Remember all those years ago (about 20 in fact) when there was that cartoon in the New Yorker “no one knows you’re a dog“? I got so sick of seeing that cartoon lazily reproduced by anyone who wanted to make a point about identity in the virtual world and the relationship between virtual and mundane identities, which to my mind remains poorly understood (even by me) and in desperate need of exploration. Well, on Twitter a couple of days ago I laughed out loud when someone posted the updated version: on the Internet, no one knows you’re a fridge. Maybe I’ll steal it to use for my talk at the University of Surrey Centre for the Digital Economy “ID for the Internet things” workshop this afternoon. You’ll remember that ID for the Internet of Things (with the hashtag #IDIoT) was one of Consult Hyperion’s “live five” transaction technology trends for 2015. At the start of the year, when we were talking to clients about what to keep an eye on this year, we said that the thingternet (as I prefer to call it) lacked security infrastructure and that this would be a natural focus for activity. As it turned out, this was correct.
ARM’s acquisition of Dutch company Offspark shows how chip vendors intend to integrate more security features in their software and hardware to help keep the Internet of Things safe. There are a few things vendors have to get right for IoT to take off on a larger scale, and security is one of them.
Of course, ARM wasn’t the only chip company looking to evolve IoT security. While they announced they would add their trusted execution environment “Trustzone” to their newest designs, others were doing the same, which is of course good news for those of us concerned about security on the thingternet.
Intel is going down the same route with features such as Enhanced Privacy ID, which Intel made available for other chip makers to implement in December.
You can have security without privacy, as they say, but you can’t have privacy without security. Anyway, the fridge thing caught my eye because I happened to be reading the Economist Intelligence Unit’s recent report on “The Economics of Digital Identity“, in which Stephen Bonner, former head of Information Risk Management of Barclays, makes the important observation that while most of the focus today is on individuals and their personal data, increasingly digital identity will need to be closely tied to the use and ownership of smart products. Since I’d read Jerry Kaplan’s “Humans Need Not Apply” on my last plane ride, I’d been thinking about the issue of personhood (including the ability to own assets) for synthetic intelligence, I’d been thinking about issues around reputation management (and management of reputation in the context of punishing synthetic intellects). And then I saw a tweet from my former colleague and ethical thinker, Vic:
My nine year old just asked “Do robots have passports?” We agreed they’ll need one in the future, probably.
— Victoria Richardson (@victoriajane)
So. Should what Jerry Kaplan calls “forged labourers” need digital identities through legal personhood, or are they the property (in some way I can’t think through, because I’m not a lawyer) of governments, companies, individuals with an identity that is derived from their owner? I rather think that they will have to have some kind of digital identity and my reasoning is that interactions in the virtual world are interactions between virtual identities and in my specific worldview, virtual identities need underlying digital identities. Whether the underlying digital identities of robots need to be bound to real-world legal entities, as in the case of digital identities as we understand them today, is a different issue so let’s put it to one side for the time being. Let’s for a moment focus on security.
When my fridge negotiates with Waitrose to buy some more milk, what is really happening is that the virtual identity of my fridge is interacting with the virtual identity of Waitrose. That seems perfectly reasonable to me, and working out ways for the these virtual identities to transact is going to be part of the business strategy for a fair few of our clients over the next couple of years. The virtual identity of the fridge may have a number of attributes associated with its identifier, such as a credit limit for a delivery address or whatever, but the one attribute that it will not have is “IS_A_PERSON”. As I have claimed many times before, this might well turn out to be the most valuable attribute of all. More on this soon.