Regulating Electronic Identity Intermediaries: The 'Soft eID' Conundrum
66 Pages Posted: 18 Dec 2013
Date Written: December 17, 2013
Online intermediation platforms, such as Facebook and Amazon, are traditionally defined by their roles in enabling the publication, sharing and distribution of information, as well as the purchase of products and services. Nonetheless, these platforms have assumed an additional role, which has yet to be fully discussed and acknowledged: the role of identity intermediation. This new function can be defined as the process of creating, authenticating, verifying and guiding stable identities used for interacting in the digital realm. This Article explains and demonstrates this role, along with the disputes and tensions it generates. It further discusses a set of specific legal rules, duties and responsibilities for regulating identity intermediaries. After a brief introduction (Part I), The Article (in Part II) provides the background and terminology for understanding the role of identity intermediaries in the digital age. It notes the recent rise of “soft eID” intermediaries. These are defined as entities which provide for identity intermediation, yet do so incidentally, remotely and in a lightly regulated environment. Part III moves to further address soft eID intermediation, distinguishing between intermediations which rely upon the use of “Real Names” and “Stable Pseudonyms” — each category employing a different set of technologies and verification methods, and generating unique benefits and concerns.
Part IV explores the benefits and risks associated with soft eIDs. Identity intermediation secures economic benefits, protects personality and identity interests, enhances autonomy and promotes free speech. Yet it also raises security and privacy concerns, as soft eIDs might be hacked, used for impersonation or identity misrepresentation. In addition, identity intermediaries may also abuse their power by terminating accounts or limiting their interoperability and mobility.
Seeking the proper legal regime, Part V briefly examines related regulatory frameworks for identity intermediation, namely the EU Electronic Signature (eSig) Directive and its future developments under the current revision process, and the US National Strategy for Trusted Identities in Cyberspace (NSTIC). On the basis of this analysis, Part VI provides recommendations for legal responses, examining a variety of policy moves specific to soft eID intermediaries, such as requiring mandatory approval, setting up a voluntary accreditation system and assigning tort liability. After generally discarding the first two options, the Article closely examines whether and how tort liability should normatively be assigned to these identity intermediaries. Finally, this Part examines the role law should take in curbing the intermediaries’ excessive ability to impede on the individual’s identity interests.
Keywords: Social Networking Sites, Identity, Privacy, Online Intermediaries, NSTIC, Intermediary liability, Digital Signatures, Soft eIDs, Real Names, online impersonation, virtual identity
Suggested Citation: Suggested Citation