It is becoming one of the more significant questions in digital life: Would you trust Facebook to determine your trustworthiness?
The world's biggest social network has recently dedicated many of its engineers to the question of digital identity – to act as a middleman, an authenticator, when users wish to prove to a website that they are who they say they are.
On the surface, it is a perfect fit. Facebook already has 500 million members, and tries to push a culture of real names and information, rather than aliases. Millions of sites already use Facebook technology for logins.
But there's a huge challenge in the way of Facebook's dream to do for user ID what Google did for search. In short, a lot of the services that are most dependent on proper identification – online health records, banking information, government services – are used and administered by people who simply don't think the social network should be part of such sensitive interactions.
Just about every major website requires its own login and password, and many users, suffering from login overload, end up either forgetting their multiple IDs or using the same login and password for multiple sites, which leaves them very vulnerable to hackers. There are services designed to help users keep track of their multiple passwords, but there also exists a virtual wasteland of abandoned accounts.
But behind the superficial password issue lies a much more complex problem: trust.
According to the U.S. government, the world does about $10-trillion in business online, with annual growth in the range of 13 per cent. But those numbers could be greater if people had more faith in the medium.
U.S. Commerce Secretary Gary Locke announced last month that Washington would soon introduce a proposal for a more universal online ID mechanism to work across various government departments. But he was quick to point out that it would be purely voluntary, because the prospect of government Internet ID strikes many Web users as an invitation to surveillance.
In fact, the impetus is almost certainly financial – by building a single ID program, individual departments won't each have to build its own. On that level, partnering with something like Facebook might have made sense. But it's also a matter of security in information sharing.
The U.S. National Health Service's website contains some general health information that is accessible to just about anyone willing to register with a name and e-mail address. For other programs, such as grant applications or individual health records, the NHS needs to be certain of the user's identity. A robust online ID program would allow users to disclose only as much information as necessary to accomplish a specific task.
“Citizens are demanding more and more that we get the important stuff online,” says Dave Nikolejsin, Chief Information Officer of British Columbia, which is at the forefront of provincial efforts to develop an ID management system. “But most of those kinds of things require us to be very, very sure of who you are. … Every sector is starting to turn their minds to this.”
Certainly, Facebook is at the forefront of such cross-site authentication efforts. On many sites, when users log in from a location outside their normal points of access – say, during a trip to another country – they will be asked a few boilerplate safety questions: Where were you born? What's the make of your first car?
Instead, Facebook, leveraging its massive databases, will now show you pictures of five or six friends and ask you to identify them. A hacker may be able to guess your hometown, but not your friends' names.
But a fundamental disconnect exists between Facebook's for-profit world of ID management and the burgeoning government-led initiatives. No government body is likely to use Facebook-login features in the near future, given the deeply personal information they deal with.
As Mr. Nikolejsin says, “I don't believe the B.C. government will ever unlock a health record or blood-test result based on the fact that a user has been authenticated by Facebook.”
And as a fringe benefit, Revenue Canada need never see that your relationship status is “complicated.”
Omar El Akkad is The Globe and Mail's technology reporter.
