July 12, 2011

Google+'s "Identity" Controversy: No Easy Answers

Blog Update (July 26, 2011): Real Names, Guilt, Self-Censorship, and the Identity War

Blog Update (July 16, 2011): Google+, Privacy, and Balancing Identity

In the mere two weeks since Google+ began becoming available to the public, reactions to the service (including from yours truly) have been overwhelmingly positive.

But judging from queries I've been receiving, one concern -- user identities -- has been rising significantly in its intensity, reaching the level of an article included in the New York Times today. Examples of concerned bloggers' takes on this topic can be viewed here and here.

There are some issues where analysis and answers seem relatively obvious. Identity is not one of these "easy" topics.

I am a strong supporter in general of the right of persons to be anonymous so long as they aren't using that anonymity in fraudulent, criminal, or similarly antisocial ways. For example, I am very concerned that the Facebook commenting system now used on many sites may allow for the unnecessary and potentially dangerous linking of (for example) users' public, work, and personal lives by external parties.

I spoke to Google representatives at some length this afternoon about identity issues in the context of Google+. I think it's fair to say that we all appreciated that the intricacies of this area are still very much evolving.

Practically speaking, there really aren't any differences at this time (as I understand the situation) between Google+ policies and Google Profile polices. Some of the expressed concerns about these are based on misconceptions or misunderstandings, others are not.

For example, it is not true that Google Profiles/Google+ require that you use your legal name. In fact, in an effort to avoid fraudulent identity proliferation, Google wants people to use the name by which users are generally known by their family, friends, and so on -- which is not necessarily a formal name in the legal sense.

Some observers have pointed to a February 2011 Google Public Policy Blog posting The freedom to be who you want to be…, and have suggested that the Google+ policies contradict that posting.

This also appears to be a misunderstanding. That posting did not assert that Google would support "unidentified" or "pseudonymous" usage for all Google services, rather that different levels of identification would likely be appropriate for different services. You can be fully unidentified (as described in that posting) when using Google Search, for example.

Another related issue has been concerns about the use of non-anonymous identities by persons dealing with sensitive situations such as alternative lifestyles or oppressive governmental regimes.

Addressing specifically the latter point, Google says that -- at this time -- they do not consider Google+ to be an appropriate discussion platform for persons in situations where not being anonymous might put them at risk of harm.

If you sense that we don't yet have full "closure" on some of these specific concerns you'd be right -- but this is a reflection of the fundamental complexity and sometimes contrary nature of these matters, not an indication of bad faith.

How does one allow arbitrary pseudonyms and still avoid the fraudulent impersonation of celebrities and other individuals who aren't so well known? How can a user's assertion that they are "commonly" known by a particular pseudonym be validated in a timely and practical manner?

Keeping in mind that crooks will use any opening to perpetuate crime -- with identity-related exploits high on the list these days -- getting identity issues "right" in these systems is of paramount concern.

For now, we're faced with the reality that even with the best of intentions all around, broadly "correct" answers to many of these questions simply do not yet fully exist. The wide scope of identity policy parameters and associated technologies to implement them are in many key aspects still in their infancies.

But even in this rapidly evolving landscape, there are positive suggestions we can make regarding Google+/Google Profiles and other systems with similar identity-related aspects.

It is clearly the case that users need to fully understand what names are or are not acceptable for their use. When other than "legal" names are permitted, users need to know that a logical and fair process is in place to determine which other names will be permitted, how these users can demonstrate that their usage of those names are legitimate, and that when names are rejected, be assured that users are fully informed as to why rejections took place. Additionally, there should be a formal appeals procedure that users may invoke if they feel that a name was unreasonably rejected.

All of this will mean more "hands-on" and potentially more costs as well. But identity in general, and the "names we go by" in particular, are among our most personal of attributes, even when we choose to use them in public.

It is unreasonable in the extreme to expect Google to untangle the enormously thorny questions of identity and anonymity as if with a magic wand, especially only two weeks into Google+'s limited public availability.

Luckily, we are at the beginning of this road, not the end. There is a great deal of work yet to be done toward understanding, designing, implementing, and deploying the kinds of identity policies and tools that we'll need to cover a very wide range of situations.

But this is indeed the path toward helping to make sure that the Internet ultimately respects identities of all sorts as legitimately used, rather than abuse or unnecessarily restrict them.

In the context of the Net, we're now only really taking the first steps in that direction. There's a long way to go.

Let's make it a journey well spent.


Blog Update (July 26, 2011): Real Names, Guilt, Self-Censorship, and the Identity War

Blog Update (July 16, 2011): Google+, Privacy, and Balancing Identity

Posted by Lauren at July 12, 2011 07:14 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein