A great many years ago, long before the Internet, the media theorist Marshall McLuhan said that in the always-on interconnected future there would be new ways to be evil that we hadn’t thought of before. This prediction seems to have come true in spades at the intersection of social media and democracy, where Twitter, Facebook and the others are waging a war against bots. It’s a serious issue and something needs to be done. But what? The noted entrepreneur Mark Cuban caused some debate on this topic earlier in the year saying that…
“It’s time for @twitter to confirm a real name and real person behind every account, and for @facebook to get far more stringent on the same. I don’t care what the user name is. But there needs to be a single human behind every individual account .”
Mark Cuban (@mcuban)
He’s wrong about the real name, because anyone familiar with the topic of “real” names knows perfectly well that they make online problems worse rather than better. He’s right about the real person though. Let me use a specific and prosaic example to explain why this is and to suggest a much better solution to the bot problem: Internet dating.
Internet dating is at the sharp end of digital identity. It is rife with fraud and a laboratory for experimenting with issues around anonymity and pseudonymity, it is a mass market for identity providers and it is a better test of scale for an identity solution that logging on to do taxes once every year. Now, I am not the only person who thinks this and there are already companies exploring solutions. And you can see why they want to: online dating is a huge business. A third of the top 15 iOS apps (by revenue) were dating apps.
So, how to bring the benefits of digital identity to this world. One way not to do it is that Mark Cuban way of requiring “real” names. It’s already been tried and found wanting. The dating platform OKCupid announced it would ask users to go by their real names when using its service (the idea was to control harassment and promote community on the platform) but after something of a backlash from the users, they had to relent. Why on Earth would you want people to know your “real” name? That should be for you to disclose when you want to and to whom you want to.
In fact, this is a good example of a transactional environment where the necessity to present a real name will actually prevent transactions from taking place at all, because the transaction enabler isn’t names, it’s reputations. And pretty basic reputations at that. Just knowing that the apple of your eye is a real person is probably the most important element of the reputational calculus central to online introductions, but after that? Your name? Your social media footprint? (Look at the approach of “Blue”, https://www.theguardian.com/
If I were to be on an Internet dating site, I would want the choice of whether to share my name, or Twitter identity, or anything else with a potential partner. I certainly would not want to log in with my “real” name or any information that might identify me. This environment does not need “real” names at all. “Real” names don’t fix any problem. Your “real” name is not an identifier, it is just an attribute and it’s only one of the elements that would need to be collected to ascertain the identity of the corresponding real-world legal entity anyway. Frankly, presenting “real” names will actually make identity problems worse rather than better since the real name is essentially nobody’s business and is not necessary in order to engage in the kinds of transactions that are being discussed here. Forcing the use of real names will mean harassment, abuse and perhaps even worse.
What internet dating needs, and what will solve Mark Cuban’s social media problem as well, is the ability to determine whether you are a person or a bot (remember, in the famous case of the Ashley Madison hack, it turned out that almost all of the women on the site were actually bots). On Twitter it’s not quite that bad yet, because there are still many people posting there, but with bot networks of 500,000 machines tweeting and re-tweeting it is not in good shape. The way forward is surely not for Twitter to try and figure out who is a bot and whether they should be banned (after all, there are plenty of good bots out there) but Twitter to give customers the choice. Why can’t I tell Twitter that I don’t want bot followers, that I want a warning if an account I follow is a bot, that I don’t want to see posts that originated from bots that I don’t follow and so on. Just as with internet dating, the problem is not real names but real people.
Now, working out whether I am a person or not is a difficult problem if you are going to go by reverse Turing tests or Captchas. It’s much easier to ask someone else who already knows whether I’m a bot or not. My bank, for example. So, when I go to sign up for Internet dating site, then instead of the dating site trying to work out whether I’m real or not, the dating site can bounce me to my bank (where I can be strongly authenticated using existing infrastructure) and then the bank can send back a token that says “yes this person is real and one of my customers”. It won’t say which customer, of course, because that’s none of the dating site’s business and when the dating site gets hacked it won’t have any customer names or addresses: only tokens. This resolves the Cuban paradox: now you can set your preferences against bots if you want to, but the identity of individuals is protected.
One of my acid tests of whether a digital identity infrastructure is fit for the modern world is whether it can offer this kind of strong pseudonymity (that is, pseudonyms capable of supporting reputations). If we can construct an infrastructure that works for the world of internet dating, then it can work for cryptocurrency, cars, children and all sorts of other things we want to manage securely in our new always-on environment. We have to fix this problem, and soon, because in the connected world, if you don’t know who IS_A_PERSON and who IS_A_DOG and who is neither, you cannot interact online in a functional way.