Exploring identity assurance as a complex system
Exploring identity assurance as a complex system
Personally identifying information (PII) are complex resources. Each item of PII, e.g., a fingerprint, holds a confidence-based utility that fuels identity assurance, i.e., processing fingerprints towards a desired confidence that a person is whom they claim. Each time we use an item of PII however, for identity assurance or otherwise, we inadvertently expose it to misuse. Exposure thus accumulates to deplete the confidence that may be extracted for subsequent identity assurance uses. Therefore, in terms of identity assurance, PII exhibit some of the properties of a commons, wherein resources are accessible to all, and whereby individual actions can affect the group. In this depiction of identity assurance, there is an underlying usage dilemma surrounding PII. This dilemma arises because coaxed by the affordance of the modern Web, PII of increasing veracity is being digitally exchanged, processed, and stored in ever-increasing volumes and varieties. Towards a novel sense of identity assurance as a commons-esque system, this work combines empirical and agent-based simulation methods to investigate PII exchange between individuals and organisations. First, by repurposing Elo’s (1979) ranking algorithm, I produce a unique user-centric measure of PII’s personal utility by ranking identifiers based on the quantification of (N =125) users’ willingness to disclose. These results also incorporate inter-contextual differences with a design spanning social, commercial and state-based contexts. Second, I qualitatively analyse 23 one-to-one semi-structured interviews regarding disclosure decisions. From this, I identify six super-ordinate classes of heuristics that users rely upon during disclosures: prominence, network, reliability, accordance, narrative, and modality, along with a seventh non-heuristics class; trade. Third, I combine my empirical results with theory to produce a dual-system decision model of users exchanging PII with organisations. Finally, I explore the dynamics of PII exchange via an agent-based simulation of my model that serves to illustrate the potential effect of interventions such as educating users or increasing competition. I show that our onus on disclosure self-management threatens the future efficacy of identity assurance methods.
University of Southampton
Marmion, Vincent
ad75e553-1b07-4673-8e79-7ff268a9e59d
Marmion, Vincent
ad75e553-1b07-4673-8e79-7ff268a9e59d
Millard, David
4f19bca5-80dc-4533-a101-89a5a0e3b372
Marmion, Vincent
(2021)
Exploring identity assurance as a complex system.
University of Southampton, Doctoral Thesis, 176pp.
Record type:
Thesis
(Doctoral)
Abstract
Personally identifying information (PII) are complex resources. Each item of PII, e.g., a fingerprint, holds a confidence-based utility that fuels identity assurance, i.e., processing fingerprints towards a desired confidence that a person is whom they claim. Each time we use an item of PII however, for identity assurance or otherwise, we inadvertently expose it to misuse. Exposure thus accumulates to deplete the confidence that may be extracted for subsequent identity assurance uses. Therefore, in terms of identity assurance, PII exhibit some of the properties of a commons, wherein resources are accessible to all, and whereby individual actions can affect the group. In this depiction of identity assurance, there is an underlying usage dilemma surrounding PII. This dilemma arises because coaxed by the affordance of the modern Web, PII of increasing veracity is being digitally exchanged, processed, and stored in ever-increasing volumes and varieties. Towards a novel sense of identity assurance as a commons-esque system, this work combines empirical and agent-based simulation methods to investigate PII exchange between individuals and organisations. First, by repurposing Elo’s (1979) ranking algorithm, I produce a unique user-centric measure of PII’s personal utility by ranking identifiers based on the quantification of (N =125) users’ willingness to disclose. These results also incorporate inter-contextual differences with a design spanning social, commercial and state-based contexts. Second, I qualitatively analyse 23 one-to-one semi-structured interviews regarding disclosure decisions. From this, I identify six super-ordinate classes of heuristics that users rely upon during disclosures: prominence, network, reliability, accordance, narrative, and modality, along with a seventh non-heuristics class; trade. Third, I combine my empirical results with theory to produce a dual-system decision model of users exchanging PII with organisations. Finally, I explore the dynamics of PII exchange via an agent-based simulation of my model that serves to illustrate the potential effect of interventions such as educating users or increasing competition. I show that our onus on disclosure self-management threatens the future efficacy of identity assurance methods.
Text
Thesis_VM2021
- Version of Record
Text
Permission to deposit thesis - form
Restricted to Repository staff only
More information
Submitted date: September 2021
Identifiers
Local EPrints ID: 457266
URI: http://eprints.soton.ac.uk/id/eprint/457266
PURE UUID: 7e8f8758-26bf-4fb4-b41e-ac7e968bf5b2
Catalogue record
Date deposited: 30 May 2022 16:41
Last modified: 17 Mar 2024 02:46
Export record
Contributors
Author:
Vincent Marmion
Thesis advisor:
David Millard
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics