"Identity" is who you are, not something you have. It's not an attribute assigned by some other party.
Digital systems traffic in identifiers -- strings of some sort, usually, which purport to identify one and only one ... something. A person, a business, a role. The holy grail is that no one such identity (the actual behind-the-identifier entity) has multiple identifiers, though this always fails, least of all because developers and authorities require flexibility.
What identifiers actually track, mostly, is relationships, between some individual, and ... well, some interested party. Are you a homeowner, patron, customer, insured, user, employee, employer, vendor, client, ...? And here, a large part of the conundrum becomes apparent: relationships differ depending on the relation between entities, a single individual has many relationships, possibly (or probably) with even a single other party.
Much of the attempt to track identity comes down to credit (or creditability), rights, trust, entitlement, responsibility, or other ongoing relationships over time. Are you the individual who has a legitimate claim to the contents of a bank account? Or a data storage account? Are writings A, B, C, and D the work of one or multiple individuals? Is that individual (or individuals) credible? If I want to listen to a musical performance, do I owe you a payment? If you listen to a musical performance of mine, how do I assert, and correctly collect on, a payment claim? Are you claiming to be A but are actually B? Is this transaction potentially fraudulent?
Some claims are more enduring and critical than others. Entitlement to a pension or government social insurance claim. Tax liabilities (or refunds). Voting. Others are inherently limited -- for all the risks of fraud in commerce, once a transaction has conclusively completed (and the tax office gets its vig), identity is largely moot.
(Service-based relationships change this, though whether that's worth the hassles is another question.)
In-person assertions of identity, as with voting, are expensive to spoof, particularly at scale. This is why the interesting acts of voting fraud very, very, very seldom involve individuals voting multiple times -- the costs are too high given the desired benefits. Far easier to corrupt the process elsewhere: eligibility, ballot formats, voting places, counts, and the like.
The power and curse of digital information it is independent of presence. Actions can be taken independent of place, and often of time. One work-around is to require an in-person registration at some periodic interval, or anchoring to a specific location (as with mailing addresses), or to payment. That last is why financial transactions records are so hotly sought: there's literally a cost to creating these, hence they're vastly higher quality than other data. (In the data analysis world, data tied to payment is virtually always more reliable than data which isn't: in U.S. health care data, procedure data, on which payment is based, is far more reliable than diagnosis. And since payments are contingent on both, each is gamed (through physician billing coding software) to maximise revenue.)
Digital systems traffic in identifiers -- strings of some sort, usually, which purport to identify one and only one ... something. A person, a business, a role. The holy grail is that no one such identity (the actual behind-the-identifier entity) has multiple identifiers, though this always fails, least of all because developers and authorities require flexibility.
What identifiers actually track, mostly, is relationships, between some individual, and ... well, some interested party. Are you a homeowner, patron, customer, insured, user, employee, employer, vendor, client, ...? And here, a large part of the conundrum becomes apparent: relationships differ depending on the relation between entities, a single individual has many relationships, possibly (or probably) with even a single other party.
Much of the attempt to track identity comes down to credit (or creditability), rights, trust, entitlement, responsibility, or other ongoing relationships over time. Are you the individual who has a legitimate claim to the contents of a bank account? Or a data storage account? Are writings A, B, C, and D the work of one or multiple individuals? Is that individual (or individuals) credible? If I want to listen to a musical performance, do I owe you a payment? If you listen to a musical performance of mine, how do I assert, and correctly collect on, a payment claim? Are you claiming to be A but are actually B? Is this transaction potentially fraudulent?
Some claims are more enduring and critical than others. Entitlement to a pension or government social insurance claim. Tax liabilities (or refunds). Voting. Others are inherently limited -- for all the risks of fraud in commerce, once a transaction has conclusively completed (and the tax office gets its vig), identity is largely moot.
(Service-based relationships change this, though whether that's worth the hassles is another question.)
In-person assertions of identity, as with voting, are expensive to spoof, particularly at scale. This is why the interesting acts of voting fraud very, very, very seldom involve individuals voting multiple times -- the costs are too high given the desired benefits. Far easier to corrupt the process elsewhere: eligibility, ballot formats, voting places, counts, and the like.
The power and curse of digital information it is independent of presence. Actions can be taken independent of place, and often of time. One work-around is to require an in-person registration at some periodic interval, or anchoring to a specific location (as with mailing addresses), or to payment. That last is why financial transactions records are so hotly sought: there's literally a cost to creating these, hence they're vastly higher quality than other data. (In the data analysis world, data tied to payment is virtually always more reliable than data which isn't: in U.S. health care data, procedure data, on which payment is based, is far more reliable than diagnosis. And since payments are contingent on both, each is gamed (through physician billing coding software) to maximise revenue.)