The modern origins of the notion of the rights of individuals have often been linked to the liberal humanist philosophy about the human subject, which historically culminated with the Enlightenment. The right of privacy is one of those rights of the individual. Although it is not directly spelled out in the American constitution as an end in itself, several European constitutions and/or privacy legislations as well as the United Nations’ Universal Declaration of Human Rights speak to that humanist legacy.

Now mediated by digital technology, the identity of the human subject is clearly morphing into a different type of entity (if anything, the themes of cyborg and posthuman in the literature remind us of that.) The individuality and the autonomy –literally the capability of self-determination– of the human subject at the core of the liberal conception are clearly challenged if not already outdated. It appears that human subjects do no longer reside only within their bodies; our identity is no longer contained within the boundaries of our skin.

More than legal constructions and as never before, technology gives human beings the capacity to act at distance in space and time. With digital technology your identity can speak and act on your behalf at any time anywhere. In more and more instances, it might also do so outside your will and perhaps against your interest. The question is, how legacy individual rights such as privacy fit in this new paradigm? And what exactly is that new paradigm, to begin with?

Discussing those questions last month (Feb ’10) on a panel at a symposium with law students (Communications Law & Policy Society at Syracuse Univ.) and other legal experts, I couldn’t resist but bring up the following issue about blogging.

Lately, a decision taken by one high profile institution of the Republic (albeit one that is not centered on technology) has reminded us of the challenge of defining individual rights, let alone redefining the boundaries of the individual. The decision by the Supreme Court in Citizens United v. Federal Election Commission reverberated throughout the political spectrum and the media landscape precisely for that reason underneath the obvious political concern. Who is the subject of rights, especially those rights we have come to understand as rights of individuals?

The Court’s majority decision was wholly or partly supported by the opinion that free speech is not only the right of human individuals but also legal entities (or persons) such as corporations. Arguably, the First Amendment only addresses with the speech while remaining silent about the speaker who shall enjoy the right free speech. We might remember that the Federal Trade Commission has issued a rule that requires bloggers to disclose the identity of corporate sponsors, if any (an effort to address the concern of individuals or entities that may be unfairly attacked or defamed by individual authors of blog posts.) One has to suspect that such regulation was premised on the belief that corporations are not subject to the First Amendment right. Granted the Supreme Court imposes restrictions on disclosure and reporting requirements in order to protect the anonymity of individual contributors (to political campaigns through corporations,) it remains to be clarified whether the FTC blog posting regulation regarding corporate sponsors still is legitimate. If corporations are subjects of free speech and if there is such thing as a right to anonymous free speech, then can the FTC still require as a regulatory matter the disclosure of corporate pay and support in blogging (or any other speech performance for that matter)? If corporations and associations are directly protected by the First Amendment, then we as a society will have to defend their right to anonymous speech. Or else, individuals will run the risk of losing that same right – Corporations & Citizens: United!

Every now and then, inevitably, the debate sparks again in the digital identity community as to what is “identity,” what is “digital identity,” and whether we can have several identities or only one, etc. In this last year week occurrence of the discussion, I’ve come to understand – tentatively – a number of confusions that are being made. I felt that different dimensions of a conceptual set (if not different concepts) are conflated in the way people are loosely using them in the discussion.

Identity: set of attributes that allow to recognize a thing or set of things as unique or distinct. Key variables: distinction, uniqueness.

Identical – key features: sameness or more precisely similarity (two identical things are still two things, at least in time and/or space.)

Identification: matching attributes to the thing or set of things they are asserted about (keyword: matching)

Digital Identity: a digital representation, namely through attributes aka identifiers, of an “identity” (as per above) or of a thing in a certain context (non-unique due to what I call the mirror effect of digital technologies: what is the difference (practically) between the file I just created and its copy in my colleague’s mailbox to whom I sent it as email attachment, or between the nice shots I took last week in Beijing and their replica on my hard drive, and those uploaded on flickr or facebook?)

“Thing” here means anything that can be represented: subject, object, idea, etc. So “digital identity” can be multiple while “identity” (by entity or “thing”) remains unique.

One fellow pointed out that “it is important to differentiate between digital identities that do have virtual personality human rights, and digital identities which do not have virtual personality human rights.” This is a legislation Costa Rican lawyers have developed and which has been voted by their Congress. Warning that English speaking lawyers may have to decide on a different wording for the concept, he specified that personality is here to be understood in a legal sense, not psychological. We need not to forget that the legislation has been developed in Spanish (also in French legal materials, “legal entity” is often designated “moral person,” an entity (“person”) whose legal existence is defined on a non-material or non-physical bases, while the human individuals are called “physical person.”)

So are we going to have a layer of individual entities, social life, jurisdiction, and legislation on top of the “first order” of those same things we’ve known so far? Or if we just extend the first world/order jurisdiction and legislation to include and apply to the second world/order, how much responsible I will be hold for the action of my digital person? How are the consequences of my digital person assessed – by the harm they cause in the digital world, or their impact on the physical world, or in a third fiction dimension made up with a mix of both?

Yesterday, after the last public sessions of the ICANN meeting here in San Juan, I found myself fine dining at a wonderful restaurant called Marmalade, 317 Fortaleza street in the old city, with a few colleagues among which Bertrand de la Chapelle, Milton Mueller, and Robin Gross the initiator of the ICANN-related campaign “Keep the Core Neutral“. The food was really good, and the portions not “aggressive” as someone put it (by contrast to ‘mainland US’). I even spotted on the desert card, between the sweeties and the cognacs, the famous French wine (Sauternes) “Château d’Yquem” but you wouldn’t want to ask for the price. They said they have in average one client for it per year. Anyway, the dinner wasn’t only stimulating for the palate, but also for the mind.

We (including the 3 above mentioned) had an interesting conversation about the campaign and the freedom of expression (FoE) argument, which peaked with an interesting exchange between Bertrand and Robin. According to the former, is not the right argument (both analytically and tactically.) He argued that the right to apply and be granted a name/string at the top level of the Internet DNS is an issue of community recognition, not of FoE; in other words, he would rather invoke freedom of Association (FoA) in support, not the FoE. Robin first said FoA is a FoE issue – put otherwise, the right to association of one’s liking derives from freedom of expression. And later, she also said, FoE is a subset of FoA. Bertrand recognized that there is overlap, but clearly rejected the idea that those freedoms mean the same or lead to the same consequences. He gave the example that a bunch of people can get together and create an association of mumblers and meet periodically for mumbling. Or an association aiming at getting discounts on hotel accommodation, etc. Bertrand’s thinking is apparently based on homology between the “real world” enacted and regulated by states and parliaments, and the cyberspace enacted and regulated through the DNS by its authorities. So the way different sets of rights are used and applied to people and communities in the first world should be reproduced (through the relevant authorities) to Internet users and online communities (who form together the Internet polity.) It also seemed to me that his conception of association is broader (and that there’s no conceptual argument against that) while Robin’s approach is more political, whereby the need to create an association often matches the pursuit of some political or social expression (as a statement to be made).

So the new argument (Bertrand’s) is less political at the surface, but still… it also ties into the right to self determination or autonomy. For example (as per the conversation) if the gay community organizes itself and come up with a request for .gay TLD, then it must be authorized on the basis of freedom of association. In that line of thinking, the freedom of expression will only apply to what can be found in that name space, i.e. the forms and contents of expression.

But it seems to me that there still is a subtle or discrete gap to be addressed in that resoning… Association as a structure is one thing, the name given to an association is another thing. Between FoA and FoE, is there possibly another set of rights that might serve as basis to public authorities to reject the naming of an ssociation while accepting its creation (including its objectives). Because surely enough, an insitution like ICANN cannot deny anyone the right to association, even in the cyberpace and particularly in the Internet DNS. But what is in debate here is the right of ICANN to appreciate the appropriateness of how the association is named. That’s when and where FoA & FoE get blurred and seem to fuse in each other. Because people do a lot of things with names; it’s first an identifier, and as such it may as well be a form of expression. Probably, that’s also when and where the concept of self-determination becomes useful to bridge the discrete gap.

In a nutshell. subject to operational and technical criteria, ICANN shall then accept any application string on the basis of freedom of association and right to self-determination of all comminities. It’s analytically a sound argument; I’m just not sure whether it makes the whole issue less controversial than using the freedom of expression argument.

I am at the ICANN 29th meeting in San Juan, Puerto Rico, June 25 to 29. IP Justice is launching today the campaign “Keep The Core Neutral” addressing ICANN, and in particular, its Board. In an earlier circulation of the text for this campaign, I raised a few concerns that were not totally addressed. The argument of the campaign manifesto is double fold: ICANN is a technical coordinator and should not get involved in any considerations and regulations based on meaning and value, but only on operational and technical matters; then ICANN should adhere to the freedom of expression as expressed in Art. 19 of the Universal Declaration of Human Rights: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”

The problem is there are a significant number of people that don’t read the Art.19 without reading the 29 (second paragraph: “In the exercise of his rights and freedoms, everyone shall be subject only to such limitations as are determined by law solely for the purpose of securing due recognition and respect for the rights and freedoms of others and of meeting the just requirements of morality, public order and the general welfare in a democratic society”) and are concerned with an absolutist approach to freedom of expression.

With the caveat that the possible limitations to the freedom asserted in art.19 must also be based on law, the experience shows that even a universal legal instrument such as UDHR may indeed have competing, even conflicting, interpretations and approaches. For historical, cultural and social reasons, countries have different approaches to HRs in general, and particulary to the UDHR. That’s why a country like France, and the majority of its citizens, finds it good to censor Nazi-related contents in their media, including the Internet. Although arguably, removing topics from the contents is much more, and more directly harmful to freedom of expression (from the absolutist view,) than limiting the types of label available at the top level of the DNS. And what is possible in France (a different interpretation and application of UDHR) is also possible in many other places for just as legitimate reasons in the eye of the concerned sovereigns.

Furthermore, voting is a political process where the voters ultimately express their value preferences. If I’m not mistaken, the ICANN Board takes decisions by voting. So, in the new gTLD policy, as in the other matters, the Board will eventually take decisions by having its members vote individually on the recommendations. Variables intervening in each Board’s member vote will certainly include those elements of “cultural” differences (national, historical, social, etc. experiences), which will reflect in the outcome. So we may well remove all value consideration in the ICANN policies as spelled out (including by preaching an absolute observance of the UDRH’s art.19,) and still have outcomes that are not necessarily “neutral.”

At any given time, if the majority on the Board shares experience whereby it’d be better avoid some type or level of controversy, the outcome would reflect that. The question is, is it better to have a cleaned policy that would make people believe that their gTLD application will be assessed with technical criteria only, and let them spend their resources on applying, and then have a vote with an outcome at odds with the anticipated result a purely technical assessment would’ve provided?

If this campaign were to attain its ultimate aims, there should be a reform of the way final policy decisions are made by the Board. Instead of voting (YES or NO, possibly followed by customized explanations), proceed with a checklist of the relevant/critical technical & operational (T&O) criteria for the Board members to check or uncheck, in a jury manner, depending on whether or not they think the materials submitted and information collected during the process demonstrate the capacity of the applicants to meet each and every one of the T&O criteria, and only those criteria, required for a registry to operate.

Lastly, the manifesto means to keep ICANN clear from content regulation, including at the top level of the DNS – and push any regulation back to the edges and based on national legislations. But I believe:
1) not all social issues, even those serious enough to deserve it (if we compare them to the subject of some other laws), are or need necessarily to be addressed by hard law;
2) nowadays, there is enough diversity in the public sphere within many individual jurisdictions, to the point that norms are often also diverse, and sometimes conflicting.

Could it be possible to find some mechanisms in a “soft law” fashion that could prevent possible tensions without necessary deferring to hard law at the edges, i.e. to national legislations?

A couple weeks ago, I posted the following question on the Internet Identity Workshop email list (a group maintained by the Identity Gang), What is human subject digital identity without any government-issued identity credential, or government certified identity attribute?

I got a first answer that expresses the reflex of skepticism and suspicion toward government authority, probably more common in North America, especially in the US where such thing as national identity was (and to some, still is) a total nonsense a few years ago – “My identity, my me-ness has little to do with any government entity.” Assuredly! But I’m not quite sure that my “me-ness” is what is recorded in the computing devices and networked databases.

But he was absolutely right, Dave; identity is not defined by governments. I was born in Africa, and like everyone else’s, my parents gave me my names (in some cases in fact the whole community or clan does this.) Then, because we already were in the modern ages, they had to go to the city hall to declare my names, my date of birth, and their own names and other attributes asserting them as my parents, in order to establish my “certificate of birth” (needless to say, it is an administrative procedure we inherited from the European modern state through colonization.) From then on, most of my dealings with any authority, whether state/administrative, education or economic/commercial, will ultimately rely on the assertions made on that piece of paper.

All what we know of my father’s date of birth was the year, which was an estimate or a determination several years after the fact, just as for most Africans of his generation, let alone the older ones. Depending on the circumstances, this could be done quite (or nearly) accurately by cross-referencing with other known events at the time of birth. Ironically you may say, many members of the first governments in the then newly independent nations were in the same case, and of course they had an identity – the most “official” one, even. Their parents in the villages, who had no clue what a modern state was, had of course an identity (often more based on *relations*, trust and reputation, rather than on isolated atoms of information centrally recorded). The nation-state and other forms of modern state are historical and even cultural advent, originating from and institutionalized by the Westphalia treaty as it’s generally called (see
http://en.wikipedia.org/wiki/Peace_of_Westphalia). In all likelihood, the current political system will not be there forever, while identity will, though its forms and expressions have also evolved in the past and still will.

The question is, *in the period we are living in*, what are our chances to walk in a bank for the first time and do business solely based on the identity assertions we make without that official backup? Or on those made by our parents, aunts, uncles or other close friends we bring along with us, either in the physical or in the digital world? What are our chances to complete a commercial transaction online without using a payment instrument that was initially based on that government backup? Granted, there are other situations, e.g. social networking, where we might not need that backup (but then we may have other or more problems to solve, as a consequence.)

Why the government-issued identity is so widely used at least as reference, if not as the ultimate authoritative identity (including in cultures & areas where individuals widely share a common suspicion towards governments)? It occurs to me that this is because identity is more about trust than anything else, and governments are the first or earliest institutional witnesses, the first real third party that knows things about us. Outside our private circles, they have the longest memory about us. Besides, they are the guardians of certain collective rules, those that we have collectively come to devote the maximum resources for enforcement – indicating somehow their importance to the collective. Acting as rule makers and enforcers on our behalf (no matter how contending we might individually be in that regard), they are better placed, and we rely on them, to tell if the person we are dealing with has (critically) broken any of those rules so that we can determine to what extent we can trust her.

The governments could cease to have that role of reference when instituted third parties would come to be as early witnesses of our public life as the governments – or earlier enough witnesses for what the relying party is concerned with about us.

Hello world!

Today is the time for year 2007’s solstice in the northern hemisphere, when – and where from – this blog is launched.


Get every new post delivered to your Inbox.