On the Use of Social Networking Services for Government Identity Management Purposes: A European Policy Analysis

Abstract

The issue of identity policies for online environments continues to attract interest from academics, policy makers, and advocates. Today, the primary questions regard not only whether and how to identify or authenticate users online, but also who (i.e., which entity) should be entitled to do so. In this context, this article addresses the ongoing tension between the traditional way of managing identities (that is, through unilateral actions endorsed by governments and public administration organizations) and recent trends in the provision and authentication of identities by private parties (or through cooperative private-public partnerships). Some European Union (EU) Member States have already opted for business models in which the private sector provides electronic identities (eIDs) that may also be used to access online public services, such as Sweden’s BankID (which is e-government-enabled) and the proposed identity assurance model in the UK. The U.S. has its National Strategy for Trusted Identities in Cyberspace, which calls for the creation and facilitation of a “vibrant marketplace” for identity provision, with multiple accredited identity providers — both private and public — offering identity services. In the context of private sector organizations emerging as identity providers, this article focuses on the possible role of social networking services (SNS) in government identity management (IdM). The widespread diffusion of SNS provides an opportunity to use these platforms for IdM purposes. Third-party sites have already started partnering with these services to simplify and streamline their registration processes. Governments appear next to do so. This paper thus explores the potential merits and drawbacks of these developments from a European policy perspective. Among the reasons why European governments may be interested in using pre-existing SNS for IdM, we discuss the following: a) large installed base; b) critical mass of users; c) relatively mature infrastructure; d) high social acceptance of 'social' technologies; e) cost-effectiveness; f) real-name policies (which could render these identities more trustworthy and adequate for official uses); g) mutual recognition and cross-border (EU-wide) interoperability of eIDs; and h) the potential use of biometrics (particularly with the integration of facial recognition). Still, there are several drawbacks. We consider the following: a) citizen discomfort with using SNS credentials for official interactions; b) unreliable registration processes; c) reduced possibilities for anonymity and pseudonymity (and the attendant threats to freedom of speech and other political participatory values due to the emphasis on using real names); d) potential exclusionary effects for citizens unable or unwilling to use these eIDs; e) problems of neutrality (i.e., which platforms do governments endorse?); f) problems of data ownership; g) security concerns; h) the potential for SNS to track users on government sites; i) jurisdictional issues (i.e., most popular platforms are US-based); j) task complexity; and k) liability issues (assuming that one’s SNS-endorsed eID is recognized and used for e-government services across different Member States, which party is liable for misuse, theft or impersonation?). A future version of this paper will discuss the different policy options available to the EU regarding the adoption of SNS for government IdM purposes. According to the framework presented in the paper, the policy options proposed would allow for the possibility of adding (on a purely voluntary basis) private eIDs to a list of mutually recognized official identities. Private eIDs would be considered apt for government identity-related transactions as long as they respect pre-established criteria. This policy option would make it possible to use both pre-existing and new private eIDs for e-government services. The analysis of policy options takes place in light of the legislative measures currently being proposed in Europe to facilitate electronic identification and authentication, namely within the scope of the ongoing Electronic Signatures Directive revision process. The article calls attention to the need to keep the approach of mutual recognition and interoperability of eIDs open to evolution, technological progress, and new business models. The paradigm of state monopolies over the provision of identities is outdated. Additional alternatives to this model should be sought in the private sector.