Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2017
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Review Draft of 17 August 2012
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2012
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/ID/DP12-120817.html
The term 'digital persona' was coined in the early 1990s to refer to models of an individual's public personality based on data and maintained by transactions, and intended for use as a proxy for the individual.
During the intervening 20 years, the concept has achieved only moderate impact in the academic literature, and less in industry and government. Two extensions to the theory are presented, one placing the concept more clearly within a comprehensive theory relating to human identification and authentication, and the other distinguishing hidden from open personae.
Systems that deal intensively in personal data have variously been driven and enabled by new information technologies. A succession of IT industry schemes seeking to manage identities have experienced considerable difficulties. It is argued that the problems the industry has encountered derive from failure to reflect the insights offered by the theory of the digital persona.
In 1992, I coined the term 'digital persona', outlined initially in Clarke (1993a, 1993b). It was examined in depth in (Clarke 1994a), which appeared in a Special Issue of The Information Society (10, 2), on 'The Digital Individual' (Agre 1994). The purpose of the term was to provide an unambiguous way of referring to data collections about individuals that are sufficiently detailed to be used as a basis for decision-making in lieu of dealing with the individual themselves: "the digital persona can be monitored with thoroughness and frequency, and surveillance extended to whole populations" (Clarke 1994c).
The 20th anniversary of the term's coinage is an appropriate time to assess whether the term, and more importantly the concept, have entered the mainstream. Have they fulfilled the role of a meme, in this case to encourage understanding among consumers and business enterprises, and among citizens and government, and to influence business practices and public policy?
The paper commences with a recapitulation of the original concept. It then traces relevant developments in information technology and in politics since the early 1990s, as a prelude to an assessment of the term's adoption and use during the intervening two decades. Key developments in relevant theory are identified, in particular in relation to a comprehensive theory in support of 'identity management', and 'hidden personae'. The paper concludes with an outline of some actual and potential responses to the negative impacts of dataveillance phenomena.
The context in which the term was coined was set by two earlier articles. One article documented the switch in surveillance techniques from physical and electronic means towards surveillance of individuals through the data trails that they generate. The term 'dataveillance' was coined, to refer to "the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons" (Clarke 1988). (A later paper that distinguishes the various forms that surveillance can take is Clarke 2009c).
The second contextual article examined the nature of human identity and the identification methods used by organisations (Clarke 1994b). This explained the linkages among data, identities and human entities which underpin dataveillance techniques.
The 'digital persona' notion explained how dataveillance is enabled by an organisation's power over data rather than through observation of the individual themselves. The term was defined as follows (Clarke 1993a, 1994a):
"the digital persona is a model of an individual's public personality based on data and maintained by transactions, and intended for use as a proxy for the individual"
The Oxford English Dictionary declares the etymology as being classical Latin 'persona', meaning mask, character, role. A key reason for preferring it to the various alternatives was Jungian psychology. To Jung, the anima is the inner personality, turned towards the unconscious, and the persona is the public personality that is presented to the world: "The only persona that Jung knew was that based on appearance and behaviour. With the increased data-intensity of the second half of the twentieth century, Jung's persona has been supplemented, and to some extent even replaced, by the summation of the data available about an individual" Clarke (1994a).
No earlier and comparable uses of the term 'digital persona' have been uncovered. However, as with most neologisms, the meme was 'in the air' at the time. Other terms used in the very early 1990s to refer to the idea included 'data shadow', 'virtual identity' and 'epers' (from electronic persona - Karnow 1994). Fittingly, many of the fictional treatments pre-date my own instrumentalist analysis. The idea can be detected at least as far back as 1974 in John Brunner's 'Shockwave Rider', then as a 'construct' in William Gibson's 'Neuromancer' - "a hardwired ROM cassette replicating a ... man's [sic] skills, obsessions, knee-jerk responses" (Gibson, 1984, p.97) - and later as a 'recorded personality', and as 'partials' and 'ghosts' in Greg Bear's 'Eon' in 1985.
The key article was Clarke (1994a), referred to in the remainder of this paper as 'the original 1994 paper'. It distinguished a number of important characteristics of digital personae, which give rise to several category-pairs. They are brought together in Exhibit 1A.
|a persona based on human perceptions|
|a persona constructed on the basis of accumulations of structured data|
|a persona controlled by the individual it is associated with|
|a persona controlled by someone other than the individual it is associated with|
|a persona that comprises data alone|
|a persona that has some capacity to act, on behalf of, or in substitution for, the individual it is associated with, cf. a software agent|
|a persona that presents a commonly-held, composite image of a person who is presumed to be well-known (e.g. Marilyn Monroe, Marshall McLuhan) or of an archetype (e.g. 'action man', 'drug mule', 'psychopath')|
It is intrinsic to the notion persona, and to the notion digital persona, that an individual may project many of them, in order to "present themselves differently to different individuals or groups on the net; or at different times to the same people; or at the same time to the same people. One projection may reflect and provide close insight into the person's 'real personality', while other personae may exaggerate aspects of the person, add features, omit features, or misrepresent the personality entirely" (p.81). Many reasons were identified as to why individuals would want to adopt multiple personae, including to reflect their multiple real-world roles, to exercise artistic freedom, to protect against real or imagined risks, to experiment, to fantasise, and to commit fraud.
Imposed digital personae, controlled by others, were already familiar in such forms as the databases of financial services organisations and myriad government agencies. Projected digital personae, on the other hand, were at that stage limited to curricula vitae expressed in the then newly-available facility of Web-pages.
At the time, such active digital personae as existed were projected, in such forms as email-filtering rules and news preferences. The prospect was identified, however, of "imposed, active digital personae [enabling] people's interests or proclivities [to] be inferred from their recent actions, and appropriate goods or services offered to them by the supplier's computer program using program-selected promotional means" (p. 83).
The examples of 'public personae' offered included celebrities (at the time: Zsa Zsa Gabor, Elizabeth Taylor, Pierre Trudeau, Ross Perot and Donald Trump) and archetypes (the practical joker, the sucker who always takes practical jokers' bait, the 'wild idea' generator, the moral crusader).
The original papers identified a number of specific problems with the use of digital personae, especially of imposed, formal personae. A digital persona is a model - which is a simplification of a complex reality; and because it is incomplete, its use embodies a risk of mis-judgement. A digital persona is constructed from multiple sources, and because those sources are imperfectly compatible, 'artefacts' may result, i.e. unwarranted inferences may be drawn about the individual associated with the digital persona. It was noted how the kinds of procedures typically applied by government agencies created considerable risks for atypical, idiosyncratic and eccentric people (Marx & Reichman 1984, p.436), and made no allowance for a wide range of extenuating circumstances.
A further danger arises from the fact that a digital persona is not directly linked with a human entity, and hence the risks exist of associating a persona with the wrong person, and of adding new data to the wrong persona. In the case of identity fraud, such results are contrived, most commonly in order to achieve a financial advantage.
A particular focus of the initial paper was the use of digital personae as weapons of surveillance, against the interests of the individual - possibly to the benefit of society, but more commonly to the benefit of organisations. Many such uses were surreptitious, and hence the means whereby the digital persona was accumulated - such as access to data held by other organisations, including data matching - were obscured as well. A weakness in the original article was its failure to extend this analysis to identify a further category-pair. This omission is overcome by the addition of the definitions in Exhibit 1B. The overt / covert distinction will be further developed in a later section of this paper.
open or overt persona
|a persona whose existence, content and use are known to the individual who is associated with it|
covert or hidden persona
|a persona whose existence, content or use is / are not known to the individual associated with it|
The intervening two decades have seen substantial change. This section briefly highlights some key developments relevant to the digital persona, and to dataveillance more generally.
In 1992, the world was only in the early phases of the digital revolution. That revolution comprised the elements outlined in Exhibit 2. It is now largely complete.
In 1992, the proportion of the population that had an Internet presence was very small. From the mid-1990s onwards, billions have gained access to the Internet, have projected digital personae in such forms as 'nicks', 'handles', game personas, online bios and web-sites, blogs and micro-blogs/tweet-streams, and have been subjected to imposed digital personae. Since c. 2004, social media services have harnessed narcissism and voyeurism to greatly increase the volume of data that is captured.
As computer graphics improved, avatars emerged. The word originally referred to a manifestation of a Hindu God, but it was expropriated to refer to a visual representation of any persona - spiritual, physical or digital. Terminological confusions have arisen. It is now necessary to make clear that digital persona and avatar are distinct notions, with an avatar related to a digital persona much as a glyph is to a letter of the alphabet. There is generally more than one glyph for a particular letter - 'a' and 'A' in this font alone - and there may be many (or indeed no) avatars for any given digital persona.
There has been an ongoing increase in the variety of sources of data that is absorbed into digital personae. An important example is that transactions that had hitherto remained unidentified through the payment of cash have become identified through the use of loyalty card schemes, and more recently through reductions in the minimum amounts for which credit-cards and particularly debit-cards can be used, the removal of authentication steps such as the entry of PINs (which slowed down card-based transactions), and the introduction of contactless cards to enable even more rapid identified payment, on the move.
A crucial new form of data that is now being captured is location and tracking data, which is associated with a great many of the large numbers of economic transactions that people engage in each day. This is being added into digital personae - resulting in an enormous increase in their value for surveillance (Clarke & Wigan 2011). Moreover, the catchment has been extended beyond economic transactions to social activities, as social media companies have encouraged people to post text, audio, image and video, and associate with the data not just their own identity, but also their companions' names.
The explosion in the volume and intensity of data capture has been exacerbated by greatly reduced barriers to access by many organisations, achieved variously through legislation and by imposing permissive terms of service. There has been enormous pressure to liberalise access to categories of data that have long attracted very strong protection, such as information about conversations and conversation-partners (in telephony jargon, referred to as 'call records'), and even the content of messages, particularly of email.
There has also been an increasing tendency to deny nymity, by associating digital personae directly with the individual human entity, through the imposition of biometrics. This has occurred with passports, and with visas, among a range of employers, and even as a condition of entry to some social venues. Biometrics technologies rely on fuzzy matching, and a great many quality factors conspire to create errors, give rise to false positives and false negatives, and force trade-off between them. Hence masquerade, and mistaken associations between digital persons and physical persons occur even when biometric entifiers are used.
The problem has been exacerbated by the laxness of privacy oversight agencies, many of which have failed to enforce laws relating to excessive or unjustified collection of personal data, even in the case of particularly sensitive data such as not only biometrics, but also driver licence and passport data, all of which have great potential as enablers of identity and entity fraud. Similarly, data protection commissioners in those countries whose laws include an Anonymity Principle have failed to enforce it.
The digital persona meme has made further appearances in sci-fi literature, in such forms as 'copies' in Greg Egan's 'Permutation City' in 1994, and 'dittos' in David Brin's 'Kil'n People' in 2002. As humans become augmented by technology and become cyborgs, the digital persona notion has needed some reconsideration (Clarke 2005a, 2005b, 2011). If robots ever live up to their promise and convincingly move beyond the factory floor, yet further adaptations may be necessary to the theory of the digital persona.
Technological change to some extent drives developments, a phenomenon sometimes referred to as 'technological determinism'. To a considerable degree, however, technology is merely an enabler for initiatives whose drivers lie elsewhere, reflecting the natural desire of organisations to harness new capabilities in order to fulfil their missions. The two patterns can be mutually reinforcing, resulting in 'creep' in the mission-scope of some organisations in response to changing technologies. This sub-section highlights some important areas of such changes that are relevant to the theory and application of the digital persona concept.
The private sector has been very active in so-called 'Customer Relationship Management' (CRM) - or 'Consumer Relationship Manipulation' as the cynical retronym has it. The data-gathering has been facilitated by highly permissive Terms that marketers have imposed on consumers, generally with at best the merest token of consent. The intensive profiles of each individual's prior behaviours has been applied to the manipulation of consumer behaviour through targeted and timed advertising. This had been described at least as long ago as Packard (1964). See also Hanson & Kysar (1999). This has been despite the availability of alternative, more positive approaches to the marketer-with-consumer relationship (e.g. Kelly 1998, Levine et al. 2000).
The legal protections against use and disclosure have proven to be highly porous, with the result that a great deal of personal data is shared, gifted and traded among organisations. There has been a strong emphasis on the consolidation of individuals' multiple personae, and on denial of the freedom to interact separately with different organisations. This has involved the correlation of government identifiers and use of the pretext that 'real names' policies reduce anti-social and abusive behaviour.
A further development has been public-private partnerships, which blur the distinction between data compulsorily acquired by government agencies and data gathered, more or less consensually, by corporations from their customers. A major area of application has been toll-roads, the vast majority of which have reversed the historical position and currently deny anonymous use of public thoroughfares.
A related development is the application of Automated Number Plate Recognition (ANPR) technology to mass surveillance, most notably in the UK and Australia (Clarke 2009a), but also in the USA and Canada. Attempts have been made to supplement this source with data acquired from sources such as toll-road operators, car-park operators and parking infringement schemes.
In the public sector more generally, increased data intensity and consolidation of citizen data has been apparent among social control agencies, in such areas as taxation, social welfare administration, and nationalised health insurance and health care data systems, in recent years referred to as 'eHealth records'. A diverse range of justifications have been used, including administrative efficiency, control of waste, control over fraud, control over anti-social behaviour, public safety, road safety, and counter-terrorism. As each new 'idea in good standing' emerges, the collection and exploitation of citizen data has been hitched to it. For example, global warming has been enlisted, on such grounds as the need to identify energy-profligate consumers, and the likelihood of hordes of climate change refugees creating social and economic problems.
There have been attempts in many countries to establish national identification schemes, or expand existing inhabitant registration schemes. These have been in many cases unsuccessful, variously because of the intrinsic challenges and popular opposition, and in some countries multiple attempts have been serially unsuccessful. 'Progress' has been achieved in Malaysia and Finland, with world's best / worst practice in Denmark.
Among the most aggressive assaults on citizens' data have been responses to terrorist strikes, primarily those in 2001 (USA), 2004 (Madrid) and 2005 (London), although with some reinforcement particularly from Bali (2002) and Mumbai (2011). The opportunity has been grasped by national security extremists to recover from their Post-Cold War malaise, to the extent that, in many countries in the nominally free world, far greater intrusions into civil rights have been enacted since 2001 than ever existed in the period 1946-1990. For example, during the 6 years 2001-07, Australia passed scores of statutes expanding powers and reducing controls and accountability (PAPL 2007).
Given the explosion in data-gathering, use and disclosure since the concept was introduced, it would be reasonable to expect that the theory of the digital persona would have been applied, criticised, enhanced and extended.
Great as the need may have been for the term 'digital persona' to become mainstream, it has not set the world alight. During its first 20 years, the primary article garnered only about 150 Google citations. To place that in context, however, there appear to be no more than 5 references in the surveillance arena that have more than 500 Google citations, and perhaps only 20 with more than 200. The publications that appear to be the primary current references are identified in Appendix 1.
In order to gain insight into the extent to which the notion has informed and assisted subsequent work, the following analyses were undertaken, and are reported on below:
Google Scholar identifies c. 150 publications that cite the original paper. These were examined, with a focus on those that satisfied the following conditions:
This resulted in the identification of 21 significant publications, listed in Exhibit 3. The majority of the identified publications apply the concept in a particular context, and only a few contribute to the theory of the digital persona. Most consider only the imposed digital persona. Of greater concern is that none of the papers consider more than one or two aspects of the concept. Moreover, four of them - van der Ploeg (1999, 2003) and Wen et al. (2009) and Ma et al. (2011) - drastically reduce the notion, by referring to it as a singular, linked directly to the physical individual.
Privacy-Enhancing Technologies (PETs)
van der Ploeg (1999, 2003)
biometrics and privacy of the physical person
protection of sexual identity
identification codes as tools of surveillance
'co-active' social control mechanisms
Zwick & Dholaika (2004)
theoretical treatment of the panoptic
Koch & Möslein (2005)
university candidates' electronic portfolios
description of an intermediary intended to enable consumers to control their own digital persona
theoretical analysis of the relationship between privacy and identity
a framing concept in a thesis on Personal Password Security
intellectual property law
body, bioethics and identity
Wen et al. (2009) and Ma et al. (2011)
an architecture for a naive, comprehensive, singular, imposed digital persona
theoretical treatment of the digital panoptic, including Latour's 'inscription' and 'immutable mobiles' concepts
The second approach adopted was the examination of publications that use the term 'digital persona' in a manner closely compatible with the concept, but without citing the original 1994 paper. In July 2012, Google Scholar identified about 1,000 publications in total. Only those publications were considered that satisfied the following conditions:
Application of this procedure identified a further 9 publications, listed in Exhibit 4. Almost all of them applied the concept as part of a broader frame of reference and within a particular context. A few of the articles provided some amount of theoretical criticism or theory extension, but few were focussed on those kinds of contributions. A number noted that the term was a foundation concept underlying the subsequently-emerged field of 'identity management'. The 2003 US Patent is noteworthy mainly in that it attempts to claim as an invention a number of ideas that were key parts of the Platform for Privacy Preferences (P3P) initiative of a World Wide Web Consortium Working Group in 1998-99 (Clarke 1998, W3C 2002).
policy relating to the administration of social welfare
a thesis on the implementation of an active digital persona
property rights in a digital persona
US Patent 6,581,059 (2003)
description of an active digital persona
Liu & Maes (2004)
generation of digital personae from 'personal texts' / natural language
Saebo et al. (2009)
social networking services
Ball et al. (2010)
an active digital persona in eHealth
teaching the composition of digital rhetoric
Less comprehensive scans were also undertaken of the concept in the computer science literature, and in the applied world of identity management software and services. These have generally failed to reflect the richness of the concept of the digital persona as expressed in the 1994 article. This has been a factor in the poor-quality support that computer science artefacts have provided to the people who depend on them. Many instances exhibit the worst of both worlds - dysfunctional design, but also harm to the interests of the individuals concerned. The public is having deficient models imposed on them, particularly in the all-too-common, maximally-naive form of a singular digital persona directly linked to a human entity. This has the effect of denying the individual the opportunity to create and maintain multiple identities projecting only parts of themselves.
The third analysis involved examination of uses of alternative terms that refer to concepts closely related to the digital persona. These were identified as a by-product of literature research at the time and subsequently, including during the preparation of this paper.
Exhibit 5 identifies eight such terms, together with the publication in which they appear to have originated. One term is used occasionally in a vague sense, but without any apparent underlying source. Another predates 'digital persona', and one is contemporaneous with it, while the remaining five emerged subsequently - and in four cases the publication cites the 1994 digital persona paper. In none of the eight cases does it appear that the concept to which the term refers has been examined closely, nor is any comprehensive theory put forward.
origin lost, and its effectiveness confounded by many other, competing uses
coined in a 4-page philosophical piece that offers ambiguous obscurity rather than any usable definition: "The numerical language of control is made of codes that mark access to information, or reject it. We no longer find ourselves dealing with the mass/individual pair. Individuals have become 'dividuals', and masses, samples, data, markets, or 'banks'"
Deleuze 1986 / 1990 / 1992
the electronic persona
"the electronic memory-traces of mass society"
(for a wide-ranging book)
"various concatenations of personal data that, like it or not, represent 'you' within the bureaucracy or the network ... the ongoing life of the data doubles now depends upon complex information infrastructures"
Lyon, 2003b, p.22
(for the relevant chapter)
capta (cf. data) are "facts that those constructing the database decide to `take' given that they cannot record or store everything"
a 'capta shadow' is "capta that uniquely represents people, objects, information and transactions"
"manipulable digital profiles of the inmate ... enabling a variety of deductive operations on individuals as elements of a known population"
"a comprehensive digital description of an individual human in the cyber world ... the counterpart of the real individual in the physical world"
Wen et al. (2009) and
Ma et al. (2011)
The fourth approach adopted in order to detect impacts of the concept was to examine the sources that sorted high in a search using Google's catchment area and precedence algorithm. Google's services are highly unreliable and unstable, but the mere fact that they are much-used makes Google the prime candidate for a test of popular impact. The fact that over 1 million hits are found suggests that the term has had some popular appeal. However, (at least when a search is conducted from within Australia), one other page precedes the 1994 article, and that is a US biometrics technology provider that has adopted the name for both the company and some of its products. Suppressing hits containing "Inc." reduced the count by 40% to 600,000, and further suppressing hits containing "fingerprint" reduced it by a total of 70% to 300,000.
An example of a use directly in line with the original intention is in a 'manifesto' published by a movie-producer in conjunction with his work 'Article 12' (Biain & Vaduvescu, 2010): "By Constitution, we have been granted freedom, the right to freely express ourselves and have control over our personas, and the same should apply to our digital selves. A new man - the digital man - has arisen and its emancipation depends on us. Writers, artists, philosophers, and many specialists in this field are talking about this transition and the powerful transformation we are facing. The way of being in this parallel world requires that we embrace technology and aspire for the better, but not without protecting our human rights and human dignity, both for our physical and digital personas".
Another aspect of relevance is a number of references to 'digital persona' in the marketplace for 'digital immortality' (e.g. Schneiderman 2012). On the other hand, a further indication of the 1994 article's limited impact is that Wikipedia mistakenly redirects the term to avatar - which is a graphical representation not a persona, and is a representation of any persona, digital or otherwise.
Further, as if seeking to confirm the negative tone sounded by the original article, a marketing company, zangbezang, uses the term digital persona to refer to its "complete and powerful customer view for each individual customer, derived from converging historical mobile data with contextual personal & social data to deliver meaningful, real-time and actionable insights ... [It is] the aggregate of information that defines each individual consumer's characteristics, interests, activities, habits and transactions across the operator, social network and mobile device domains [promising the consumer] targeted insight into their needs".
A further indicator of the extent to which the meme has penetrated public consciousness is mentions in the media. Google News, which searches on a sub-set of the Google search-engine's catchment, provides a somewhat unreliable snapshot of the last month's media, and a highly unreliable and varying archive of media mentions in the recent past. It is, however, a readily-available and convenient tool that provides some sense of media usage of the term. In late July 2012, Google News appeared to identify 63 mentions in the last month. On inspection, however, the 65 collapsed to 32, and all but three were spurious, apparently deriving from the pseudonym of a business reporter.
Of the three, one was a report in an Italian newspaper on the conference on 20 July 2012 which stimulated this paper.
The second article referred to the increasing difficulties for undercover operatives to maintain "their false personas" (Heath 2012): "Memo to all budding undercover spies: start creating your second (false) digital persona the day you're born - you'll probably need it. Oh and only get photographed with the people that you plan on going under-cover with". The article is seriously deficient when assessed against the 1994 theory, in that it makes the (to national security extremists, conventional) assumptions that every person is limited to a singular digital persona, and that any other persona is 'false'.
The third article was a review of a new game for the iPhone and iPad called Mind of Man, which "[reveals] the dark side of your digital persona. By analyzing your text and behavior on Twitter, including your flaws and antisocial tendencies, the game creates a unique avatar known as a 'MindPrint'. This avatar is then pitted against your friends and favorite celebrities" (Farr 2012). Although populist, the article is not greatly inconsistent with the theory of the digital persona advanced in the 1994 paper.
Google News purportedly found 325 news reports in its archive containing the phrase 'digital persona'. However, that search only permitted display of the first 100, which dated back to April 2008. A few publications related to the biometrics company or its product. However, most used the term in a manner reasonably consistent with the 1994 conception, with the most common error being to confuse it with the concept 'avatar'. Many articles were banal, e.g. "It seems like nearly everyone you meet these days has a digital persona to compliment [sic] the real-life counterpart, but after spending countless hours curating your virtual life online, the site can seem a little bland. Thankfully, the world's most popular social network has a hidden treat ...". Others addressed important issues, such as self-management of the digital personae projected within various social media, including for economic reasons ('managing your personal brand online'), e.g. Mac (2012).
A series of searches were conducted, restricting the search-scope to prior, specific years. This identified what appeared to be the oldest news article detected by Google News - Adams (1997). This reported on a fairly superficial use of the term by an IT industry CEO, Eric Schmidt, then of Novell: "The new face of networking has a human face, and it has as many faces as there are users on the network today ... put the programs on the network and build 'digital personas' that give users customized access to the things they need to get jobs done". 18 months later, Novell launched a 'digital wallet' called digitalme, which stored identification and authentication data in order to give individuals more control over their identity on the Internet, and gave rise to the second oldest article detected by Google News mentioning the term 'digital persona' - Fidel (1999).
The lie inherent in the marketing spiel became increasingly evident as time went by. Schmidt became CEO of Google, and is to a considerable degree responsible for the massively-intrusive imposed digital persona and the associated, highly-intensive consumer-behaviour profile assembled by that company. He has also contributed one of the iconic anti-privacy aphorisms: "If you have something that you don't want [Google and its customers] to know, maybe you shouldn't be doing it in the first place" (Esguerra 2009).
From 2006 onwards, an increase was apparent in media usage. A telling article reported on steps taken by IBM to impose controls over the digital personae that its employees used when participating on the company's behalf in the (short-lived) virtual world called Second Life (StPT 2007). Uses in the media naturally lack the richness of the full theory, but the senses in which the term is applied have been generally consistent with the 1994 notion.
The theory of the digital persona presented in the original 1994 paper was sufficiently comprehensive that subsequent literature, while adding some depth, has not contributed all that much more to the theory itself. There are two areas, however, in which some theory extension is necessary. The need to distinguish open from hidden personae was mentioned earlier and is addressed in the second sub-section below. The first sub-section is concerned with the relationship between the digital persona and human identification.
Business and government have attempted a long series of initiatives in relation to what has been called 'identity management'. This began with digital signatures during the mid-to-late 1990s. Little progress has been made, however, because the public key infrastructure (PKI) on which these depend is fundamentally flawed (Clarke 2001b). The attempts continued with private-sector portals, moved on to federated models, and to single-sign-on to multiple government agencies. These have mostly failed, or have been adopted by only a small proportion of the target audience, for reasons explained in Clarke (2004).
The fundamental reason why these attempts keep failing is that they embody assumptions about people and human identity that are manifestly wrong. Designers need to work from a model of the elements and their inter-relationships that reflects the realities.
In order to satisfy this need, the early work in Clarke (1994b) was progressively expanded into a comprehensive theoretical model, encompassing all aspects of identification and authentication. The digital persona is a crucial element of the model. Each instance of a digital persona, stored in a record, is distinguished by a signifier of some kind, such as a name, or a code. The term 'identifier' is commonly used for such a signifier. If the digital persona can be directly associated with a particular human person (e.g. because the digital persona includes a biometric measure), the signifier is more appropriately referred to as an 'entifier'. If the identity is not able to be associated with any particular person, it is a 'nym' - or more specifically an 'anonym', if association is not possible, or a 'pseudonym', if association is possible, but only subject to particular conditions being satisified.
Building on this basic set of concepts, the processes of identification and entification are capable of being described in ways that avoid misunderstandings and provide a foundation for effective business processes. The general concept of authentication, and its specific application to identity authentication and entity authentication can also be reliably described. For example, the concept of Identity Management can then be defined as a generic term for architectures, infrastructure and processes that support the Authentication of Identity Assertions. The mature model was presented in Clarke (2009b), supported by a Glossary and examples. Exhibit 6 contains the key definitions, extracted from the Glossary.
|Identity||A real-world thing, but of virtual rather than physical
Includes a presentation or role of one or more human beings.
Also includes, for example, processes running in a computing device.
|Entity||A real-world thing.|
Includes human beings.
Also includes computing devices, animals, vehicles, etc.
|Record||A set of Data-items each of which relates to a particular Entity or Identity.|
|Digital Persona||Conceptually, a model of an individual's public personality based on
data and maintained by transactions, and intended for use as a proxy for the
Operationally, a Record that is sufficiently rich to provide the record-holder with an adequate image of the represented Entity or Identity.
|Identifier||Conceptually, a set of Data-Items that are together sufficient to
distinguish a particular Identity from others in the same
Operationally, most commonly a name or assigned code.
|Entifier||Conceptually, a set of Data-Items that are together sufficient to
distinguish a particular Entity from others in the same
Operationally, for a human being, a biometric.
|Pseudonym||An Identifier that may be able to be associated with a particular Entity, but only if legal, organisational and technical constraints are overcome.|
|Anonym||An Identifier that cannot be associated with any particular Entity, whether from the data itself, or by combining it with other data.|
|Identification||The process whereby data is associated with a particular Identity. This is achieved by acquiring an Identifier for the Identity.|
|Entification||The process whereby data is associated with a particular Entity. This is achieved by acquiring an Entifier for the Entity.|
|Authentication||The process that establishes a level of confidence in an Assertion.|
|Identity Authentication||The process whereby a level of confidence is achieved in an Identity Assertion.|
It is common for an individual to be aware of the various digital personae associated with them, including those imposed on them by organisations. A substantial body of neo-Benthamite 'panoptic' theory has been espoused in recent decades, stimulated by Foucault (1975). This is based on the proposition that an efficient way to sustain public order is to encourage individuals to impose self-discipline on themselves, by giving them the impression that they are subject to continuous surveillance. Information technology has greatly enhanced the symbolism and to some extent the power of visual surveillance, and has invented and continually extends the symbolism and power of dataveillance.
Panopticism involves overt surveillance of physical and digital personae whose existence and content are known to the individuals they are associated with, or are at least knowable by them. An additional category of digital personae exists - those that are covert or hidden. Sub-categories include the following:
The original 1994 article recognised the possibility of hidden personae, to the extent that it allowed for the possibility of individuals being unaware of the existence of a persona. It also identified instances of background databases that accumulated personal data from various sources then (and accumulate it now), including "credit reference data and ratings, insurance claims databases, consumer marketing mailing lists, telephone, fax and email address directories, electoral rolls and licence registers". To that should have been added consumer profiling companies such as Acxiom, and tenancy databases. The original article did not otherwise address the topic.
The number of such background databases has greatly increased during the last 20 years, and the intensity of the data that their operators gain access to has as well. For example, the consumer credit industry has worked assiduously towards its aim of having full access to all aspects of every consumer's indebtedness (so-called 'positive reporting').
Intelligence databases have always existed, but have become massively more intensive, and their operators have become even less accountable to parliaments and the public, particularly since national security extremists recovered the ground that they had lost at the end of the Cold War c. 1990, following the terrorist strikes of the first decade of the century.
Many such practices are more or less formally exempt from data protection laws, or effectively authorised by them, over the heads of citizens and consumers. This applies not only to public sector records, but also in the private sector. In Australia, for example, employment records, the media and small business are entirely exempt, and credit reporting and direct marketing consumer profiles are subject to special regimes that authorise the collection and exploitation of consumers' data by business.
Since the mid-1990s, web-traffic has also been manipulated in order to generate massive holdings of Internet-user profile data, by such companies as Doubleclick and Google (which subsequently acquired Doubleclick, thereby consolidating two parallel sources of data). Since the early 2000s, 'social neworking services' and other forms of 'social media' have emerged, whose business model is based on the encouragement of self-exposure and the exposure of others, in order to enable the exploitation of consumer data (Clarke 2012). Companies such as Facebook, and Google through Google+, are accumulating substantial amounts of additional data, much of it reasonably reliably associable with specific identities, and in some circumstances with specific human entities.
These background, hidden personae are giving rise to what de Kerckhove refers to as 'The Digital Unconscious', which he explains as "the sum of data available in a growing quantity of databases that individuals, institutions, companies and society in general are not conscious of", or "everything that can be known about you that you don't know". The term has been coined a small number of times, although the only relevant references found to date from prior to 2012 are Amiran (2008) and Reading (2009). The topic is being developed by de Kerckhove in a seminar series (de Kerckhove 2012).
The negative impact of hidden personae is a variant of the panoptic effect - individuals are being effectively encouraged to believe that 'they know all about you already', and hence to constrain their behaviour because of the fear of retribution. Longstanding examples of retribution unclude tax audits and the refusal of loan applications. As social media intrusions have proliferated, use of such personae in rejecting job applications has increased (e.g. Wortham 2009).
This broad chilling effect is of concern in a psychological sense, because it denies private space. It is of greater concern in a social sense, because it causes people to avoid associations with one another, and generates a prevailing climate of suspicion. It has a constraining impact on technological innovation, because most inventors and many innovators are 'deviants' by the norms of the sectors and even of the societies in which they live, and as a result the chilling effect has a negative impact on economic development.
From a political perspective, the chilling of speech, of assembly, and even of thought, are consistent with an un-free nation, and have a seriously detrimental effect in a democracy. Imposed digital personae, coupled with the denial of multiple pseudonyms, increases the capacity of powerful organisations, in both the public and private sectors, in order to suppress dissent (Clarke 2008).
In the mere two decades since the end of the Cold War and the collapse of East Germany and its Ministerium für Staatssicherheit (the Stasi), the 'free world' has lurched towards a significantly more efficient surveillance society than was ever achieved behind the Iron Curtain. Public sectors across the world remain dedicated to intrusiveness as the means to sustain social control. Encouraged by technology providers, many governments have attempted to impose national identification schemes, mostly with limited success.
Applications of imposed digital personae harbour great threats to consumers and citizens. The question therefore arises as to whether regulatory measures relating to personal data reflect the insights offered by the theory.
At least in common law countries, it might have been expected that extensions to the tort of appropriation would have emerged, at least to assist well-known individuals to protect the brand-value of their public digital personae. Yet, with the exception of the UK, legal reform in this area has been glacial.
Another example of a yawning regulatory gap is the failure by European Data Protection Commissioner to enforce laws relating to personal data collection, use, disclosure and the right of subject access. The Internet enables corporations to offer services across national borders, and hence Google, Facebook and other corporations breach laws in many countries, but avoid retribution by locating their operations in jurisdictions with very low levels of consumer protection, in particular the USA. Little evidence exists of any concerted effort to address the problem. Another indicator that all is far from well has been the recent European dialogue relating to an emergent 'right to be forgotten' (Lindsay 2012).
One small, positive sign has been the emergence of an anonymity principle, initially in the Australian Privacy Charter (APCC 1994), and subsequently in the laws of Germany (1997), Australia (2000) and four subsidiary jurisdictions within it (2000-2009), and South Korea (2011). However, the principle remains far from becoming an integral part of data protection frameworks.
Apart from legal measures, or 'East Coast Code' as Lessig (1999) described them, there is a significant role for elements of information infrastructure, or 'West Coast Code', to provide a buffer against aggressive application of imposed digital personae on consumers and citizens. Examples of relevant information technology measures include applications of cryptography, Pretty Good Privacy and its associated web of trust notions (PGP - Zimmerman 1995), 'onion-routing' (Reed et al. 1998), U-Prove digital certificates that authenticate an identity's attributes without disclosing any identifiers (Brands 2000), Freenet to obscure the origins of a message (Clarke et al. 2001), and Privacy Enhancing Technologies (PETs) more generally (Clarke 2001a).
The various aspects of the digital persona notion have potential applications in many fields, and to good and bad effect, from the viewpoint of the individual to whom the persona relates, of other individuals, and of organisations. Clearly there are legitimate applications of imposed digital personae as a tool of criminal investigation and intelligence. Abstract models of targeted categories of people can be derived or contrived, and digital personae tested against those models to generate suspects. Some scepticism is warranted, however. For example, a dispassionate analysis is needed of the effectiveness of trawling passenger data in order to detect drug-mules, and particularly terrorists.
The digital persona concept is an important element within a comprehensive model of organisational use of personal data and human identities. No aspect of the original, 1994 conception has been identified as being inappropriate. Some extensions to the original conception have been necessary, in order to reflect developments in technology and practice. The concept, and the broader model of identity of which it forms an integral part, appear to be intellectually efficacious, in that they provide a basis for understanding, describing, analysing, explaining and making predictions and recommendations about personal data systems and 'identity management' schemes.
Unfortunately, the body of theory has had limited impact in both the research literature and the practice of identification and identity authentication in business and government. There are multiple indicators of failure in the research arena. The original article has attracted only a modest citation-count. The term is not embedded in discussions in the relevant literature, and no other terms that substantially reflect the concept appear to be embedded in discussions in the relevant literature either. The meme has not been sufficiently aggressive.
From an instrumentalist perspective, the concept and the comprehensive model of which it is a part have been, at best, ineffective. It is not evident in policy discussions. It has no traction with government agencies, industry associations, corporations or even privacy oversight agencies. It has achieved only limited appreciation among the media. In addition, 'identity management' initiatives continue to emerge, which, on the basis of the model, can be readily shown to be both technically naive and highly privacy-invasive. Indicative of the poverty of the IT industry's conception of the digital persona is this 'Top 10 Technology Trend for 2012', published by Deloitte in late 2011 (Cox 2011):
"Digital Identities: The digital expression of identity is growing more complex every day. Digital identities should be unique, verifiable, able to be federated and non-repudiable. As individuals take a more active hand in managing their own digital identities, organizations are attempting to create single digital identities that retain the appropriate context across the range of credentials that an individual carries. Digital persona protection is becoming a strong area of cyber focus".
That text is committed to the interest of corporations and government in contriving a single, consolidated digital persona for each person, which they can control by denying nymous personae, and by denying multiple personae per individual. Moreover, the consultancy's prognostication overlooks more than a decade of successive failed attempts by IT services providers to deliver digital signature schemes, single-sign-on, and federated identity management. To the extent that Deloitte is an 'industry thought-leader', industry is still failing to understand either the real world or the theory of human identity presented to it, and is continuing to lead the IT industry, and business and government organisations, in the wrong direction.
The digital persona continues to be an important element within the web of theory needed to sustain human rights in the face of technological change and the corporatisation of the nation-state. The 1994 article concluded with the statement that "If information technology continues unfettered, then use of the digital persona will inevitably result in impacts on individuals which are inequitable and oppressive, and in impacts on society which are repressive". IT has continued unfettered, political tendencies are towards national security extremism and the repression of freedoms, and the serious negative impacts are increasingly evident. It is important that the concept and the associated model be nurtured, in the hope that it will be applied more effectively, in some future, less troubled, more tolerant, and freer world.
In order to identify the surveillance publications that appear to have attracted the most attention from academic authors, the approach adopted was to conduct searches on Google Scholar. In comparison with alternative citation-count services, this offers a large catchment area, in return for being less discriminating in the documents in which citations are counted. Google's search-engine is poorly documented, uses various forms of fuzzy matching, and delivers different results from the same search-terms, at various times, and even at the same time, depending on various, undisclosed factors. The search strategy adopted here accordingly applied various means to identify highly-cited works whose subject-matter was primarily surveillance.
No attempt was made to find highly-cited publications that omitted the word 'surveillance' but used synonyms (such as 'monitoring' or 'systematic observation'). No attempts were made to search for highly-cited publications on subsidiary topics - which would use such search terms as 'wire-taps', 'electronic interception' and 'CCTV'. The public health and computer science literatures were excluded, because they use the term 'surveillance' in specialised ways, and generate large numbers of citations.
The searches were conducted in July 2012. The arbitrary threshold of 200 citations was selected primarily on the basis of manageability, in that substantial numbers of publications have between 100 and 200 Google citations. As with any evaluation based on cumulative citation-count, the resulting 'top 16' list in the table below is inherently biassed against publications that appeared within the last 5-10 years - and indeed it contains only one publication more recent than 2003. The list does at least pass the intuitive credibility test of containing many well-known authors in the surveillance space. (Remarkably, the most highly-cited five articles including the word 'panopticon' are only in the range 200-550. This reflects the fact that Google currently has no access to the text of Foucault (1975) - which has over 30,000 citations).
Because of the many limitations on the extraction process, considerable caution is needed in drawing conclusions on the basis of this data. Its primary function is to provide an indication of what constitutes a relatively high citation-count in the surveillance literature.
Adams B. (1997) '' Deseret News, 20 November 1997, at http://www.deseretnews.com/article/595933/Novell-introduces-goal-putting-a-friendly-face-on-computer-networking.html?pg=all
Agre P. (ed.) (1994) 'The Digital Individual' Special Issue of The Information Society 10, 2 (1994) 73-145
Amiran E. (2008) 'The Digital Unconscious' Seminar Announcement, Uni. California at Irvine, September 2008, at http://maillists.uci.edu/mailman/public/visgrads/2008-September/000417.html
APCC (1994) 'Australian Privacy Charter' Australian Privacy Charter Council, December 1994, at http://www.privacy.org.au/apcc/
Ball M., Callaghan V., Garnder M. & Trossen D. (2010) 'Pervasive Computing Technologies for Healthcare (PervasiveHealth)' Proc. 4th International Conference on Pervasive Computing Technologies for Healthcare, March 2010, Munich, at http://privatewww.essex.ac.uk/~mhball/docs/PervasiveHealth2010.pdf
Balnaves M. & Luca J. (2005) 'The impact of digital persona on the future of learning: A case study on digital repositories and the sharing of information about children at risk in Western Australia' Proc. 22nd Annual Conference of the Australasian Society for Computers in Learning in Tertiary Education, Brisbane, 2005, pp. 49-56, at http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=3671&context=ecuworks
Beard J.J. (2001) 'Clones, bones and twilight zones: protecting the digital persona of the quick, the dead and the imaginary' Berkeley Tech. LJ 16 (2001) 1165-1271
Biain J.M. & Vaduvescu I. (2010) 'Manifesto for the digital persona and Digital Habeas Corpus' Junco Films, 2010, at http://www.article12themovie.com/download/manifesto
Bogard W. (1996) 'The Simulation of Surveillance: Hypercontrol in Telematic Societies' MIT Press, 1996
Boyle J. (1997) 'Foucault in Cyberspace: Surveillance, Sovereignty, and Hardwired Censors' U. Cin. L. Rev. 66 (1997) 177
Brands S. (2000) 'Rethinking Public Key Infrastructures and Digital Certificates' MIT Press, 2000
Burkert H. (1997) 'Privacy-enhancing technologies: typology, critique, vision' Chapter in Agre P.E. & Rotenberg M. (eds.) 'Technology and Privacy: The New Landscape' NIT Press, 1997, pp. 125-142
Clark J.E. (2010) 'The Digital Imperative: Making the Case for a 21st-Century Pedagogy' Computers and Composition 27 (2010) 27-35
Clarke I., Sandberg O., Wiley B. & Hong T.W. (2001) 'Freenet: A Distributed Anonymous Information Storage and Retrieval System' Lecture Notes in Computer Science, 2001, Volume 2009/2001, 46-66
Clarke R. (1988) 'Information Technology and Dataveillance' Commun. ACM 31,5 (May 1988), at http://www.rogerclarke.com/DV/CACM88.html
Clarke R. (1993a) 'Computer Matching and Digital Identity' Proc. Computers, Freedom & Privacy, San Francisco, March 1993, PrePrint at http://www.rogerclarke.com/DV/CFP93.html
Clarke R. (1993b) 'CFP'93 - Personal Notes' Xamax Consultancy Pty Ltd, March1993, at http://www.anu.edu.au/people/Roger.Clarke/DV/NotesCFP93.html
Clarke R. (1994a) 'The Digital Persona and its Application to Data Surveillance' The Information Society 10,2 (June 1994) 77-92, PrePrint at http://www.rogerclarke.com/DV/DigPersona.html
Clarke R. (1994b) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994), at http://www.rogerclarke.com/DV/HumanID.html
Clarke R. (1994c) 'Dataveillance: Delivering '1984' Chapter in Green L. & Guinery R. (Eds.) 'Framing Technology: Society, Choice and Change' Allen & Unwin, Sydney, 1994, at http://www.rogerclarke.com/DV/PaperPopular.html
Clarke R. (1998) 'Platform for Privacy Preferences: An Overview' Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39, at http://www.rogerclarke.com/DV/P3POview.html
Clarke R. (1999) 'Internet privacy concerns confirm the case for intervention' Communications of the ACM 42, 2 (February 1999) 60-67, Special Issue on Internet Privacy, at http://www.rogerclarke.com/DV/CACM99.html
Clarke R. (2001a) 'Introducing PITs and PETs: Technologies Affecting Privacy' Privacy Law & Policy Reporter 7, 9 (March 2001) 181-183, 188, at http://www.rogerclarke.com/DV/PITsPETs.html
Clarke R. (2001b) 'The Fundamental Inadequacies of Conventional Public Key Infrastructure' Proc. Euro. Conf. in Infor. Syst., June, 2001, at http://www.rogerclarke.com/II/ECIS2001.html
Clarke R. (2004) 'Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects' Xamax Consultancy Pty Ltd, March 2004, 70 pp.
Clarke R. (2005a) 'Human-Artefact Hybridisation: Forms and Consequences' Proc. Ars Electronica Symposium on Hybrid - Living in Paradox, Linz, September 2005, PrePrint at http://www.rogerclarke.com/SOS/HAH0505.html
Clarke R. (2005b) 'Human-Artefact Hybridisation and the Digital Persona' Background Paper for Ars Electronica Symposium on Hybrid - Living in Paradox, Linz, September 2005, at http://www.rogerclarke.com/SOS/HAHDP0505.html
Clarke R. (2008) 'Dissidentity: The Political Dimension of Identity and Privacy' Identity in the Information Society 1, 1 (December, 2008) 221-228, PrePrint at http://www.rogerclarke.com/DV/Dissidentity.html
Clarke R. (2009a) 'The Covert Implementation of Mass Vehicle Surveillance in Australia' Proc. 4th Workshop on the Social Implications of National Security: Covert Policing, April 2009, Canberra, at http://www.rogerclarke.com/DV/ANPR-Surv.html
Clarke R. (2009b) 'A Sufficiently Rich Model of (Id)entity, Authentication and Authorisation' Proc. IDIS 2009 - The 2nd Multidisciplinary Workshop on Identity in the Information Society, London School of Economics, June 2009, Current Version at http://www.rogerclarke.com/ID/IdModel-1002.html
Clarke R. (2009c) 'A Framework for Surveillance Analysis' Working Paper, Xamax Consultancy Pty Ltd, August 2009, at http://www.rogerclarke.com/DV/FSA.html
Clarke R. (2011) 'Cyborg Rights' IEEE Technology and Society 30, 3 (Fall 2011) 49-57, PrePrint at http://www.rogerclarke.com/SOS/CyRts-1102.html
Clarke R. (2012) 'Privacy as a Strategic Factor in Social Media: An Analysis Based on the Concepts of Trust and Distrust' Working Paper, Xamax Consultancy Pty Ltd, April 2012, at http://www.rogerclarke.com/DV/SMTD.html
Clarke R. & Wigan M. (2011) 'You Are Where You've Been The Privacy Implications of Location and Tracking Technologies' Journal of Location Based Services 5, 3-4 (December 2011) 138-155, PrePrint at http://www.rogerclarke.com/DV/YAWYB-CWP.html
Cox M. (2011) 'Top 10 Technology Trends for 2012: Deloitte' eChannel Line, 11 December 2011, at http://www.echannelline.com/usa/story.cfm?item=27367
Dandeker C. (1990) 'Surveillance, power and modernity: Bureaucracy and discipline from 1700 to the present day' Polity Press, 1990
Deleuze G. (1992) 'Postscript on the societies of control' variously cited as 1986, 1990 and October 59 (Winter 1992) 3-7, cited in Dodge & Kitchin (2004), copy at http://www.mccoyspace.com/nyu/10_s/ideas/texts/week08-Deleuze.pdf
Dennis K. (2008) 'Keeping a close watch - the rise of self-surveillance and the threat of digital exposure' The Sociological Review 56, 3 (August 2008) 347-518
Dodge M. & Kitchin R. (2004) 'Codes of Life: Identification Codes and the Machine-Readable World' Working Paper 82, Centre for Advanced Spatial Analysis, University College London, May 2004, at http://www.casa.ucl.ac.uk/working_papers/paper82.pdf
Esguerra R. (2009) 'Google CEO Eric Schmidt Dismisses the Importance of Privacy' Electronic Frontiers Foundation, 10 December 2009, at https://www.eff.org/deeplinks/2009/12/google-ceo-eric-schmidt-dismisses-privacy
Farr C. (2012) 'New discovery game is a creepy virtual popularity contest for Twitter (exclusive)' Venture Beat News, 6 July 2012, at http://venturebeat.com/2012/07/06/new-discovery-game-is-a-creepy-virtual-popularity-contest-for-twitter-exclusive/
Fidel S. (1999) '' Deseret News, 31 March 1999, at http://www.deseretnews.com/article/688633/BrainShare-introduces-digital-identity-wallet-called-digitalme.html?pg=all
Foucault M. (1975) 'Discipline and Punish: The Birth of the Prison' Random House
Froomkin A.M. 'Anonymity and Its Enmities' J. Online Law, Article 4, 1995
Gandy O.H. (1993) 'The panoptic sort: A political economy of personal information' Westview, 1993
Hanson J.D. & Kysar D.A. (1999) 'Taking behavioralism seriously: some evidence of market manipulation' Harv. Law Rev. 112, 7 (May 1999) 1420-572
Haggerty K.D. (2000) 'The surveillant assemblage' The British Journal of Sociology, 2000
Heath D. (2012) 'The new digital age makes life difficult for under-cover spies' 20 July 2012, itWire, at http://www.itwire.com/business-it-news/security/55818-the-new-digital-age-makes-life-difficult-for-under-cover-spies
Henman P. (1997) 'Computer Technology - a Political Player in Social Policy Processes' Jnl Soc. Pol. 26, 3 (1997) 323-340
Hildebrandt M. (2006) 'Privacy and Identity' in Claes E., Duff A. & Gutwirth S. (eds.) 'Privacy and the criminal law' Intersentia, 2006, pp. 61-104, at thttp://works.bepress.com/cgi/viewcontent.cgi?article=1005&context=mireille_hildebrandt
Karnow C.E.A. (1994) 'The Encrypted Self: Fleshing Out the Rights of Electronic Personalities ' J. Marshall J. Computer & Info. L. 13, 1 (1994), at http://www3.cirsfid.unibo.it/asmiur01/area/documenti/Karnow_1994.pdf
Kelin S.-A.R. (1999) 'Digital Persona: A Gateway to Personal Information' ME Thesis, MIT, February 1999, at https://el.trc.gov.om/htmlroot/ENGG/tcolon/e_references/NDLTD/Information%20and%20Technology%20Engineering/Thesis/Digital%20persona%20a%20gateway%20to%20personal%20information.pdf
Kelly K. (1998) 'New Rules for the New Economy' Penguin, 1998
de Kerckhove D. (2012) 'From Freud's unconscious to digital unconscious' Seminar Announcement, International Journal of McLuhan Studies, February 2012, at http://www.mcluhanstudies.com/index.php?option=com_content&view=article&id=485:from-freud-to-digital-unconsciuos&catid=78&Itemid=472
Kim M.-C. (2004) 'Surveillance Technology, Privacy and Social Control: With Reference to the Case of the Electronic National Identification Card in South Korea' International Sociology 19, 2 (2004) 193-213
Koch M. & Möslein K.M. (2005) 'Identities Management for E-Commerce and Collaboration Applications' International Journal of Electronic Commerce 9, 3 (Spring 2005) 11-29
Leenes, R.E. (2008) 'User-centric identity management as an indispensable tool for privacy protection' International Journal of Intellectual Property Management 2, 4 (2008) 345-371
Lessig L. (1999) 'Code and Other Laws of Cyberspace' Basic Books, 1999
Levine R., Locke C., Searls D. & Weinberger D. (2000) 'The Cluetrain Manifesto: The End of Business as Usual' Perseus, 2000
Lindsay D. (2012) 'The Emerging Right To Be Forgotten in Data Protection Law: Some Conceptual and Legal Problems' Proc. 8th International Conference on Internet, Law & Politics, Barcelona, July, 2012
Liu H. & Maes P. (2004) 'What Would They Think? A Computational Model of Attitudes' Proc. ACM International Conf. on Intelligent User Interfaces, January 2004, Madeira, Portugal, pp. 38-45
Lyon D. (1994) 'The electronic eye: The rise of surveillance society' Polity Press, 1994
Lyon D. (2001) 'Surveillance society' Open University Press, 2001
Lyon D. (2003a) 'Surveillance after September 11' Polity Press, 2003
Lyon D. (2003b) 'Surveillance As Social Sorting: Computer Codes and Mobile Bodies' Chapter 1 in Lyon (2003c)
Lyon D. (2003c) (ed.) 'Surveillance as social sorting: privacy, risk, and digital discrimination', Routledge, 2003
Lyon D. (2007) 'Surveillance studies: An overview' Polity Press, 2007
Ma J., Wen J., Huang R. & Huang B. (2011) 'Cyber-Individual Meets Brain Informatics' IEEE Intelligent Systems, Sep/Oct 2011, at http://cis.k.hosei.ac.jp/~jianhua/mahome/Cyber-Individual_Meets_Brain_Informatics.pdf
Mac A. (2012) '5 Tools For Managing Your Personal Brand Online' Fast Company, 17 February 2012, at http://www.fastcompany.com/1816823/5-tools-for-building-your-personal-brand-online
BY Amber Mac | 02-17-2012
McAlpine M. (2005) 'E-Portfolios and Digital Identity: Some Issues for Discussion' E-Learning 2, 4 (2005) 378-387
Marx G.T. (1989) 'Undercover: police surveillance in America' University of California Press, 1989
Marx G.T. and Reichman N. (1984) 'Routinising the discovery of secrets' Am. Behav. Sci. 27. 4 (Mar-Apr 1984) 423-452
Mordini E. & Massari S. (2008) 'Body, Biometrics and Identity' Bioethics 22, 9 (2008) 488-498, at http://www.danslab.nl/fileadmin/user_upload/documenten/pdf/frame-0809/mordini_massari-body_biometrics_identity_1248269115.pdf
Nilakanta S. & Scheibe K. (2005) 'The Digital Persona and Trust Bank: A Privacy Management Framework' Journal of Information Privacy & Security, 2005, at http://www.bus.iastate.edu/amt/Readings/MIS%20655/DP%20and%20TB%20(Townsend)%201.0.pdf
Norris C. (1999) 'The maximum surveillance society: The rise of CCTV, Berg Publishers, 1999
Notoatmodjo G. (2007) 'Exploring the `Weakest Link': A Study of Personal Password Security' MSc (Hons) Thesis, Computer Science Department, The University of Auckland, New Zealand, July 1997, at https://cs.auckland.ac.nz/~cthombor/Students/gnotoatmodjo/Thesis_Body_11_Dec_2007.pdf
Packard V. (1964) 'The Naked Society' McKay, New York, 1964
PAPL (2007) 'Terrorism Law' Parliamentary Library of the Parliament of Australia, August 2007, at http://www.privacy.org.au/Resources/APH-Lib-terrorism-071008.htm
Phillips D.J. (2002) 'Negotiating the Digital Closet: Online Pseudonymity and the Politics of Sexual Identity' Information, Communication & Society 5, 3 (2002), at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.5212&rep=rep1&type=pdf
van der Ploeg I. (1999) 'Written on the Body: Biometrics and Identity' ACM SIGCAS Computers and Society 29, 1 (March 1999) 37 - 44
van der Ploeg I. (2003) 'Biometrics, and the body as information: normative issues of the socio-technical coding of the body' Chapter 3 in Lyon D. (2003b)
Reading A. (2009) 'The Globytal: Towards an Understanding of Globalised Memories in the Digital Age' In 'Digital Memories: Exploring Critical Issues' (eds. Maj A. & Riha D.), Inter-Disciplinary Press Oxford, United Kingdom, 2009, pp. 31-40
Reed M.G., Syverson P.F. & Goldschlag D.M. (1998) 'Anonymous connections and onion routing' IEEE Journal on Selected Areas in Communications 16, 4 (May 1998) 482 - 494
Rubinstein I.S., Lee R.D. & Schwartz P.M. (2008) 'Data Mining and Internet Profiling: Emerging Regulatory and Technological Approaches' UC Berkeley Recent Work, September 2008, at http://escholarship.org/uc/item/2zn4z6q4
Rule J.B. (1974) 'Private lives and public surveillance: Social control in the computer age' Schocken, 1974
Saebo O., Rose J. & Nyvang T. (2009) 'The role of social networking services in eParticipation' in Electronic Participation, Lecture Notes in Computer Science, 2009, Volume 5694/2009, pp. 46-55, at http://brage.bibsys.no/hia/bitstream/URN:NBN:no-bibsys_brage_19699/1/Sæbø_2009_Role.pdf
Sewell G. (1992) ''Someone to watch over me': surveillance, discipline and the just-in-time labour process' Sage, 1992
Schneiderman A. (2012) 'What Happens to Your Digital Persona When You Die?' Everplans Blog, 18 April 2012, at http://www.everplans.com/blog/what-happens-your-digital-persona-when-you-die
Simon B. (2005) 'The Return of Panopticism: Supervision, Subjection and the New Surveillance' Surveillance & Society 3, 1 (2005) 1-20, at http://www.surveillance-and-society.org/articles3(1)/return.pdf
StPT (2007) 'You know second life has become cool now: ibm has rules for employees who use it' St Petersburg Times, 27 August 2007, at http://imc.mbhs.edu/english/growinguponline/documentsfall09/secondlife.pdf
Taekke J. (2011) 'Digital panopticism and organizational power' Surveillance & Society 8, 4 (2011) 441-454, at http://library.queensu.ca/ojs/index.php/surveillance-and-society/article/view/4181/4183
W3C (2002) 'The Platform for Privacy Preferences 1.0 (P3P1.0) Specification' World Wide Web Consortium, April 2002, at http://www.w3.org/TR/P3P/
Wen J., Ming K., Wang F., Huang B. & Ma J. (2009) 'Cyber-I: Vision of the Individual's Counterpart on Cyberspace' Proc. 8th IEEE Intl Conf. on Dependable, Autonomic and Secure Computing, 2009, pp. 295-302
Wortham J. (2009) 'More Employers Use Social Networks to Check Out Applicants' New York Times, 20 August 2009, at http://bits.blogs.nytimes.com/2009/08/20/more-employers-use-social-networks-to-check-out-applicants/
Yen N.Y., Jin Q., Ma J., Huang R. & Shih T.K. (2011) 'Shift to Cyber-I: Reexamining Personalized Pervasive Learning' Proc. IEEE/ACM Intl Conf. on Green Computing and Communications, 2011, pp. 685 - 690
Zimmermann P. (1995) 'The Official PGP User's Guide' MIT Press, 1995
Zwick D. & Dholakia N. (2004) 'Whose Identity Is It Anyway? Consumer Representation in the Age of Database Marketing' Journal of Macromarketing 24, 1 (June 2004) 31-43
The stimulus to develop this paper was provided by an invitation from Derrick de Kerckhove for an interview by Skype during a conference in Rome on 20 July 2012. The conference was 'McLuhan: 100 Anni Dopo: Influenze trasversali sulla Persona Digitale: 5 scenari tra ieri e domani' (roughly, '100 Years On: Indirect Influences on the Digital Persona: 5 scenarios between yesterday and tomorrow').
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 17 July 2012 - Last Amended: 17 August 2012 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/ID/DP12-120817.html