Can avatars stop identity theft?

Many look like Barbies and Kens on X, but avatars may hold the key to restoring our control over our digital identities.

Published August 5, 2008 7:11PM (EDT)

Screenshot from Entropia Universe

The laptop data security issue I wrote about yesterday caused several lines of thought to dovetail for me about the less obvious, more everyday trust issues that we find ourselves dealing with online, and what technologies can be rallied to solve the problem.

First, I'm sure many of you know these stats, but they are so bad and have such dreadful ramifications for a healthy Internet that they bear repeating. A 2008 survey of 18- to 55-year-old U.S. consumers, published by Gemalto, a digital security company, showed that 74 percent are afraid of identity theft as a result of online transactions. Fear of getting their online bank account hijacked was next, at 44 percent -- understandably so, since nearly half of them had already fended off such a theft.

Second, the Gemalto survey also noted a positive reaction to the idea of a personal, portable security device. More than a third of the people surveyed were interested in owning some kind of USB or smart-card key, or a mobile handset device that traveled with them and contained means to ensure a secure environment for their online payments and other accounts.

Third, a panel of identity and security experts at last year's Digital ID World came to the same conclusion -- that some kind of user-centric identity technology that allowed people to keep their personal data closer at hand would become universal across the Web, not just for financial transactions but for social ones as well.

And finally, despite the fact that Second Life's 15 minutes of pop culture sizzle may already have come and gone, the estimated 30 million-plus highly complexified avatars still thriving in massively multiplayer online (MMO) role-playing games like Second Life and Entropia Universe may hold the key to restoring our control over our digital identities.

In a virtual world like Second Life, the ability to conduct transactions both anonymously and with credibility is part of the system's DNA. "Drivers" (as users are called) get to decide how, and how much, their avatars present themselves to the world. Other inhabitants may not know the "true" identity of an avatar, but they know it very well by reputation. Reshaping the Internet so users could operate in the same protected way, rather than relinquishing control over their personal data as they do now, would mean a fundamental reshaping of how business is conducted online.

Today, businesses hold all the cards. Both the rule of code and the rule of law allows them to demand information from us, and if we want what they're giving -- whether it's a pair of shoes or a Facebook account -- we have to give it, period. No negotiation. No way to make them prove they are worthy of our trust. If they get sloppy and let someone steal our stuff, we're the ones who have to clean up the mess.

There are several open software projects that are working to change these rules -- to take this personal data out of the hands of businesses and allow people to conduct themselves more anonymously online, just like they can in the real world.

And according to some of the Digital ID World experts, avatars are one of the more intriguing software constructs that could "carry" this identity information.

Once you can get past the fantastical "Barbie and Ken on X" appearance of most avatars, and think of them instead as data constructs that can move around and conduct social and business transactions on behalf of their drivers, the idea makes a lot of sense.

With an estimated 30 million subscriptions to multiplayer online environments, each one represented by an avatar, virtual worlds are a tremendous proving ground for the potential of user-centric identity systems. Even at their relatively crude stage today, the technology on which they are based already allows them to interact and transact anonymously -- with varying degrees of intimacy and in relative security -- with millions of other avatars, including those who are hellbent on causing them some kind of digital harm.

On the Digital ID World panel, Kaliya Hamlin, a user-centric identity evangelist who runs the Identity Woman blog, said it's only a matter of time until avatars get or demand other digital rights, including the legal right to exist in the virtual, rather than the physical, world.

This perspective is shared by many denizens of virtual worlds. Last week, I received a copy of Mark Meadows' book, "I, Avatar: The Culture and Consequences of Having a Second Life" (New Riders, 2008). An old friend and colleague of mine from the dot-bomb days, Meadows is a veteran virtual-reality programmer who spent several years immersed in Second Life and other digital worlds. He claims the avatar is "the most overlooked and undervalued asset on the Internet."

His argument focuses mostly on how the businesses that descended upon Second Life in its hype phase forgot they were selling products to avatars. "A Jean-Paul Gaultier shirt isn't so interesting when you're used to wearing a jet pack," as he put it. Businesses that do not make money in virtual worlds fail, according to Meadows, because they are ignoring the fact that drivers are not their avatars -- nor do they want to be.

But those of us without avatars are dealing with the mirror image of the problem: Forced to reveal the data that represents our true selves, we are forced to be our avatars. We don't want to be, and we shouldn't have to, either.

Avatar technology has a long way to go before it can be truly useful as an identity system, but based on the trajectory of technology adoption -- from enthusiast to professional to mass adoption -- it is probably on the right course.

While avatars are now clearly at the enthusiast stage, identity professionals and others are exploring how to build a less intrusive network that would allow us to drive our own identities more safely around the Internet, shopping and reading and chatting and playing with each other without leaving us so vulnerable to identity or data theft. Given the sorry state of personal security and social trust online, I hope they figure it out fast.


By Denise Caruso

MORE FROM Denise Caruso


Related Topics ------------------------------------------

Facebook Privacy Video Games