The Tragedy of the Identity Assurance Commons

Abstract

Identity assurance is the processing of personal identifying information (PII) to reach a desired confidence that an individual is who they claim to be. However, identity assurance is beyond a process; it is a commons, a natural resource accessible to all whereby individual actions can affect the group. Because each time we copy an item of PII we inadvertently expose it to misuse, which reduces the identifying utility of PII, and therefore reduces the confidence of identity assurance. Akin to the prisoner's dilemma, there is a usage dilemma in sustaining PII. A dilemma heightened by the Web as PII is being digitally exchanged, processed, and stored, with ever-increasing volume, variety and veracity. To explore identity assurance as a commons, we develop an agent-based simulation of a simple resource strategy game. Building on work regarding the persistence of PII exploitation, our initial findings suggest that there is a potentially unsustainable dynamic in identity assurance. Therefore suggesting that in the long-term our current regulatory attempts are inapt.