I had an insightful question on my #digitalidentity post last week from Will Huftalen who kindly granted me permission to share it here. It raises the issue of individual choice in the context of centralized identity registries and how the concept of “invasion of privacy” gets messy without a common guiding framework.
Specifically, Will asked about the use of identity data in the #BDR space where data companies such as ZoomInfo provide contact information used to approach prospects with solutions that have potential to help people. The same question can be asked of Facebook. On one hand, the use of identity data to contact someone with the intention of improving their life may be viewed as a desirable thing. On the other hand, it may be viewed as an invasion of privacy. Where does one draw the line when talking about privacy and our digital identities?
Digital Identity is one of those topics that is both complex and nuanced simply because of the different ways our society delineates the importance of individual liberty and choice. When the choice of the individual is considered to have limitations, or in other words is viewed in terms of shades of grey, then questions such as these are quite legitimately an area of consideration, one that is not possible to answer in a way that keeps everyone happy.
Infinite hypothetical scenarios and moral debates result from the infinitely different lines that people draw between where choice ends and force begins.
What do I mean by this?
Well, I believe personally, and you could say almost theologically, in a single guiding principle in my business and personal interactions. It is called the Non Aggression Principle (NAP). The principle states “Do not initiate the use of force against others”. That’s it!
It is simple in that it recognizes force as the single activity from which limitless secondary complexities are spawned. It also recognizes that force may be used in defense against force imposed. You may not initiate force against me, but if I come at you with a stick, the NAP entitles you to defend yourself. Defense is not the initiation of force, but the response to it.
The consequence of adopting the NAP is that interactions at all levels and between all entities become voluntary and voluntary transactions are the most beneficial and efficient kind of interactions because both parties are getting what they desire.
If I sell a car to you, I want your cash more than I want my car. Conversely, you want my car more than you want your cash. The purchase is voluntary and we both derive what we need from the interaction.
If the government, or a similar entity, forces you to acquire my car, then we are both worse off. I lose the car I didn’t want to sell and you lose the cash you didn’t want to spend. There are many nuanced variations on this example which demonstrate how complex decisions become when force is involved.
By removing all the coercion and interference, we are left with a society of voluntary interaction which guarantees the best outcome for everyone. It turns out that the complexity of so many decisions we face in life really boils down to the lack of a simple guiding principle and the management Digital Identity suffers from exactly that.
The more we link the provision of now essential goods and services to the possession of a centrally managed Digital Identity, the more we are essentially forcing people to adopt it and this never ends in optimal outcomes. You can see this in the voluminous legislation being cobbled together in an attempt to “stick fingers in the dam wall holes”.
Perhaps concerns of IT security are abated by the appointment of a board, but then that board needs further regulation and the complexity spirals out of control. By adopting the simple guiding light that the NAP offers, we both significantly reduce the complexity of these impossible-to-answer scenarios and simultaneously guarantee the best outcome for everyone.
Now, with that in mind, back to the question. Technology has no agenda, but people who use it, of course, do. The NAP does not preclude people registering for online services which provide them some benefit, on the condition that it is done so voluntarily and in good faith.
I may voluntarily provide some details to a streaming service and permit them to monitor my personal viewing habits so that I may receive the benefit of suggestions interesting to me. The exchange is voluntary. No one forced me to sign up to the service and the exchange of part of my (tightly scoped) identity for some (tightly scoped) benefits is known and understood by me. As my online viewing habits are part of my identity, the streaming service is given part of my digital identity by monitoring part of my digital behaviour.
Similarly, people who voluntarily provide (in my opinion foolishly, but that’s part of a different conversation) comprehensive identity revealing information to companies such as Facebook are entering into an exchange that will provide mutual benefit. Facebook can derive income by providing targeted services to people who have announced they would benefit from them without coercion.
If that data is shared outside of that scope then that is a violation of the transaction’s terms and constitutes a use of force against the provider of the identity data. In other words, it has violated the NAP. Centralized Digital Identity systems fail to guarantee that tight scope.
The BDR space can be viewed in the same way. If you are a voluntary participant in a service that provides a market for scoped data provided by other participants who provide that data in the knowledge that they will in turn received scoped benefits from cold contacts then we are talking about a manifestation of one of life’s glories. People working together.
Throw into the mix legislation, compulsion, data theft or data aggregation in centralized databases for the use of authorities outside the original scope in the pursuit of unknown agendas, then I am firmly against it.
Privacy can only be invaded if it is against the will of the person whose data is being used. If privacy is selectively made available to another party voluntarily then it is not an invasion. If I give you my car, you haven’t stolen it from me. It was my intention to give it to you so it is classified as a gift. If you take my car against my wishes, then it is an invasion, more commonly known as theft. The nature of choice in these equations radically simplifies the way we look at everything.
Obviously, the discussion required to steer public thinking away from its current mess towards simple, universal principles based on freedom of choice is necessarily lengthy. You can see its insidious manifestations in the minutiae, even the wording on Zoominfo’s own site. “600M+ Professional Profiles Captured”. The word “capture” means “to gain possession or control of or to seize by force”. Although that’s arguably not’s what was intended, the unfortunate use of this terminology doesn’t make the service sound like a mutually beneficial voluntary exchange.
We would be well served by questioning how the centralized nature of the Digitial Identity frameworks we are building today introduce the necessary complexity of making a call on where privacy ends. By not basing every interaction within a society on a centralized Digital Identity system, the natural scoping achieved by selectively revealing limited components of our online identity to specific services helps to keep control in the hands of the data owners.