In the very near wake of a foiled terrorist plot, I find myself waking up, planning to write about the topic of anonymity and identity. The original impetus for my post is a recent article by David Weinberger. In that article, David argues for anonymity as a "default" in the online world by saying: "personal anonymity is the default in the real world -- if you live in a large town, not only don't you know everyone you see, but you're not allowed randomly to demand ID from them -- and it ought to be the default on line."
Its not so much that I disagree with David, as I think he's framing the problem incorrectly. Framing the "online anonymity" issue in the context of being a default makes it a binary issue -- a simple on/off switch; either anonymity is the default, or something else (from pseudonymity up to strongly authenticated identity) is the default. But online identity is *not* a binary issue. Identity (be it authentication, access, authorization, federation or any other component) operates on a spectrum. Further, every "user-centric" system I know of doesn't seek to make "identity" a default, so much as it seeks to make "choice" (including the choice of anonymity) a default. Whether the system is SXIP, CardSpace, or OpenID, they all begin by having the user choose how they will present themselves.
In the context of choice being the identity default, we're finding that the bulk of online users are choosing to place huge chunks of their identity online. My evidence: MySpace, YouTube, Facebook, etc. The heaviest generational component of the online community (the kids) rushes to identity themselves online. They flock to it so fast and so easily that its making federal lawmakers (and many parents) uneasy. Do these kids think that anonymity is or should be the online default? Apparently not.
My semi-joking explanation of this lies in "Norlin's Maxim." I first posited "norlin's maxim" as a joke, but I've since found it to actually be at least partially true -- thus its semi-joking nature. Norlin's maxim is simple: The internet inexorably pulls information from the private domain into the public domain. The proof: Google your name today and google it again in 90 days (more will be known about you over time).
So, rather than arguing about whether or not anonymity is the default in the "real-world" (its not), I would simply assert that while location may have been a proxy for identity in the original architecture of the internet, the nature of the network itself *forces* identity information from the private to the public domains. That forcing function leaves users open to losing control over their own personal information, and *that* problem demands a digital identity network infrastructure.