The Mobile Identity Challenge – Some Observations from the SFO mID-Workshop
I’m currently in wonderful San Francisco, attending the Berkman Center’s Mobile Identity workshop – a so-called “unconference” — led by my colleagues Doc Searls, Mary Rundle, and John Clippinger. We’ve had very interesting discussions so far, covering various topics ranging from Vendor Relationship Management to mobile identity in developing countries.
In the context of digital identity in general and user-centric identity management systems in particular, I’m especially interested the question as to what extent the issues related to mobile ID are distinct from the issues we’ve been exploring in the browser-based and traditionally wired desktop-environment. Here’s my initial take on it:
Although mobile identity can be best understood as part of the generic concept of digital identity and despite the fact that identity as such has some degrees of mobility by definition, I would argue that mobile (digital) identity has certain characteristics that might (or should) have an impact on the ways we frame and address the identity challenges in this increasingly important part of the digitally networked environment. I would argue that the characteristics, by and large, may be mapped onto four layers.
- Hardware layer: First and most obviously, mobile devices are characterized by the fact that we carry them with us – from location to location. This physical dimension of mobility has a series of implications regarding identity management, especially at the logical and content layer (see below), but also with regard to vulnerabilities such as theft and loss. In addition, the devices themselves have distinct characteristics – ranging from relatively small screens, small keyboards to limited computing power, but also SIM cards, among other things — that might shape the design of the identity management solution.
- Logical layer: One of the consequences of location-to-location mobility and multi-mode devices is that identity issues have to be managed in a heterogeneous wireless infrastructure environment, which includes multiple providers of different-generation cellular networks, public and private WiFi, Bluetooth, etc., that are using different technologies and standards, and are operating under different incentive structures. This links back to our last week’s discussion about ICT interoperability.
- Content layer: The characteristics of mobile devices have ramifications at the content layer. Users of mobile devices are limited in what they can do with these devices. Arguably, mobile device users tend to carry out rather specific information requests, transactions, tasks, or the like – as opposed to open, vague and time-consuming “browsing” activities. This demand has been met on the supply-side with application and service providers offering location-based and context-specific content to mobile phone users. This development, in turn, has increased the exchange of location data and contextual information among user/mobile device and application/service providers. Obviously, the increased relevance of such data adds another dimension to the digital ID and privacy discussion.
- Behavioral layer: The previous remarks also make clear that different dimensions of mobility and the characteristics of mobile devices lead to different uses of mobile devices when compared to desktop-like devices. The type and amount of personal information, for example, that is disclosed in a mobile setting is likely to be distinct from other online settings. Furthermore, portable devices get more often lost (or stolen) than non-portable devices. These “behavioral” characteristics might vary among cultural contexts – a fact that might add to the complexity of mobile identity management (Colin Maclay, for instance, pointed out that sharing cell phones is a common practice in low income countries.)
Today, I got the sense that the technologists in the room have a better understanding of how to deal with the characteristics of mobile devices when it comes to digital identity management. At least it appears that technologists have identified both the opportunities and challenges associated with these features. I’m not sure, however, whether we lawyers and policy people in the room have fully understood the implications of the above-mentioned characteristics, among others, with regard to identity management and privacy issues. It only seems plain that many of the questions we’ve been discussing in the digital ID context get even more complicated when we move towards ubiquitous computing. (One final note in this context: I’m not sure whether we focused too much on mobile phones at this workshop – ID-relevant components of the mobile space such as RFID tags, for instance, have remained largely unaddressed – at least in the sessions I attended.)
