David Weinberger "Digital Identity" Impressionistic transcript by Cory Doctorow doctorow@craphound.com July 9, 2003 Supernova Conference Washington DC -- I am deeply ignorant of Digital Identity and I hate it. It turns my stomach. I'm not atypical. Why am I so irrationally afraid of DigID? I'm not sure. I have no argument against it, but here are the roots of my insecurity. For starters, I'm a hippie. I am not a number. But in the main, I don't mind having a passport a credit card, a drivers' license, and I'm emotionally attached to my phone-number (something the cellcos know, which is why they resisted number portability). But it's being pushed down from the top. There's no user-demand for this. Maybe we don't know that we need it -- maybe it's how we kill spam. But we should worry about stuff coming from the top in the absence of user demand. We already have the stuff we need to conduct transactions over the web. I buy stuff all the time. I don't have security problems. I give my credit card, and sometimes the three-digit code, and sometimes respond to a confirmation email. Do we need more security online than we do in the real world? My signature can be forged with a random scrawl, and yet I buy stuff all the time in meatspace with nothing more than my card and my scrawl. I don't have a problem with security, yet "they" want to impose it on me. I'm worried that ID violates the end-to-end principle. Doc Searls describes the "Repetitive Mistake Syndrome": corporations make the same mistakes about the Internet over and over again. The Internet's value comes from: keep services out of the center of the network, because it omptimizes and closes off innovation at the edges. When Adobe tells me that 98% of the of the Internet uses Acrobat, when I need to use Acrobat to talk to the IRS, then we have effectively proprietary software in the functional center of the Internet. DigID in the center scares the crap out of me. We can end up with a new digital divide, not between rich and poor (today, if you can afford a color TV, you could instead get a PC from Dell -- though globally lots of people can't afford a color TV), but through the two realms of the Web. Companies and governments will want more and more info about us. We could become Internet Amish and exempt ourselves. This is more a theoretical option than a real option. It's like DRM: on paper, it's a good thing: every artist gets to negotiate with every member of her audience. Enables superdistribution, etc. But in the real world, huge entertainment cartels control our mass culture. If the only way to participate in culture is to accept the DRM and the "trusted" platform specified by the cartel and supplied by MSFT, or be locked out of my own culture. In the real world, the playing-field isn't level: cartels and monopolies make DRM stink. DigID isn't as unequivocal. On paper it looks like a good idea. In the real world, it seems possible that it will bifurcate the net into the authenticated and unauthenticated sections. One side is 0wned, signed, and the other side is unowned and messy (it's where were live now). With a single public Web, the public institutions have to take on the positive characteristics of the messy web: less controlling, less heirarchical, more open to the sound of the human voice. These orgs start sounding like human webizens. They let down their hair. In the 0wned web, we'd lose that. It's the corporate web. It's the intranet. IM swept the interweb. We used it to flirt and such. But when it hits the workplace, it inverts and becomes a system for keeping tabs on you and interrupting you with requests from people above you in the heirarchy. Accountability on the messyweb is a bad thing. The center trusts the edges to do interesting stuff, to generate stuff that the center never could think of. No matter how smart the poeple at the center are, they're not as smart as all of us put together. My concerns reflect a cultural divide similar to the DRM debate: artists should be compensated and we need accountability to make that happen. Sounds reasonable; on the other side, screw that kind of fairness -- we've got glory in the net, and we have to sacrifice accountability, in order to get the abundance of music. We don't own every bit in the glorious world -- give to EFF! Trust is extrinsic: me as a consumer trying to rip off an online store, there is no trust. We have to build in explicit trust. But explicit trust is the OPPOSITE of trust. The reason I trust Dan Gillmor's email is because I know what he sounds like and he doesn't try to sell me penis extenders. If I say "Dan, prove you're you, show me your drivers' license," I've destroyed trust, by making it explicit. Implicitness is important. The day I have to sit down and think about which David Weinberger I am in my transaction with person X ("Financially trusted middle-class DW who lives in Boston") is the day that identity is failed -- making identity explicit destroys it. This is why faux social networks like Friendster are doomed for genuine social interaction beyond wife-swapping and dating. LinkedIn is great for corporate networking, but once you ask people to fill out a form, you blow up the social network. Just as a group talking about its rules will kill the group, making social networks explicit will make social networks useless. I'm a hippie: explcitness kills the social network. -- Dan Gillmor: What's wrong with a bifurcated 0wned/trustedweb? Won't some companies prefer to live at the edge and charge a little more for the increased risk? Weinberger: There will be a huge temptation, an irresistable urge to adopt LibAlliance or Passport, and then to get more info.