
Names, Legal Names, and Fractally Deferred Responsibility - zdw
https://nora.codes/post/names-legal-names-and-fractally-deferred-responsibility/
======
jcrawfordor
I once had a friend who, due to some ancestral tradition of retaining multiple
clans in names, had a name which consisted of six parts. A first and last name
with four middle names in between is not quite an accurate breakdown given the
tradition (which, as I understand it, is more akin to the Spanish "uno y dos"
surnames), but seemed like a close enough representation that ought to be
possible in many systems. Of course, it actually was not possible in many
systems, and of all the bizarre handlings of his name perhaps the strangest
was the motor vehicle division, which decided to use the first three parts as
first name, the second three parts as last name, and then apparently some
automated system later on helpfully removed the spaces and apostrophe and
truncated after so many characters. The resulting driver's license was both
comical and nearly illegible.

This case was fairly innocent in that it was seldom even annoying. However,
even more common seems to be transgender individuals who have completed a
legal name change but cannot get the name field updated in automated systems,
a case that can cause a great deal of offense. It seems that the underlying
cause here is less format assumptions, though, and more immutability, which I
worry the article doesn't quite hit hard enough. I once had my name simply
misspelled in, of all things, a university ERP, and it took over a year of
nagging to get it corrected. I got the impression that a consultant had to be
brought in to make the change. Years later I worked in the kind of corporation
that had a lot of "for life" employees, and it was frustrating how often
people's usernames no longer matched their names because they had gotten
married and been told their username simply could not be changed. Building any
system which is e.g. keyed on a name field is absolutely going to cause
frustration and expense down the line when someone does something odd like get
married. Unfortunately, many software systems make an implicit assumption of
immutability by using username as a key for integration purposes, so it cannot
readily be changed. MS AD in theory tackles this problem by internally using a
GUID to identify users but this is far from complete and username is still
critical in some places (mostly third-party integrations), most Linux
environments haven't even tried to address the problem.

Finally, the article's section about evaluating whether or not there's a real
need for a legal name field reminds me of Heath Fogg Davis's concept of a
"gender audit," which is similar and helps to address similar situations.
Essentially, he calls for organizations to systematically review every case in
which a person's gender is recorded and determine whether or not it is really
required. In many cases there's actually no underlying reason (other than
someone's thinking that gender was a key and immutable component of identity),
and the gender field can simply be removed, preventing a lot of down-the-line
frustration in handling cases like transgender individuals. In other cases
there is a purpose but it's one that requires no particular constancy (e.g.
selection of pronouns in notifications) and so it's better to both make the
property readily changeable and, even better, stick directly to the purpose
for which you need the information and nothing more--for example, instead of
asking for gender, ask the user which pronouns to use.

~~~
supernintendo
My name consists of four parts and I have a similar experience as your friend.
My birth certificate just combines all four names into one string but systems
represent me as either having two middle names, two hyphenated last names
(which is technically incorrect although one of my middle names happens to be
my mother’s surname) or only the first of my two middle names. It hasn’t
really caused a meaningful impact on my life with the notable exception of
when I was applying for my passport. That ended up turning into a month-long
side project of acquiring updated documentation with consistent naming just so
I could verify my identity to the passport office.

To add more chaos to the equation, I’m transgender and going through the
process of changing my legal name now. I feel oddly prepared to handle this
given my past experiences with legal name based verification. I’ll probably
end up abandoning my PayPal account of 17 years though. I hear you need some
sort of blood sacrifice for them to update your name and honestly their
service just isn’t good enough.

~~~
ValentineC
> _I’ll probably end up abandoning my PayPal account of 17 years though. I
> hear you need some sort of blood sacrifice for them to update your name and
> honestly their service just isn’t good enough._

By abandon, I guess you mean closing the old one and creating a new one?

PayPal's processes and customer service are notoriously incompetent and
customer-hostile. Three months ago, they asked me to provide charity
information for my personal account, and subsequently limited my
receiving/sending privileges.

~~~
supernintendo
> _By abandon, I guess you mean closing the old one and creating a new one?_

Yeah that seems to be the way to go. Although to be honest I haven’t really
used PayPal much in recent years. Apple Pay / Card has pretty much usurped all
other payment methods for the vast majority of my purchases. All it needs it
single-use card numbers and I think it would be perfect as far as a payment
solution is concerned (assuming you’re as invested in the Apple ecosystem as I
am).

As far as receiving money is concerned, I just don’t see the appeal of PayPal
in this day and age. If I’m taking money from a friend who wants to pay me
back (for drinks or whatever), I would much rather use something like Venmo or
Cash App. Fast, easy, straight to the point. When it comes to e-commerce
however, I don’t think anyone holds a candle to Stripe. It doesn’t bring me
any pleasure to say that (I don’t love caping for any large corporation) but
they really do have the best solution. The APIs are a joy to work with and
they really seem to have thought out every situation as far as business
requirements and compliance are concerned. Even Square (which you might think
is a worthy competitor) fails to provide solutions to specific use cases,
something I had to learn the hard way.

All in all, I really just don’t see the point of using PayPal in 2020. There
are so many superior options out there. But I guess the ubiquity of PayPal
means it is here to stay.

~~~
ValentineC
I use PayPal mainly to pay a subscription to a business that I like, but
doesn't want to break anything that's already working.

PayPal also gives me the option of cancelling the regular payment on my end.
Stripe has nothing like that.

------
pjc50
Pleased to see the reference to there not being a concept of a legal name in
the UK. Which made it even weirder when a spate of insane billboards appeared
with the slogan "It's illegal to use a legal name"; presumably some sovereign
citizen nonsense infecting the UK over the Internet.

Another essential piece of reading for names in the database context, and the
idea of social "legibility", is _Seeing like a State_ (see long review at
[https://crookedtimber.org/2007/10/31/delong-scott-and-
hayek/](https://crookedtimber.org/2007/10/31/delong-scott-and-hayek/) ).

Also thinking of a certain South African industrialist who has recently given
his child a name that is not only unpronounceable but un-renderable in ASCII.

~~~
NoraCodes
It's pronounced Kyle. X is Greek "chi", the "ae" ligature is pronounced like a
long I, and A-12 is the 12th letter from A.

(Yes, I'm aware that this isn't true.)

~~~
WorldMaker
For what little it is worth, I read on the Verge or somewhere that the
"official" pronunciation is "Ecks Ash Ayy Twelve", so it is pronounced almost
exactly as it is spelled. (Ash actually is the old English name for the "ae"
ligature, derived from its Futhorc rune, rather than any traditional
pronunciation [1].)

Apparently for meaning they intended "[Unknown variable] [Closest traditional
ligature to AI] [Model number of favorite plane]", which I suppose is some
sort of meaning.

[1]
[https://en.wikipedia.org/wiki/%C3%86](https://en.wikipedia.org/wiki/%C3%86)

------
gumby
The definition of “legal name” is interesting. When I got married in
California 30(!) years ago I “changed” my name by simply asking for a
replacement DL with a different name on it, then used that to change my ssn.
At the time you could use any name you wish, as long as it was not for
fraudulent purposes.

Which makes sense to me — it’s my name after all; why should it be rigidly
locked to some decision my parents made over which I had no input?

And a benefit of coming from a small country: the consul was able to issue me
a new passport in my new name (she wanted to see my marriage license) which
I’ve been able to renew even though in my home country that’s not my “legal”
name.

None of that is possible any more: after September 2001 there was a rush to
useless, officious busybodying around things like names which really aren’t
anybody else’s business

------
mehrdadn
If you're wondering what the definition of a legal name name even _is_ in the
US, it's explained here (at least as the SSA sees it):
[https://secure.ssa.gov/apps10/poms.nsf/lnx/0110212001](https://secure.ssa.gov/apps10/poms.nsf/lnx/0110212001)

It's also interesting how they handle different spellings of the "same" name,
e.g. apparently "Elsa" and "Alice" have only a "minor difference":
[https://secure.ssa.gov/apps10/poms.nsf/lnx/0200302460](https://secure.ssa.gov/apps10/poms.nsf/lnx/0200302460)

~~~
gumby
They probably use soundex codes as a form of error correction or fuzzy match.

Most federal govt use of ssn includes name+ssn+dob; while there are presumably
many people with the same dob and closely related ssns (so typos would match
something) an approximate name could reduce the number of false negatives
quite a bit.

~~~
mehrdadn
I'd never heard of soundex codes, that's pretty cool! Thanks for sharing. For
anyone else curious:
[http://www.genealogyintime.com/GenealogyResources/Articles/w...](http://www.genealogyintime.com/GenealogyResources/Articles/what_is_soundex_and_how_does_soundex_work_page1.html)

------
inetsee
I am fortunate in that my preferred name and my legal name are identical, and
not the least bit exotic, so all the IT systems I've had to deal with over the
years haven't felt the need to mangle my name.

I also have several pseudonyms I use for various purposes. I am an
exceptionally private person, so I use a pseudonym for the poetry I write, and
another one for the more serious stuff I write. I also have another one I
created for some of the technical stuff I've written over the years, mostly
because several of the companies I've worked for had this silly idea that any
thought that popped into my head belonged to them.

------
balnaphone
> A person’s “preferred name” is their name, their “legal name” is something
> else, and it’s our duty as software engineers not to muddle the two up.

I strongly disagree, having dealt first-hand with the fallout of identity
fraud. These escape hatches negate the purpose of names. The problem with
storing "legal" names is the custodial burden of storing _any_ personally
identifying information; however, the benefit of dealing with a bona fide
person may outweigh the cost.

In the case of an academic institution, it is completely reasonable to use a
legal name as the standard. If a person doesn't like their name, then the onus
today is on them to change it. This article doesn't propose any constructive
alternative, that maintains the integrity of the academic system which is
relied upon, in an important way, for things like visas, scholarships, and
employment.

The preachy disagreeable manner that this article was written in doesn't help.
The appeal to collective cause indicates a defective and illogical mode of
thinking. The argument as presented lacks a logical basis, instead trying to
appeal to emotion through example and anecdote. Who is this person, to dictate
my duty? And furthermore to decide the meaning of basic terms, such as what a
name is?

No thanks.

------
jaspax
> there is almost always a human in the loop somewhere verifying that the
> documents submitted by the user are valid. This is harmful to the user...

This might be the first time in which I've heard someone call the human in the
loop "harmful to the user". It's a _good thing_ that name changes require a
human in the loop; the potential for abuse is astronomical otherwise, and the
upside of having a human in the loop for legal name changes greatly outweigh
the potential downsides.

Most of the other problems that the article mentions fail to exceed the
threshold of "minor annoyance or moments of embarrassment". It would
definitely be nice if any system that needed your legal name would also
provide a "preferred name" field to avoid these moments, but I'm not sure that
this problem actually rises to the level of importance that the author gives
it.

"Just don't record legal names" is nonetheless good advice for the majority of
systems.

~~~
squiggleblaz
I'm not sure if you're confused about the human in the loop. She's saying it's
harmful when there's a human in the loop at the university trying to confirm
the legal name change, not that there's a human in the loop in the name change
process in general. If a database doesn't require a human to verify new
records and records only a person's real name to the exclusion of their legal
name, this seems pretty obvious to me. The question therefore is limited to
occasions when a database requires a human to verify new records and/or
record's a person's legal name. I think if there's some kind of "know your
customer" requirement, as in a bank, they probably need to verify the change.
But even then it's probably sufficient to record the name and the original
name, use the new name for salutations, and have someone follow up the change
if need be.

The registrar charged with recording a person's legal name, by contrast,
obviously has a responsibility to make sure it's a valid name. This doesn't
change whether it's a child being born or whether it's an adult changing their
name.

Two cases I recently heard about - apparently some parents weren't ready to
name their newborn son when the nurse came around asking for the name. They
said "come back in a day or two", as is their right, but the nurse just
submitted a form that said UNNAMED. He didn't realise what had happened till
he was 16 and applying for his learners permit. This shouldn't have been
permitted; the registrar should have put that certificate aside and come back
to verify it. (Source: unverified caller on radio.)

Also, a boy changed his surname to his mother's maiden name, which was also
the surname of his uncle, a famous serial killer. He had good reason to change
his surname: He had a strained relationship with his stepfather. Such a change
is, in general, highly questionable, but in this case it was probably quite
correct to allow it. Only human intervention can really divide the cases. (In
any case, this particular boy shortly went on to kill his mate in an attempt
to associate himself with some of his uncle's notoriety.)

~~~
jaspax
I understood the OP correctly, and I stand by my point. If someone claims that
their legal name has changed, it makes perfect sense that any organization
which needs to operate with legal names will be checking to see that the
papers supporting this claim are real, and I don't see why this should be
considered harmful.

I too know some families in which name requirements cause problems. I have an
acquaintance whose name was never recorded on her birth certificate and who
was not initially issued an SSN. She managed to get to the age of 18 without
too much trouble, but when she wanted to apply to college she had a very
difficult time proving that she legally existed.

~~~
NoraCodes
> If someone claims that their legal name has changed, it makes perfect sense
> that any organization which needs to operate with legal names will be
> checking to see that the papers supporting this claim are real, and I don't
> see why this should be considered harmful.

The misunderstanding here is subtle but important. I absolutely agree that a
human needs to verify _legal_ name changes. This is why I suggest that legal
names shouldn't be recorded most of the time. Humans do not need to be
involved, generally, with name changes that have no legal or tax implications,
so when legal names aren't the default, that human's time can be used
elsewhere, and the user's experience streamlined.

------
TheFattestNinja
I think the general issue here is that of having semantical (or semantically
generated) identifiers.

Intuitively, we often assume that the UUID of a person is his name (for some
definition of name). Then when this changes all hell breaks loose because we
are mutating an ID that has been shared to 3rd parties.

Some countries don't have a UUID for its citizens. Some countries don't even
have a register of its citizens.

Even those countries that have a register AND a UUID for each citizen still
often make the mistake of making it derived from the "name" (thinking for
example of the Italian "Codice Fiscale"), which can obviously cause confusion
if you then attempt to change your name.

This is very common in _a lot_ of IT systems even when its not names. It's
windowIds VS windowNames, it's username VS userId, email VS userId, primaryKey
vs ID field etc.

The hill I'll die on is the preaching of never ever ever ever using a
semantical id. Sure, they are handy (humans can reason better about those than
about random strings), but DON'T MAKE THEM THE ID.

A handy test to avoid this pitfall is: if tomorrow every value that represent
some id-like property (i.e. foreign keys in a db) in my system (string or
numeric) was replaced by a unique 1-to-1 mapping to another set of random
strings, would my system still make sense? A good ID-based system would
survive this. One where there are assumptions like ID = name ++ email not so
much (because name <-> aaa, email <-> bbb but name ++ email <-> ccc, violating
the assumption)

------
sigwinch28
The UK's Government Digital Service spends a lot of time considering how
people interact with computers, especially people with accessibility
requirements.

For example, here one of their team describes building a fictional government
service: [https://www.youtube.com/watch?v=JHaLzm-
FGsc](https://www.youtube.com/watch?v=JHaLzm-FGsc)

