There’s a bit of a row going on about social media and bots. The noted entrepreneur Mark Cuban, for example, caused some debate recently by saying that…
It’s time for @twitter to confirm a real name and real person behind every account, and for @facebook to to get far more stringent on the same. I don’t care what the user name is. But there needs to be a single human behind every individual account .
— Mark Cuban (@mcuban)
January 28, 2018
He’s wrong about the real name, because anyone familiar with the topic of “real” names knows perfectly well that they make online problems worse rather than better. Last year, the dating platform OKCupid announced it would ask users go by their real names when using its service (the idea was to control harassment) but after something of a backlash from the users, they had to relent. Why on Earth would you want people to know your “real” name? That should be for you to disclose when you want to and to whom you want to.
In fact the necessity to present a real name will actually prevent transactions from taking place at all, because the transaction enabler isn’t names, it’s reputations. And pretty basic reputations at that. Just knowing that the apple of your eye is an actual person is probably the most important element of the reputational calculus central to online introductions, but after that? Your name? Your social media footprint? (Look at the approach of “Blue”, a dating service for Twitter-verified-users-only.)
I don’t think this is a solution, because if I were to be on an internet dating site, I would want the choice of whether to share my name, or Twitter identity, or anything else with a potential partner. I certainly would not want to log in with my “real” name or anything information that might identify me. In fact, this is an interesting example of a market that does not need “real” names at all. “Real” names don’t fix any problem. Your “real” name is not an identifier, it is just an attribute and it’s only one of many elements that would need to be collected to ascertain the identity of the corresponding real-world legal entity anyway.
While Mr. Cuban is wrong about the “real name” issue, he is absolutely right about the “real person” issue. Let me use a specific and prosaic example to explain why this is and to suggest a much better solution to the bot problem. The example is internet dating, a topic on which I am a media commentator. Or at least I was once.
Real People, Real Use Case
A few years ago, I appeared on a programme about internet dating on one of the more obscure satellite TV channels. They wanted an “internet expert” to comment on the topic and since no-one else would do it, eventually the TV company called me. The show turned out to be pretty interesting. I didn’t have much to say (I was there to comment on internet security), and I can’t remember much of what was said, but I do remember very clearly that the psychologist at the heart of the show made a couple of predictions. While interviewing a couple who had met online, she said (paraphrasing greatly) that in the future people would think that choosing a partner when drunk in a bar is the most ludicrous way of finding a soulmate, and that internet dating was a better mechanism for selecting partners for life. Now it seems that this prediction is being confirmed by the data, as the MIT Technology Review reports that “marriages created in a society with online dating tend to be stronger”.
The psychologist’s other prediction was that internet dating gave women a much wider range of potential mates to choose from and allowed them to review them in more detail before developing relationships. Of course, internet dating also increases the size of the pool for men, but as I remember (and I may be wrong on this) her thesis was that men don’t seem to make as much use of this as women do. Anyway, the general point about the wider pool now seems to be showing up in the data, assuming that interracial marriages are a reasonable proxy for the pool size. When researchers from the National Academy of Sciences looked at statistics from 1967 to 2013, they found “spikes” in interracial marriages that coincided with the launch of online matchmaking sites.
Why am I telling you all this? Well, it’s to make the point that internet dating is a mainstream activity that is having a measurable impact on society and yet it is rife with identity fraud of every kind. There are two basic problems that we have made essentially no headway in tackling over the past couple of decades.
The first problem is that you do not know who you are communicating with online, a problem that has remained essentially unchanged since the earliest days of the internet.
Every morning I wake up to the same routine. I log into the Tinder account of a 45-year-old man from Texas — a client. I flirt with every woman in his queue for 10 minutes, sending their photos and locations to a central database of potential “Opportunities.” For every phone number I get, I make $1.75. I’m what’s called a “Closer” for the online-dating service ViDA (Virtual Dating Assistants).
Well, that’s a great example of a job that didn’t exist a few years ago, but $10 an hour doesn’t seem like much for whats seems to me to be quite hard work. All of the stuff about verified accounts and such like doesn’t really help with this basic problem. Actually, verified accounts don’t really help with anything at all. People who have verified accounts sell them for bots to use anyway (an example of this is the Fuelgram service).
So not only do you not know who you are engaging with, you don’t even know if they are a real person or not, which is something of an issue when it comes to dating.
These activities suggest to me that online dating is a much better use case for mass market digital identity.
It is a better test of scale for an identity solution than logging on in your real name to do taxes once every year and it also provides a realistic path for digital identity into the consumer market.
What internet dating needs, and what will solve Mark Cuban’s social media problem as well, is the ability to determine whether you are a person or a bot (remember, in the famous case of the Ashley Madison hack, it turned out that almost all of the women on the site were actually bots). On Twitter it’s not quite that bad yet, because there are still many people posting there, but with bot networks of 500,000 drones tweeting and re-tweeting it is not in good shape. The way forward is surely not for Twitter to try and figure out who is a bot and whether they should be banned but Twitter to give customers the choice. Why can’t I tell Twitter that I don’t want bot followers, that I want a warning if an account I follow is a bot, that I don’t want to see posts that originated from bots that I don’t follow and so on.
Just as with internet dating, the problem is not real names but real people.
Now, working out whether I am a person or not is a difficult problem if you are going to go by reverse Turing tests or Captchas. It’s much easier to ask someone else who already knows whether I’m a bot or not. My bank, for example. So, when I go to sign up for internet dating site, then instead of the dating site trying to work out whether I’m real or not, the dating site can bounce me to my bank (where I can be strongly authenticated) and then the bank can send back a token that says “yes this person is real and one of my customers”. It won’t say which customer, of course, because that’s none of the dating site’s business and when the dating site gets hacked it won’t have any customer names or addresses: only tokens. This resolves the Cuban paradox: now you can set your preferences against bots if you want to, but the identity of individuals is protected.
One of my acid tests of whether a digital identity infrastructure is fit for the modern world is whether it can offer this kind of strong pseudonymity (that is, persistent pseudonyms capable of supporting reputations). If we can construct an infrastructure that can deliver these to the world of internet dating, then it can deliver them for cryptocurrency, cars, children and all sorts of other things we want to manage securely in our new always-on environment. We have to fix this problem, and soon, because in the connected world, if you don’t know who IS_A_PERSON and who IS_A_DOG and who is neither, you cannot interact online in a functional way.
About the AuthorDavid Birch is an author, advisor and commentator on digital financial services. Hie is Director of Consult Hyperion, the secure electronic transactions consultancy, and a Visiting Professor at the University of Surrey Business School. An internationally-recognised thought leader in digital identity and digital money, he was named one of the global top 15 favourite sources of business information by Wired magazine. Dave’s web site is www.dgwbirch.com
Are you preparing for the #CIDPRO exam? In addition to the #IDPro #BodyofKnowledge, view this list of sources for information relevant to the CIDPRO Foundations exam: https://bit.ly/3t8i6TD #IAM
#IDPro is hosting a members-only #virtual #meetup today at 1 pm Eastern / 6 pm GMT - details provided in the #general channel in IDPro’s Slack workspace. We hope to see you there!
In the #IDPro #BodyOfKnowledge, Mary McKee shares an overview of Policy-Based Access Control. Access control systems protect an organization’s mission through changes in users, personnel, responsibilities, organizational structure, and legal obligations: https://bit.ly/3eKTRUG
#Identity correlation is the process of mapping an account from an application or system back to its authoritative origination point. Review the steps outlined in this #IDPro newsletter article to better understand the Identity Correlation Framework: https://bit.ly/3yyQOXu #IAM
Do you have questions about the #CIDPRO certification? Explore the CIDPRO FAQ page to find exam logistics, available resources to help you prepare for the exam, scheduling and more: https://idpro.org/cidpro-faq/ #IAM #identity