Real Names: Google+, Government & The Identity Ecosystem

There has been a lot of speculation about why the push for real names on Facebook and now Google, with Google taking a much harder line than even Facebook, not allowing for even the simplest derivation of “nyms” (pseudonyms). Add to this the fact that Facebook and Google have both purchased facial recognition software companies and you have a puzzling picture. Why do these two need facial recognition software and real names for social media and search engine results?

Why is a company like Google taking such a hard line on something as simple as a name – even though there is no verification process for the “real name,” so ultimately this policing is currently meaningless.

Why isn’t your online “nym” as real as your “real name” if it is what you use online? After all, what's really in a name? Isn’t it just a word that tells people who you are?

Shouldn’t online “nyms” be as valid as “real names”? Well not according to Google, which is purging even real names if they sound unusual or “unreal.”

Google+: Identity Service

computer-police-privacy-cartoon

Just two years ago in 2009, in the name of Internet freedom, Google refused to go along with South Korea’s Real ID/Real Name policy.

Rachel Whetstone, Google’s vice president of global communications and public affairs said in an April 2009 statement titled, “Freedom of Expression on the Internet”:

“Google thinks the freedom of expression is most important value to uphold on the internet… We concluded in the end that it is impossible to provide benefits to internet users while observing this country’s law because the law does not fall in line with Google’s principles.”

So why did Google make a 180-degree turn from Internet freedom to Internet accountability? Why did Google in 2009 refuse to honor South Korea’s real name system and now insist on one for Google users? Mind you the Korean system involves government verification of ID, but Google does ask for the same when people reinstate accounts, so I would say it is playing in the same pond, perhaps even on the same lily pad.

So why the change of heart? Have Google’s principles on Internet freedom changed?

Well maybe, we got a first clue this week when Andy Carvin of NPR reported Eric Schmidt rather ominous words that Google+ is an “identity service.” Really? For who? Why? How? Isn’t Google+ a social network?

We get more clues to the possible true nature of the G+ “Project” when we read Carvin’s full transcript of the interview with Eric Schmidt.

“And the notion of strong identity was never invented in the Internet. Many people worked on it - I worked on it as a scientist 20 years ago, and it’s a hard problem. So if we knew that it was a real person, then we could sort of hold them accountable, we could check them, we could give them things, we could you know bill them, you know we could have credit cards and so forth and so on, there are all sorts of reasons.”

Google’s ambitions for Google+ appear to go far beyond social signals, marketing, and their efforts to make a better product. Dig a little further and you’ll find something called the “National Strategy For Trusted Identities In Cyberspace” (NSTIC).

national-strategy-for-trusted-identities-in-cyberspace

Doesn’t the title of this document sound a little like the South Korea program? It is similar, but herein lays the difference. For those not familiar:

“The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy) charts a course for the public and private sectors to collaborate to raise the level of trust associated with the identities of individuals, organizations, networks, services, and devices involved in online transactions”

Sounds a lot like what Schmidt said, doesn’t it? A way to establish identity was never invented, so one needs to be. The difference is that companies will hold the real IDs, rather than the government – companies with “identity services,” such as Google.

Google and NSTIC

Wait though, isn’t Google’s real name policy about marketing? Services? Better social signals for search?

Maybe we have a new wrinkle in the reason behind the real ID movement, not the betterment of services for Google, but the government initiative into a real online ID system. One where as Eric Schmidt says. “if we knew that it was a real person, then we could sort of hold them accountable, we could check them.” But wait let’s not jump the gun, let’s read some more of the document, or “strategy” as outlined.

“The Federal Government commits to collaborate with the private sector; state, local, tribal, and territorial governments; and international governments–and to provide the support and action necessary to make the Identity Ecosystem a reality. With a concerted, cooperative effort from all of these parties, individuals will realize the benefits of the Identity Ecosystem through the conduct of their daily transactions in cyberspace”

But what exactly is the Identity Ecosystem? It seems the system has goals that, to me, sound similar to the G+ project, but you be the judge.

We have Schmidt saying, “So the solution of course that we’ve come up with is called Google+, which is in essentially early beta, and it looks like it’s doing very well so far. It essentially provides an identity service.

And then the goals of the Identity Ecosystem as outlined by the NSTIC:

In order to fulfill the vision of this Strategy, the Nation must achieve the following goals:

  • Develop a comprehensive Identity Ecosystem Framework
  • Build and implement interoperable identity solutions
  • Enhance confidence and willingness to participate in the Identity Ecosystem 
  • Ensure the long-term success and viability of the Identity Ecosystem

(sic) The private sector will be the primary developer, implementer, owner, and operator of the Identity Ecosystem, which will succeed only if it serves as a platform for innovation in the market. The Federal Government will enable the private sector and will lead by example through the early adoption and provision of Identity Ecosystem services It will partner with the private sector to develop the Identity Ecosystem, and it will ensure that baseline levels of security, privacy, and interoperability are built into the Identity Ecosystem Framework.

The document, or “strategy” is very long and outlines a million reasons why this would all be very good for us as citizens to use this “Identity Ecosystem,” words like "efficiency," "innovation," and "privacy" are used repeatedly throughout the document strategy and I won’t argue those points here today, though there are analysts who have argued why those are inaccurate.

The authors make it sound like a veritable cornucopia of security and ease, why wouldn’t you want to use it? Look behind the curtain, pull back the words, and stare at the skeleton underneath. What does all this really mean?

Here are the other words that fill the document, the words behind the technologies used: trustmarks, trust frameworks, accreditations, reliable frameworks, etc. All words indicating transferences of trust between devices, databases, or other technologies.

Invisible Hand of Technology

See behind the ease of use, the perceived anonymity, the “privacy” there is you as you become tied to your real ID through a series of technical “trust signals” just like Schmidt talks about with the links that point at you, telling whether you’re “good” or “bad,” evil or not. Through the “trust” signals the technology removes your anonymity, your existence is tracked on the technological level.

Now, the document tells you that your privacy is preserved, and that is true in that the entities that the information is shared with get limited information, but the holder of the information still holds all your data. Guess who that would be?

And where would that data would be kept? That data is kept and associated on the level you don’t see, the one most people don’t realize exists, it lives in the invisible layer of technology that most people are unaware of, and so they do not protest it.

To those who think all this privacy and anonymity stuff is of no consequence, I give you these words from a very intelligent friend of mine, who wishes to remain anonymous.

“Given that Mr. Schmidt is aware that there are countries that act against their own populous wouldn't it make sense to allow them to post anonymously rather than to aid the oppressive regime in identifying them? And what about women who are victims of domestic abuse - given that they are already being beaten would Mr. Schmidt side with the abuser? Or whistleblowers - should Mr. Schmidt's company aid corrupt organizations in silencing their employees before exposing their crimes? Does Mr. Schmidt sincerely believe that this is better for society than the value of our privacy?”

So Why Should You Care?

Real ID systems should be of concern to anyone who believes in the Bill of Rights and our freedom of speech and to not incriminate ourselves – to live a life that isn’t monitored by entities, “private” or not.

Is Google part of this? You have to be the judge. Schmidt’s quotes about the G+ identity system, Google being part of the NSTIC OIX interoperability tests and Google hosting the Eurim_IdEa in the George Orwell Room of their UK headquarters (Eurim_IdEa is the UK version of the NSTIC) is strong evidence to their involvement, but it is only correlative as I have not attended the meetings.

Oh and that the agency that is entrusted with overseeing this venture, according to the document, is the Department of Commerce. The same agency Schmidt was almost made head of a few months ago, the same Google who may seemingly be one of the “trust” agencies for your real ID. Food for thought.

G+ Voluntary?

As for G+ being voluntary, maybe, maybe that is what they say, but is that reality?

Schmidt was also quoted saying those who don’t have the service could experience downgrading of their Google products and services. So let’s say you’re an avid Gmail user or you have an Android phone, and somewhere down the road your service is “downgraded” for not having a proper verified G+ account.

It’s easy for Schmidt to say now that you don’t “have” to have it, but is that really a fair assessment? What if you do business? Are you really not going to have your site on Google? Not use AdWords or Analytics?

To say Google is completely voluntary is like saying eating solid food is voluntary. Sure, you can go without solid food, but after a while it is going to affect your health.

If the National Strategy for Trusted Identities in Cyberspace is what this is all about, then don’t we deserve that knowledge? Should the agencies that would be tracking us, holding our IDs, not inform us that they are doing this?

Privacy, Anonymity, and Mr. Schmidt

Unfortunately, the issues that this raises could fill a hundred articles, so somberly, I end this article with a heavy sigh, Schmidt’s full quote, and a few thoughts.

s-schmidt-says

“In the area of social media, we knew upfront 10 years ago that the Internet lacked essentially an accurate identity service. I’m not here by the way talking about Facebook, the media gets confused when I talk about this. If you think about it, the Internet would be better if we had an accurate notion that you were a real person as opposed to a dog, or a fake person, or a spammer or what have you.

And the notion of strong identity was never invented in the Internet. Many people worked on it - I worked on it as a scientist 20 years ago, and it’s a hard problem. So if we knew that it was a real person, then we could sort of hold them accountable, we could check them, we could give them things, we could you know bill them, you know we could have credit cards and so forth and so on, there are all sorts of reasons.

And the Internet did not develop this in many ways because the Internet came out of universities where the issue of authentication wasn’t such a big issue. Everybody trusted everybody; you didn’t have these kinds of things.

But my general rule is people have a lot of free time and people on the Internet, there are people who do really really evil and wrong things on the Internet, and it would be useful if we had strong identity so we could weed them out. I’m not suggesting eliminating them, what I’m suggesting is if we knew their identitywas accurate, we could rank them. Think of them like an identity rank.

So we’ve had all those conversations at Google but the real mechanism that helped this was the technology that was invented first by MySpace and then eventually by Facebook, where you could disambiguate names by looking at people. So if you have John Smith, they show you there’s five John Smiths, well here’s a John Smith and then based on the pictures, you say this is the John Smith who’s my friend. And that’s how identity is in fact managed in Facebook.

We were very, very slow to figure this out in my view, and I’ll take the criticism as the leader.

So the solution of course that we’ve come up with is called Google+, which is in essentially early beta, and it looks like it’s doing very well so far. It essentially provides an identity service with a link structure around your friends, similar to what I just described.

When we’ve got that, we can improve our products. So for example if you and I are friends, and - with your permission, this is very important - we can have slightly better search results if I know a little bit about who you are.”

Is this what you want from your Internet? Entities, possibly, it appears like Google, holding your ID online? Tracking who you are, with the government one shadow step behind?

Rather than go through a long list of why this matters, I’ll end this with a final thought. It’s time we stop and ask ourselves, “What is the price of free?” Is it our freedoms? If so, is that price too high?

“Anonymity is a shield from the tyranny of the majority. It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation—and their ideas from suppression—at the hand of an intolerant society.” 
-1995 Supreme Court ruling, McIntyre v. Ohio Elections Commission

Please visit the EFF.org. These are the people who fight every day to make sure that you are protected, that the power of the Internet remains in the hands of the citizens that no one can track all you do with the invisible hand of technology, under the guise of goodness.