Thursday, September 1, 2011


Self is an identifying four letter word.

Over on Google+, the debates and confusion over the naming policy continue.  The latest twist is that Eric Schmidt, Google's CEO until a few months ago and its current Executive Chairman, made several statements regarding Google's role as an identity service and where Google+ fit into that role.

He starts out strong by making some comments that actually make sense.  We do want to make sure that when we interact with others that they are who we think they are - be that another person or a company or a program or a family pet.  That holds true for both online and offline interactions.  There is nothing magical, in this case, about online vs offline.  When we're offline, we may have been introduced to someone by a mutual friend or not trust them initially and take our time until we learn more about who they are.  As part of this process, we may associate them with a name, but this name is a reference to them, not the sum total of their identification.

Mr Schmidt even begins to capture some of this when talking about moving to the online world. He correctly says that when it comes to people, we trust their identity either through information they reveal about themselves (their name, their picture, other information they may reveal publicly or privately) and/or through the relationships they have with others (if Joe is friends with my friend Sarah already, then there is a good chance that Joe may be my long lost friend as well).  We can almost forgive him for messing up history here - authentication in an academic setting was and is a big deal, and the academic solution to the "web of trust" long predates what MySpace and Facebook only begin to capture, but we'll get to that later.

Where it gets confusing is that after talking about how identification is provided by this set of information, he then trips over his whole logic by saying that on Google+, people should be "identified by some sort of a real name".  Nowhere in his discussion about identity did he say this - if we didn't know this was already Google's policy when it comes to Plus we would say it comes out of left field.  In fact, it directly contradicts what he says earlier.  He even says that people should "stand up for something", a policy that pseudonyms have long supported in the western world.

But names are not an identifier.  It may be part of an identifier (as with the "verified by your friends and your face" method), but it cannot uniquely identify one person over another.  At best, it serves as an advertisement about who we might be, and invites people to ask more questions to help seal that verification - it is the handle to the sum total of everything about ourselves.  A good identifier never changes - its goal is to make sure that the entity you're talking to today is the same one that you talked to yesterday, even if you don't know anything else about that entity.

What the name policy seems to encourage is not the "sum total of yourself" that he suggests in the first part of his comments, but rather the "identified by a higher authority".  This was even confirmed when Google+ rolled out their "Verified Name" policy - note what it was called... not "Verified Profile" but "Verified Name".  This is where I think Google+ and Eric Schmidt are going down the wrong path.  This method has been tried before, and it is a horribly problematic solution to the identity problem.

Remember I mentioned before that academics had a solution to identity?  It relied on a "digital signature" that could be used to prove that anything "signed" by you was yours.  It further went on to establish that you could, essentially, sign a statement that someone else's signature was actually theirs.  And they could sign yours.  And so forth and so on.  By providing our signature, we would not only be providing proof that something came from us, but we are also providing a list of people who are willing to vouch for it, along with a list of people who are willing to vouch for them, etc.  If I needed to verify the identity of a signature, I would see who is vouching for it, and eventually work my way through this web to find someone whom I trust.  This model very closely fits the real world - we affix our signature to things that we assert are ours (credit card slips, checks, official documents, etc) and we may have witnesses or notaries to assert that the signature is the one that belongs to us.

So why wasn't this adopted?  I actually touched on this a few weeks ago when I discussed patents.  The public key system that it relied on was patented by RSA, and RSA had another scheme in mind.  Instead of letting people create their own web of trust, they wanted a clear chain back to a central authority - them.  They would license the permission to create signatures to a group of companies.  Those companies would validate signatures presented to them.  People who wished to verify a signature would follow a single, clear, signature chain back up to the central authority.  In theory, the central authority could be trusted to keep the signatures secure, but in practice this has failed time and again.

The bigger problem for individual identity is that this policy has stifled the use of personal digital signatures.  Without this, we cannot trust that our mail comes from who it says it does, and companies cannot trust that the purchases made in our name actually come from us.  This is where Facebook and Google are attempting to fill a void - they want to serve as the guarantors of our digital signatures.  And to do that... they need to be able to know who we are.  But they will suffer the same problems as other schemes have - it is fairly easy to forge information and pretend to be someone else.  In attempting to be an authoritative identity provider, the best they will be able to do is to verify a name.

So where does that leave things?  Nowhere really.  It leaves Google continuing to work at cross-purposes to its own goals, pursuing a name policy for no good reason while it bungles its connection policy and tries to establish itself as an authentication source in a scheme that has not worked.  It leaves people who are trying to use Google+ vulnerable to connections they don't want and unable to maintain connections they do want.

But it still leaves the totality of our lives and our friends, the core of our self, as our only true identity.