timothy falconer's semantic weblog
Big Fractal Tangle

universal human identifiers

Anyone who’s made software for any length of time will be familiar with the perennial quandary: how do we uniquely identify human beings. First and last names are no good. Home addresses and phone numbers change all the time. People are reluctant to give out Social Security Numbers. This leaves the most unlikely candidate of all: email addresses.

How did we arrive at email addresses as our universal identifer? Nearly every web account uses email addresses. PGP uses email addresses. Even FOAF uses email addresses (hashed or not) as the primary key. Seems odd that the thing about us that changes the most often (other than our spleen) be chosen as our persistent identifier. Perhaps the people making this decision have more stable email addresses (universities, companies, etc). Most non-corporate, non-academic people I know change ISPs about every fifteen milliseconds, requiring an email change each time.

One solution is domain names. I happen to own timothyfalconer.com, which serves the purpose. Companies are likewise identified by domain. Is it worth $15 a year to preserve my identity? And what of the “Bob Smiths”? Will they have to get “BobSmithOfSchenectadyNewYork.com”? Web services like the Handle System and purl.org and even Microsoft’s Passport have all tried to address this problem. There doesn’t seem to be any contender (that I know of) for the Universal Human Identifier.

Let’s reconsider the SSN (or equivelant) for a sec. Everyone in the US has a unique lifetime number assigned to them, and most of us have it memorized. It’s used in all our official paperwork. It’s used as a student ID number in college. Yet it’s considered too risky to use more generally. For some reason, people are more reluctant to give out their SSN online than their credit cards numbers. Most cite privacy issues as the reason:

There are two problem with the way SSNs are used these days. The first is that they are used (by different parties) as if they were both a representation of identity and a secure password. The second problem is that they have become a widely used identifier which can be used to tie multiple records together about a single individual.

Hmm…”widely used identifer which can be used to tie multiple records together.” This sounds strangely familiar. Isn’t timothyfalconer.com just as dangerous to me as my SSN? Won’t human URIs, whatever we use, cause exactly the same concern?

And is this concern really warranted? Wouldn’t we just be better off finally excepting that our DNA Fingerprint (or the like) will be emblazoned on everything we touch, and this information will be accessible to everyone, whether we like it or not? Isn’t our trust in “privacy policies” a kind of social pacifier, that in the end just relaxes our guard? And when you come right down to it, don’t you think that anyone, anyone, with enough motivation and money, could pretty much find out everything they wanted about you, even now?

I mean really … we live in an age where anyone can type your name in Google or InfoSpace and find tons about you, including your street address, complete with arial map. Isn’t it time to just give up and let our clothes drop to the floor? Aren’t you just as likely, or more, to be victimized by a random passing stranger as a lurking Internet creep or evil corporation?

Lots of questions, but no answers tonight. In this area, I really just don’t know. It’s still worth asking the questions though.

Comments are closed.