The thought experiment
When we create an account in a virtual environment like Facebook, we have essentially created a digital identity. Digital identity in technical terms is something that we control that can be considered as an entity, which interacts with something virtual. I googled digital identity definition and the results mostly are that it is a set of digital attributes, which include personal information, which are used to identify the communication source by other virtual entities. Question is that is the existence of personal information in digital identity really relevant to its definition? Digital identity does not seem to be linked to anything that people refer to as identity. Following thought experiment should explain what I mean.
If we were to look at 10 newly created Facebook profiles with no personal information, they all look the same to us. However, looking at the code that defines these profiles for Facebook’s ICT infrastructure, you will find that these accounts are unique and different from each other by their exclusive “under the hood” identifiers. So now, let’s get to the interesting part, say we make these 10 accounts have the same name, and fill them with the same social posts of real pictures. Let’s also imagine they have the same family pictures. Now, what do you think happens? From a human observer point of view, we would still find no difference between the accounts. However, the computer still does, making a distinct difference between what was posted by all 10 accounts, no matter the order.
What has really happened here? To put it simple, we have 10 different entities that interact with the Facebook platform, but for any of us, we would probably see only one, namely the same person. Here is the key point to discern and to help explain what this means, I will use this scientific article from ResearchGate. Given the constructs given in this article it would suggest that a single digital persona and 10 different digital identities have emerged as a result of the thought experiment. The digital persona article defines that a digital persona is “a part of the individual identity that has been extended into the online sphere to which corresponds a digital unconscious structuring a digitally divided self”. My suggestion is to look it also in this way - digital persona is a collection of information that the cognitive and sensory mechanics of a human being parses into an individual actor, a character. This differentiation of digital identity and digital persona is crucial in creating better future ICT systems. Digital identity is something that is in the virtual dimension and does not directly interact with us, people, but interacts only with machines. Digital persona on the other hand, is what people use, to make sense of interactions in virtual space.
A question is about how to keep the digital persona unique and authentic to its owner in a trustworthy way? At Agrello we are using Public Key Infrastructure (PKI), to tie identity verification to a digital identity. It expands the possibilities of using digital signatures also in situations, where trust is not well established.
Are you sure someone is not using your data to make an authentic looking fake digital persona? Have you ever interacted with someone possessing such digital persona? Let us know in our social pages.
The heavily overlooked problem
As a result of this experiment I have some concerns. A digital persona can characterize everything, the fictional, the real and the fake. Now, what adds a little spice to a digital persona is the fact that by definition it has no relation to a digital identity at all, unless the technology is specifically built to tie them together. Theoretically, it is possible to put the feed of a Facebook account into a computer local folder and show it to a 3rd person. That third person would still acquire an impression of a character or characters within this information. The concern is that, it is super easy to generate fraudulent but authentic looking personas in social media and internet in general. The aim of this might be slander, fraud, manipulation or any other malicious act.
Digital identity is merely one way to generate, control and convey a digital persona. Also, the interactions of digital personas online can only happen with the help of digital identities controlling these personas. For example when we chat online, we do not directly exchange words with the person on the other side, but we command a computational system to deliver a package of input information to another computational system, which then has to project it on the screen in a certain place.
In addition to a single digital persona, the information available can create several digital personas at the same time. For example, when posting pictures of relatives and children, then others also have information of their persona digitally. Online, these personas are simple to copy and steal.
Here is an idea to mitigate the concern. Before people can create and access digital identities and personas in an environment, wouldn’t the requirement of secure identity verification reduce motivation of abuse? I believe that linking a digital identity to a physical identification increases authenticity of people online. The secure identity verification can be in the background as a last resort to avoid or sanction abuse. Depending of the nature of the e-service, everyday activities could still happen under fictional digital personas and anonymity. It is important that none of the digital personas are stolen or/and used for fraud.
The Verizon Data Breach Investigation Report 2020 states that 22% of data breaches against businesses involve social engineering, of which the creation of a fake or fictional, but authentic looking digital persona is at its core. Although social engineering attacks against businesses happen mostly through e-mails, the attacker still has to create a convincing persona. According to the US Federal Trade Commission the most dominant categories of fraud in 2019 were identity theft and imposter scams. Also, an example of an environment where anonymous fictional or fake digital persona creation is possible.
All of the above is the reason why we at Agrello are using technology (PKI) that ties identity verification to a digital identity, enabling people to securely use digital signatures in every situation, even when trust is not that well established…
Start signing digital documents securely. Get started here (it’s free): https://docs.agrello.io/sign_up
