Privacy Advisor

Identity Linkage and Privacy

July 1, 2007

Karen Lawrence

The subject of privacy and identity is by no means new, and many countries have legislation geared towards the protection of personal information. There exist nonetheless inconsistencies between countries regarding the right for privacy. Information gathering engines are prevalent wherever we go online, gathering our personal data as quickly as we share it — wittingly or unwittingly.

What is new is the paradigm shift on how we use the Internet: we like to show the world that we are here, what we do in our lives and what we think. This article briefly examines this shift and how perceptions concerning the responsibility for our personal information are due for an overhaul.

Background
Originally the Internet was motivated by the need to share information, which has led to a thriving e-business community and the resulting drive for information security. The focus for information security has traditionally been to ensure the availability, confidentiality and integrity of information. The success in this area has led to a significant migration of consumer activities from the traditional brick and mortar storefronts to a thriving global e-commerce community. This migration has also prompted crucial security concerns: the safety of personal information and privacy.

Protection of our privacy is not new. Well before the majority of us went online, we signed up for loyalty cards (store cards, air miles, etc.) that gave us privileged status with our favorite store, airline, etc. Our reward was getting special discounts on purchases, express checkout in the supermarket and maybe invitations for special events, free flights, priority upgrading, etc. In return, the card providers received information on us — consumer demographics: what we bought, how often we bought, where we traveled and how often, and more. These card are still popular today, and from the information gathered card providers can derive the size of our household, our lifestyle, our salary, age, job, children, cats, dogs, etc. We, as consumers, also receive in addition to discounts, advertising materials targeted personally at each of us as an identified consumer group. This can actually feel nice, perhaps giving us a feeling of belonging and increased importance and status with the card provider. This is particularly the case with airline loyalty programs and stores targeting higher income groups. We consumers, it seems, have for some time been quite comfortable giving away our personal information when we perceive the benefit outweighs the intrusion.

Privacy Secured
In Europe privacy is a basic human right supported by the EU Directive on Data Privacy (95/46/EC). In the United Kingdom, the Data Protection Act 1998 (DPA) protects the private information of UK residents. Organizations that collect personal data must register with the government and take precautions against the misuse of that data. DPA prohibits the collection, use and dissemination of personal information without the individual's consent. Individuals have the right to know the reason their data is being collected and to be assured that their personal information is not being sold or used for other purposes. Organizations are obliged to tell individuals the reason for information collection, to provide access and to correct any inaccuracies that may have been stored. Finally these organizations must demonstrate that personal information is kept secure and inaccessible to unauthorized parties. For example, if you live in the UK, your medical records cannot be shared with any party without your permission; you have the right to access this information; and your health authority has an obligation to ensure that your private data is stored securely. DPA also protects you against a company's selling your personal information in countries that do not adhere to the same rules as regulated in the EU.

This is all very well except that the Internet is global and borderless. Hence, it is not obvious which country is hosting the site you are browsing. (See www.thewhir.com/find/domain-names/guides/cc-tld.cfm.) In effect this means that those gathering your personal information, which you — knowingly or unknowingly — shared with them, are controlled by their business ethics, their motivations for collecting the information, and how they are restricted by the legislation of the hosting country. For example, the U.S. approach to data privacy has a strong cultural bias and a business philosophy for self-regulation with minimal federal and state legislation. Examples include the Health Insurance Portability and Accountability Act (HIPAA), which has had a far reaching impact on the American healthcare sector by enforcing the protection of patients' medical records; Gramm-Leach-Bliley Act (GLBA) which protects the privacy of an individual's financial records; and COPPA which was
enacted to add controls on the collection of personal information on children. There is, nevertheless, nothing so encompassing nor as far reaching as the EU Data Protection Directive and its fundamental assumption that privacy is a basic human right.

Privacy for Sale
In the United States some members of the U.S. Congress have tried to pass pro-privacy legislation, but they have been blocked. NetCoalition.com, whose members include AOL, Amazon.com, Yahoo!, eBay and DoubleClick, is a powerful lobbying force for self-regulation. (See www.netcoalition.com/index.asp?Type=B_BASIC&SEC={ A26D1466-305E-467B-884C-9346DF70A932} ) For these companies, privacy is bad for business, and they use data gathered from us in order to make money.

How they do this is simple:

1. When you purchase goods online your identity is logged automatically during authentication.

2. Whether or not you buy anything, how you navigate over the Web site — mouse movements, clicks, pages visited, etc. — might be logged by using cookies stored on your computer (according to the article, "Cookies and Web Bugs," which appeared in Information Security Management Handbook 2005).

Sometimes we will be warned that they are collecting information on us, and we may even be given the option to opt-out after reading a long privacy statement. However, many of us do not understand or care enough to take assertive action. This means the online store knows who you are, what you purchased, and your buying habits.

Consequently your private information can become a part of the Internet, a constituent of a living information pool fueling those ethical and less ethical practices found with data collection and use of that data.

Your private information, which traditionally only had a value to you, is of significant value in the hands of others. The privacy implications are profound. Information about you, when collected, could end up anywhere in the world and proliferate exponentially during our lifetime. The question is how much of this information is Personally Identifiable Information (PII) — information that is linked directly to you personally. Is there personally identifiable information out there that could be damaging to you?

Online Identities
Web 2.0 brings a whole new arena of social networking. This was recently brought to public attention by Time magazine's selecting The Person of the Year 2006 as "You." The implication being that each one of us has collectively made contributions to major milestones acknowledged as significant during 2006. For example, it is the collaborative efforts of individuals that have made Wikipedia such a powerful tool. We review books and collectively have the power to sway public opinions. We are virtual communities, and we are using the Internet to willingly share our private information with the rest of the world, e.g., blogging is cool! We like to show the world that we are here, what we do in our lives and what we think. We even publish photos and videos of ourselves online. While many attach real names to published content, it is common to use online identities (alias names). Online identities are sometimes linked to our physical identity in some form, although the linkage is not always obvious or known.

Online anonymity provides users with the opportunity to take part in forums without needing to be accountable for their actions which may otherwise have an impact upon their reputation. Anonymity also gives people, who may otherwise be inhibited, the opportunity to communicate in a way they have never done before. This may lead to increased self-confidence, as well as provide increased satisfaction and development potential in their physical — real — life. Occasionally, when we participate in forums, we may chose to reveal our real identity to those members with whom we wish to extend the relationship into the physical world.

We are not just playing at social networking; we are doing this in our professional lives too. Many of us have created professional profiles within online network communities that are built upon the base assumption of mutual trust and personal recommendations. How much personal information you include in your profile is determined by the need to provide enough information to network effectively, while on the other hand, keeping personal content to a minimum since it is after all public. You add someone to your personal network on the assumption that you either know him or her personally or by referral of someone you trust. If you are using LinkedIn (http://linkedin.com), for example, your network consists of Direct Connections (those that you know/trust), Two Degrees (those that are friends of friends) and Three Degrees (their friends). Your total network grows exponentially with every new connection. Head hunters are power users of these types of trust networking tools, as are those searching for new employment and business opportunities.

Today
The Information Age is here — a paradigm shift that includes 1000s upon 1000s of thriving online communities, covering any topic you dare to imagine. And most of us have at sometime partaken of online communities of one form or another. Over time active participation can lead to online relationships and reputations which are influenced by how we interact as part of the online community.
Networking and collaboration are the buzz words along with a growing awareness that, in addition to our physical life, we can also have a Virtual Life. Well known virtual worlds include World of Warcraft, Lineage and Second Life.

The Virtual World
Second Life (http://lindenlab.com/) was initially an empty virtual world that is now populated by over 3.3 million virtual people (avatars) with real physical identities behind each one of them. These numbers are growing at 230,000 per week, according to an Investor's Business Daily article. (See http://investors.com/editorial/IBDArticles.asp?artsec=17&issue=20070221)

The social side of Second Life attracts many players. Residents in Second Life can buy their own islands, create dream houses, become clothing designers, go fishing, spend nights partying in clubs and bars and, of course, have virtual sex with each other.

Everything in Second Life costs Linden Dollars (L$) which can be purchased using real money. It is possible to exchange real money to L$ and back again using the L$ exchange rate. It is perhaps not surprising that Second Life and comparable virtual worlds are giving rise to considerable attention and participation from the mainstream business world as a new marketing opportunity, and some are even making money. For example IBM has acquired 24 Second Life islands. Other companies with a presence are General Motors, Toyota Motor Corporation, Dell, Cisco Systems, Sun Microsystems and Reuters Group (according to the article in Investor's Business Daily).

The real beauty of Second Life is that you are unrestricted by those physical, cultural, and sociological boundaries of your physical environment. You create an avatar and evolve your virtual identity. Over time this could include the purchase of additional avatar abilities or commodities that facilitate the evolution of your online experience and reputation. In Second Life you meet other residents and become part of Second Life communities — just like in the real world. Your avatar protects your anonymity with fake name and looks.

Theoretically the use of anonymity in Second Life should mean that there is no link to your physical identity. Unfortunately there was a security breach on the Second Life member database recently (2006) whereby the fear was that sensitive information had been disclosed. (Read the Security Bulletin at http://secondlife.com/corporate/bulletin.php.) It could be argued that the compromised information could link members' virtual identities to their physical identities via their credit card that they used to buy L$.

The Identity Linkage Continuum
Evidently any individual may have many virtual identities and a portion of those could present some identity linkage to their physical life. To what extent is to some degree influenced by ourselves, i.e., our online awareness. Exposure of personal or sensitive content could be in the form of a blog, some remark we left on somebody else's blog, or an Amazon.com book review. It could be something from our virtual life. The fact is that even if we delete any identifying data — something that might at some time compromise or sully our real identities — something will, without a doubt, still be out there somewhere.

Today's recruitment agencies google applicants during the screening process and some of us do the same when we meet somebody new. This brings to mind some questions concerning our identity, such as, what is our identity? Are we at threat of losing control of ourselves: who we are or who we are perceived to be? Are there not things in our lives that we would prefer not to have recorded digitally for prosperity? If our virtual identities become linked to our physical identities, what are the consequences? Is it possible that whatever we do as our virtual identities can influence decisions that other people make about us in the physical world? In effect, our personal or sensitive information stored on the Internet yesterday has the potential of jeopardizing what we may want to achieve today or tomorrow.

In the scope of this article, there has been a fuzzy relationship between identity and reputation since, firstly, what we do in our life has an impact on our reputation (professional/personal, etc.); and secondly, it is by building our reputation that we create for ourselves an identity. The theme that presents itself repeatedly is the possible linkage between our online activities and our physical identity and the potential impact our online activities could have on our physical identity/reputation. This linkage is referred to as Identity Linkage Continuum. (See http://en.wikipedia.org/ wiki/Pseudonymity#Pseudonymity_and_online_reputations.)

Identity linkage continuum denotes a many-to-one relationship between an individual's online activities and physical identity. The identity linkage is not affected by time and may comprise of positive or negative influences on an individual's physical identity/reputation at any given time during life.

The Janus Identity Model
The Janus model presents the concept of the identity linkage continuum, setting the physical and online identities as reflecting each other on a timeline, and the time is today. The online activities are somewhere in the past — which could be a measurement of seconds, minutes or years — and have the potential of impacting an individual's physical identity today. The residue (information that is floating out there somewhere in cyberspace) of online activities is timeless and hence has the power to impact — either positively or negatively — an individual's reputation in the real world, regardless of where on the timeline the physical identity is situated.

The model takes its name from the Roman mythological god Janus, the god of gates, doors, doorways, beginnings, and endings. Janus was frequently used to symbolize change and transition, such as the progression of past to future, of one condition to another, of one vision to another. The identity model, like the god, is depicted with two faces looking in opposite directions, representing the physical and the virtual world. With the model the assumption is that most online activities are at sometime linked to an online identity, whether an alias, a real name, an e-mail address, etc.

Not all online activities that are digitally preserved are linked to the physical identity — some could have a ‘dormant' identity linkage, i.e., a link that is not apparent but becomes active as a result of some real person having knowledge of specific personal information (e.g., name change). Hence, the aggregate of knowledge leads to an identity-linkage and exposure that would not have otherwise been possible, largely because aggregations of data maybe more sensitive than the individual items.

We can only speculate on how today's younger generation will deal with this challenge in the future, when they realize that something that they may have published, shared or done online in the past may impact their professional or personal prospects in the physical world today and tomorrow. Yes, there are laws protecting, to a degree, privacy. However, they are inadequate given the social evolution that we have seen happening over the last few years. What we can expect is a rapid growth in those businesses specialized in hunting down and eradicating digitally stored information residue that could be linked to us — as people.

Conclusion
The control that we have over our identity today influences how we are perceived by our friends, employers, colleagues and others whom we have not yet met. It also impacts how we are perceived in the future. This is nothing new except when we consider that often what we do today is stored in digitally somewhere by someone and something. The consequences can be positive and negative. It is positive if it reaffirms what you have stated about yourself. If it is something that you would prefer be forgotten, then you could have a problem…

References and Further Reading
Time, December 2006
Hedley, Steve and Aplin, Tanya, Blackstone's Statutes on IT Commerce and e-commerce. 2nd ed. Oxford University Press, 2004
Stewart, James Michael, Tittel, Edan and Chapple, Mike , CISSP Study Guide. 3rd ed.
Wikipedia, http://en.wikipedia.org/wiki/Janus_%28mythology%29
Data Protection in the European Union, http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm

Karen Lawrence Öqvist, MscIS, is a Senior Information Security Consultant with Hewlett-Packard based in Sweden and has 15 years experience in the IT industry, 10 of these years in Identity Management. She worked for Novell before joining HP Sweden in November 2006. She has a Masters Degree in Information Security from the Royal Holloway University of London. She can be contacted at karen.lawrence@bcs.org This e-mail address is being protected from spam bots, you need JavaScript enabled to view it , and hosts a blog at http://mysecuritybox.blogspot.com.

©2007 ISSA Journal. Reprinted from ISSA Journal April 2007 with permission from ISSA, Inc. and the