May 1, 2008
Keeping ID hard, shameful, or at least awkward
A couple of days ago, a post on a Canadian newspaper’s blog gave me credit for something I didn’t do. Before I could leave a comment correcting the post, the site insisted I register. Registration there is free (in the “no cash changes hands”) sense, but it required me to supply not only my email address and name, but also my sex and age. It also permitted me to enter yet more demographic data, which I declined to do. I didn’t want to have to supply any info, but i really wanted to correct that post. It even made me confirm an email they sent to the address I registered, because, I suppose, otherwise the terrorists have won.
The experience made me worry yet again about the efforts to put individuals in control of their own identity information. That sounds like an unarguable good, since the alternative is unarguably bad: letting others have control over your identity info. But the effect of these good-intentioned efforts will be — I’m afraid — a rapid decrease in personal privacy. For, the personal ID efforts not only give us control over our information, they also make it easy for us to supply it to others. Rather than having to type in our home address yet again, these new ID schemes will enable us to furnish information simply by pressing a button.
Since just about every vendor on the Web would like to know more about you rather than less, why won’t just about every vendor ask for more information rather than less? It’s all just a button press. Of course, you can choose not to deal with vendors who ask for too much info, but most of us will compare that with the post we want to correct, the sweater we want to buy, or the vacation we hope to win, and will just press the button.
We are making it easier to supply personal information without making it harder to ask for it. That should worry us.
Since the efforts to give users control over their personal information will inevitably continue — and the who I know who are involved in this are among the greatest champions of Web openness and personal freedom — here’s a suggestion for making it harder for vendors to ask for more information than they need. Suppose we were to create some rough categories of “asks,” and give them unambiguous names. For example, we could call the ID info that does nothing but verifies that you are who you say you are when buying something the “Credit Card Authorization Swipe.” The “ask” that wants to know your name and email address could be called the “Email ID Swipe.” The one that wants to know your demographics could be the “Marketing Personalization Swipe,” etc. The aim would be to get vendors to use those names with some uniformity, so that we not only would know what we’re giving, but there might be some market pressure (or at least some shame) not to ask for the full demographic roster when someone’s just trying to correct an error in a post. These nomenclature packages could even be graded to indicate how invasive they are.
I’m just thinking out loud here, but if we’re going to make it easy to give out our personal information, we ought to be thinking about the norms, market forces, or rules that would make it harder to ask for that information.
* * *
I’m on the road, so I may be pokey about replying.