Jump to content

User:Chjenjennifer/Digital identity

From Wikipedia, the free encyclopedia

Article Draft[edit]

Lead[edit]

A digital identity is information used by computer systems to represent an external agent – a person, organization, application, or device. In simpler words, digital identity is a person's compiled information, which makes it easier to prove identity online. Digital identities allow access to services provided with computers to be automated and make it possible for computers to mediate relationships.

The use of digital identities is so widespread that many discussions refer to the entire collection of information generated by a person's online activity as a "digital identity". This includes usernames, passwords, search history, birthdate, social security number, and purchase history. Especially where that information is publicly available and not anonymized and so can be used by others to discover that person's civil identity. In this broader sense, a digital identity is an aspect of a person's social identity and is also referred to as online identity.

This data (usernames, search history, and etc) is also harvested to create what has been called a data double[1], an aggregated profile based on the user's data trail across databases. In turn, these data doubles serve to facilitate personalization methods on the web and across applications.

If personal information is no longer the currency that people give for online content and services, something else must take its place. Media publishers, app makers and e-commerce shops are now exploring different paths to surviving a privacy-conscious internet, in some cases overturning their business models. Many are choosing to make people pay for what they get online by levying subscription fees and other charges instead of using their personal data[2]

An individual's digital identity is often linked to their civil or national identity and many countries have instituted national digital identity systems that provide digital identities to their citizenry.

The legal and social effects of digital identity are complex and challenging. Faking a legal identity in the digital world may present many threats to a digital society and raises the opportunity for criminals, thieves, and terrorists to commit various crimes. These crimes may occur in either the online world, real world, or both[3]

Article body[edit]

Background[edit]

A critical problem in cyberspace is knowing with whom one is interacting. Using only static identifiers such as passwords and email, there is no way to precisely determine the identity of a person in cyberspace because this information can be stolen or used by many individuals acting as one. Digital identity based on dynamic entity relationships captured from behavioral history across multiple websites and mobile apps can verify and authenticate identity with up to 95% accuracy.

By comparing a set of entity relationships between a new event (e.g., login) and past events, a pattern of convergence can verify or authenticate the identity as legitimate whereas divergence indicates an attempt to mask an identity. Data used for digital identity is generally anonymized using a one-way hash, thereby avoiding privacy concerns. Because it is based on behavioral history, a digital identity is very hard to fake or steal.

(related terms) Related Information[edit]

A digital identity may also be referred to as a digital subject or digital entity. They are the digital representation of a set of claims made by one party about itself or another person, group, thing, or concept.

A digital twin[4] which is also commonly known as a data double or virtual twin is a secondary version of the original user's data. Which is used both as a way to surveillance what said user does on the internet as well as customize a more personalized internet experience[5] Due to the collection of personal data, there has been many social, political, and legal controversies tying into data doubles.

Attributes, Preferences, and Traits[edit][edit]

The attributes of a digital identity are acquired and contain information about a user, such as medical history, purchasing behavior, bank balance, age, and so on. Preferences retain a subject's choices such as favorite brand of shoes, and preferred currency. Traits are features of the user that are inherent, such as eye color, nationality, and place of birth. Although attributes of a user can change easily, traits change slowly, if at all. A digital identity also has entity relationships derived from the devices, environment, and locations from which an individual is active on the Internet. Some of those include facial recognition, fingerprints, photos, and so many more personal attributes/preferences[6]

Policy aspects[edit]

There are proponents of treating self-determination and freedom of expression of digital identity as a new human right. Some have speculated that digital identities could become a new form of legal entity.[7] As technology develops so does the intelligence of certain digital identities, moving forward many believe that there should be more developments in legal aspects that regulate online presences and collection.

Security and privacy issues[edit]

Several writers have pointed out the tension between services that use digital identity on the one hand and user privacy on the other.[1][2][3][4][5]

Services that gather and store data linked to a digital identity, which in turn can be linked to a user's real identity, can learn a great deal about individuals. GDPR is one attempt to address this concern using regulation. This regulation tactic was introduced by the European Union (EU) in 2018 for addressing concerns about the privacy and personal data of EU citizens. GDPR applies to all companies, regardless of location, that handle users within the EU. Any company that collects, stores, and operates with data from EU citizens must disclose key details about the management of that data to EU individuals. EU citizens can also request for certain aspects of their collected data to be deleted[8]. To help enforce GDPR, the EU has applied penalties to companies that operate with data from EU citizens but fail to follow the regulations[9]

Many systems provide privacy-related mitigations when analyzing data linked to digital identities. One common mitigation is data anonymization, such as hashing user identifiers with a cryptographic hash function. Another popular technique is adding statistical noise to a data set to reduce identifiability, such as in differential privacy.

Although a digital identity allows consumers to transact from anywhere and more easily manage various ID cards, it also poses a potential single point of compromise that malicious hackers can use to steal all of that personal information.[6]

Hence, several different account authentication methods have been created to protect users. Initially,  these authentication methods will require a setup from the user to enable these security features when attempting a login.

  • Two-factor Authentication: This form of authentication is a two-layered security process. The first layer will require the password for the account the user is trying to access. Following a successful password input, the second layer of security will then prompt the user to prove that they have access to something which they would only have. Typically, these are unique one-time generated security codes that will be sent to the email or phone number registered on the account. Successful input of these unique one-time generated security codes will then grant the user permission into the account. There are also maybe options for answering security questions that will grant access to the account, something which only the actual user would know the answers too[10]. The second layer of the two-factor authentication process can also include face biometric factors such as facial scans, fingerprints, or a voice print rather than one-time generates security codes or answering security questions. It is important to note that two-factor authentication will typically be required every time when attempting a login to an account[11]
  • Certificate-Based Authentication: This form of authentication prioritizes the use of digital certificates, typically an individual's driver's license or a passport as a form of an electronic document. A certification authority will then prove ownership of a public key to the owner of that digital certificate. Certificate-based authorities will prioritize these electronic documents to identify a user. When signing into a server, the individual presents their digital certificate, the server will then verify the credibility of that digital certificate through cryptography, and the authentication process is finally complete when that private key is certified[12]


Digital Death[edit]

Digital death is the phenomenon of people continuing to have Internet accounts after their deaths. This results in several ethical issues concerning how the information stored by the deceased person may be used or stored or given to the family members. It also may result in confusion due to automated social media features such as birthday reminders, as well as uncertainty about the deceased person's willingness to pass their personal information to a third party. Many social media platforms do not have clear policies about digital death. Many companies secure digital identities after death or legally pass those on to the deceased people's families. Some companies will also provide options for digital identity erasure after death. Facebook/Meta is a clear-cut example of a company that provides digital options after death. Descendants or friends of the deceased individual can let Facebook know about the death and have all of their previous digital activity removed. Digital activity is but not limited to messages, photos, posts, comments, reactions, stories, archived history, etc. Furthermore, the entire Facebook account will be deleted upon request[13]

Business Aspects[edit][edit]

Corporations are recognizing the power of the internet to tailor their online presence to each individual customer. Purchase suggestions, personalized adverts, and other tailored marketing strategies are a great success for businesses. Such tailoring, however, depends on the ability to connect attributes and preferences to the identity of the visitor. For technology to enable direct value transfer of rights and non-bearer assets, human agency must be conveyed, including the authorization, authentication, and identification of the buyer and/or seller, as well as “proof of life,” without a third party. A solution to confirm legal identities resulted from the financial crisis of 2008. The Global LEI System would be able to provide every registered business in the world with an LEI. The LEI - Legal Entity Identifier provides businesses permanent identification worldwide for legal identities.   

The LEI[14] is:

  • 20-digit, alpha-numeric code based on the ISO 17442 standard.
  • Designed to be used and recognized globally.
  • The identifier for legal entities involved in digital transactions.
  • Decentralized and used in an open data system that allows its identification data to be accessed by anyone.
  • Incorporates in-depth validation services in each part of its process.

Impacts of Digital Identity in a Social and Governmental Aspect[edit]

Digital identity has numerous impacts on society, individuals, and nations. One of the most significant impacts is on privacy. Digital identities can be used to track an individual's online activities and gather information about their interests, behaviors, and preferences. This information can then be used by companies and governments to target individuals with personalized ads and messages or to monitor their activities for security or law enforcement purposes. This raises important questions about the balance between privacy and security, and the rights of individuals to control their own data.

Another impact of digital identity is on social relationships. Digital identities allow individuals to connect and communicate with others across great distances and cultural divides. However, they can also create new forms of inequality and exclusion, as those who lack access to digital technologies or are unable to navigate them effectively may be left behind. This is especially true in developing countries or among marginalized groups, where access to digital technologies may be limited or controlled by those in power. An individual's digital identity is often linked to their civil or national identity and many countries have instituted national digital identity systems that provide digital identities to their citizenry. Such digital identity systems are personal, biometric, and social identifiers. This may typically include the name and date of birth of an individual. Biometric identifiers refer to the biological traits of an individual, mainly physical characteristics: hair color, iris/retina patterns, fingerprints, height, and weight. Social identifiers revolve around the individual’s sociological and psychological with the world and its inhabitants[15].

At the national level, digital identity systems can have a profound impact on political power and social control. Governments may use digital identity systems to monitor and control their citizens' activities, restrict access to certain services or information, or target individuals for surveillance or harassment. This can have serious implications for democracy, human rights, and social justice, as it can undermine the ability of individuals to speak out and participate in public life[16]

The legal and social effects of digital identity are complex and challenging.[further explanation needed]. Faking a legal identity in the digital world may present many threats to a digital society and raises the opportunity for criminals, thieves, and terrorists to commit various crimes. These crimes may occur in either the online world, real world, or both[17].

Digital Rhetoric (revised using the same sources)[edit]

The term 'digital identity' is utilized within the academic field of digital rhetoric to refer to identity as a 'rhetorical construction'[18]. Digital rhetoric explores how identities are formed, negotiated, influenced, or challenged within the ever-evolving digital environments. Understanding different rhetorical situations in digital spaces is complex but crucial for effective communication, as scholars argue that the ability to evaluate such situations is necessary for constructing appropriate identities in varying rhetorical contexts[19][20][21]. Furthermore, it is important to recognize that physical and digital identities are intertwined, and the visual elements in online spaces shape the representation of one's physical identity[22]. As Bay suggests, 'what we do online now requires more continuity—or at least fluidity—between our online and offline selves'[22].

Regarding the positioning of digital identity in rhetoric, scholars pay close attention to how issues of race, gender, agency, and power manifest in digital spaces. While some radical theorists initially posited that cyberspace would liberate individuals from their bodies and blur the lines between humans and technology[23], others theorized that this 'disembodied' communication could potentially free society from discrimination based on race, sex, gender, sexuality, or class[24]. Moreover, the construction of digital identity is intricately tied to the network. This is evident in the practices of reputation management companies, which aim to create a positive online identity to increase visibility in various search engines[18].

Legal issues[edit][edit]

Clare Sullivan presents the grounds for digital identity as an emerging legal concept. The UK's Identity Cards Act 2006 confirms Sullivan's argument and unfolds the new legal concept involving database identity and transaction identity. Database identity is the collection of data that is registered about an individual within the databases of the scheme and transaction identity is a set of information that defines the individual's identity for transactional purposes. Although there is reliance on the verification of identity, none of the processes used are entirely trustworthy. The consequences of digital identity abuse and fraud are potentially serious since in possible implications the person is held legally responsible[25].





References[edit]

  1. ^ Jones, Kyle M. L. (2018-05-01). "What is a data double?". Data Doubles. Retrieved 2023-05-03.
  2. ^ www.bizjournals.com https://www.bizjournals.com/austin/news/2021/09/17/battle-digital-privacy-internet.html. Retrieved 2023-05-10. {{cite web}}: Missing or empty |title= (help)
  3. ^ https://infonomics-society.org/wp-content/uploads/ijisr/published-papers/volume-8-2018/A-Review-of-Identity-Identification-and-Authentication.pdf
  4. ^ "What is a digital twin? | IBM". www.ibm.com. Retrieved 2023-05-11.
  5. ^ "Data-Doubles, Data-double construction, History and usage, Political and privacy issues, Further readings". reference.jrank.org. Retrieved 2023-05-10.
  6. ^ DeNamur, Loryll (2022-06-17). "Digital Identity: What is it & What Makes up a Digital Identity? | Jumio". Jumio: End-to-End ID, Identity Verification and AML Solutions. Retrieved 2023-05-10.
  7. ^ Sullivan, Clare, "Digital Identity – A New Legal Concept", Digital Identity: An Emergent Legal Concept, Adelaide: University of Adelaide Press, pp. 19–40, retrieved 2023-05-10
  8. ^ "Right to be Informed". General Data Protection Regulation (GDPR). Retrieved 2023-05-10.
  9. ^ "Art. 83 GDPR – General conditions for imposing administrative fines". General Data Protection Regulation (GDPR). Retrieved 2023-05-10.
  10. ^ "What is Two-Factor Authentication (2FA) and How Does It Work?". Security. Retrieved 2023-05-10.
  11. ^ "What Is Two-Factor Authentication (2FA)?". Authy. Retrieved 2023-05-10.
  12. ^ "What is Certificate-Based Authentication". Yubico. Retrieved 2023-05-10.
  13. ^ "What happens to my Facebook account if I pass away | Facebook Help Center". www.facebook.com. Retrieved 2023-05-10.
  14. ^ "The vital role to be played by Digital identity and the Legal Entity Identifier in the future of global business". LEI Worldwide. Retrieved 2023-05-10.
  15. ^ "Overview". World Bank. Retrieved 2023-05-10.
  16. ^ https://www.digitalidentity.gov.au/sites/default/files/2023-03/regulation_impact_statement_ris_2_0.pdf
  17. ^ https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9148938/
  18. ^ a b https://library.oapen.org/viewer/web/viewer.html?file=/bitstream/handle/20.500.12657/24037/1006096.pdf?sequence=1&isAllowed=y
  19. ^ Higgins, E. T. (1987). "Self-discrepancy: a theory relating self and affect". Psychological Review. 94 (3): 319–340. doi:10.1037/0033-295X.94.3.319. PMID 3615707.
  20. ^ Goffman, E. (1959). "The moral career of the mental patient". Psychiatry. 22 (2): 123–142. doi:10.1080/00332747.1959.11023166. PMID 13658281.
  21. ^ Stryker, S. & Burke, P. J. (2000). "The past, present, and future of an identity theory". Social Psychology Quarterly. 63 (4): 284–297. doi:10.2307/2695840. JSTOR 2695840.
  22. ^ a b Bay, Jennifer (2010). Body on >body<: Coding subjectivity. In Bradley Dilger and Jeff Rice (Eds.). From A to <A>: Keywords in markup: Minneapolis: University of Minnesota Press. pp. 150–66.
  23. ^ https://tiara.org/wp-content/uploads/2018/05/Marwick_Online_Identity.pdf
  24. ^ Turkle, S. (1995). "Ghosts in the machine". The Sciences. 35 (6): 36–40. doi:10.1002/j.2326-1951.1995.tb03214.x.
  25. ^ Sullivan, Clare (2010). Digital Identity. The University of Adelaide. doi:10.1017/UPO9780980723007. ISBN 978-0-9807230-0-7.
Retrieved from "https://en.wikipedia.org/w/index.php?title=User:Chjenjennifer/Digital_identity&oldid=1154227201"