understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

« March 2006 | Main | May 2006 »

Privacy is Changing Outsourcing in Canada

posted by:Terry McQuay // 11:46 PM // April 25, 2006 // ID TRAIL MIX



Outsourcing in Canada is changing because of privacy laws, changes in government outsourcing policies and business concerns resulting from the USA PATRIOT Act. Increasingly, Canadian service providers are finding themselves with a competitive advantage simply because they keep their customers’ data in Canada. Conversely, US-based service providers are finding themselves at a disadvantage, often scrambling to move their data processing to Canada.


Privacy laws in Canada provide consumers with the ability to file complaints on organizations located in Canada with provincial and/or federal privacy commissioners’ offices. Complaints typically result from real or perceived mishandling of the consumer’s personal information by the organization, but consumers can file complaints even if they are not directly subject to the privacy issue or breach.

Privacy laws also provide the privacy commissioners’ offices with the power to investigate consumer complaints and an obligation to identify, expose and where possible influence privacy issues that impact Canadians. Over the last year, privacy commissioners in Canada have increased their focus on cross-border transfers of personal information. This privacy issue results from personal information being sent to locations that don’t have the same level of legislated privacy protections as Canada does.

Although offshore transfers to countries like India (that don’t have privacy laws) might seem like the logical target for this increased focus on cross-border transfer of information, they’re not. Organizations that outsource to India typically have contractual and other means to secure personal information, thus providing more than adequate privacy protections. The focus is on the USA. The USA PATRIOT Act is considered by some to be anti-privacy because it provides US federal authorities seemingly unfettered access to any personal information held by US firms, whether it is on US citizens, Canadians, or anyone.

Cross-Border Privacy Concerns

Privacy laws provide consumers the ability to complain, and provide privacy commissioners the powers to investigate these complaints. But do consumers really care if their personal information is transferred to the USA? As a Canadian, ask yourself these questions:

“Would I like my personal information reviewed by a US authority, like the FBI?”
“Would I like my purchasing habits, my medical information and my resume accumulated and accessed by US government agencies?”

If you answered ‘no’ to these questions, you are not alone. According to a survey published in June 2005, and conducted by EKOS Research Associates on behalf of the Privacy Commissioner of Canada, 64% of Canadians have serious concerns about companies transferring their personal information to the US.

Privacy Commissioners Influence Corporate Outsourcing Policies

Cross-border transfers of personal information are a major concern of privacy commissioners across Canada, and they have taken many steps to build the awareness of this issue. The Office of the Privacy Commissioner of Canada has stated on several occasions:

“At the very least, a company in Canada that outsources information processing in this way should notify its customers that the information may be available to the US government or its agencies under a lawful order made in that country.”

In a recent precedent-setting finding from the federal commissioner’s office about a complaint of an organization’s transfer of personal information outside of Canada, the finding stated that an organization must comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the law that governs all customer personal information transferred to the US by corporations in Canada.

Principle 4.1.3 of Schedule 1 states:

“An organization is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. The organization shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.”

Principle 4.8 states:

“An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.”

To comply with PIPEDA, the Commissioner’s finding states:

“What the Act does demand is that organizations be transparent about their personal information handling practices and protect customer personal information in the hands of foreign-based third-party service providers to the extent possible by contractual means.”

Transparency requires providing notice to consumers that their information will be located outside of Canada. Thus, organizations have only two viable options:

1. Provide notice to consumers that their personal information is being transferred to the US and is subject to US laws; or
2. Keep the data in Canada.

Outsourcing Rules are Changing

Organizations are avoiding this issue completely by keeping personal data in Canada. The location of the data is now one of the decision factors when selecting a new service provider for an outsourcing contract. Many, if not most, government organizations are demanding personal information remain in Canada. Banks, insurance companies and healthcare providers are pressuring their current suppliers to keep personal information in Canada, and selecting new suppliers that keep their data in Canada. Privacy has changed outsourcing in Canada.

Competitive Advantage for Canadian Service Providers

Canadian companies are finding they have a competitive advantage, simply because the data remains in Canada. One such company is ThinData, a Canadian e-marketing solutions provider. Wayne Carrigan, VP of Client Services at ThinData explains:

“We are a Canadian company and we have always processed our customers’ data in Canada. We never expected privacy laws and concerns about the USA PATRIOT Act would provide us a competitive advantage, but it has.”

As for customer demand, Wayne states:

“We are increasingly responding to proposal requests that specifically ask if we keep clients’ data in Canada. Our customers have stated that one of the reasons they have chosen ThinData is they want their data to remain in Canada”.

Similarly, Gabe Mazzarolo, Chief Privacy Officer of Workopolis, Canada’s biggest job site, states:

“Almost every piece of information contained in an individuals resume is personal information. Both our corporate clients and Jobseekers feel more secure knowing their information remains in Canada.”

Nymity, a leading privacy research firm, has seen substantial growth in both its training and its subscription services as both US and Canadian organizations are looking for pragmatic solutions to mitigate the impact of privacy on outsourcing, or looking for a means to capitalize on this privacy issue. Jin Shin, Nymity’s General Counsel explains:

“Outsourcing personal information to the US can be done in compliance with PIPEDA, but doing so doesn’t mitigate all privacy risks, and in some cases it introduces new privacy risks. For example, although providing Notice is required, it can have unanticipated results. A few of Nymity’s customers have provided Notice that resulted in complaints to the Federal Privacy Commissioner’s office.”

Linda Drysdale, a privacy expert at PricewaterhouseCoopers states:

“We foresee huge growth in service providers conducting audits against the new Generally Accepted Privacy Principles (GAPP) from the AICPA/CICA, partially due to their customers’ concerns related to transfers of personal information outside of Canada.”


Privacy is changing outsourcing in Canada. Government policies virtually mandate personal data remain in Canada and corporate Canadian is finding it best to simply avoid the issue completely by keeping their customers’ data in Canada.

The bottom line for services providers is: Canadian service providers have a competitive advantage—US service providers have a business risk.

Terry McQuay is President of Nymity Inc., a privacy research firm that provides privacy training, risk mitigation subscription solutions and research services for corporations and not-for-profit organizations.
| Comments (1) |

Anonymity As a Way of Managing Stigma: The Case of Narcotics Anonymous

posted by:Catarina Frois // 08:47 AM // April 19, 2006 // ID TRAIL MIX


I would like to take this opportunity to talk a little about the use of anonymity as a way of managing stigma, specifically in the case of the association known as Narcotics Anonymous. The saying “once a Junkie, always a junkie” used by NA members, is closely related to three ideas that I presently address: stigma, anonymity and addiction. Narcotics Anonymous are a non-professional self-help association conceived for individuals with drug-related problems. They follow a model known as the 12-Step program, consisting so many stages or principles which individuals must follow if they are to successfully engage in a process of abstinence from drugs instilling on members a “life philosophy” that will be useful to them in all the areas of life.

The oldest register I found for Narcotics Anonymous in Portugal, dates back to 1983: the first group was started in Lisbon, and today, according to the data made available by the association’s portuguese website, there are 164 groups distributed throughout the country. The research included here relates specifically to a nine month period of participant observation in two groups of the Lisbon area. Each of these groups had an average of 20 members, with ages ranging from 25 to 45, an with a ratio of 60% men to 40% women.

Members in this association describe themselves as “addicts”, that is, people suffering from an illness called addiction, which is not merely a dependency of toxic substances and alcohol but a disease with underlying behavioral problems of which obsessive-compulsive and self destructive behavior are symptoms. The 1st Step, which states: indicates that they believe that abstinence is only possible when someone is ready on one hand, to acknowledge that they are powerless toward their use, and on the other hand, that they can recognize themselves as addicts.

Therapy is based mainly on the exchange of common experiences among participants during the course of reunions arranged for this purpose – the meetings. This event lasts approximately 90 minutes, during which those who have gathered there speak of their drug-related problems, past and present. As an association made up exclusively of people afflicted by the same problem, not by professionals, they act on the conviction that “the therapeutic value offered by one addict to another is irreplaceable” and thus members experience what they call “identification” free of judgment and prejudice. Everyone present admits having lost control of their lives due to drugs and their need to seek a solution for this problem through the sharing of their experience.

If initially persons seeking help think of themselves as failures, as “bad” people with no principles, as soon as they get acquainted with NA philosophy and with other people sharing the same problem, they realize that they were not responsible for their behavior under the influence of drugs. They are no longer junkies; they are people with a disease. At this point there is a whole transformation in the way members define themselves ant their relationship with others. This starts in the first moment a person introduces him/herself in a meeting stating his/her first name and acknowledging their situation: “Hello my name is Pedro and I am an addict”.

The idea of illness is to some extent, a way of denying responsibility for past actions and releasing a burden of shame and guilt which everyone points as those feelings which were prevalent when they first joined this association. According to NA philosophy, drug abuse and addiction are in fact two different concepts. For NA members drug abuse refers to a person who is still actively using toxics substances and who may or may not be an addict, since addiction implies an illness that is more than just a question of drug use. An addict’s obsessive compulsive behavior reveals itself in different area of a person’s life, such as his work, relationships, etc.

A drug abuser is a junkie, someone who society rejects and condemns. It has an immediate negative connotation. An addict on the other hand, is a sick person who has no responsibility over his conduct “under the influence” but who has a responsibility to keep cleat of that influence. How does this distinction relate to stigma and anonymity? Erving Goffman (1963) speaks of stigma as a condition of difference and distinguishes two types of stigmatized persons: the “discredited” and the “discreditable”. The discredited is someone bearing a visible stigma, which is evident at first glance and which, according to this author, has an immediate influence on the way interaction occurs.

This is the case, for example, of someone with a visible physical deformity, or of the junkie wee see begging on the sidewalk. The second type, the stigmatized discreditable, will be someone who has a stigma which is not immediately visible to others, and which will only become “discredited” from the moment he reveals his condition to others. This is the case of an “addict” attending to NA.

To NA members a recovering addict will only reveal without restraint his/her stigma within a meeting: outside the group he will omit his/her problem, including his/her membership. This is where anonymity, the last idea mentioned in the opening paragraph, plays its role.

Anonymity is one of the rules of this association and it is observed both within meetings and outside of them, as a way of protecting the legal identity of individuals. As such, within one meeting members identify themselves merely as addicts, concealing all other identifying elements – family name, address, profession, etc. – and outside the meetings members will keep their membership, as well as other’s anonymous. Revealing their membership to non-members is tantamount to revealing their stigma.

The decision to do this is referred to as “breaking anonymity”; in other words, revealing their identity as someone who has had a drug-related problem makes their stigma visible to others, exposes them to judgments made on the basis of this information. This brings us back to the difference between drug abuse and addiction. NA members share the idea that other people view drug users as “criminals”, as untrustworthy people who are capable of acting in bad faith and incapable of change; “Once a junkie, always a junkie”. Because of the weight this stigma bears on the image of drug users, as soon as someone breaks their anonymity and reveal themselves as somebody with a drug problem, they will immediately be identified by others as a “junkie”.

Anonymity is therefore a choice, a useful instrument for managing stigma. In such a context, a person is free to choose what is revealed, and who it is revealed to. Thus, anonymity is a kind of empowerment for those who use it.

Catarina Frois is a PhD student in Anthropology at the Institute of Social Sciences, Lisbon University, Portugal.
| Comments (4) |

Myspace: a network without borders

posted by:Melissa Cheater // 11:34 PM // April 11, 2006 // ID TRAIL MIX


MySpace is the current hot little number in the world of online social networking sites, boasting 66 million members, and growing. It is ranked 8th in alexa.com’s global top five hundred websites, and 5th on the English Language top five hundred. What started sixdegrees.com (no longer online), lead to friendster, and the current groundbreakers, Myspace and Facebook. There is no need to get nitty-gritty about all the little distinctions between the various OSN (online social network) services that have come and gone over the years. The important facts to remember is that anyone with an email account can register on myspace, and that facebook (ranked 53 in the global five hundred) is only open to individuals with email accounts accepted university mail servers. Friendster is considered a past trend in North America, having faded from administration/user conflicts and a period of technological trouble, but still claims 27 million accounts. Facebook rests at 7 million participants. At more than twice the population of Canada, Myspace is by far in the lead and has a significance all its own.

Social networking sites are characterized by a “self-descriptive profile” featuring photos, personal information and a public display of “personal connections” (Donath & boyd) Though OSN websites have risen and fallen over the year, the popularity of this type of service has only increased. Offline, a study by Wellman has observed that “a typical personal network included 3-6 close and intimate ties, 5-15 less close but still significant and active ties, and about 1000 more distant acquaintances” (Wellman in Donath & boyd 80). Networking sites are very efficient at allowing users to maintain an increased number of weak ties and an overall larger network of connections (Gross & Acquisti 73, Donath & boyd 80). Granovetter’s “Strength of Weak Ties” describes how a weak tie should not be undercredited as a “trivial acquaintance tie but rather a crucial bridge between the two densely knit clumps of close friends,” in a context where otherwise these “clumps” would have no connection whatsoever and would be isolated from each other (Granovetter 202). By connecting different groups, weak ties give access to the different resources and opportunities available in different groups. In terms of privacy, a social network structure supporting an inflated number of weak ties (users boast anywhere from 1 to 1000’s of myspace “friends”) is an environment where a huge amount of information is moving very freely – and in a network of 66 million individuals, this can be quite significant. (On Monday, April 10, Tom had 69,998,034 friends connected to his profile – and while every new member is given Tom as a friend, not all of them chose to keep him on their friend lists. This would put myspace membership somewhere above Tom’s 69,998,034). If gossip and rumour are considered social concerns in an offline network of 1000 connections (Wellman), imagine the consequences in a network of 70 million paired with increased weak, “bridging” ties.

danah boyd’s concept of the “super public” is also very relevant to this discussion. It is recognized that in our daily lives we actively manage our identity, performing different faces in different situations (Goffman). We perform work to maintain our various faces in separate publics, and to avoid overlapping these performances. boyd proposes that as myspace.com shifts from a niche service for musicians, to a mainstream community, a super public is emerging. Where else can we find a context where we would present the same face so openly to such a large body of individuals? Previous network sites have involved features that allow members to adjust how visible their profile is to different degrees of connection. For example, Donath and boyd discuss a situation where a teacher with a friendster account was confronted with having students from her classes add her as a “friendster” and having to decide whether she was comfortable with students being able to view the profile she had created with friends in mind. Friendster allowed her to set who was able to view her profile but this option is not offered by myspace. Myspace, in fact, has no privacy options available for adult users.

Acquisti & Gross discuss that while offline ties or connections can be “loosely categorized as weak or strong,” they are actually “extremely diverse in terms of how close and intimate a subject perceives a relation to be. Online social network, on the other side, often reduce these nuanced connections to simplistic binary relations: “friend or not”” (73). Nowhere else is this more true than on myspace. In the absence of privacy settings, the only way to deny a member complete access to your myspace profile is to deny their friendship – and even then, they can still view all your content (except for blogs posted as private or “friends only”).

Those of us who were present at the SSHRC site visit in February might remember Joel Reidenberg’s question about myspace, regarding how he could witness his son’s (or any other member’s) behaviours within the network without explicit permission. All you need to start surfing myspace is a membership, you don’t need any friends. This is one of the primary differences between myspace and facebook (facebook was the topic of a talk given by Alessandro Acquisti). While myspace allows anyone with an email address to start an account, only emails from approved university domains are able to start accounts on facebook – and you can only freely “lurk” people who attend your specific school. Facebook also has a variety of different privacy settings, that Acquisti finds are rarely used. Anyone, even without a membership, can click through the myspace network viewing almost everything. Membership gives you access to individuals photo galleries and blogs. Being someone’s “friend” gives you permission to leave a public comment on their profile page, and will also cause all of their “bulletin” broadcast messages to be listed on your myspace console page.

Users are given the option of making posted photos entirely private, or entirely public (no middle ground). A setting is available that allows members to screen public comments before they are posted on their profile for everyone else to see. Individuals under 16 are able to create “private profiles” so that their content is only available to “friends,” however, the individuals display photo, name, age and location information are still publically displayed.

Beyond the clashing of “publics” into a super public, and the inability to control how visible your profile is to other 66 million members of the site, there are further privacy concerns considering how much information users tend to disclose on their personal profiles. This is a phenomenon seen on most online social network sites, but swelling the potential network to ten times the average size of other similar services makes the situation a little more significant in the case of myspace.

As I browse through the myspace directory (publicly available without an account), I notice that almost every member has opted to upload a display photo. The vast majority of these photos appear to include the individual him/herself and clearly show their faces. Most members seem to prefer presenting themselves with real, or realistic, first names. Clicking through the network of profiles reveals each page filled (to the limits in some cases) with endless lists of favourite movies, books and music, age, sexual orientation, hometown, current town, motivation for joining myspace, who they’d like to meet and open ended fields such as “about me” where users type out mini (and sometimes lengthy) diatribes about what makes them “them” and express whatever parts of their identity aren’t covered by the previous categories. In light of the discussion put forth by Jackie Strandberg, “Giving it up for free: Teens, Blogs, and Marketers’ Lucky Break,” myspace seems not only to contain a similar wealth of information just asking to be exploited, but also does it in a standardized series of tables and headings that can only facilitate the process. “dbickett” posts on the Kuro5hin website, the many technological flaws of myspace that leave users open to serious privacy and security breaches caused by loopholes in the sites coding, leaving the submitted information further open to violation.

Datamining is not the concern that the media are warning us about however. A Google News search on myspace gives us almost 5500 results, most of which are on the topic of youth safety and the dangers of strangers online. Catherine Saillant, LA Times, starts her article with the following:

I've covered murders, grisly accidents, airplanes falling out of the sky and, occasionally, dirty politics.
But in nearly two decades of journalism, nothing has made my insides churn like seeing what my 13-year-old daughter and her friends are up to on MySpace.com.

And just what was her daughter up to that lead to the loss of her myspace privileges? “Giving a one-fingered salute.” This comparison might seem extreme, but in fact this is the tune of most mainstream media coverage of the myspace phenomenon. March media were flooded with accusations that using myspace had lead to the abduction of two teenage girls. Interestingly enough, danah boyd’s interview with Bill O’Reilly – one of television’s most conservative journalists – was able to present a less loaded portrayal of the website. But maybe this could be connected to FOXnews’ parent organization News Corp. having purchased myspace.com.

So is myspace significant to those of us interested in privacy: socially, technologically or legally? I know my opinion, but I might be biased as self-proclaimed myspace addict. Whether or not myspace lasts, it is certainly here for the moment. It might just be a fun way to keep in touch and up-to-date on your friends but it’s not just you, me and joe who are watching. Myspace isn’t just self-expression among friends, it has recently become a form of legal surveillance.

A year of thank you’s to Dr. Jacquelyn Burkell who has given me advice, experience, and encouragement (through the Anonequity project, on this ID Trail Mix, and in my own studies as my undergrad comes to a close). And to everyone that has listened to me prattle about myspace over the past few months, it’s almost over!
| Comments (2) |

Using the right lenses for developments in identity management

posted by:Dr. Miriam Lips // 11:48 PM // April 04, 2006 // ID TRAIL MIX


Many of you may have noticed that an important Bill for the future of UK central government’s Identity Management Policy recently has passed an important hurdle for further implementation. Having received Royal Assent after being bounced between the House of Commons and House of Lords several times, the UK Identity Cards Bill will now be passed as law. Aims of the UK central government are to introduce a national ID card containing three biometric identifiers, together with a National Identity Register acting as a central database in which a range of details about individuals will be stored. After a political tussle between the House of Commons voting for the ID cards to be compulsory whilst the House of Lords continually voted for the cards to be kept voluntary, the House of Lords offered a compromise to the House of Commons that anyone renewing their passport will have details put onto the National Identity Register but will not be forced to have an ID card until 2010. One reason for the compromise is that 2010 will be after the next general election in the UK: if the Conservatives gain power at the next vote they claim that they will look to abandon the ID card scheme.

As things stand, every UK citizen over the age of 16 who applies for a new passport from 2008 will have details added to the National Identity Register, including biometric information. The first ID cards will be issued to passport applicants in 2009. The intention is that ID cards may be used as travel documents for within the EU, meaning that passports might not be needed. Those who never apply for a passport will not need to have an ID card, but will be able to apply for a ‘stand alone’ ID card if desired. Foreign nationals that abide legally in the UK will also have details entered onto the Register. A card will be issued that acts as a residence permit. Research findings show that UK citizens are generally supportive of a national ID card (Dutton et al, 2005, p.114; Home Office, 2003; Detica, 2004), or even consider their introduction as inevitable (Cragg Ross Dawson, 2004, p.6).

The UK government has defended its proposals for a variety of reasons, including prevention of benefit fraud, prevention of terrorism, prevention of identity theft and authentication in e-government services. Besides for a whole range of e-government applications it believes the cards will be used by a number of different organisations, such as banks, Royal Mail, libraries, video/DVD rental companies, mobile and fixed line communications service providers, travel agencies, airlines, higher education institutions, retailers, property rental companies and vehicle rental companies. To further facilitate this development the government will provide Identity Verification services for accredited organisations to check an individual’s identity, for instance when opening a bank account or registering with a GP.

Critical voices in the UK point at seemingly unrealistic technical expectations of this ID card scheme, using arguments such as the fact that neither the major contractors nor the government have shown themselves capable of organising and implementing an outsourced IT scheme on this scale: for instance, no country has attempted to use biometrics technologies to register a population the size of the UK (The LSE, 2005); the proposed requirement for 100 per cent accuracy seems to be unrealistic: has there ever been an identification system which is 100 per cent accurate? (Neville-Jones, 2005); trials of the card scheme have demonstrated that a substantial number of specific groups of the UK general population (e.g. disabled people) may not be able to enrol on biometrics based verification schemes (UK Passport Service Biometrics Enrolment Trial Report, 2005); a critical voice from industry: ‘a national ID card for the UK is overly ambitious, extremely expensive and will not be a panacea against terrorism or fraud, although it will make a company like mine very happy' (Tavano , 2005)(Biometrics specialist for Unisys, one of the companies considering bidding for contracts. Quoted in The Guardian, 21 October 2005); and, from a collective group of LSE academics, that the government proposals for a secure national identity system are too complex, technically unsafe, overly prescriptive, massively more costly than government is itself estimating and lack a foundation of public trust and confidence (The LSE, 2005, p.3).

Looking at the UK national ID card debate from the academic, “ivory tower” this debate seems to be illustrative for the way in which identity management (IDM) issues have been tackled by governments so far. Optimal security, technical reliability, ID “theft ” (ID theft as a concept has only emerged recently. The theft or fraudulent use of ID documents however exists for a long time.), privacy, public safety, and accuracy repeatedly have been important topics in public decision making about personal identification and authentication systems at many occasions in the past. This debate therefore is not a new debate emerging in the current era, but can be observed regularly in many national public decision making arenas since the implementation of the paper-based passport system several centuries ago. Interestingly, through time, there have not been notable changes in the use of the passport as an authentication system in various service related procedures between government and citizens.

This similarity in restricted, mainly technically focused IDM topics may also explain the current ease with which governments are trying to copy ID card systems or authentication systems from ‘best practices’ available in other countries, with the Belgian eID card as a clear favourite at present. From a technical perspective new forms of personal identification, authentication and IDM seem to be acknowledged as enhanced technical ‘solutions’ to be used in similar identification and authentication practices compared to the past.

However, in the UK context some critics have pointed at the overemphasis in the public debate on the visible, technical means of identification proposed by the UK government, the ID card itself, and, with that, the lack of public attention for the more invisible aspect of how citizens’ data will be handled by the UK government (eg Davies, 2005, p.38; the UK House of Lords Constitution Select Committee). It is this particular insight that seems to trigger some important questions. What empirical understanding do we actually have about the implementation and use of new forms of personal identification, authentication and IDM in citizen – government relationships? Has the UK been engaged in the right public debate so far to be able to effectively address the more fundamental question of potential change in citizen – government relationships due to new IDM means and forms, namely potential change in important institutions in the public domain, such as citizenship?

The history of the use of the passport for instance shows us that personal identification procedures especially changed during moments of societal ‘crisis’, such as the French Revolution, the First World War and the Second World War (Torpey, 2000; Agar, 2003). Although the authentication system itself, the paper-based passport, more or less stayed the same through time, the frequency and intensity of its use as well as the officials executing the authentication process usually changed during these periods of crisis. A similar effect can be observed in more recent times after the events of 9/11 and the London bombings.

By using an historical perspective it is very interesting to see the changing meanings, uses, and values attached to a similar technical means and process for personal identification through time, the passport. For instance, the first passports and passport controls for that matter were not so much used to regulate citizens’ access to spaces beyond their home country as we are used to today, but to prevent people from leaving their home territory. Consequently those citizens leaving their Kingdom (i.e. under the old regime in France) were required to be in possession of a passport authorising them to do so. The main purpose of these documentary requirements was to forestall any undesired migration to the cities, especially Paris (Torpey, 2000, p.21).

Somewhat further in time, in the early 19th century in Prussia, the practice could be found whereby incoming travellers were provided with a passport from the receiving state rather than by the state of the traveler’s origin. These passports were no longer issued by local authorities but by higher-level officials. The foreigners and unknown persons circulating in the country were to be subjected to heightened scrutiny by the Prussian security forces, with the assistance of specific, legally defined (The 1813 passport law in Prussia) intermediaries like landowners, innkeepers and cart-drivers (Torpey, 2000, p.60).

Generally in the 19th and 20th century we may observe a development towards two models for citizenship attribution and the related issuing of passports to citizens, namely on the basis of ius soli (“law of the soil”) and ius sanguinis (“law of the blood”) (see for instance Brubaker, 1992). The latter model had to do with the development of enhanced mobility of citizens beyond the state’s territorial boundaries, especially for economic reasons, and the possibility for nation states therefore to continuously keep a relationship with citizens living abroad.

What this alternative, empirical perspective reveals to us is the profound influence these new forms of personal identification and authentication may have on the governance of citizen – government relationships. Institutional innovation, the renewal of traditional citizen –government relationships as a result of the creation and development of new information practices, appears to be happening due to the introduction of IDM in various electronic citizen – government relationships . A new ‘law of informational identity’ may soon replace the existing models of citizenship attribution in the analogue world, ius soli and ius sanguinis.

Similarly to the analysis of the passport’s history we may observe that borders between customers and non-customers of government organisations; identified or non-identified subjects of the state; authenticated citizens or non-authenticated citizens, are being reset as a result of these newly available forms of authentication and identity management in e-government relationships. Not only does the same authentication system allow the possibility for government to provide people with access to its virtual territories; it also allows governments to keep people out of them. Analogously to the Prussian era where intermediaries like landowners, innkeepers and cart-drivers supported the government in the checking and validation of a person’s identity, new trusted third parties are emerging, such as banks, telecommunications providers, and credit reference agencies, to help government to check people upon their trustworthiness.

The history of the use of passports and their changing meaning in society shows us how important it is to look beyond their technical characteristics and, thereby, to make use of alternative perspectives in empirically exploring the introduction and functioning of new identification ‘technologies’. It also makes us aware of the importance to perceive the use of IDM systems in an evolutionary way and for instance to look for punctuated equilibria (Baumgartner & Jones, 2002) in the historical evolution of ICTs, e.g. the periods of crisis during the history of the passport, as important moments where changes often may happen in the use of these technologies.

What will happen in eras of crises with the application of this newly developing model of citizenship attribution, the ‘law of informational identity’, remains to be seen. Whilst there is this chief concern with enhancing e-government service provision to entitled, trusted citizens, there is, nonetheless, recognition that the security agenda of modern government is adding to a climate wherein the identification of the citizen is seen as of paramount importance. If services to the citizen are to be provided effectively, then identity issues come to the fore. If enhanced personal and State security is paramount then, once more, the means of identifying individual citizens becomes of crucial importance.

Dr Miriam Lips, Research Fellow at the Oxford Internet Institute, University of Oxford.
Together with professor John Taylor and Joe Organ she is working on an empirical research project on ‘Personal Identification and Identity Management in New Modes of E-Government’, sponsored by the UK Economic and Social Research Council’s e-Society Programme


Agar, J. (2003), The Government Machine: a Revolutionary History of the Computer, The MIT Press.

Baumgartner, F. & B. Jones (eds) (2002), Policy Dynamics, Chicago, University of Chicago Press
Brubaker, R. (1992), Citizenship and Nationhood in France and Germany, Harvard University Press, Cambridge
Cragg Ross Dawson (2004), Public perceptions of ID cards. Qualitative Research Report, COI Ref: 262 151.
Davies, W. (2005), Modernising with purpose: a manifesto for a digital Britain, Institute for Public Policy Research, London, UK.
Detica (2004), National Identity Cards: The View of the British Public, April 2004
Dutton, W.H., C. di Gennaro & A. Millwood Hargrave (2005), The Internet in Britain : The Oxford Internet Survey (OxIS), May 2005, Oxford Internet Institute, University of Oxford.
Home Office (2003), Identity Cards – A Summary of Findings from the Consultation Exercise on Entitlement cards and Identity Fraud, Cm 6019.
Neville-Jones, Dame P former chair of QinetiQ. Reported on 18/10/05 by silicon.com, 'Lack of "balls" in Whitehall will hinder ID cards' Will Sturgeon http://www.silicon.com/publicsector/0,3800010403,39153447,00.htm
| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada