scenarios of identity management in the future...life logging, life streaming or the quantified self...
TRANSCRIPT
2
© IMPRINTS Department of Social Sciences Loughborough University Leicestershire LE11 3TU www.imprintsfutures.org www.facebook.com/imprintsfutures www.twitter.com/imprintsfutures
Table of contents
SUMMARY 1 Introduction and purpose 1
1.1 Purpose 4
2 Theoretical framework: Cultural logics, premediation and scenarios 5
3 Design and methods 9
4 Outcomes: IM Technologies 11
4.1 Body based 11
4.2 Token based 12
4.3 Knowledge or memory based 13
4.4 Multifactor authentication 14
5 Outcomes: IM Contexts 14
5.1 Individual – organisation 15
5.2 Individual – individual 15
5.3 Individual – objects 16
6 Outcomes: IM-sentiments 17
7 Mother-scenarios 18
7.1 People interacting with other people because they know or remember them 19
7.2 People interacting with other people on the basis of token based IM 20
7.3 People interacting with other people on the basis of a biometric or body-based IM 22
7.4 People interacting with organisations on the basis of a knowledge or memory based IM 23
7.5 People interacting with organisations on the basis of a token-based IM 24
7.6 People interacting with organisations on the basis of a biometric or body-based IM 25
7.7 People interacting with their things or accessing spaces on the basis of a something they know or remember 26
7.8 People interacting with their things or accessing spaces on the basis of token based IM 26
7.9 People interacting with their things or accessing spaces on the basis of biometric or body based IM 27
8 Conclusions 27
References 30
Appendix One Search sites and search words 34
1. ‘Identity management’ (IM) concerns these processes in which individuals have to identify themselves or prove who they are, in order to interact with:
organisations things
other human beings
While identity management will become ever more important in the everyday lives and
interactions of human beings, it is unclear how and why people engage or disengage
with it.
2. We assume that people make sense of future developments around IM through their
individual and shared sets of symbols and stories, hopes and fears. We have therefore
made an inventory of future scenarios about IM that circulate in government and
policy sectors, popular culture and science fiction, arts and design, journalism, industry
and science. Using a wide set of online databases, search strategies and search terms,
we identified over a 100 scenarios that differed in terms of the technologies and
contexts of future IM they represent.
3. In these scenarios a common distinction is between identification (show who you are),
and authentication (prove that it is you). Authentication is typically done by one of
three things:
a. reveal something you know: knowledge or memory based IM for instance
passwords and pincodes;
b. show something you have: object or token based IM, for instance passports or
identity cards;
c. present a feature of your body: body based or biometric IM, for instance facial
recognition, or fingerprint scans;
d. in many scenarios we found an expectation that these instruments will be
combined into multifactor identification and authentication.
4. In the scenarios we identified, the dominant context of IM is that of the individual
interacting with a governmental or corporate organisation. A second set of
interactions that occur frequently across the scenarios is the interaction between
individuals, especially in online contexts; and finally, interactions between individuals
and their possessions (in terms of access and protection) are part of the scenarios,
especially as part of reflections on the emerging Internet of Things.
5. Predictably, the scenarios we identified offer opportunities for both pessimistic and
optimistic visions of the future – reflecting both taboos and desires. While technological
forecasting carries some kind of emotional or moral valence, embracing visions of
progress and freedom versus decline and constriction, the nature of these sentiments
varied across the sectors we analysed.
a. EU and UK policy and security scenarios tend to discuss how IM technologies can be
safely introduced in new settings, for reasons of efficiency and service,
acknowledging the need to contain risks of privacy, data protection and – to a lesser
extent – social sorting;
b. UK news and journalism is heavily dominated by discussions about the failed identity
card scheme, and by issues of data protection and privacy;
c. Activist scenarios explicitly use dystopian scenarios to underline their concerns about
the loss of privacy and the continuous surveillance of the population by government
and corporate actors;
d. Pop culture’s cinematic and literary scenarios are often influenced by the dark stories
of George Orwell and Philip K. Dick, portraying the abuse of mainly body based IM
technologies for purposes of state or corporate control;
e. Crime and spy TV series frame biometric technologies as powerful instruments of
surveillance and detection serving the public, and making it possible to bring crime
and terrorism under control;
f. Arts and design scenarios both show critical and creative views of IM, offering ways
to evaluate and escape identity management, as well as producing more beautiful
and desirable means of identity management, for instance, through the design of
smart textile and jewellery;
g. In Research and Development of the relevant corporations many new cool, gadget
like applications are tested, especially in the bespoke spaces of ‘smart homes’. Most
of these concern biometric access to objects, online human networks and the
internet of things.
h. Academic research, finally, addresses IM in both critical, creative and endorsing ways
depending on the discipline in question.
6. Combining the three sets of IM instruments (body-token-knowledge) with the three
contexts of interaction (individuals with individuals, with things and with organisations)
in which they can be used, we get nine motherscenarios for IM, visualised in
Figure 1.
Figure 1
Motherscenarios of Identity Management
7. Motherscenarios
Motherscenario I: People interacting with other people because they
know or remember them
When we meet our friends, family or colleagues, we recognise them on the basis of how they
look, talk or move; we know who they are and need no further authentication. Visions of the
future for this scenario of interaction and authentication
occur, firstly, in pop culture and science fiction,
basically in the form of stories of doom and despair:
people think they know or recognise someone, when
– in fact – they are confronted with an imposter. These
could be aliens, zombies and straightforward villains, or robot or artificial intelligence
morphing into humans. Secondly, the digital avant guarde demonstrates a more hopeful
future vision in the form of ongoing digital capture of human behavioral and physiological
data which together build a personalised and comprehensive track record of one’s identity:
Life Logging, Life Streaming or the Quantified Self.
Motherscenario II: People interacting with
other people on the basis of token based IM
Traditionally, this kind of interaction has mostly been
relevant for professional situations, when we present our
business card to a new person (identification). Nowadays,
apps for smart phones make it possible to cruise one’s
physical surroundings to see whether there are interesting
people around. Visions for the future include remotely
controlled androids, robots or avatars (all ‘tokens’) that
make it possible to interact with others in distant space; we find such visions both in pop
culture and in R&D of academic/corporate consortia. Other tokens that are anticipated as
future carriers of identifying and authenticating information, are smart textile and jewellery,
especially in the context keeping track of vulnerable family members, like children and
Alzheimer patients.
Motherscenario III: People interacting with other people on the basis of
a biometric or body-based IM
At present, we often recognise each other on the basis of physical characteristics. Yet, such
recognition is rarely objectified through biometric or other bodily devices with the exception
of do-it-yourself microchippers who experiment with RFID implants simply as a hobby, or to
explore the implants’ effects on human interaction.
Future visions of people interacting with each other
on the basis of body or biometric authenticators are
rare, but do occur in some science fiction films, and
in critical arts and design projects. The scenario is
usually framed as negative and unnatural.
Motherscenario IV: People interacting with organisations on the basis of
a knowledge or memory based IM
This is a currently standard situation of IM: it involves, for instance, telling a customer
number to a telephone operator of a mail order company; typing in a pin code at the bank or
ATM; the combination of username and passwords to access online services. Given that this
method of authentication is usually
considered neither very convenient,
nor very safe, it is sometimes
expected that it will merge with
other authenticators, and that it will
disappear in the long run, or will
only remain as part of multifactor
authentication.
Motherscenario V: People interacting with organisations on the basis of
a token-based IM
This is currently also a standard situation in which passports, identity cards, customer loyalty
cards, patient cards, wristbands and other artefacts authenticate us to a range of
governmental, corporate and other organisations. It
is expected that all such tokens will become
equipped with additional smart technology, like RFID,
and that the range of tokens that will be able to
carry authenticating information will expand further
(particularly textile and jewellery).
Motherscenario VI: People interacting with organisations on the basis of
a biometric or body-based IM
This is an increasingly common situation, with people gaining access to government or
corporate services through authentication biometric features (fingerprints, palm, iris, face,
voice, gait, odour, etcetera). Driven by an expanding industry, the use of biometrics in
organisational settings is rapidly increasing, in two ways. First, ever more bodily features are
being used for identification, and secondly, the contexts in which biometric authentication is
asked for, are proliferating as well. This is also the area where the strongest public and
political concerns for the future have been expressed, especially with respect to a potential
loss of privacy, issues surrounding data protection and the export of these technologies to
oppressive regimes. Such opposition has been expressed in political and art movements,
connected through the notion of sousveillance (as opposed to surveillance). In pop culture
and science fiction Orwell’s 1984
still offers the key framework for
future scenarios about
governmental and corporate
abuse of biometric surveillance.
Motherscenario VII: People interacting with their things or accessing
spaces on the basis of a something they know or remember
Many of us need a password or pincode to open up their PC, laptop, mobile phones or office
space. These are mostly situations in which we access a ‘stand-alone’ object or space. Two
developments suggest that this kind of interaction will disappear. First, with the emerging
connectivity of ‘things’, the internet of things (IoT) as it is called nowadays, we don’t only
access, for instance, our smart home, but also a range of services and transactions. The EU
has identified IM for the IoT as a key issue for policy development. Secondly, knowledge
based authentication is increasingly problematic
because of the ever larger set of transactions
where authentication through a password is
required, and while single-sign-on
authentication is gaining popularity, the
vulnerability of the password remains (see also
under Motherscenario IV).
Motherscenario VIII: People interacting with their things or accessing
spaces on the basis of token based IM
Here too, the rapid development of the Internet of Things, is the most important
development that is premediated. The scenarios we found, about future access to (the
Internet of) things, are often unclear
about how one accesses the network(s).
Yet, when authentication is a visible
element of the scenario biometrics are
standardly envisioned as the system of
choice for IM. However, one can imagine
that smart and personalised tokens, like
watches, jewellery and clothes
would be appropriate authenticators as
well. Yet, this is not very well covered in
the scenarios.
Motherscenatio IX: People interacting with their things or accessing
spaces on the basis of biometric or body based IM
Many laptops or phones nowadays are already secured through a biometric authenticator,
most often fingerprint or iris scan. Here too, the driving force of the industry is felt, and an
increasing range of biometrics to access one’s things or spaces is
in development or experimentation. Keystroke and typing
patterns, for instance, are especially appropriate and easy means
for accessing PC’s and laptops. The most outspoken scenarios of
the usage of biometric authenticators to access one’s possessions
or spaces, and more generally the internet of things, come from
the many ‘Houses of the Future’ or ‘smart homes’ that the
industry develops to showcase new technologies.
8. The wide and diverse range of scenarios IM offers ordinary members of the public a
repository of stories and symbols, from which they can assemble their ideas about what
IM, and what its risks and opportunities are, from this diversity, in diverging and
inconsistent ways.
9. In the next phase of the research, we will use the motherscenarios to construct bespoke
stimuli and triggers for user research aimed at analyzing and understanding how
members of the public construct such meanings of IM, and how these meanings are
articulated with engagement and disengagement with particular technologies and
practices of IM.
1
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
Scenarios of identity management in the future
1 Introduction and purpose
On many occasions in our lives, we will want or need to identify ourselves, prove who we are
to others, or both. These others could be individuals, for instance when we meet someone
new at a party, or when we try to befriend someone on a social network site. Sometimes
these others are machines: many of us have laptops and phones that we can only access after
some kind of authentication process, typically involving a password or - more commonly - a
fingerprint. Often these others are institutions, organisations or corporations offering to grant
us a right (to let us pass the border, or access our bank account) once we have provided
appropriate evidence to demonstrate that we are who we say we are. In all these situations,
we and our counterparts are engaged in identity management, i.e. we are engaged in an
exchange in which we offer up identity information in order to achieve some goal.
‘Identity management’ concerns these processes in which
individuals have to identify themselves or prove who they are,
in order to interact with other human beings, with things
or with organisations.
Outside government and commercial sectors, the concept of identity management does not
have wide currency. One does not find the term in standard dictionaries, it rarely occurs under
that label in news coverage and its Wikipedia entry only occurred in late 2005. Yet, some of
the most pressing social problems and pleasures of the last decade have to do with identity
management, ranging from the fight against terrorism and the protection against identity
theft, to the sharing of personal details for social or commercial benefit.
Identity management carries its own paradoxes and controversies. Consider, for example, that
UK citizens were so resistant to the introduction of a national ID-card for all British citizens
2
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
over 16 years old, that it was ultimately abolished (Whitley and Hosein, 2009). Yet, those same
citizens have been very early and eager adopters of customer loyalty cards (e.g. Lacey and
Sneath, 2006). The Dutch, likewise, successfully protested against a nation-wide scheme for
electronic patient files (Boonstra, Buddy and Bell, 2008), but were leaders in adopting
LinkedIn, the social network site for sharing professional profiles and information.
While identity management will become ever more important in the
everyday lives and interactions of human beings, it is unclear how and
why people engage or disengage with it.
To date, there is no comprehensive body of research that offers a thorough understanding of
such unpredictable and inconsistent public responses to various forms of identity
management. We do find research about the acceptance of biometric identification
technologies, as well as incisive insight about the uses and gratifications of social network
sites. There have been analyses of how people generate and remember passwords or
pincodes, and examinations of how satisfied people are with their customer loyalty programs.
While these are evidently distinct practices that need bespoke academic approaches and
methods, several developments also suggest that they have interconnections that will become
stronger in the future.
3
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
Firstly, these connections exist at the level of the identity management technologies that are
used: biometric means of identification are expanding beyond the singular state/security
context and moving into work, leisure and everyday life to provide access to, among other
things, services and possessions. Secondly, there is an emerging political and social agenda
across the range of different practices that covers issues of privacy, social sorting, protection of
vulnerable groups, general access, commercial exploitation, etcetera. That agenda is carried
by dedicated civic actors and concerned artists, but is also expressed in the everyday worries
of members of the public about, for instance, identity theft, the protection of their children
online, employers scanning social network sites for information about applicants and
employees, and other forms of ‘function creep’. At the level of the EU and its member
countries, identity management has therefore become an important policy arena, as initiatives
like the European Identity Management Conference demonstrate. Thirdly, the identity
management ‘industry’ is steadily growing and turning into an identifiable sector that is one of
the few showing upwards trends in the current
global recession. Biometrics, and in particular
fingerprint and facial recognition technologies
have been predicted to grow as ‘best-selling’
applications (Biometrics Institute, 2011).
These various dimensions of convergence legitimate a consideration of identity management
as an emerging field, in the sense that the French sociologist Bourdieu proposed: a setting of
social positions and actors who engage in specific activities, which has its own cultural logics,
4
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
practices and principles. While the social positions and actors in the field of identity
management are relatively clear (controllers and controlled, governments, corporations,
activists), its cultural logic has hardly been analysed and the unpredictable and inconsistent
engagements of the public have not been adequately described, let alone understood.1
Following Bourdieu, but also Enfield (2000, p.59), cultural logic can be understood as ‘those
elements of cultural meaning which are commonly carried by some group of individuals, and
which are regularly employed in social interpretation among them’. The cultural logic of the
field of identity management refers to how people understand various means of identity
management, and how they share these understandings with others. Such shared meanings
also extend to collective representations found in, for instance, media, art and policy, and the
way these are taken up in individual understandings of identity management. This means that
a cultural logic, or in the plural, cultural logics can be analysed both at the level of collective
representations, and at the level of individual understandings. The specific articulation of
these collective representations and individual understandings, in situated contexts, will
inevitably inform the way individuals engage of disengage with means of identity
management.
We approach identity management as a ‘field’:
a setting of social positions and actors who engage in specific activities, which has its own cultural logics,
practices and principles
1.1 Purpose
It is the purpose of this paper to explore and map the cultural logics of identity management in
order to ground a further analysis of the public’s engagement and disengagement with the
field. The relative novelty of the field, its rapid growth and its expanding reach, necessitate an
orientation towards both current and predicted cultural logics for the future, and a recognition
of the diversity of other fields that identity management is connected to. We will therefore
track these cultural logics not only directly among the positions and actors in the field itself
(the identity management industry, its governmental and corporate clients, civic activists and
1 There has been however, a recent Eurobarometer survey about attitudes to data protection and electronic identity in the European Union, # 359, Wave 74.3. This offers, to date, mainly descriptive data.
5
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
its individual users) but also indirectly in the fields of arts, design, journalism, popular culture,
science and science fiction. As we will elaborate below, these latter fields mediate and
‘premediate’ identity management and provide, as it were, a ‘horizon of imagination’ (cf.
Crapanzano, 2003) that offers a set of resources in addition to personal and collective
experience through which people can make sense of future developments in identity
management.
2 Theoretical framework: Cultural logics, premediation and scenarios
While we use the notion of cultural logic of identity management to refer to the shared sets of
interactions, symbols, concepts, representations, artefacts and other cultural resources
through which people make sense of, and experience various forms of identity management,
the concrete question of how such cultural logics are articulated with individual and collective
visions of the future needs a more specific approach. Richard Grusin’s (2010) work on
‘premediation’ is especially relevant here, in particular because the field of identity
management is emergent and can still develop in a number of different ways.
Grusin’s argument is set in the US post 9/11 context. The 9/11 attacks took the US by
complete surprise, leaving a widely felt desire never to experience such trauma again.
Governments were accused of having had little imagination regarding potential threats
(Omand, 2012). The response to these accusations was a fundamental shift in government
rationales from attempting to contain calculable risks to be prepared for incalculable and
catastrophic events. This way government mechanisms would be better prepared for any
eventuality while the population would become more resilient when confronted with dramatic
events. Governments opted to achieve these objectives through a concerted media and policy
response which aimed at envisioning ‘as many of the possible worlds, or possible paths, as the
future could be imagined to take’ (Grusin, 2010, p. 46). This process has been named by
Grusin as premediation, which differs from prediction because it does not cover one particular
future development, but instead presents as many future scenarios as possible, in order to
‘preclude the possibility of an unmediated future’ (p.45). In other words, by imagining all
6
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
possible future developments - however contradictory, unlikely, true or false - one can never
be caught by surprise again. Premediation, in Grusin’s analysis, prevents an unseen future
(p.58) and therewith rules out the possibility of a new national trauma like 9/11. If something
comparable would ever happen again, premediation would ensure that it was already familiar
to a wide range of political and social actors, and to many members of the public:
‘It is (...) the proliferation of competing and often contradictory future scenarios that
enables premediation to prevent the experience of a traumatic future by generating and
maintaining a low level of anxiety as a kind of affective prophylactic.’
(Grusin, 2010, p.46).
Other authors, especially those writing about public administration, have used terms like ‘a
paradigm of prudence’ or principles of precaution, preparedness or pre-emotion (cf. Diprose,
et al., 2008). Grusin’s analysis, however, offers a wider cultural embedding of this paradigm
shift, also including an analysis of how future risks are mediated. In this way, unforeseen
events with potentially catastrophic consequences are imbricated into everyday lives,
introducing a new conception of normalcy based on precaution rather than prudence when it
comes to risk (Aradau and Van Munster, 2008).
Post 9/11, according to Grusin, premediation has become most visible in US foreign policy and
in US news media. It was at this point in time that precaution gained centre stage in the
governance of risk. The pre-emptive wars,
typical of the Bush administration, were based
on falsely constructed premediations of enemy
behaviour; the news media followed suit in their
multifaceted and contradictory coverage
captioned by slogans like ‘Countdown to War’,
or ‘Showdown with Iraq’ (p.44). Grusin adds
that the so-called ‘hypermediality’ of the news,
brought to us by live-blogs, social networks, and Twitter enhances premediating tendencies,
because live coverage of events-as-they-happen-now, only fills a limited amount of news space
and time. The remaining pages and minutes are filled with endless speculations of what might
7
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
happen next.2 In his subsequent blogs, Grusin has used the concept of premediation to
analyse news and public discourse about the Arab Spring, the Occupy Movement, the US
presidential elections and other current affairs.3 Yet, premediation is not limited to public and
news discourse, but can also be found in popular culture and science fiction. Grusin presents
Minority Report, the 2002 hit movie based on an older novel by Philip K. Dick, as the
quintessential example; not only a premediation of a future itself, but also representing
‘precognition’ of the future as a means to prevent and control it.
Taking premediation as a pre-emption of the future by telling as many different stories about it
as possible, it becomes clear that while policy, news and popular culture are key platforms of
premediation, the process itself can take place in every field and among all kinds of social and
individual actors: the field of arts and design is somewhat self-evident, but commercial,
industrial, service, health and other fields have their own articulations of the future, and hence
will also witness premediation. The newly emerging field of identity management, with its
strong sense of becoming ever more prominent in the future, is of necessity suffused with
premediation as the multitude of current industry forecasts, policy explorations, activist
scenarios, art experiments and popular futurism (all of which we will discuss in more detail
below) demonstrate. These are not only visions of the future, but they simultaneously
mobilise their own support and protest in the present day, as Grusin also argues (2010, p.151),
and hence frame the here-and-now as well.
While premediation thus offers a bespoke theoretical concept to understand the cultural logic
of identity management, it needs further operationalisation to inform detailed empirical
research. We therefore approach premediation as a potentially endless process of making and
(re)presenting diverse and contradictory future possibilities for identity management. Such an
approach makes it possible to analyse premediation at the level of concrete future scenarios,
i.e. combinations of actors, contexts and stories about particular forms of identity
management. Swart, Raskin and Robinson (2004, p. 139) use scenario analysis in the context
2 This is Grusin´s analysis of the nature of contemporary journalism. Others have argued that that the decline of journalism is fostered by simple repetition of the stakeholder positions, with no examination of the legitimacy of those positions. The result is that news is no longer presents facts, but is instead repetition of ambiguity (e.g. Alexander, 2011; Jamieson, 2009). 3 http://premediation.blogspot.com, last accessed on February 23, 2012.
8
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
of academic environmental research and define it as ‘coherent and plausible stories, told in
words and numbers, about the possible co-evolutionary pathways of combined human and
environmental systems’. Such stories have taken on an established role in the design of new
technology, ever since John Carroll (1999) first developed the idea that new software can best
be shaped to a users needs by first articulating those needs in the forms of convincing stories
or scenarios that capture future use.
When doing scenario analysis to understand a cultural logic, one needs to acknowledge that
scenarios are not only expressed in words, numbers and narratives, but also in the form of
sound and images, prototypes, gadgets and other cultural artefacts. This makes our
understanding of ‘scenario analysis’ depart from the standard usage in design, engineering or
software analysis, and it makes it also different from its usual definition in forecasting studies.
In these disciplines, the scenarios are usually understood as more formal, strict and coherent
causal trajectories, while in our approach audio-visual, sensory and ambivalent versions of
scenarios are assumed. In fact, our understanding of scenarios boils down to ‘systematic
visions of future possibilities’ (Misuraca, Broster and Centeno, 2012, p.122) that can be
presented through various genres in various domains.
While in this paper we do not yet examine the way individual and collective members of the
public assemble future scenarios and construct their own understanding of them (this will be
done in the second part of our project) , it is important to briefly and theoretically address the
way premediation becomes part of individual expectations and reactions. The definitional
multiplicity of premediation (all kinds of futures need to be imagined in order to prevent their
unexpected and possibly traumatic impact) implies that no single ‘effect’ can be logically
assumed. It makes, instead, more sense to approach the accumulated diversity of scenarios
that constitute premediation as an open ‘text’, meaning that their sheer variety or
‘heteroglossia’ enables a wide range of audiences to interpret and accommodate them in their
own way (cf. Fiske, 1987). That does not mean that all interpretations are possible. Inevitably
some scenarios carry more weight than others because, for instance, they occur more often or
come from more respected sources or have a long and well-told history. As such, there is
structure in textual openness that needs to be identified in order to understand the ease with
9
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
which members of the public have access to particular scenarios at the expense of others, and
how much room they can negotiate for divergent interpretations.
3 Design and methods
With identity management pertaining to such diverse practices, we searched for scenarios in a
wide range of fields, looking especially at scenarios that circulate in the identity management
industry, online commerce, government policy, civic activism, popular culture, and art and
design. First, the breadth of scope here was challenging; in some fields, finding scenarios was
relatively easy. The biometrics industry, for instance, has a well functioning platform that
provides the latest news and enables networking, and for news media and pop culture, there
are comprehensive databases, like Nexis or the Internet Movie Data Base. Civic activism and
arts and design have less standardised archives and needed more extensive methods to search
for scenarios. Second, while identity management is a common concept in the industry, in
other fields, being a relatively new concept, ‘identity management’ works poorly as a keyword
with which to search databases. A pilot search in the Nexis newspaper data base, for instance,
using “identity management” as the only search term for all UK broadsheets (Daily Telegraph,
Guardian, Independent, Observer, Times) of the last ten years, delivered only 92 articles, five
of which concerned the management of corporate identity. On average this means about nine
articles a year, spread over five newspapers.4 Certainly that is not exhaustive or
representative for news coverage of identity management.
4 Conducted on September 28, 2011.
The accumulation of a wide and diverse range of future scenarios that ‘premediate’
the whole field of identity management, works like a cultural and
individual repository: people encounter and ‘collect’ a variety of stories,
actors and sentiments from which they will construct their own
understandings of identity management.
10
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
The size and breadth of the field made us decide to employ a ‘fuzzy’ search strategy, in analogy
with the fuzzy set approach in the social sciences aimed particularly at the discovery of
relations in highly diverse situations (cf. Ragin, 2000). This meant that we started with a wide
variety of search terms associated with identity management and adjusted them to the
particular sector in which we were looking for scenarios. Then, we snowballed until we did not
find new scenarios anymore and our data thus seemed saturated. In Appendix One we list the
search strategies and search terms we used to identity and collect scenarios.
We developed an analytic instrument to examine the scenarios in all fields, registering basic
information (location, maker, time made and time found, medium of distribution) and
contextual information (circulation/popularity, source of reference for other scenarios), and
coding the following constitutive elements of each scenario:
- Which identity management technologies are addressed, and which innovations are
presented?
- Which actors and stakeholders are included, and in which roles (protagonists and
antagonists)?
- What kinds of identity interaction are captured (social interaction, security, access,
transaction, etcetera)?
- What is the social context of the scenario (health, citizenship, politics, education, etcetera)?
Coding and analysis first took place within each separate field, leading to a number of memo’s,
visualisations and working papers that laid out the details of the scenarios in the separate
fields and that were discussed among the research team and with experts from various
sectors.5 This resulted in the identification of core themes across the scenarios in terms of:
a) the technologies of identity management that are envisioned for the future,
b) the contexts in which these are relevant, and
c) the sentiment of the stories told about them.
5 A meeting was held in London, on January 27, 2012, to discuss these results with government representatives, media executives, academic researchers, independent artists, digital entrepreneurs and consultants.
11
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
In the following sections, we first discuss these overarching layers before using them to
describe the core features of nine ‘mother’ scenarios that can each take a pessimistic,
problematic and an optimistic, hopeful form.
4 Outcomes: IM Technologies
A common observation in the academic literature about identity management is that in
situations where identity management is necessary you are typically asked to do one of three
things: reveal something you know, something you have or something you are (cf. O’Gorman,
2003). Thus, for example, knowledge or memory based questions seek something you know
or remember, and this would typically include passwords or pin codes. Object- or token-
based questions would ask you to present something you have in the form of passports,
identity cards and customer loyalty cards. Body-based or biometric devices rely on
something you are and require the presentation of fingers, eyes, faces or voices. The literature
further differentiates between identification (who is this person?) and authentication (can she
prove it?) - explained by Riley (2006) as the necessary difference between the public assertion
and private or secret evidence of who we are. This distinction is manifest in online
transactions as the difference between the user name and the password. The distinction
shows that knowledge, token and body-based IM technologies are in fact most of the time
used as ‘authenticators’ (as Jones, Antón and Earp (2007) call them) proving who we are to
other actors, entities and systems.
Which of these authenticators are premediated in our scenarios?
4.1 Body based
As could be expected with a strong industrial driver like the biometrics sector, in all domains
we analysed, biometrics feature prominently. The Hollywood production Minority Report
based on a short story by science fiction author Philip K. Dick, has become somewhat iconic in
12
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
predicting how a biometric authenticator6, will be used in the future, as means for both
government control and corporate targeting. We also found that biometric innovations
provide standard material for news and gadget journalism; that artists and designers have
been inspired to both adopt and resist biometrics in their various works; that the smart office,
smart house, smart street and other smart spaces are expected to open up through biometrics
primarily; that the UK, but especially the EU is consistently exploring if and how biometrics
should offer solutions for state control and services in the future; and that civil activists in the
field of identity management are worried by the ever further development of biometrics in
particular. While occurring much less often, human implants with RFID technologies provide a
second type of body based indicators, especially in scenarios coming from pop culture, arts,
health and – to a lesser extent – security settings (see e.g. Monahan and Fisher, 2010).
4.2 Token based
Token based authenticators are all predicted to have RFID
additions in the future, at least in scenarios from arts and
design, policy, online and offline commerce, security and news
(they are much less visible in science fiction and pop culture).
In principle, RFID technology means that all objects can be
made ‘smart’. In the context of authentication, smart fabrics
and smart jewellery feature regularly in the scenarios we
found. In the health sector, for instance, there is a growing
usage of medical alert jewellery, containing a chip with health
information about the wearer. Smart fabrics are predicted to
be especially useful for the security and military sector, but
also in home, sports, fashion and transport applications.
The most popular smart ‘token’ of today, the smart phone, is not dominantly present in the
scenarios as a future means of authentication; as Rannenberg, Royer and Deuker (2009, p.196)
say: ‘identity management in mobile applications has grown silently over the last 20 years’
6 In the film this is mainly remote iris-scanning.
13
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
(Van Zoonen, et al.). Likewise, the development of mobile ‘apps’ for identity management is
developing somewhat off the radar of policy, pop culture, journalism or scientific scenarios,
but it does not seem farfetched to expect that smart phones will become important
instruments of authentication, given their current ubiquitous proliferation and popularity. In
some instances there is a drive towards a greater convergence of mobile phones and
interactive wearable technology for example your mobile phone converging with a watch to
become smart. Through new smart materials like Graphene (which is still in development)
there is also the suggestion that these wearable technologies will also become increasingly
versatile. For example: your smart watch can unfold to become your alarm clock, and so on.
4.3 Knowledge or memory based
Knowledge or memory based forms of authentication hardly occur in the scenarios for identity
management in the future. In fact, it is often claimed that they are too complicated and too
vulnerable to survive the ever stricter requirements for secure online interactions. The recent
hacks into the passwords of Linkedin, dating website E-Harmony and Last.fm have underlined
how risky such authentication procedures are.7 Nevertheless, some authors argue that a form
of knowledge based authentication will remain, not least because they are typically the
cheapest to implement and have already gained a prominent foothold in everyday security
transactions. Jakobsson et al. (2008) have shown how good authenticating knowledge can be
secure and easy, if the questions testing it are based on lifelong private preferences. One
should think of a combination of the kind of questions that are often asked on dating sites.
Brainard et al. (2006), in addition, suggest that ‘knowing somebody’ or ‘vouching’ can still be a
valid form of authentication, especially in situations when other authenticators have broken
down or been compromised. Facebook’s recovery procedures for people whose accounts
have been hacked, for instance, depend on their being capable to correctly identify three
people on their friends list from their profile pictures.8 There is also some movement, in
addition, towards externalised memory storage in forms of life-logging, life-streaming or life
caching, which all have been suggested as possible resources for authentication as well
(despite the fact that access to these logs and caches also will need authentication).
7 http://www.bbc.com/news/technology-18358485, last accessed June 14, 2012. 8 http://www.youtube.com/watch?v=2L_sA3Oyz30, also as experienced by a family member of our research team.
14
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
4.4 Multifactor authentication
In sum, all three methods of authentication (and some consider ‘vouching’ as a fourth method)
are being premediated through the wide array of scenarios, with biometrics and smart tokens -
in respectively first and second place - leading the way. They occur regularly in combination
with each other, in so-called two-factor or multifactor authentication systems, such as the
biometric passport (body and token), the pin-coded credit card (memory and token); or access
to a secure space through facial recognition and a password (body and memory). A
particularly creative combination has been proposed by Briggs and Oliver (2008) in the form of
a ‘biometric daemon’ modelled on the daemons in Philip Pulmans’ trilogy His Dark Materials:
it involves an electronic pet who is imprinted with biometric information of its owner. Some
forms of authentication are not considered widely in the scenarios we found, whereas others
dominate. In line with the theoretical notions underlying ‘premediation’, this combination of
likely and unlikely future methods of authentication exhausts the range of possible options and
prevents surprises.
5 Outcomes: IM Contexts
Identifying ourselves and proving that we are who we say we are, only becomes relevant when
we need to interact with other people, things or organisations. Identity management varies
across such contexts of interaction and therein raises specific questions for its development in
the future. In the scenarios we identified, the most premediated context of interaction is that
of the individual with a governmental or corporate organisation. A second set of interactions
that occur frequently across the scenarios is the interaction between individuals, especially in
online contexts, and finally, interactions between individuals and their possessions (in terms of
access and protection) are part of the scenarios.
15
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
5.1 Individual – organisation
Pop culture in its filmic, scientific and literary representations most of all tells future stories of
individuals taking on big corporations or states. The Bourne Trilogy (novel and film) is the most
famous and bestselling example of this context, but there are many varieties on the theme.
Government policy documents are also limited to this type of interaction be it within a less
apocalyptic framework, and focusing primarily on the efficiency, security and reliability of
future interactions between citizens and governments, and – to a lesser extent – consumer
and suppliers. The latter type of commercial interactions is a more common topic for
academic and marketing research exploring future developments in consumer transactions.
The various scenarios, in fact, predict that digitisation will further extend to all sectors of
society, with the health sector being in the forefront of new procedures for authenticating
patients and their records, but education and leisure quickly following. Hence, the individual –
organisation context for authentication has expanded from the traditional types of
interactions, such as border control, crime prevention and online shopping, to school access,
online voting, access to popular events (such as music or sport festivals), plus access to leisure
and cultural facilities including gyms, clubs, theatres and museums.
5.2 Individual – individual
The authentication of an individual vis-a-vis another
individual is mainly premediated as a result of the remote
interactions that the internet allows for. Offline, the
situation in which malevolent strangers masquerade as
family members, friends, colleagues, acquaintances or
neighbours, happens mainly in the fictions of pop culture.
There the theme of mistaken identity, imposture and deceit
is a classic trope, with loved ones being taken over by
aliens, zombies, robots, holograms and other non-human entities.
16
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
More realistically, online communication (particularly new social networks and mobile
applications), offer a better opportunity for the premediation of individual-individual
interactions. While in the early internet era a basically bright future of expanding individual
networks and global communities was predicted, the current situation has evoked darker
scenarios, especially as a result of predatory online imposters victimising children and young
adolescents. The UK Byron Review (2008), and the EU research project EU Kids Online (2010)
have both led to concrete recommendations and policies for safer individual-individual
interactions online.
5.3 Individual – objects
Access to things and spaces forms a third context of interaction that is premediated in the
scenarios we found. At present it is relatively common for PC’s, laptops and mobile/smart
phones or office and lab spaces to require some kind of authentication for access. With the
Internet of Things developing in full speed, our scenarios anticipate a range of other objects
and environments to become security-enabled as well. This is most-commonly seen already in
the domain of Smart Spaces - like the Smart Home, the Smart Street or the Smart City. High-
tech companies like MicroSoft, Philips or Nissan all have ‘Homes of the Future’ in which they
combine and test new technologies in the everyday context of the future home for the future
family. UK Channel Four, in collaboration with an energy company, produced a four episode
‘reality’-documentary in 2012 in which an ordinary family swapped their old house for a brand-
smart one ‘giving them a taste of how we all might be living in the future’.9 While the majority
of inventions for smart cities and houses have to do with transport, energy and
communications, personalised access to all the different applications and spaces involves
authentication procedures that are tried in the laboratory settings of smart homes. Other
premediations also include identity management of ‘dangerous’ objects, such as the ‘smart
gun’ that binds to its owner through a process of dna recognition which would make theft
useless, and accidental abuse by children impossible.10
9 http://www.channel4.com/programmes/home-of-the-future/episode-guide/series-1/episode-1, last accessed June 14, 2012. 10 http://blogs.discovermagazine.com/sciencenotfiction/2009/09/15/district-9-the-dna-key-to-that-trigger-lock/
17
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
6 Outcomes: IM-sentiments
Finally and predictably, the scenarios we identified offer opportunities for both pessimistic and
optimistic visions of the future – reflecting both taboos and desires. While technological
forecasting carries some kind of emotional or moral valence, embracing visions of progress and
freedom versus decline and constriction, the nature of these sentiments varied across the
sectors we analysed.
a. EU and UK policy and security scenarios tend to discuss how IM technologies, biometrics in
particular, can be safely introduced in new settings, for reasons of efficiency and service,
acknowledging the need to contain risks of privacy, data protection and – to a lesser extent
– social sorting;
b. UK news and journalism is heavily dominated by discussions about the failed identity card
scheme, and by issues of data protection and privacy. In addition there is much attention
to novelties in biometrics framed within the same set of concerns;
c. Activist scenarios explicitly use dystopian scenarios to underline their concerns about the
loss of privacy and the continuous surveillance of the population by government and
corporate actors;
d. Pop culture’s cinematic and literary scenarios are often influenced by the dark stories of
George Orwell and Philip K. Dick, portraying the abuse of mainly body based IM
technologies for purposes of state or corporate control;
e. Crime and spy TV series frame biometric technologies as powerful instruments of
surveillance and detection serving the public, and making it possible to bring crime and
terrorism under control;
f. Arts and design scenarios both show critical and creative views of IM, offering ways to
evaluate and escape identity management, as well as producing more beautiful and
desirable means of identity management, for instance, through the design of smart textile
and jewellery;
g. In Research and Development of the relevant corporations many new cool, gadget like
applications are tested, especially in the bespoke spaces of ‘smart homes’. Most of these
concern biometric access to objects, online human networks and the internet of things.
18
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
h. Academic research, finally, addresses IM in a variety of ways: in human computer
interaction the focus is often on the usability and desirability of IM technologies, with
some researchers developing innovative ways of IM (e.g. Briggs and Oliver, 2008); in
studies of technology and innovation, a strand of research has zoomed in on the
acceptance of biometrics (e.g. Jones, Antón and Earp, 2007) in analogy with technology
acceptance models (TAM, e.g. Moore and Bembasat); within marketing research there is
an increasing interest in how easier and safer IM procedures could facilitating online
commerce and transactions (e.g. Clodfelter, 2010); critical social and policy research have
questioned the spread of surveillance discourse and technologies (e.g. Bennet, 2010).
7 Mother-scenarios
Combining the three sets of IM instruments (body-token-knowledge) with the three contexts
of interaction in which they can be used, we constructed nine overarching scenarios for
identity management. Figure 1 shows that in principle the interactions of individuals with
other individuals, with things and with organisations can be authenticated through
memory/knowledge based, body based and token based procedures. Our scenarios
furthermore have told us that these situations can be premediated in positive and negative
ways, as stories in which opportunities or risks, or both dominate. Figure 1 also shows how
contexts and means of authentication overlap.
19
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
Figure 1 Mother-scenarios of identity management
7.1 People interacting with other people because they know or remember them
When we meet our friends, family or colleagues, we recognise them on the basis of how they
look, talk or move; we know who they are and need no further authentication. New people
introduce themselves to us and next time we see them we, hopefully, remember them. This
interpersonal network also provides reputational measures of authentication. One example of
this is when young people apply for a British passport for the first time, they need the
‘countersignatures’ of someone in authority who has known them personally for at least two
years to endorse the passport application form and passport photographs. A second example
comes from Facebook which asks you - if your account has been hacked - to recognise three
pictures of your ‘friends’ to prove that your profile is yours. It is expected that such
interpersonal networks will remain important for authentication, especially as a fail-safe
method when other authenticators have been corrupted. There are online initiatives to set-up
such personal authentication systems: IDMeme, for instance, is a commercial online
experiment which aims to provide people the opportunity to have an online collection of
20
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
referees (called IDAngels) who can vouch for their identity. It is based on the starting point
that people know people, and that their authentication of each other ‘forms the cornerstone of
identity in the real world and has done for centuries’.11
Visions of the future for this scenario of interaction and authentication occur mostly in pop
culture and science fiction on the one hand, and in the digital avant guarde on the other.
Pop culture and science fiction, in this context, basically tell stories of doom and despair:
people think they know or recognise someone, when – in fact – they are confronted with an
imposter. These could be aliens, zombies or straightforward villains, as, for instance, in the
Mission Impossible Unmasking Scenes.12 Science Fiction often presents a form of robot or
artificial intelligence morphing into humans, as in – a classic – The Matrix.13
The digital avant guarde demonstrates a more hopeful premeditation in its experiments with
Life Logging or Life Streaming14 and methods to construct a Quantified Self.15 Both entail the
ongoing digital capture of human behavioral and physiological data which together build a
personalised and comprehensive track record of one’s identity. What happens, in fact, is that
individual memory is externalised and stored for comprehensive and later usage.
7.2 People interacting with other people on the basis of token based IM
Traditionally, this kind of interaction has mostly been relevant for professional situations,
when we present our business card to a new person (identification). Another, more current
example of people interacting with each other using a ‘smart’ token comes from the apps for
smart phones, through which you can cruise your physical surroundings to see whether there
are interesting people around: Grindr is, for instance, an app to find available gay men, Girls
around Me is an app to find girls. The combination of smart phone and social media is
expected to deliver more apps that allow us to check out strangers, through their ‘augmented
11 http://idmeme.org/modules/wiki/, last accessed June 14, 2012. 12 http://www.youtube.com/watch?v=uOmNYE9Hhhg 13 http://www.youtube.com/watch?v=UM5yepZ21pI 14 http://en.wikipedia.org/wiki/Lifelog 15 http://en.wikipedia.org/wiki/Quantified_Self
21
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
identities’. It is a controversial scenario, referred to as recogniser or stalker apps. A particular
variety of token based interaction between individuals is when QR codes with personalised
information are put on on tomb stones giving visitors access to a personalised website with
information about the deceased; all of this would fall under the header of identification rather
than authentication.
For the somewhat further future, remotely controlled androids, robots or avatars are
premediated as ‘tokens’ that make it possible to interact with others in distant space.
Predictably this has been a standard ingredient of pop culture and science fiction, as for
instance in the film Surrogates. As in almost all forms of pop culture that deal with identity
management (see Harvey and Van Zoonen, forthcoming), the stories present dark visions of
the future and totalitarian abuse of IM technologies.
In real life, experiments with remotely controlled tokens are usually part of research into
innovations that would make interaction and communication easier and more effective. A EU
funded project ‘Beaming’, for instance, explores ‘embodied’ teleconferences with robots as
the source of long-distance communication rather than phones or screens. Such experiments
also raise problems of authentication (is the avatar representing her original person, or has it
been hijacked), and issues of criminal responsibility of the android/avatar. The problems
usually form the main angle for news reports.
Other tokens that are being explored widely as carriers of authenticating information, are
smart textile and jewellery, especially in the context keeping track of vulnerable family
members, like children and Alzheimer patients. There are, for instance, GPS enabled smart
shoes that warn the primary carer when the patient moves out of his or her ‘safe zone’. While
current usage is for such tracking purposes rather than for identity management, health
applications have been seen to function as trailblazers for new technologies of identity
management (see e.g. Michael and Michael, forthcoming).
22
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
7.3 People interacting with other people on the basis of a biometric or body-based
IM
While, at present, we often recognise each other on the basis of physical characteristics, such
recognition is rarely objectified through biometric or other bodily devices. An exception
comes from do-it-yourself microchippers like Amal Graafstra or Nancy Nisbett, who
experiment with RFID implants simply as a hobby, or to explore the implants’ effects on human
interaction. In addition, Nokia has patented smart tattoos that would start vibrating with
incoming calls, and similarly a software company in Canada has examined whether the
interfaces of our mobiles or MP3 players work when implanted under the skin; sub-skin
vibration would indicate the phone ringing (Giles, 2012). The scenario in which people interact
with each other on the basis of body or biometric authenticators is, however, not widely nor
regularly premediated, apart from some science fiction stories, and an occasional experiment
with social network sites (see below).
In the film Gattaca, for instance, a so-called ‘not-too-distant’ future is represented where
people are defined at birth, on the basis of their DNA. The protagonist wants to be a space
pilot when he grows up, but his DNA birth-test has predicted heart problems and an early
death; as a result he will not be allowed into the elite circle of ‘valid’ people that can be
trained for space. Through an elaborate scheme of using somebody else’s DNA, he gains
access to the training facilities without being caught. The side story in the film revolves around
the barriers that his love interest, a ‘valid’ woman has to overcome to accept the ‘invalid’ hero.
While the story inevitably has a happy end, the more dark backdrop is again one of a
totalitarian society where biometric identity management has been taken to the extreme.
Another critical example comes from the art and design sector, in which a project called ‘Face-
to-Facebook’ aims to raise awareness of how fragile a virtual identity given to a proprietary
platform can be. The project scraped images from Facebook to create a fake dating site
Lovelyfaces.com claiming to connect people based on similar facial features. Lovely faces has
since closed down due to legal issues with Facebook.
23
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
7.4 People interacting with organisations on the basis of a knowledge or memory
based IM
This is a currently standard situation of identity management: it involves, for instance, telling a
customer number to a telephone operator of a mail order company; typing in a pin code at the
bank or ATM; the combination of username and passwords to access online services. This
form of authentication is increasingly problematic because of the ever larger set of online
transactions where authentication through a password is required. IT-consultant Calum
McLeod coined the term password overload syndrome to describe that we all have too many
pincodes and passwords to remember. There are various commercial password managers, like
1Password or Password Safe that enable their customers to store all their different passwords,
and unlock them on every online platform they use, for every service they want through
entering one master password. Within larger and connected systems, single-sign-on
procedures are expected to counter the inconvenience of having to use multiple passwords.
Given that this method of authentication is usually considered neither very convenient, nor
very safe, it is sometimes expected that it will merge with other authenticators, and that it will
disappear in the long run. There is a whole genre of YouTube films, How to order a pizza in the
future, that ridicules the excesses of this kind of authentication and takes on the risks of
connected databases in the same movement: when a man calls the pizza restaurant to order a
pizza, he first has to provide a 25 digit pincode, is then told that he cannot have his pizza of
choice because it would enhance his already high cholesterol, and he would also be better
advised to have water instead of a soft-drink (all according to his medical records which have
opened up with the 25 digit pincode). When he gets angry the receptionist tells him that her
data tell her he has not finished his course in anger management, she also tells him which
credit card still has enough budget to pay for his order.... and so on.
The problem of merging databases in order to create comprehensive user profiles is not
related to knowledge-based authentication. It is an issue discussed with reference to token
based and biometric authenticators too (e.g. Attick, 2011) and concerns the convergence of
various technological applications including social media and CCTVs that can potentially lead to
increased monitoring and surveillance by actors other than the police (i.e. commercial
24
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
companies, individuals). It is an issue that has been brought forward by many different civic
activists who have proposed specific rules of engagement, expressed, among others, in Kim
Cameron’s Identity Laws.
7.5 People interacting with organisations on the basis of a token-based IM
This is currently also a standard situation in which passports, identity cards, customer loyalty
cards, patient cards, wristbands and other artefacts authenticate us to a range of
governmental, corporate and other organisations. Increasingly such tokens may be equipped
with additional smart technology, such as biometrics (as in the new generation of passports),
GPS, or RFID. An example of such an advanced token is the new German ID card issued by the
government. It has a unique ID option that can be used in the Internet, shopping kiosks, as an
electronic signature for banking and official transactions and thanks to the biometric picture
and fingerprints stored within the card it can also be used as an electronic passport.16
In the premeditations we found, first, all existing token authenticators are expected to become
‘smart’, i.e. (be able to) carry additional information for further transactions. Second, the
range of tokens that can be made smart for authentication will expand, especially watches,
jewellery and clothes are expected to become carriers of readable individual information.
Such smart tokens are, invariably, subject to controversy and debate. A generally shared
concern, for instance, is the amount of information on such a token, function creep and
unauthorised data travel across data bases. There has been, for instance, (May 2012) a small
controversy about the introduction of microchipped ID wristbands at UK festivals: the
wristband enables visitors to load cash on them for transactions at the festival site, and offers
organisers the possibility to track visitor activity. Such bands have been widely used on
European venues already. To counter such controversies, a particular future vision and
experiment around smart tokens involves ‘situating’ the information that a card shows.
PsychicID, for instance, is a card developed by IT consultancy Consult Hyperion, that shows
16 http://www.ccepa.de/neuer-personalausweis, last accessed June 14, 2012.
25
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
only the information that is needed to a particular organisation, i.e. proof of being over 18 for
a bar without revealing other information that is not necessary for that context.
7.6 People interacting with organisations on the basis of a biometric or body-based
IM
This is an increasingly common situation, with people gaining access to government or
corporate services through authentication biometric features (fingerprints, palm, iris, face,
voice, gait, odour, etcetera). Driven by an expanding industry, the use of biometrics in
organisational settings is rapidly increasing, in two ways. First, ever more bodily features are
being used for identification, for instance gait, body odour, but more significantly DNA. The UK
DNA data base, for instance, carries the profiles of about 5,5, million people and was set up for
crime detection. Secondly, the contexts of use are proliferating as well. Biometric
identification is used in somewhat unexpected places like churches, pre-schools, homeless
shelters or sports centres, refugee camps.
In pop culture and science fiction biometric authentication towards an organisation is a staple
trope. In crime TV series, facial recognition and fingerprints offer the investigators all powerful
means to track the criminals: Spooks and 24 are the typical examples. In cinema, it is usually
the government or big corporations that abuse biometrics to curtail the freedom of
individuals; Orwell’s 1984 still offers the key framework for these narratives, for instance in
The Bourne Trilogy, or Gattaca (see earlier). The idea of Leviathan government which
monitors people in their everyday lives is also discussed in EU reports attempting to foresee
future uses of ICTs in governance and policy making (IPTS, 2011).
This is also the area where the strongest public and political concerns for the future have been
expressed, especially with respect to a potential loss of privacy, issues surrounding data
protection and the export of these technologies to oppressive regimes. Such opposition has
been expressed in political and art movements, connected through the notion of sousveillance
(as opposed to surveillance). An example of this is the art project queer technologies who
through their video FagFace highlight the dangers of face recognition technologies being used
26
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
in research to identify homosexual men from their faces. Other ‘sousveillance artists’, like the
US, Iraqi born, artist Wafaa Bilal, have implanted a camera in the back of their heads to ‘watch-
the-watchers’. Such sousveillance, however, more often happens through the use of wearable
cameras (tokens), or through performance art that takes plays in front of CCTVs.
7.7 People interacting with their things or accessing spaces on the basis of a
something they know or remember
Many of us need a password to open up their PC or laptop. Our mobile phones are often
protected by a pincode. Some of us also need to type in a pincode or password to access their
office or lab space. These are all situations in which we access a ‘stand-alone’ object; two
developments suggest that this kind of interaction will disappear. First, with the emerging
connectivity of ‘things’, the internet of things, as it is called nowadays, we don’t only access,
for instance, our smart home, but also a range of services and transactions. Hence the
distinction between objects and organisations becomes somewhat blurred. Second,
knowledge based authentication is increasingly problematic because of the ever larger set of
transactions where authentication through a password is required, and while single-sign-on
authentication is gaining popularity, the vulnerability of the password remains.
In this new world of connected things, identity management has been identified as a key issue,
concerning security and the need to keep the user in control. Privacy and data protection
issues are exacerbated when all is connected. The EU launched a public consultation in 2012
to find out how its citizens would like to have the IoT governed.
7.8 People interacting with their things or accessing spaces on the basis of token
based IM
Here too, the rapid development of the Internet of Things, is the most important development
that is premediated. The scenarios we found, about future access to (the Internet of) things,
are often unclear about how one accesses the network(s). Yet, when authentication is a visible
element of the scenario biometrics are standardly envisioned as the system of choice for
27
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
identity management. However, one can imagine that smart and personalised tokens, like
watches, jewellery and clothes would be appropriate authenticators as well. Yet, this is not
very well covered in the scenarios.
7.9 People interacting with their things or accessing spaces on the basis of
biometric or body based IM
Many laptops or phones nowadays are already secured through a biometric authenticator,
most often fingerprint or iris scan. Here too, the driving force of the industry is felt, and an
increasing range of biometrics to access one’s things or spaces is in development or
experimentation. Keystroke and typing patterns, for instance, are especially appropriate and
easy means for accessing PC’s and laptops. But other biometric features are also tested as a
means of authentication, for instance a butt print to access one´s car, or recognition based on
gait. The most outspoken scenarios of the usage of biometric authenticators to access one’s
possessions or spaces, and more generally the internet of things, come from the many ‘Houses
of the Future’ or ‘smart homes’ that the industry develops to show case new technologies.
8 Conclusions
Identity management is an issue to deal with in ever more human interactions, with risks and
opportunities. The whole field is wide and diverse, but we can safely assume that ordinary
members of the public assemble their ideas about what IM, and what its risks and
opportunities are, from this diversity, in diverging and inconsistent ways.
We approached the IM field through the concept of ‘premediation’: a potentially endless
process of making and (re)presenting diverse and contradictory future possibilities for identity
management. We operationalised premediation as taking place at the level of concrete future
scenarios. We searched for such scenarios in the IM sector itself (industry, government,
clients, users), but also in the adjacent fields of arts, design, journalism, popular culture,
science and science fiction.
28
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
We found that these scenarios have commonalities in terms of the IM technologies
premediated (based on knowledge/memory, tokens or biometric/body), and the contexts of
human interactions in which IM is or will become necessary (between humans, between
humans and their ‘things’, between humans and organisations). All three methods of
authentication are being premediated in the wide array of scenarios, with biometrics and
smart tokens - in respectively first and second place - leading the way. They occur regularly in
combination with each other, in so-called two-factor or multifactor authentication systems,
such as the biometric passport (body and token), the pin-coded credit card (memory and
token); or access to a secure space through facial recognition and a password (body and
memory). All token based authentication is expected to become ‘smarter’, through the
addition of biometric information, RFID or GPS technology. Similarly, in the future all other
things can be made smart in this way as well. Hence they can be used for authentication if
desirable. This is especially relevant for wearable things like jewelry, watches, clothes or
shoes. The types of contexts in which identification and authentication is (thought to be)
necessary are expected to grow as well, especially in the context of the emerging Internet of
Things. The least premediated context of authentication concerns the interaction between
individuals, although pop culture is rife with stories of imposters and impersonators.
There are small indications of a growing backlash against identity management practices. For
example hacktivist group Anonymous who use the V for Vendetta mask in order to hide their
identity. In fact a variety of masks are found including the use of crochet, a clever use of face
painting and hair styling and the application of semen to avoid face detection. Other
emergent services including web 2.0 Suicide Machine that offers to remove your profile from
facebook, linked-in, and twitter also suggests not just discontent with identity management
practices but also with digital interfaces.
The sectors in which future scenarios occur, differ in their sentiment around IM. We used the
commonalities in the scenarios can be used to construct 9 (3x3) ‘mother scenarios’, each with
a positive and a negative variety. We will use these motherscenarios to construct bespoke
stimuli and triggers for user research, aimed at analysing and understanding how members of
29
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
the public construct their meanings of IM, and how these meanings are articulated with
engagement and disengagement with particular technologies and practices of IM.
30
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
References
Alexander, A. (2011). Can The Post regain its legacy of excellence? The Washington Post,
January 23, 2011. Available at: http://www.washingtonpost.com/wp-
dyn/content/article/2011/01/21/AR2011012105376.html, last accessed June 14, 2012.
Attick, F. (2011). Face recognition in the Cloud and Social Media: Is it time to hit the panic
button? Security News, December 1. http://security-news-tv.com/2011/12/01/face-
recognition-in-the-era-of-the-cloud-and-social-media-is-it-time-to-hit-the-panic-button/,
last accessed June 8, 2012.
Aradau, C. and R. Van Munster (2008). Insuring Terrorism, Assuring Subjects, Ensuring
Normality: The Politics of Risk after 9/11. Alternatives: Global, Local, 33, p.191-210, doi:
10.1177/030437540803300205.
Bennett, C.J. (2010). The privacy advocates: resisting the spread of surveillance. Cambridge
MA: MIT Press.
Biometrics Institute (2012). ‘About us’. http://www.biometricsinstitute.org/pages/about-
us.html, last accessed June 20, 2012.
Boonstra, A., Boddy, D., and S. Bell (2008). Stakeholder Management in IOS Projects: Analysis
of an Attempt to Implement an Electronic Patients File. European Journal of Information
Systems, 17, p.100-111.
Brainard, J., Juels, A., Rivest, R., Szydlo, M. and M. Yung (2006). Fourth Factor Authentication:
Somebody You Know. Proceedings of the 13th ACM Conference on Computer and
Communications Security, Alexandria, Virginia, USA, p.168-78.
Briggs, P. and P. Oliver (2008). Biometric daemons: authentication via electronic pets. CHI '08
extended abstracts on Human factors in computing systems, p.2423-2432. Available
from: http://static.usenix.org/event/upsec08/tech/full_papers/briggs/briggs.pdf, last
accessed June 20, 2012.
Byron, T. (2008). Safer children in a digital world : the report of the Byron Review : be safe, be
aware, have fun. London: Department for Culture, Media and Sport. Available at
http://dera.ioe.ac.uk/7332/, last accessed June 14, 2012.
Carroll, J. (1999). Five reasons for scenario-based design. Proceedings of the 32nd Annual
Hawaii International Conference on System Sciences, HICSS-32. Available from
31
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
http://testingeducation.org/BBST/testdesign/CarrollScenarios.pdf, last accessed June 14,
2012.
Clodfelter, R. (2010). Biometric technology in retailing: Will consumers accept fingerprint
authentication? Journal of Retailing and Consumer Services, 17(3), p.181-188.
Crapanzano, V. (2003). Imaginative Horizons: An Essay in Literary-Philosophical Anthropology.
Chicago: University of Chicago Press.
Diprose, R., Stephenson, N., Mills, C., Race, K. and G. Hawkins (2008). Governing the Future:
The Paradigm of Prudence in Political Technologies of Risk Management. Security
Dialogue 39, p. 267-288. doi: 10.1177/0967010608088778.
Enfield, N. J. ( 2000). The Theory of Cultural Logic: How Individuals Combine Social Intelligence
with Semiotics to Create and Maintain Cultural Meaning. Cultural Dynamics, 12, p.35–64.
Fiske, J. (1987). Television culture. London: Methuen.
Giles, J. (2012). The gadget inside. New Scientist, May 12.
Grusin, R. (2010). Premediation - Affect and Mediality after 9/11. London, New York: Palgrave
Macmillan.
IPTS (2011). Envisioning Digital Europe 2030: Scenarios for ICT in Future Governance and Policy
Modelling. European Commission, Directorate General. Technical Report EUR 24614,
Institute for Prospective Technological Studies. Available at
http://ipts.jrc.ec.europa.eu/publications/pub.cfm?id=3879, last accessed June 14, 2012.
Jakobsson, M., Stolterman, E., Wetzel, S. and L. Yang (2008). Love and Authentication.
Proceedings of the twenty-sixth annual SIGCHI conference on Human factors in
computing systems, p.197-200. http://dl.acm.org/citation.cfm?id=1357087.
Jamieson, K.H. (2009). Academe and the decline of news media. The Chronicle of Higher
Education, November 15, 2009. Available at: http://chronicle.com/article/Academethe-
Decline-of/49120/, last accessed June 14, 2021.
Jones L.A., Anton, A.I. and J.P. Earp (2007). Towards Understanding User Perceptions of
Authentication Technologies. Proceedings of the 2007 ACM workshop on Privacy in
electronic society. Available at http://dl.acm.org/citation.cfm?id=1314352.
Lacey, R. and J.Z. Sneath (2006) Customer loyalty programs: are they fair to consumers?
Journal of Consumer Marketing, 23 (7), p.458 – 464.
32
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
Livingstone, S. and L. Haddon (2009). EU Kids Online: final report. EC Safer Internet Plus
Programme, Deliverable D6.5. EU Kids Online, London, UK. ISBN 9780853283553.
Available at http://eprints.lse.ac.uk/24372/. Last accessed June 6, 2012.
Michael, K. and M.G. Michael (forthcoming). The Future Prospects of Embedded Microchips in
Humans as Unique Identifiers: The Risks versus the Rewards. Media, Culture and Society,
January 2013, accepted for publication.
Misuraca, G., Broster, D. and C. Centeno (2012). Digital Europe 2030: Designing scenarios for
ICT in future governance and policy making. Government Information Quarterly, 29(1),
p.121-131.
Monahan, T. and J. Fisher (2010). Implanting inequality: Empirical evidence of social and
ethical risks of implantable radio-frequency identification (RFID) devices. International
Journal of Technology Assessment in Health Care, 26, p.370-376
doi:10.1017/S0266462310001133.
Moore, G. and I. Benbasat (2001). Development of an instrument to measure the perceptions
of adapting an information technology innovation. Information Systems Research, 2(3),
p.193-222.
O’Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication.
Proceedings of the IEEE, 91(12), 2021-2040.
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=1246384&url=http%3A%2F%2Fie
eexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D1246384, last
accessed June 14, 2012.
Omand, D. (2012). Into the future: a comment on Agrell and Warner. Intelligence and national
security¸ 27(1), p.154-156.
Ragin, C. (2000) Fuzzy-Set Social Science. Chicago: University of Chicago Press.
Rannenberg, K., Royer, D. and A. Deuker (2009). The Future of Identity in the Information
Society. Berlin, London: Springer.
Riley, S. (2006). It’s Me, and Here’s My Proof: Why Identity and Authentication Must Remain
Distinct. Microsoft Technet Security Bulletins, February 14, 2006.
http://technet.microsoft.com/en-us/library/cc512578.aspx, last accessed June 14, 2012.
Swart, R.J., Raskin, P. and J. Robinson (2004) The problem of the future: sustainability science
and scenario analysis. Global Environmental Change, 14, p.137–146.
33
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
Whitley, E. A. & Hosein, G. (2009) Global challenges for identity policies. Technology, work and
globalization. Basingstoke, UK: Palgrave Macmillan. ISBN 978023054.
34
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
Appendix One Search sites and search words
Field Sources Search terms Academic research
ACM digital library IEEE Conference proceedings Web of Knowledge Science Direct Mendeley Google scholar Online journals/magazines (e.g. RFID) Snowballing- academic paper refs
Advanced voice recognition Ambient intelligent technology Anonymity Authentication Biometrics Biometric state Biopolitics Body scans Body of the Future Border security CCTV China identity management Citizen Citizen card City of the Future Civil rights Crime Customer loyalty Cybercrime Digital identity Electronic identity Electronic patient file Face/facial recognition Federated identity management Finger vein recognition Fingerprints Future Future technologies Gait recognition Holographic technology Home of the future House of the future Human recognition Identification Identity ID/identity card Identity theft Identity governance Identity management Illegal immigrants Immigration Innovation
Activism Statewatch Surveillance Studies Network Urban Eye Project The Policy Laundering project, America Civil Liberties Union Privacy International
Art and design Design & Applied Arts Search Engine (DAAI) ARTbibliographies Modern (CSA)Vimeo.com YouTube.com Future Labs of different Universities and Organisations Microsoft Research Centre Stumble upon BBC website Artists and Designer Blogs Art and Design Councils
Bloggers Identity Woman Identity Blog (Kim Cameron)
General Google Alerts Facebook Twitter Pinterest TV Stumble Upon
Industry The Biometrics Institute PlanetBiometrics.com
News Nexis online newspaper archive Online Commerce
Ecommerce Times Econsultancy Blog Marketing Vox Adweek
35
Scen
ario
s of i
dent
ity m
anag
emen
t in
the
futu
re |
July
201
2
Policy House of Commons Home Affairs Committee EU IST Research - TURBINE project - PRIME project EU Agencies: - IDABC, - MODINIS UK legislation on border security and immigration for the National Archives Research institutes: - Royal Academy of Engineering - Government Office for Science - Institute for the Protection and
Security for the Citizen - Institute for Prospective
Technological Studies Academic research mainly in international relations, STS and information systems.
Intelligent Street Interactive jewellery Interactive spaces Interactive textiles Interactive wearables Iris scan Japan Identity Management Micro-chipping Military virtual reality Mobile identity Odour scan Office of the future Online identity Passport Password Palm vein recognition Permit Pincode Privacy Pseudonymity RFID Resident permits Security Smart home Smart city Smart garment/textiles Smart jewellery Social sorting Sousveillance Surveillance Technology acceptance Technology adoption Terrorism UK security strategy User name User perspective Visum/visa Vein technology Voice recognition
Popular Culture
Internet Movie Data Base (Film and Television)
Security EU Agencies: - ENISA Government sites: - UK Border Agency - UK Passport Service - Cabinet Office reports on security. Industry Reports: - Deloitte and Touche - Ernst & Young - DAON
Science Fiction Internet Speculative Fiction Data Base The Science Fiction Fantasy and Research database
IMPRINTS (Identity Management – Public Responses to Identity Technologies and Services) is a comparative and multidisciplinary research project, asking about the influences on UK and US publics to engage and/or disengage with identity management practices, services and technologies of the future. These involve, among others, new forms of biometric authentication; innovative ‘smart’ tokens like ID or customer cards, jewellery, garment, or further enhanced smart phones. These technologies have become subject to paradoxical processes of acceptance and rejection, with members of the public warmly embracing the one and fiercely rejecting the other. In this research we aim at a better understanding of these paradoxes in order to facilitate public debate, policy development and user-centric applications.
The three-year IMPRINTS project is funded by the Engineering and Physical Sciences Research Council (EPSRC). An additional grant has been awarded by the Department of Homeland Security in America to the Pacific Northwest National Laboratory to simultaneously conduct the study in the US.
www.imprintsfutures.org