How Chick-fil-A and Popeyes' Recent Twitter Beef Over a Chicken Sandwich Predicts the Future of Digital IDs
Could a person's digital identity be sufficient identification for anti-money laundering laws, know-your-customer regulations, and other legal requirements? Researcher Dov Greenbaum votes yes
Among the many impacts Twitter has on the world, it now appears it can also cause a chicken sandwich shortage. Even if you only eat Kosher, you have probably heard of the Twitter beef between American fast food restaurant chains Popeyes Louisiana Kitchen Inc. and Chick-fil-A Inc. over who has the better chicken breast sandwich. The result was a hoard of socially conscious diners, in search of a sandwich without Chick-fil-A's controversial moral baggage, depleting Popeyes' entire supply.
Tweeting out #chickenwars is likely much less malicious than most hashtags accompanying tweets that express feelings, political leanings, and important random insights that must be heard. But, regardless of why you tweet, each tweet, as well as each social media post, Yelp review, Instagram photo, snapchat, Facebook like, random outraged online comment, and all of the other stuff that we post as a result of our various indignations, are all digital breadcrumbs that can be combined to reveal an online digital identity.
In fact, U.S. President Donald Trump’s tweets are arguably a part of the presidential record under the Presidential Records Act of 1978, and as such his actions on social media may be recorded for prosperity, and he may not even be legally allowed to block people when they get on his nerves.
Just like Trump’s tweets, our digital identities are becoming a proxy for our physical selves and, as such, have become important, even valuable, assets. While much of our online content is protected from misappropriation by various privacy and intellectual property laws, a lot of it is intentionally, albeit not always wisely, shared by prosumers and made public for the world to access.
Each of us is responsible for the creation of a lot of online content. On average, we spend over six and a half hours online every day. A previous article I wrote with colleague Mark Gerstein already discussed what happens when the service provider dies, but what about when the user dies or becomes incapacitated? Who can access the deceased’s digital assets and who holds the legal right to them? Can you pass on your digital estate, which might include a digital inventory of valuable digital assets such as pictures, online accounts and associated user names, social media profiles, domain names, and financial instruments like fiat currencies and debts, to your digital heirs? The short answer is yes, but as a 2013 New York Times article suggested, most Americans do not make advance directives for their digital lives after death.
U.S. law has actually been pondering this issue for a while, and some states have already passed their own variations of the Revised Uniform Fiduciary Access to Digital Assets Act, which seeks to balance the needs of loved ones to access digital assets post-mortem with the administrative burden that would provide for the service.
But, in addition to inheritance, there are other areas where the law is interested in your online activities. For example, would your digital identity or a version thereof suffice for anti-money laundering and know-your-customer (KYC) regulatory requirements? The data extracted from your online experiences could be used to build a predictive model of your profile that should be able to sufficiently identify you, without you having to remember user names, passwords, and tokens. Your digital identity might even create liabilities for you: it is possible that your online persona can be used against you to legally support claims of drug use or racism, even if there is no outright proof thereof. Courts have already sanctioned attorneys for telling their clients to delete incriminating social media posts.
Your digital persona can also affect your career's trajectory. While in Europe there are legal limitations placed on reviewing job applicant’s online life, in the U.S. it seems to be pervasive, with even customs and immigration agents reviewing your social media presence, before letting you in the country.
However, there is another less sinister side to our digital presence. All this information could actually be put towards a respectable goal. In addition to the myriad bits of commerce that are keen to take advantage of your private information to sell you stuff, there are a number of groups that see this information deluge as an opportunity to develop a decentralized universal form of identification that would be available to everyone regardless of their socioeconomic status—a Digital ID, if you will.
Currently, over 1 billion people around the world do not have proper legal identification. But, with more than two-thirds of all people on the planet owning a mobile phone and more than half of them using the internet—with most of them also on some form of social media (Facebook, alone, has 1.5 billion active daily users) this could change. Russia, for example, is considering legislation for a government certified digital ID.
Given advances in artificial intelligence, our digital profile is likely a reasonably accurate representation of who we are. In contrast, our digital persona is representative of how we want to be seen online. Given the amount of time we spend online, it is very hard to consistently fake it on the internet, and so, for most of us, our online persona quickly starts to resemble our actual personality. And, if we are getting into semantics, all of these crumbs are distinct from the centralized digital identifiers, like our email addresses, or the MAC addresses on our various devices. Combined, each of these can make up our Digital ID.
To put it metaphorically, our constant interaction with the online world results in mountains of data, within which lie a number of consistent identifiers, that, like a fingerprint, can be leveraged to identify us without the need for further measures, such as user names and passwords. Combined with even more data from our online activities, we can create a digital DNA signature that can be used to both individually identify and describe us.
There are many benefits to a decentralized system, but they cannot be fully realized without an optimal structure that is standardized, secure, trustworthy, transparent, yet protective of privacy, and available to all. Such a system would provide authentication to your identity, profile information that describes you when necessary, and historical information that would be relevant for healthcare and insurance policies. This system would be useful across many areas of society, including government, commerce, healthcare, travel, or finance. It would be particularly helpful in humanitarian situations where people may not have or may not be willing to produce a centralized form of identification, say from a pariah state.
There are already a handful of pilot programs attempting some version of such a decentralized system, often using blockchain as a platform. Optimally, a workable product could start with data that the individual chooses to share which is then enriched with persona data, digital identifiers, profile information, and inferences from online activities based on tested standardized models. Such a system could encrypt your digital ID so that the underlying data is only available to those that the individual grants permission, and all access to the digital identity is logged so that the same individual can see who is looking them up.
Twitter’s chicken sandwich war eventually bled out onto Facebook where the ostensible winner—Popeyes—tallied even more likes and geo-tags. Similarly, Facebook may also provide an important component in the evolving digital ID: in the fine print of Facebook’s announcement of its proposed cryptocurrency, Libra, it claims, “an additional goal of the association is to develop and promote an open identity standard. We believe that decentralized and portable digital identity is a prerequisite to financial inclusion and competition.”
Dov Greenbaum, JD PhD, is the director of the Zvi Meitar Institute for Legal Implications of Emerging Technologies and Professor at the Harry Radzyner Law School, both at the Interdisciplinary Center (IDC) Herzliya.