In 2023, our personal identity and reputation are no longer controlled by us. Instead, they are controlled by technology companies who have access to huge amounts of data about us that they can use in any way they want. They can track our behavior online – sometimes even when we think we’re not being watched or monitored – and then use this information against us if it suits their business interests or political agenda. But there is emerging technology to help control identity from the personal level. A new type of identity management called data sovereignty could allow us to take back control of our personal information and use it in ways that benefit us. This would in theory have the ability to decide which companies are allowed access to our data, and under what terms.
But right now, that is not the case usually.
Who Controls Your Identity and Reputation?
Your reputation and your identity are yours to control.
While the companies that you do business with may be responsible for their representations of you, it is ultimately up to you to decide how much of your personal information is shared with third parties. If a company sells your data without your consent or misrepresents itself as being trustworthy, this is not the fault of customer protection agencies; it’s simply an indication that these entities failed at their jobs. In addition, if there was security breach which resulted in a loss of personal information (e.g., hacking or phishing attacks), again this isn’t the fault of the government – it’s simply an indication that businesses did not protect consumers properly enough when handling sensitive data.
The government is not responsible for protecting your digital identity. Instead, you should take precautions to ensure that your digital assets are safe from attacks and other forms of abuse. If someone steals your data or misrepresents it as being credible, this is not the fault of customer protection agencies; it’s simply an indication that these entities failed at their jobs.
When companies rush technology to market, they have a limited time frame to deal with identity, cybersecurity or privacy issues. Most choose to do this at the last step, and usually with fewer resources than was used to market the product. So there is a rush to market, and a subsequent loss of security and privacy. Multiply this by all the platforms out there and you begin to see the scale of the problem in front us. Organizations and individuals alike now have to contend with explosion of screens, platforms and attack surface areas that can compromise identity and reputation in an instant. While it is true that you can only protect against the attacks that you know about, there are certain measures that can be taken to mitigate risk. We need to start thinking about security and privacy as a design principle rather than something we add on at the end. We need to understand who has access to our data, where this data is stored, who has access and whether they have legitimate business purposes for accessing it.
A New Frontier in Reputational Security
The old frontier of reputational security is identity management, the process of keeping track of exactly who you are and what you’re doing. Identity management has long been a complex task that involves multiple entities, including government agencies (think passports) and private companies (think Facebook). But it’s clear that as technology continues to advance, we need a new approach to reputational security; one that takes into account changes in our technological environment as well as shifts in societal norms around privacy and anonymity. The term “reputation” has been used to describe a person, group or object’s standing in society. A person’s reputation can refer to their character (examples: honest, trustworthy), achievements (examples: writer) or public image (examples: politician). Reputation is often associated with status which can be measured by the amount of respect one has from others.
The new frontier for reputational security is reputation management: an emerging field focused on how individuals can manage their online presence to ensure it aligns with their values or goals. In this context, “online presence” includes everything from social media accounts like LinkedIn or Instagram—where you post photos of your latest trip or share links from articles you found interesting—to more obscure corners of the web like Amazon product reviews or even Wikipedia pages about influential figures in your field.
The impact of emerging technologies, including sensors and mobility-as-a-service, artificial intelligence, quantum computing, virtual reality, blockchain, and the internet of things upon the reputational risks that organizations face is well documented. However, the ways in which the emerging technologies transform personal identity are less well known.
You’ve probably heard of the concept of identity and reputation. Maybe you understand that your identity is part of your reputation, but probably not much more than that.
- Your identity refers to who or what you are in relation to something else—for example, an organization or a transaction (such as when you purchase something from Amazon). In other words, having an identity means being able to identify yourself.
- But your identity as reputation is also what is contained in the hundreds of databases that contain tens of thousands of data points about you.
- At some point the coalescing of this data river, quantum computing and deep fakes will result in perfect fake identities being used to affect reputations of real people. This will be incredibly dangerous, because the perfect fake identity can use that reputation to unlock doors and access information. Imagine, for example, if someone was able to hack into your bank account by creating a perfect fake online persona of you. Or if someone created an identity that was so good it could borrow money from banks and other lenders in your name.
Identity and reputation are closely related. Your identity is a part of your reputation, but it’s not the whole thing. Identity is more about who you are; reputation is more about what other people think of you. But who you are is now a dark data pool, along with billions of other people too. The most important thing to understand about identity is that unfortunately it’s a shared asset. Your identity is something that belongs to everyone in your life, it’s not just yours. You may have an official record of who you are, but this information can be used by anyone who has access to it. That includes companies like Facebook and Google, which have access to more data than any government agency or law enforcement body ever could.
With the advent of quantum computing and deep fakes, it will soon be possible to create perfect fake identities that are indistinguishable from real ones. These fake identities could be used to influence people’s reputations by changing what they think about other people. For example, if someone wants to damage your reputation as a politician, they could create a fake identity that looks like you and use it to say things on social media across different platforms (and even in person) that would make voters think poorly of you.
The problem is that it won’t be possible to tell whether these fake identities are real or not. The technology has advanced so far that you can’t tell the difference between a real person and a highly realistic fake one—they look exactly the same. The consequences of this will be devastating for democracy around the world. Take it a step further, and what happens when a fake university pretending to be a real university issues a research paper based on deep fake information? Or a fake government agency issues a complete fake report that affects the stock market or other markets? The implications of this technology are enormous and far-reaching. It will be used to manipulate data and information in ways we can’t even imagine. And it will cause chaos because we simply won’t know what is real or fake anymore.
Understanding these new challenges that individuals face is important because managing an and identity and reputation depends upon managing risk. Managing risk depends upon knowing what that risk is.
Managing risk is about understanding the potential for something negative to happen and then addressing it by taking steps to reduce your exposure. As you can imagine, managing a reputation requires managing risk. If you’re not managing your reputation, chances are good that someone else is doing it for you—and they may not have an objective perspective.
Let’s take a look at some examples that illustrate how individuals are learning to manage their reputations in today’s digital world:
- A business owner using Google Alerts to identify new changes in search that affect their business
- A non-profit who use various social listening platforms to be able to identify their largest online supporters as well as their detractors.
- People who use credit monitoring companies that also provide access to when one’s name or email pops up on the dark web, providing a chance for people to change passwords and authentications before they get their data stolen too.
- A defense contractor using AI to monitor all of their employees online status 24 hours a day to prevent espionage and data theft.
- A doctor using a reputation company to scan for fake reviews about her.
These are just a few simple types of ways in which people and organizations are looking at dealing with the combination of identity and reputation becoming one. There are obviously many more, and more to come as well.
The reputational risks facing both individuals and businesses are growing rapidly. Technological advances will make it easier for people to create fake information, while at the same time making it more difficult to know what is authentic. The future of reputation security depends on recognizing these challenges now so that we can prepare for them as they come into being in the next few years.