Online Community Roundtable

by Chris Kenton on February 29, 2008

I’m continuing to fly under the radar as SocialRep ramps up. We’ve just completed our first pilot with a major international customer, and I’m heading to Tokyo next week to present our report on the pilot and discuss pilot two. It’s been a hell of a ride for the past few months, and I still feel highly constrained in what I can say about what I’m to. But Bill Johnston and Jeremiah Owyang pulled me out of my shell last night at the Online Community Roundtable, hosted this time at Forrester Research. You can find Bill’s roundup here; and you can find Jeremiah’s here.

As always, the roundtable pulled an excellent small crowd of social media and community practitioners, and we spent a couple of hours talking shop.

Instead of rehashing the reports that Bill and Jeremiah covered so well, I want to follow up on the presentation by Charlene Li on the Future of Social Networks. Li proposes that in the next five to ten years, Social Networks will become ubiquitous and integrated into our daily lives–instead of navigating to social networks to engage in discrete activities, we will simply engage in activities in which social networking is naturally integrated. One key requirement of this level of integration is some kind of universal ID that does away with the 10 or 20 redundant ids we currently have to manage across distributed social networks. It’s a great idea that many are talking about, but few solutions seem imminent.

I want to add to this discussion by putting out an idea I’ve been thinking about for some time. I’m sure someone’s already thought of this, but I haven’t seen it covered. The concept is Identity Escrow–a service by which an independent 3rd party validates a consumer’s identity, and holds the real identity private, while providing an anonymous guarantee of id validity to any online community, or commercial service that requires proof of identity. In a real world scenario, I would sign up with an ID Escrow service, let’s call it IDVault. I would give IDVault my real name, social security number, and perhaps a credit card number, all of which can be used to verify my true identity and credit worthiness where needed. In turn, IDVault provides me with an ID Number that I can now use anywhere it’s accepted on the Web to validate my identity–my age, citizenship, credit if necessary–without actually disclosing any private personal or credit information.

There are a number of problems I think this would solve. 1) I would only have to disclose my identity and personal information to a ~single~ company, and would therefore be able to more easily track the use or abuse of my private information. 2) I would never have to disclose private personal or credit information to an ecommerce company. The merchant wants payment, but nothing in the commercial exchange guarantees their right to my personal information. If I have an ID Escrow account, I can make a guarantee of payment without disclosing information that will lead to a mailbox full of spam. 3) Any company requiring proof of id–including proof of age, citizenship, or other security details–would get that guarantee from the Escrow number, without actually getting the sensitive data that compromises my identity.

While I think the concept of universal open ID is great, I think people have legitimate reasons to modulate their identities in different places, without compromising information that links back to a personal identifier–like an email address. But that personal right to privacy creates the potential for predators to abuse the anonymity of the Web to carry out illegal acts. I think an Identity Escrow service would not only solve some of those problems, but provide a commercial value to consumers who want to sheild their private information online.

What do you think?

{ 6 comments… read them below or add one }

Mike March 1, 2008 at 8:04 am

indeed social networking websites have become a habit for some while some use them for casual purposes like meeting random people online. The fact is that nobody wants to live without these social networking web portals.

Kee Hinckley March 1, 2008 at 1:48 pm

Credentica (http://www.credentica.com/) might be doing what you describe. From Bruce Schneier’s blog comes this description:

Cryptographer Stefan Brands has a new company, Credentica, that allows people to disclose personal information while maintaining privacy and minimizing the threat of identity theft.
I know Stefan; he’s good. The cryptography behind this system is almost certainly impeccable. I like systems like this, and I want them to succeed. I just don’t see a viable business model.
I’d like to be proven wrong.

Anonymous March 1, 2008 at 1:57 pm

Thanks Kee. I’ll check it out.

RE: “I just don’t see a viable business model.”

Really? It seems like there would be a strong transactional model for eCommerce, driven by substantial paranoia over identity theft, and irritation at aggressive marketing. If I had an alternative to PayPal, that did everything PayPal does but also sheilds my personal identity, I’d jump to it in a heartbeat. Maybe Credentica is an M&A opportunity for Paypal….

Kent Langley March 1, 2008 at 8:58 pm

Hi Chris, I didn’t get a change to speak with you directly but I did enjoy your talk. It was very insightful and thought provoking.

I don’t know if the “IDVault” concept will or should ever be one company per say. But, you may not have meant that exactly. I think that the “company” should be more along the lines of the domain registrar model where there are many official registrars providing a common service. As with anything they would vary in quality but there is some degree of competition. I’ve thought about this a bit as well. So, I usually imagine it being more like the model domain registrars and/or certificate authorities follow. An Identity Certificate Authority (ICA) would be granted access to your pertinent information by you such as credit scores, bank accounts, DMV records, loans, criminal records, educational records, etc. Then, they would produce an authoritative certificate that would essentially qualify that you are indeed who and what you say you are. There would be, like in public/private key authentication a public and private version of this. You can give someone your public “key” in any variety of ways and they can use it to verify. It’s like a digital finger print in a way. I’m sure they’d need to pay for that privilege. There needs to be some way to make sure that those using the keys would only be granted the access they need to your certificate, not everything. In that way, your certificate could be something like an onion w/ layers with the outer layers including some degree of anonymity or even layers of alternate identities until you get to the core where it’s really you. It just occurred to me while typing this that it would be interesting if the identity certificate authority would share request revenue with the key holder. Popular people could really make some money!

Of course, whatever does get done needs to get done globally and be well governed. That, of course, is an interesting problem as well.

I also found Charlene’s talk intriguing and there is only one company on the planet today that has a chance of crunching the kind of data necessary and fast enough to do what she was talking about. But, there are some technologies starting to catch up to Google and with the advent of more accessible Cloud/Grid computing some amazing things are staged up to happen in the near future. It’s a fun time to be in tech from my point of view!

Thanks for the engaging post!

Lylewp March 23, 2008 at 10:27 pm

thats it, bro

lifelock April 25, 2008 at 8:01 am

Providing your personal or financial information through an organization’ s secured website only. While not fool proof, a lock icon on the browser’ s status bar or a URL for a website that begins“ https:” (the“ s” stands for secure), may provide additional security.

Leave a Comment