Who Am I in The Digital World: Reshaping Digital Footprint

Introduction

Existing literature in the fields of privacy, surveillance, and information systems discuss issues relating to identity with a variety of definitions available for the cluster of terms relevant to the work described here. See, for example, Clarke (1994), Parsell (2008), Tavani (2011), and Toekke (2011). In particular, ‘identity’, ‘digital identity’, ‘digital footprint’, and the question 'who am I in the digital world' are used variously in a range of contexts with subtly differing meanings. These terms are central to the presentation of the work described in this paper, and so we provide clear definitions of what we mean here by each term. The pilot project described in this paper has further highlighted the need to distinguish between the ‘types’ of data recorded, stored, and processed with differing levels of direct input required from the direct actions of the individuals who relate to the data.

Discovering Who Am I In the Digital World

Identity can be most broadly defined as a characteristic which enables entities to be distinguished from one another; this is equally applicable to human beings, organisations or data structures. Our need to identify, distinguish and classify entities has different motivations and drivers. For human beings the primary driver for articulating an identity is to define one’s relationship to others. At a personal level it is closely associated with definition of ‘self’ and consequently the relationship that ‘self’ has with ‘other’. This interconnection is reflected in popular definitions of ‘identity’ such as “characteristics that somebody recognizes as belonging uniquely to himself or herself and constituting his or her individual personality for life” (Encarta Dictionary). In relation to discussions of surveillance and a digital footprint it enables a person to define a relationship to the differing loci of social power (e.g. government, organisations and institutions such as banks etc). This enables differentiation from other human beings and for records to be created, updated and maintained that provide a log of interactions, exchanges and decisions. A persistent recurring feature in traditional definitions of identity is the notion that ‘identity’ is also a conferment of uniqueness. Historically, this is suggestive of an unambiguous one-to-one relationship between a human being and their identity. There have always been cases of individuals with multiple identities but in the analogue world these deviations represented a tiny fraction of the total pool of individuals and identities. An emergent but key issue that has developed in the digital era is the ability for people to create and maintain different highly differentiated identities in different spheres of their lives. This issue is outside the scope of this particular paper but is noted as being of significance relevant to our wider project.

We draw on the innovative work of the artist Heath Bunting and in particular his Status Project in defining terms relating to identity. The Status Project surveys the component features of identity and produces maps of influence and personal portraits. Bunting’s work distinguishes three kinds of person; the ‘human being’, the ‘natural person’ and the ‘artificial person’. The 'human being' represents the physical embodiment of the person, the flesh and blood homo sapien. The 'natural person' is defined as “A transferable bundle of rights and duties that can be attached to only one human being”. The attachment of a natural person to a human being enables the individual to manage their role in society, allows the individual to be managed, and is important as the enabler of commerce and other functions. The artificial person is defined as “A transferable bundle of rights and duties that can be attached to one or more natural person(s) or one or more artificial person(s) or both, e.g. a corporation”. The 'artificial person' generally relates to collectivities of human beings, and is typically a corporation, although there are some individual roles or institutions which require a notion of succession and that are consequently defined as artificial persons including monarchs, bishops, lords mayor and so on.

Concept of Identity in the Digital World

These definitions of ‘persons’ are useful in both digital and analogue worlds of experience as they facilitate an explanation as to how individuals simultaneously hold multiple identities; whilst a natural person can relate to only one human being, in the opposite direction one to many relationships are possible and so the human being may, in theory, be attached to more than one natural persons. This reflects Clarke’s (1994) concept of the ‘digital persona’ which he defines as “a model of an individual's public personality based on data and maintained by transactions, and intended for use as a proxy for the individual.” However we distinguish our notion of identity from that of Clarke’s digital persona. In the contemporary digital world, it is increasingly difficult for individuals to separate the public and private realms of experience. The rise of social media in particular has seen a convergence between what has been previously seen and discussed as separate spheres of life. Although it is possible for an individual to maintain different personas, this must be explicitly managed through formation and maintenance, a quite different situation from the time where an individual’s roles could be more easily distinguished and compartmentalized. We therefore use a definition of identity as being ‘a set of characteristics which are unique to a single human being’. This is similar to Bunting’s definition in that it is unidirectional, such that an identity may only relate to a single human being, but it is possible for a human being to hold more than one identity, reflecting, for example, the use of specific identities on social media sites. Unlike Bunting however, we do not refer to rights and duties in our definition as the work here is concerned with measurement and quantification of identity rather than with specific discussions of control, rights or authority. At birth, a human being becomes an identifiable individual, but the set of data items needed or used for identification is only a subset of those which relate to that individual. When an individual is a few hours old they might be identified by the hospital that they are in by the date and time of their birth plus some other unique identifier such as NHS number, hospital number, name of mother etc. However for babies in the digital world, these items comprise a small subset of the total dataset that can be attached to and assist in defining their identity. At a time when the average age of digital birth is 6 months and almost a quarter of children appear online following their first sonogram / ultrasound scan (Businesswire 2010), by the time a human being is physically born, the dataset relating to their emergent identity might include medical records, photographs of ultrasound scans, websites and even unique communicable social media identities.

The Challenge of Digital Identity

As with the problematic and contested use of the term ‘identity’, various loosely defined terms have been used to describe the data trail left behind by individuals in the digital era. These include ‘digital footprint’, ‘Internet footprint’ and ‘data trail’ and each focuses upon or emphasises a specific relationship between technology and the individual. These terms are often used to refer to both transitory and more persistent data, as well as explicit and implicit transactions of data. Our experience in attempting to quantify the data relating to an individual over a 24 hour period has highlighted the importance of distinguishing and classifying these different types of data events in a manner that acknowledges their relationship to the human being. When examining the digital evidence of an individual’s life and how this evidence is generated there are many components which may be identified. These might include triangulated mobile phone and GPS data, Internet usage, direct recording on CCTV cameras, the data generated through a credit card transaction or the swiping of an access card. There are both transitory and persistent elements to each data event but significantly each can be explicitly tagged to an individual. For the purposes of data surveillance it is the persistent elements of the data event that are significant and meaningful, however, greatest concern regarding the exposure of private data relates to the transitory aspects of the event – for example, the security of the connection for a website login or observation by a third partner when using a cash machine. It is also significant to acknowledge that in building a picture of the full set of data events in an individual’s day, it is also necessary to incorporate those events that are disconnected from the direct immediate actions of the human being, that were initiated through actions in the past and that still continue to influence the totality of data that is daily generated relating to that individual. For example, many banking transactions, including ‘automatic’ ones such as the processing of direct debits and standing orders can occur regularly, creating a data event that exists primarily within the systems of a bank and the receiving organisation. An appointment might be generated by a Doctor’s surgery or the results of a medical test might be received which would then result in updates being made to the record held remotely from the individual.

We utilise two further definitions to further position the Day in the Digital Life project; ‘digital footprint’ and ‘digital identity’. We define a digital footprint as “the real time data generated relating to an identifiable individual’ and digital identity as the ‘historical digital footprint’. Any individual data event (for example sending an email or logging into a Facebook account), will create a digital footprint, but most aspects of this data event will be transient. It is primarily the smaller amounts of persistent data that is left behind and ultimately stored in a remote database that will evoke some form of change, no matter how small, to the individual’s digital identity. A data event is analogous to placing a footprint in wet sand. The step itself begins to immediately dissolve but more permanent changes may be preserved deep below, buried beneath the surface. The digital footprint is the most obvious and immediate indicators of an individual’s digital interactions. An individual's digital identity is stored across a network of servers and databases which in many cases will contain relationships that have been subsequently defined by sophisticated third-party interrogation of accumulated personal persistent data. Digital identity then is the totality of an individual's identity within the digital and encompasses all of the digital personas utilised by the individual with a temporal span that exceeds the human life to which it relates.

Recording a Day in the Digital Life

Design Considerations

In considering a methodological framework for this study we were mindful of the problematic nature nexus of digital data, identity, privacy, surveillance and ethics. This is an awareness that is well-documented by recent literature. boyd (2010) states that ‘privacy is completely intermingled with Big Data’ and that social media sites such as Google and Twitter are amassing ‘terabytes of data about human interactions’. Solove (2004) similarly warns of the compilation of ‘digital dossiers’ by businesses and governments (boyd 2010; Solove 2004). Zittrain (2008) adds a further dimension to Solove’s (2004) initial warning by adding that it is not just government and multi-national businesses that are capable of capturing data. The ready availability of cheap digital technologies including peer-to-peer networking, GPS recording and IP-cameras are facilitating alternative active participation in the capturing of surveillance data in a manner that he describes as Privacy 2.0 (Zittrain 2008).

Conclusion

Capturing the totality of data events that occur during a Day in a Digital Life is the primary methodological challenge of our research. However, equally challenging is the secondary need to identify and record in a useful manner the persistent and hidden aspects of a digital identity in this 24 hour period. The key to our design was to create an approach that was repeatable with minimal researcher intervention and with commonly available technologies. The goal was to create a methodology that would enable the research to be conducted at a much greater scale by willing participants at a wide variety of location across different periods of time. This desire itself proved challenging, in part because 'commonly available technologies' are part of the power relationship to individuals and their usage of this technology. The Apple iPhone (or at least one that is not jail-broken), for example, proved to be of only minimal utility to the project and primarily as a recording device for external interactions – the network traffic facilitated by the iPhone proved too literally be a 'blackbox' unless it was tethered to a desktop computer running the phone's debug terminal.

Works Cited

1. Clarke, Roger. 'Dataveillance by Governments: The Technique of Computer Matching.' In Information Systems and Dataveillance, edited by Roger Clarke and Richard Wright, 129-142. Sydney, Australia: Australian Computer Society, 1994.
2. Parsell, Mitch. 'Identity, Privacy and Accountability in an Information Age.' PhD diss., The University of Queensland, 2008.
3. Tavani, Herman T. Ethics and Technology: Controversies, Questions, and Strategies for Ethical Computing. John Wiley & Sons, 2011.
4. Toekke, A. 'An Exploratory Study of the Privacy Concerns of Users of Social Networking Sites: An Individual Perspective.' Communications of the IBIMA 2011 (2011): 1-7.
5. Business Wire. 'Internet Becomes Central Part of Modern Family Life.' July 6, 2010. https://www.businesswire.com/news/home/20100706006056/en/Internet-Central-Part-Modern-Family-Life