The complexity of identity: you’re not your iPhone… or are you? [RSA conf]

iPhone 5S Touch ID

iPhone 5S Touch ID

Is the ‘i’ in your iPhone a mark of your identity? That is the debate, and they way in which we use our mobile devices today suggests that our lives are inextricably bound to whatever device we use.

The way Robert Griffin, Chief Security Architect, RSA, (the Security Division of EMC) and Robin Wilton, Technical Outreach Director (Identity and Privacy, Internet Society), see it, most of us are inseparable from our mobile devices.

So perhaps shouldn’t we just accept it as fact that our mobile devices represent who we are, serving as a single completely trustworthy authenticating mechanism for any application or environment we interact with? Or do we need to have some degree of separation from our phones and tablets, such as through personae?

You are your iPhone, so just deal with it

“Of course you are your iPhone,” says Griffin. “The relationship between you and your digital identity is binding. Google’s universal online identity. We already have too many devices.”

He reckons that the loss of a device can be dangerous as the liability could be massive depending on the type of information you have on that device. He argues that perhaps it is more advisable to have fewer devices in order to minimise your risk. So the question is then, if you do have one device, will you be less likely to lose it? Maybe.

Devices will get more versatile in form as well as function, making a single device even more feasible — an example of this is Google’s Glass. Google is a big example of a unifying identity as it requires you to have one true identity online and offline.

As communication is integrated for digital natives so should your device be. “We are what we wear, but our phone is more than an accessory,” says Griffin. “Devices allow you to exist in personal and social relationships, the range of communication and the social extension of self is the opportunity we have of personal and digital identity as well as the challenge.”

But you are not your device — if you are then I am scared

As much as Wilton agrees with Griffin that we are inseparable form our devices he counters that we are not our iPhones. He reckons that mobile does gives us technology, which has a place in authentication, but he feels that what is happening is that mobile devices are proxies for us.

“Your identity is more than a device,” says Wilton. “Identity is a subtle diverse set of relationships and attributes, intimately bound to particular contexts.”

Our concept of identity is multiple and nuanced, and the idea of saying you are your phone is “quite scary”.

He likens a single persona and digital identity to items you don’t lose that are only used in a single context. He says single context assumptions don’t apply to mobile as it used in multiple contexts. Yes, he admits that we can design a single multiple authentication device, but should we?

“It’s tempting to think of your mobile for as virtual keyring,” he says. However when you think about it, all the different things for which you use your phone give rise to different contexts and kinds of risk. Online you don’t have the same cues you have offline that allow you to know which device to use in what context. Hence mitigating risk online with a single identity might not be the best idea.

Are biometrics the answer?

There is a movement toward biometrics to help protect your device as well as your data within it. Wilton argues that before biometrics can be the answer, a few questions need to be asked:

  • If our phone becomes our identity what happens if we lose it?
  • How do we reissue compromised biometric data? Who has your biometrics right now?
  • There are biometrics you leave everywhere (like fingerprints): is that good or bad?
  • How robust will biometrics prove to be over time?

In the end he feels that although the concept is interesting, biometrics still need more discovery.

Taking the i out of the iPhone

We have multiple selves and the reality is that we constantly make decisions that affect our sense of self and how we present ourselves to others. Should we really be relying on devices as proxies for ourselves?

Wilton argues that what we need is better persona management tools not designing or turning our devices into a wallet.

According to Wilton, what a device needs to do is help us “keep contextual data separate, support attribute-only assertions, make multiple persona/context clear usable, rebalance user control vs service provider control, help us cultivate better identity/privacy habits.”

In essence, the complexity of identity means we need to be able to manage our digital shadow.



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.