Imagine that some stranger in a shady corner of the Web comes across your name and a few details of your life and puts together an online presence uncomfortably reminiscent of you. Hard to know what to think at first. It could be anything from coincidence to a con or something else altogether. But this feels more ominous than the theft of a credit card number. We can cancel the plastic, but we can’t cancel our identities. I was involved in such a case recently, and while I cannot discuss the specifics, it introduced me to ideas involving the broader significance of online identity, which is perhaps not discussed widely enough in our professional community.

Your identity consists not of the impersonal strings of numbers assigned to your name by business and government, but of the combination of attributes that fundamentally make you, you. It is a kind of quicksilver that can be hard to grasp but ultimately is crucial to how you relate to others and how they relate to you. It is the sum of our personal histories, personalities, relationships, beliefs, biology, the patterns of our lives and activities, our habits, and more. It is our interface to the world and the internal code that drives us.

Both actively and passively, we create an ever more detailed digital self-portrait. We may be the original content providers, but we are unable to know what material will be viewed and how it will be used now and in the future. From blogging to swiping a card at the supermarket, the behavioral patterns of our daily lives are captured in data streams; they create new representations of ourselves. The resulting depictions are dependent on how the data is crunched by algorithms and also by the various kinds of people who interact with it. Sure, that sounds a little abstract and distant. It’s hard to imagine anyone doing anything problematic with your stuff. But that’s part of the problem; it can be entirely and reasonably unimaginable. Until it isn’t.

For many of us, our online presence is becoming an important part of our external identities and has a growing sway over our professional and personal lives. Digital media can capture and present sides and angles of ourselves that we may not have known were there. Our virtual presence can have lasting influences on real-life interactions. Facebook, MySpace, Twitter, LinkedIn, and Match.com, not to mention the Google search results of our names, can sometimes make up the sole representation of our identities to someone interested in learning about us. We are numerical strings, user names, and template profiles. Accurate or not, such data can be someone’s primary means of forming an impression of who we are. We are entering into a kind of open source experiment in identity. Who knows how much the things we choose to present about ourselves online may influence our self-perception. Do we start to believe our own hype? There may be identity feedback dynamics that we have yet to recognize and understand.

It would be hard for many of us to imagine not having the search results at our disposal. The results provide us with instant resumes and context about others. In the past, if we really wanted to learn about someone, we had to rely on talking to people. Now we can get insights and information about others almost instantly without the input of anyone else. For a Web 2.0 spin on Descartes, consider that “SEO ergo sum” may be more appropriate these days than Cogito ergo sum. The catch is that much of this process is mediated by algorithms rather than people. This means that a system that can often be a powerful proxy of our identities can also be easily manipulated. We can SEO (search engine optimization) ourselves, but the question is, what do we stand for? What are our true keywords? Some businesses work hard to improve their meta-identities, but in the great leveling ground of the Web, individuals may sooner or later want to consider these issues for themselves. In a media-saturated culture, it seems like the word “brand” is far more fitting than “identity.” This is true for celebrities, but in a world of Web-enabled micro-celebrity, will brand attributes become a greater concern than character traits for some people?

Perhaps one analogy to help in thinking about our online identities is open source software development. It has unlocked floodgates of creative participation and, for the most part, brings out the best in people. However, there are also a few bad actors who will do a malicious hack of a program for pure sport. The same dynamics can be applied to open source content development… or our online identities. Put another way, imagine your online presence as a wiki entry-the “Wiki You.” Perhaps you are the main author, but the content is malleable and only partially controllable. The content of a wiki entry is subject to the vicissitudes of inaccuracies, inconsistencies, agendas, and sometimes zealous partiality or malice.

If safeguarding our strings of numerical identifiers is important, what is the value of managing our online identities-the information, stories, and images that portray us, on the Web? Just as computing power has enabled a massive trade in our numeric identifiers, so will evolving technology make possible the traffic in more personal forms of information, the uses of which we cannot yet fully imagine. The idea of trying to manage a swirling cloud of digital data seems impossible. Perhaps it is. But that does not mean there’s no chance to put some stakes in the ground for ourselves and others.

People in the user experience field, in one way or another, have been in the thick of it. They have helped create the entrances into the online arena for people who would not have otherwise ventured there. This has enabled them to project themselves on a stage with the capacity for a massive audience. Working in front of a computer can feel like such a personal and intimate experience that it is hard to remember it is more like a great stage with crowds milling in and out of the auditorium. Like an actor on a stage who can barely see the spectators, our glowing screens show us a limited view of our audience. Some of our viewers are visible and some are not, many invited but many others not. User experience professionals have empowered people to step onto a vast stage and tell their story, both factual and otherwise, to the world. The audience often has to decipher fact, fiction, or some combination of the two. As we help them ascend the stage, what role can, or should, we play in this unfolding drama-set designer, stagehand, fellow actor, audience member, all of the above?

There is a new opportunity to think about what identity means to ourselves and everyone else. Perhaps a first step is increasing our understanding of the meaning, value, and potential vulnerabilities of our cyber-identities. It is, after all, a hard-won and unique collection of information, experience, and perspective. The life you have lived shaped this collected knowledge and set it apart from any other-the happy and painful moments, the things you have learned, the mistakes you have made and the victories. Like so many things in life, we pay attention to things of value only after they are threatened. It is only after a more direct encounter with online-identity infiltration that I see this issue in a new light.

Lost in the Crowd: The Commodification of Our Identities
Finally, after a long time in the waiting room, a nurse calls your name. As you walk over to her, you notice another person also approaching. Both announce yourselves to the nurse by the same name. The quizzical look on the nurse’s face soon turns to irritation as you and your counterfeit debate who should get the exam. While that scenario may seem fanciful, in fact there are instances of people who are taking on stolen identities to get medical treatments covered by the legitimate person’s health care plan. This situation points to one consequence of commodifying our identities. If the fraudster were dealing with a longtime family doctor, it would be unimaginable to assume a false identity to get medical treatment. However, in a less personalized environment, in which the physician has never before and will likely not see you again, ID theft is all too plausible. In the midst of depersonalizing health care and other services, we are becoming more like numbers and less like individuals. People are hard to manage; numbers are easy to rig.

While the discussion of identity theft is often framed in the context of privacy, paradoxically, privacy may also be part of the problem. Consider a jammed road in a large city center. Large numbers of people in semi-private and semi-anonymous vehicles converge in close proximity in a fluid public space. The sense of privacy in interacting with others, give some drivers license, so to speak, to act in ways they would not if they knew the other individuals involved or were more exposed themselves. On the whole, the system works. But as we all know, the semi-anonymous interactions bring out problematic behaviors in a small percentage, although it may often seem small enough to not present a serious problem. That may be the case, but if you bear the brunt of someone’s road rage, it suddenly can be very significant. On the Internet, we mingle with some people known to us and many more who are not. We are visible, but only partially so. This environment makes it easier for others to mimic traces of our identity, and gives them the ability to hide the sources of the information.

Perhaps a key to identity protection is not just about increasing privacy, but also about building real community. The case I was involved in was solved by a range of people with different skills and interests who came together. It wasalso about good friends and colleagues watching out for each other in this environment.

Here are some of the other lessons I learned in my exploration of identity theft.

• Look closely. A cheap imitation of an expensive watch, at a distance, may look like the real thing. Setting up a false, but superficially plausible, identity online requires very little time and effort.
• Be imaginative. We are becoming increasingly aware of protecting our identities, but perhaps should start thinking more seriously and imaginatively about safeguarding it. Can we imagine scenarios for how our identities and autobiographies may be used and misused in the future?
• Include irrationality. For some of us, it can be hard to understand or accept that people will do bad things for no practical or rational reason.
• Find strength in community. For moral and practical support, there is no substitute for strengthening the ties online and in the real world to the people we know and trust.
• Anti-counterfeiting measures. What are the possibilities of “watermarking” our Web presences?
• How can we holistically strengthen and protect our online identities? Can that be taken too far and be overly engineered?
• Justice 2.0. Our legal system is behind our technology. What can be done to update legislation to prevent abuse?
• Don’t be complacent. We need to pay attention to our online identities and those of the people we care about.

Useful Resources
Investigation Identity Theft and Preventing Identity Theft in Your Business, both by Judith Collins
Federal Government websites:

• http://www.idtheft.gov
• http://www.ic3.gov/default.aspx
• http://www.ftc.gov/bcp/edu/microsites/idtheft