a card index, rather than multiple and changing; and in which the highly centralized information system that surrounds identity is concerned only with piping related information from the centre to the edge and back again.
As a technologist, I know that technology not even imagined by Orwell writing 1984 in 1948 can deliver far more surveillance than policymakers, civil libertarians, businesses, regulators and legislators realize today. The dangers to both individual liberty and society of ‘bad’ identity systems are much wider than was apparent to him in 1948 because of that same technology. As the Royal Academy of Engineering’s prescient 2007 report on Dilemmas of Privacy and Surveillance noted, we should not be concerned solely with surveillance but also with ‘sousveillance’.20 That is, we should not be concerned only with state snooping and intervention but big business, the press and our next-door neighbours.
The origins of the misleading and simplistic model of identity, the passport model, lie in border control. Today we should be concerned not only with border control between countries and communities but with border control between mundane and virtual communities. Indeed, as Catherine Fieschi of Demos wrote, this mundane–virtual border control may be a good basis for developing modern notions of identity and privacy.21 One might imagine a flight to virtual communities where mathematics (in the form of cryptography) provides a defence against crime and disorder that the metal barriers of a gated community cannot. If the community decides on a new law, they can enforce it instantly and effectively by excluding transgressors or by persuading them to exclude themselves.22
What will the post-industrial replacement for the passport look like? We need an identity infrastructure that admits different kinds of identities, some of which are fixed and some of which are more fluid. We want this infrastructure to deliver appropriate privacy and security. And it goes without saying that society needs this infrastructure to be cost effective; economics is an inescapable discipline.
The economics of privacy are, like anything else, a matter of trade-offs. The problem is that people can’t make informed decisions if they don’t know exactly what the trade-offs are. It’s an imperfect analogy, but consider the case of vehicle safety. Car manufacturers let consumers pick engine size, colour and the fabric on the seats, but not the design of the seat belt. Rather than let people figure out the optimal seat belt for themselves, experts pick a standard. We must be getting close to this point when it comes to identity standards.
The reason is that privacy is important. Privacy permits individuals to express unpopular ideas to people they trust without having to worry about how society will judge them. It is vital to democracy and it contributes to the ‘marketplace of ideas’ and the promotion of the truth.23 Privacy, however, is not enough. Private property creates social order and a peaceful society requires a clear allocation of goods and rules for their public use.24 In other words, as is well known, privacy needs security. So we need security as well.
A privacy paradox
One of the simplest ways to demonstrate both how non-intuitive some aspects of the problem are and also how the use of new technology can deliver new solutions is to consider what I have called the Chatroom Paradox. My kids want to go into chatrooms to discuss everything from computer games to saving the planet. I will only allow them into chatrooms if I know that the other people in the chatrooms aren’t serial killers, perverts and so forth. In order to make sure of this, I therefore want the name and address of everybody else in the chatroom so that I can validate them against sex-offenders’ registers. However, if somebody else in the chatroom wants my kids’ names and address to check them against a register, I don’t want to give it to them. What if there’s a mistake and they really are a serial killer or pervert? This then is the paradox: in order to harness the power of the Internet, I want full disclosure from everybody else who wants to be part of the subgroup but will refuse any kind of disclosure on my side. Stalemate.
Yet as we technologists will readily point out, through the miracle of public key cryptography, it is straightforward to implement unconditionally unlinkable identities which allow subgroup members to prove to each other that they are over 18, a British citizen, a Manchester City fan, or anything else, without disclosing their identity in a way which could be compromised.
This might also