Liberty, pseudonymity and personas

Over on his “Talking Identity” blog, Oracle’s Nishant Kaushik recently posed the question “Is a pseudonym the same thing as a persona?” – a question which Dave Kearns then wrote about in his column here.

Nishant quotes from the ID Commons definition of “persona” as follows:

[Comment 1]: “A Persona is something put forward by a user, but how it is perceived, recognized, accepted, rejected, trusted, used etc. by a Relying Party cannot be specified or in any way implied.”

I don’t disagree with that, but I draw slightly different conclusions from it (Nishant infers from the underscored phrase that a persona and a pseudonym are the same thing). The definition I tend to use for “persona” is: “that subset of personal information which an individual chooses to disclose in a given context”. The ID Commons definition, to be fair, does also refer to contextuality and user-selectability, but does so in terms (“agent”, “claims”) which reflect a particular technological stakeholder perspective.

I think it’s important to try and arrive at a definition which is as consistent as possible between ‘real’ and ‘virtual’ life. The idea of “choice” is important; for me, personas are a way in which people seek to manage the impression they create when interacting – and ‘management’ implies some degree of control. Thus – I may choose to appear to my employers as a serious, diligent technocrat, and to my children as a kind, loving parent. (And, arguably, the better those reflect my actual qualities, the more consistently I will be able to give that impression).

Dave Kearns uses the example of Clark Kent/’Superman’/Kal-El, and I think my apporach is consistent with his. The individual who sometimes exposes a Clark Kent persona and sometimes a Superman persona has the same set of attributes regardless (ability to fly faster than a speeding bullet leap tall buildings with a single bound, etc…), but exercises the choice to disclose them selectively depending on context. Thus, Superman is confident and assertive around Lois Lane (while Clark Kent chooses not to be), and Clark Kent tends not to hover disconcertingly above ground level even though he could if he chose.

Translated to the digital world, a persona is that subset of attributes which I disclose in a given context – and as Dave says, the subset may include an identifier. In fact, as Nishant points out, it may be nothing more – pesudonymous email addresses are a good example.

However, a persona can also consist of a number of attribute assertions (“I am male, single and over 20”), without containing either a ‘genuine’ identifier (Kal-El) or a pseudonymous one (Clark Kent) – therefore I maintain that personas and pseudonyms as distinct rather than identical.

One useful approach is to think of the distinction between a pseudonym and a persona as equivalent to the distinction between an identifier and a set of attributes. One (the pseudonym/identifier) is usually the “index” which allows you to find the other*. This is reflected in a couple of the models for Identity Data which we derived from the Liberty Alliance Privacy Summit series. The topic of “indices” and the special treatment they require (but do not always get) is covered in the report from the Brussles Privacy Summit (April 2007), a copy of which you can find here.

*An interesting by-product of this definition is that it clarifies that, while a persona is the set of attributes displayed by the individual, a pseudonym might well be attributed to that individual by a third party. Thus, a counter-terrorism officer scanning CCTV footage might label repeat appearances of “Suspect B” as such, without knowing “Suspect B”‘s real identity. Assigning a pseudonymous index to the individual (requiring neither their knowledge nor their consent) allows the officer to find successive recordings of their attribute data.


4 thoughts on “Liberty, pseudonymity and personas

  1. Hi RobinYour definition of persona is “that subset of personal information which an individual chooses to disclose in a given context”Does truth come into this definition? If a married person takes off his/her wedding ring when s/he visits a singles bar on a business trip, this is intended to conceal a state of unavailability and convey the impression of availability.Once the person has had a few drinks, then an inebriated persona emerges. (Do you count this as a persona?) Some people prefer to do business with those they have got drunk with, perhaps following the principle of “in vino veritas” or perhaps “in vino nos fides”, producing a “persona grata”.

  2. Surely a persona can also be invented by hostile third parties. For example, the persona of a randy Tory MP with carpet burns appears to to be a libellous fiction, the invention of one Damian McBride.

  3. Robin Wilton says:

    Thanks Richard – you’re right; a persona does not always represent a true/accurate set of personal data (hence my comment about whether the persona accurately reflects my real qualities).. and like much identity-related activity, it may be a tool for dishonesty as well as legitimate privacy protection.As to Mr McBride and his ilk: I think the example of malicious third-party attribution takes us into the realm of Levels of Assurance, as raised by Ken Klingenstein in my earlier post (data, information and inferences). It’s not just a question of what is asserted, but how reliable its ‘provenance’ is.

  4. thestateofme says:

    Robin,I had a go at defining Persona some time ago – My definition is a bit enterprisey, though I did use some Internet examples in my presentation at Catalyst last year.I think if you take a ‘role’ to be a bundle of attributes (something which I meant to write more about at the time, but never got around to) then it fits nicely with the privacy angle that you’re playing here. e.g. outside of the enterprise (where people exercise more choice about what they make public or keep private) then the attributes that you choose to expose can be related to a given online persona.–Chris

Comments are closed.