One of the main criticisms with virtual worlds like Second Life (but others, too) has always been related to the concepts of identity, trust, authenticity etc. Many people accuse users of these worlds of "hiding behind a mask" (of their avatar). I find this a bit ignorant and hypocritical, because I don't know that many people in the physical world who are always completely honest about all attributes of their person and personality. This is not outright lying usually. But most of us tend to exaggerate our positive sides and hide the negatives - especially when flirting or in business negotiations. Avatars are much more honest on average. I have rarely met an avatar in a virtual world who said: "this is an exact replica of my humans body" ...
But there are some very real risks involved with misrepresenting your identity - or certain aspects of it. In most jurisdictions it is illegal to present "adult" material to minors for example. And if I give someone money in exchange for certain goods or services, and this someone does not honor this deal, it is very hard to enforce my rights without knowing who the other guy really is - even harder if he never logs on after the deal.
A few weeks ago, Linden Lab took a first step towards attacking this problem by introducing a workable solution for age verification to its virtual world Second Life last week. Some users now (and all of them soon) have the option to register with their address and some personal data (passport ID for example) and get their ID verified. The service is in an experimental state currently, but in a very near future, users of second life will be obliged to make "adult" content available only to those other users, which are verified to be adults. Is this the beginning of the end of anonymity. Will avatars be obliged to carry passports around (like the one to the right here, which Gwyneth Llewelyn designed for her great if lengthy blog article on the same topic)?
Not every user will like this. But I think it is a very important first step for making virtual worlds more of a "platform" and less of a "game". Why? Because anonymity (or virtual identity) is fine for many contexts. But in other situations (some) verifiable information about the guy at the other end of the connection is necessary - and even might be required legally. And despite fears to the contrary, this could be done without giving up all privacy - if solutions can be found for providing 'verified attributes' without always giving out full identity info. But that's certainly possible.
Technorati Tags: 3d web, second life, trust, virtual worlds, web 3.d
More than age verification
Maybe I am overrating this new feature of Second Life. So far what is happening is nothing more like a simple age verification process, similar to those found with some of the more respectable "adult" services on the web. It was installed mostly because of the - mostly unfounded - negative press Second Life recently got on the issues of pornography. What is interesting in this context, though, are the additional signals Linden Lab is sending. Robin Harper, responsible for community management in Second Life, writes on the official company weblog:
The IDV (Identity Verification) system aims to deliver two things. First, for Residents, it gives them the chance to independently verify certain aspects of their identity (their name, age, location and sex for instance) if they choose to. This will help establish trust by removing a layer of anonymity for those they interact with. It’s much easier to trust someone who puts their name behind their words and actions.
Mind you: Robin is talking about identity verification, not about "age verfication". This implies not a threat but a very promising concept, IMHO. Because, as virtual worlds grow in size, and become more important for relationships and business transactions, too, we need a set of rules - laws, actually - which govern them. And in the long run it seems neither feasible nor desirable to me, to have the companies behind these worlds creating and enforcing these rules. It is not necessary either, because these rules and authorities which enforce them already exist: in the physical world.
Law needs (some) identity
The problem with real laws, though, is that you have to have some information about a guy, to enforce rules - and to know which laws are applicable! There is no worldwide law. So I, as a German, have to obey different laws than someone in the USA. It would be illegal for me, for example, to depict a swastika on my website - or on my land in second life - while it is perfectly legal for a french or US citizen. So, to be able to judge, if something I do is illegal, my identity is needed again - or at least the information where I reside in the real world. In other cases my age might be important. And, if I am doing a lot of business within virtual worlds, it might be necessary for business partners - and maybe for the IRS, too - to learn about my address and other real world data.
I am fairly certain that in some not too distant future there will be a way to optionally “deposit” my complete identity data with a trusted service provider. And sometimes it will be necessary, to reveal this information to other users or certain authorities. At least for those of us doing substantial business within virtual worlds the national tax authorities won’t be satisfied with anything less. Tax evasion and money laundering would be too easy otherwise.
This is nothing new and no unfair treatment of users of virtual worlds. Look at the PayPal service for example. PayPal makes it possible to "send money to an email address" - in principle. This is fine - in principle. But if this would be allowed without limits it would be a great vehicle to avoid taxation or to remove all traces about the sources of money. Thats, why PayPal puts your account on hold as soon as you have received a certain amount of money (6000 EUR in Germany). And you have to provide PayPal with some written proof of your personal and business identity before you will be able to access the funds in your account again.
The End of Privacy?
Does this mean, that users of virtual world will have to give up all privacy? Certainly not - even though some politicians would love to track what their citizens are doing on the internet in all gory detail. Because in most cases it is not necessary to tell others my names and address. It is perfectly sufficient to ascertain, that I am over (or below) a certan age, that I live in a certain nation of the world, that there is a certain amount of money in my account etc.
The principle of "granular" identity
So, now imagine a system, where all of this data is stored, and which can be queried by other software systems. These other systems can ask for the country of residence for an avatar name or other "online handle" for example, or it can aske for the age, for the affiliation with certain groups, a university degree or shoe size. This information would NOT be given out automatically, though. Whenever such a query is started, I will be asked, if I agree with providing this information. If I can't see any plausible reason for the system or application to ask for this piece of data, I will usually decline the request. But if I agree, the information will be delivered and I will get access to a certain piece of information, to a certain location in a virtual world or maybe to someone elses telephone number.
The idea is NOT to present the full identity each and every time someone demands it. Quite the contrary. Only the data, which is necessary for a certain transaction (and where the necessity has been made plausible to me) will be provided.
And it wouldn't be terribly hard, to create a system like this. If you combine the existing network of trust centers behind the already widely used online certificates with an platform like OpenID you are nearly there. The only missing links are some standardized procedures with which to verify more attributes like name and address.
Of course you could still abuse such a system. It would be possible for example, to create a network of applications, which - perfectly plausible - ask for for different attributes of an online identity, combine them and then will be able to identify a single human by this combination - not with certainty but with a high probability in many cases. This already IS possible, though. The only way to avoid widespread use of such Big-Brother-like systems is to make laws prohibiting them.
In the end, only the law can provide us with (some) privacy. Most technical means can be circumvented with a little cleverness and a certain amount of processing power.
Comments