The basic idea of user-centric Identity Management is to give users the control over their identity data. Undoubtedly, this would get us quite a bit closer to real informational self-determination. Users would be able to merge their identity data from different locations and to make part of them available for website registration or other purposes.
The point is that the user should be able to control which information he wants to make available, without unintentionally or out of ignorance giving away more information than he actually wanted. This is definitely an important issue for the conscious user who esteems his own data, including the paranoid user as well as the notorious privacy activist.
The more relevant question is how the big crowd will handle the problem. This is exactly what the discussion of the mentioned meeting was all about. In the end, though, we all agreed on that everything depends on the price that will be paid for identity data.
Recently, Horst Walther sent me a nice cartoon, when we met in an meeting and discussed on RFID. The subject of the cartoon was the implantation of RFID chips under the skin – already general practice with dogs and horses. The first picture showed the person angrily rejecting the request, referring to privacy protection. In the second picture, the person was told that the RFID chip would among other things contain a couple of gimmicks and a webcam, whereupon the person accepted straight away.
This situation is comparable to user-centric Identity Management. Let´s say, a user generates “infocards” with Microsoft´s CardSpace – or provides similar identity data using a Higgins-based software – thus describing part of his or her identity. But instead of using the data for a website registration with caution, there will probably be a number of users who will more or less carelessly give away identity data as soon as they are attracted by some kind of incentive, as trivial as this may be.
To me, the question is not if people sell their identity – in the end it will be a question of price. But I really wonder how many users will accept such a deal. 50 percent, 80%, or even more? My guess is that it will be the majority of users who¬ attach little value to their privacy and reveal identity data for something like free software, the participation in some kind of lottery, the membership in a specific community, or personalized information.
On the other hand, the situation opens up new interesting scenarios. I could imagine that some users will readily pay a little more for trustworthy services, i.e. in the field of personalization of information, if the service provider in charge with the personalization will guarantee that the provided identity data will exclusively be used for one defined purpose.
In any case, the handling of identity data will change drastically during the next few years. This will imply multiple consequences for businesses. New types of service providers and business concepts will arise. Other issues will become less important. For example, if there are easier ways to get to identity data, the effort of running click-analyses on websites for information about the user is no longer worth while. Anyway, there is one thing I am pretty sure of: A lot of people will sell their identity at a rather low price.