As privacy fears around search engines and the Justice Department continue to rise, the issue of personal privacy is being thrust, once again, into the public spotlight. The conversation generally goes like this: “All the search engines are collecting information about us. There isn’t enough protection for our personal information. Companies must do more.” Suggestions of what ‘more’ is are numerous, while solutions are few and far between. Social engineering solutions that do exist fail to include effective ways of securing online activities. Technical services that allow you to completely protect your identity are geek oriented and lacking the polish of Google or Yahoo!.
Why is this privacy thing an issue, anyway? People feel strongly about their privacy and protecting their identities, but are lazy when it comes time to protect themselves. Should this be taken for a disinterested acknowledgement that we don’t care about our personal data? Short answer: no. If we look at what’s happening on the other side of things—the data that people put out there willingly, on sites like MySpace, and blogs, and flickr, I think the answer is obvious. Personal data is constantly being added to the virtual space because it represents who we are.
Identity production is a large part of online culture, and has been from the very first days of the Well. Our personal information is important to us, but the apathy arises from the fact that we have no substantitive rights when it comes to controlling it [1].
There are a few outlets where we can wrangle our information into a presentation of ourselves, but usually our data accumulates in drifts, in the dusty corners of databases. When search engines crawl through those databases the information unintentionally coalesces into representations of us. In the real world the ability to keep distance between social spheres is fundamental to the ability to controlling your identity; there is no distance in cyberspace. Your info is no longer dispersed among the different spheres of shopping sites, email, blogs, comments, or bulletin boards, reviews. Search engines collapse that distance completely and your distributed identity becomes an aggregate one; one we might not recognize if it came up to us on the street.
There are two ways to react: 1) with alarm: attempt to keep things wrapped in layers of protection, possibly remove it entirely, and call for greater control and protection of our personal information. Or 2) with grace: acknowledge our multiple identities, and create a meta-identity, while still making a call for better control of our personal data. The first reaction is about identity control and privacy and relies on technical solutions or non-participation. Products like sxip and schemes like openID allow you to confirm that you are who you say you, and groups like EPIC, and federal legislation (HIPAA, FERPA, definitely not the PATRIOT Act) help protect your information. But eventually this route is not productive—it doesn’t embrace the reality of living with and within a networked environment. The second reaction is about “identity production” [2], and that’s where sites like MySpace and blogs reign. There’s also a new service, ClaimID, that will help you create a meta-identity with a slick, web 2.0 workflow (full disclosure: the founder is a former colleague).
ClaimID is interesting in several respects. It let’s you actively manage your identity by aggregating information about yourself through searches, then tagging each item with several levels of aboutness. So you could say that your website is about you, and by you, whereas an article that mentions your name in conjunction with a project is not about you, or by you. Still, it’s part of your online persona. An interview: about you, not by you. A short history of New York: by you, not about you. ClaimID allows you to have these different permutations of relationship that help define the substance within and the ownership of each item. Everything can be tagged with keywords to link items. What you end up with is a web of yourself, annotated and organized so that people can get to know you in the way you want to be known.
This helps combat the unintentional aggregation of information that happens within search engines. But we also need to be aware that intentional aggregation does not mean it is trustworthy information, just as unintentional does not always mean “true to life”. We have a sense that when people manage their identities that they are repositioning the real in favor of a something more appropriate for the audience. We therefore put greater stock in what we find that seems unintentional—yet this information is not logically more reliable. We have to be critical of both the presented, vetted information and the aggregated, unintentional information. We still need privacy rights, and tools to help protect our identities from theft, spoofing, or intrusion, but in the meantime we have the opportunity to actively negotiate the bits and pieces of our identities on the network.