Debunking stories about identity

I have come to like a distinction between digital identification, digital legal identification and digital identity.

Digital identification refers to a credential or to a process. You can be asked to identify yourself when accessing for example accounts like email or Facebook, which might not even have associated any of your legal data (DNI number, date of birth and so on). You can set up anonymous accounts. Digital identification thus refers to the process of proving you are a certain someone (or something). This process might or might not involve showing or using a digital credential similar to physical credentials. Another example of digital identification as a process, one we go through pretty often nowadays, is when we are asked to click a reCAPTCHA box in order to prove we are humans.

Digital identity on the other hand, refers to the digital information out there about who we are and what we do as individuals, regardless of legal status. Undocumented people also have identities and digital identities. Our digital identities can be related or not to our legal identification. Imagine social media accounts, email, gaming sites, dating apps, etc. You could use your legal name or any other name you decide.  

As with our non-digital identities, many things might contribute to our digital identities: data about our schools, whether we graduated, if we ever went to jail, jobs, if we are single, if we have children, how much money we earn, who we give money to, what loans we get and if we pay them back, our political ideas, our cultural origins, languages we speak, where we were born, or ideas of morality expressed in online posts, our participation in communities, etc.

We could be a very different person in Facebook and Instagram. But that is regarding “profiles” we know exist about us. The data we choose to share “is just the tip of an iceberg”. We do not see the rest that is “hidden under the water of the friendly interfaces of mobile apps and online services” (QZ). There is a lot about us on the Internet we have no idea is there. From the things just listed to our online behavior, like patterns of when we are online and offline, content we clicked on, how much time we spent reading/watching it, our health records, and typing speed. And the problem is we have no idea who uses it, where is stored and for what purposes. In sum, our digital identity is composed by data we know is out there, and a lot more of data and interpretations of it we have no clue is out there. It could include, or be linked to, our legal identification.

And third, digital legal identification is the process by which people prove they are who they say they are by using legally valid identifiers, like a DNI number, name, identification number, or even their biometric data. For example, you can be asked to prove you are the right legal entity to access your AFIP (Federal Administration of Public Revenue or tax authority in Argentina) account online. Importantly we do not go through a digital legal identification process only with public institutions, but also when interacting with the private sector. Not everyone can legally identify himself or herself online; ‘undocumented’ people can’t usually provide verifiable information. This doesn’t make them any less human, or less worthy of rights (although in Argentina undocumented people are often deprived of some of basic rights).

Proponents of digital forms of legal identification, like those who advocated for Argentina’s Digital Identity System (SID) or the mobile ID (DNI Digital), often argue these are easier for everyone, useful in diverse contexts, and that having a digital ID will lead to faster and more accurate access to government services, private services, and to more inclusion (see EFF and WB’s ID4D). One argument being heard in Argentina is that it can lead to better financial inclusion. There is also of course the process of identification with online means but in offline contexts, like showing your age in your mobile ID at a shop, or a digital Covid vaccine certificate to a police officer. The online and offline realities are intertwined.

Argentina has a digital identity system (SID) that can be adhered to not only by public organizations and citizens but also by private firms. It is based on the centralized Federal Biometric Identification System (SIBIOS, which doesn’t have website), which uses data collected by National Registry of Persons (RENAPER). The biometric data stored by SIBIOS are fingerprints, palm prints and facial records. To implement SID, in March 2018, the Ministry of Modernization bought a facial recognition software, to NEC Argentina S.A., a subsidiary of a multinational corporation, for 8.4 million USD. The software is called NeoFaceWatch.

SID is, I believe, the reason I have been recently requested to go through this process of digital legal identification by two private companies: my health insurance and the ecommerce website Mercado Libre. They both demand I take selfies on their platforms or apps so I can prove I am who I say I am. I only assume they use SID, because they do not explain it anywhere. I have ditched Mercado Libre but I can’t easily switch health insurers. Now, SID’s website says they abide by the data protection act, and that private counterparts using SID should do the same. But data breaches happen all the time (not to mention the data protection act is from 2000). So, how are we protected? There is information about the safeguards, but it uses a very technical language, not an accessible one.    

Then there is also the official digital identity app, which is marketed as a replacement of the national DNI (the physical ID credential). But as one of my interviewees, Isaac, experienced, this digital ID doesn’t fully replace the physical ID. At the start of the initial lock-down in 2020, he couldn’t collect his renewed ID card, and Migrations (he is Peruvian) instructed him to download the digital ID. However, it did not include the info he needed to get the Covid-permit required for him to get to work and he ended up loosing his job.

The story we are told about our legal identification is a neat, closed loop: in order to be considered a citizen, having an identity and be worthy of rights, I need to give my personal data to the trusted state, and then I am given an identification credential so I can interact with the government, the private sector and fellow citizens; all based on trust. We register with the local hospital or municipality and we tell them our personal information: name, address, date and place of birth, gender, nationality, education, etc., and we do so because we trust they will treat our data in the right way. We trust they’ll provide us with services, will protect us, and engage with us on issues that matter, like building a highway across our neighborhood. We give the state our data in exchange for that (Taylor). This is a social contract. On top, being given a physical credential feels powerful; it makes us feel we belong. If I happen to disappear, authorities will look for me, I will not be “a nobody”. What about our digital legal identification? It is the same only easier, faster, cheaper, and safer. It is a contract and we think we know the terms.

Time goes on and the story stays the same in our minds, despite the advent of digital technologies and growing surveillance capabilities. Part of the untold story is that identification systems in Argentina were not born out of a social contract of mutual services and rights between citizens and the state. When identification started being systematized in Argentina, the reasons behind were policing and control.

The untold story is that the social contract, which assumes a direct exchange between citizen and state, is broken. We think we are giving our data to public institutions, but we are not: there are companies in between. Governments cannot hire the many technical specialists needed to deal with big data so they rely on contractors, and this, as Linnet Taylor says, “breaks the citizen link with the state about data”. Having companies in between might be inevitable, in the age of digitalization, but the problem she says is that we aren’t really making rules about this new type of contract. Commerce and the state are together in processing our data, which poses huge risks to our rights as individuals and groups.

In Argentina, there is a huge lack of publicly and easily accessible information about this: how does RENAPER handle our biometric data? What companies manage SIBIOS? What safeguards are in place? Individuals and organizations can ask for a special access to this info but who’s got the time to do that? What if the safeguards are wrong? Is our biometric data linked to our behavioral data collected by for example banks, or by other public bodies like ANSES (Argentina’s National Administration of Social Security)? Is ANSES assessing people using software/algorithms?

Photo by Darwin Quispe

We are not told the extent to which Argentina’s mobile ID (DNI Digital) allows organizations and firms to gather personal data of the DNI holder, at the moment of interaction: “every time someone uses a digital ID holder, there is an chance for the ID issuer and the ID verifier to gather personal data about such person. And this collusion of personal information might get in the wrong hands (Hancock). In Argentina the mobile ID isn’t yet compulsory.

We are not told if the digitalization of our data and interactions with the state means we are being profiled or being put into categories like: “the ones that do not pay back”, the “ones who are potential criminals”, etc.

For example, is it happening that Cuenta Gratuita Universal holders (bank account that can be open online and for free and that uses SID) are getting financial scores out of their financial behavior and their digital identities? Is any sort of digital redlining happening using people’s behavioral data?

Are our digital identities colliding with our digital legal identification? Not knowing is a big problem, because by not knowing we loose agency. 

Photo by Pablo González

There must be ways to dismantle the neat story we have been told, so room opens up for social pressure, and policy reforms. And I guess some of the many answers to how to do that lay in the everyday experiences and ideas of the non-activist-non-technologist people. I talked to 21 of them and looking back we might spot some incipient cracks to the dominant story.

Crack one: being discriminated thanks to my ID

Argentineans are used to identify themselves everywhere they go. Some, however, have had worst experiences doing so, than others. If your skin is brown or darker, and you dress a certain way, you probably encounter unfriendly attitudes every time you have to identify yourself offline.

For those who are victims of it, discrimination is not fully normalized; they feel it. Many of my interviewees talked about it a lot, because it happens a lot, and DNIs make things worst. You don’t get jobs with the “wrong face” or skin color, but also because of your place of birth and current address: data written on the DNI. The DNI is used to discriminate if you have a “bad” postcode. Credentials are very powerful because they are pretty symbolic of “belonging”. Yet, the sense of belonging breaks when certain data about you is used against you. What data about you gets to be known and by whom, matters.

Crack two: being watched in social media, by the government

One of my interviewees, Marcos, told me about the time he had been at a friend’s house, and the police had unexpectedly raided her house, taking away her phone and computer. She had tweeted she would be happy to shoot ex president Macri (this happened while he was president). What she said was very much an exaggeration over anger against Macri, Marcos said, and she still uses her twitter account, but makes no jokes anymore.

Argentina’s Ministry of Security has been using cyber-patrolling since 2017. But only in April 2020 news broke about its use to criminalize legitimate speech online. The Ministry then reacted by preparing a protocol. However, the draft was criticized by civil society organizations, which called for the cease of cyber patrolling until adequate safeguards and regulations were discussed in Congress and implemented. But in May 2020, the Ministry published a protocol through a resolution, incorporating some of the recommendations made by civil society but ignoring calls for a legislative debate (Freedom House).  

Crack three: kids can’t even join classes online

One incipient break to the dominant narrative that digital technology leads to inclusion has been the COVID-19 pandemic: it has “exposed just how far the inequality gap reaches in education, pushing those who were already on the margins further out when learning requires technological tools they simply don’t have” (Alcoba). Not having access to internet was one major factor driving 1 in 4 primary school students who live in the poor areas of Argentina to abandon their schooling in 2020 (OAE).

The basics, including Internet infrastructure, just aren’t there for most people. Many of my interviewees, including those studying at university, explained how staying enrolled had been a huge struggle, precisely due to the lack of hardware and connectivity. Plus, companies often do not cover the neighbourhoods they live in (and we are not even talking periphery of cities). More than 45% of households in Buenos Aires’s low-income neighbourhoods do not have Internet access at home (Catholic University study) and almost half of households also don’t have computers. That’s why an overwhelming majority of students there, 80%, rely on their mobile phones to study (OAE). There isn’t justice in this, complained Renata, who felt she was lucky for having only one kid enrolled and therefore not having to juggle multiple school assignments at the same time on one single phone.

Photo by Pablo González

Crack four: rallies and cameras – there is no privacy

Olivia, a long time immigrant, was clear privacy is a tricky issue, and that public space surveillance was a reality. She participates in civil society groups and when at rallies/marches, they advice each other about covering their faces, and not to post people’s faces in social media. However, she added, “if they want to catch you, they´ll catch you”.

With still clear memories of the dictatorships in Argentina, Olivia did not feel very hopeful about human rights being respected by authorities, even in democracy. Increasing demands on identification could well be linked to further repression and that is something that worries her. The state apparatus feels too big to tackle. At the same time she thinks resistance could work.

Crack five: I am not the type

And then there is also the way people create profiles online, the constraints to identity creation and the predefined ways of being legitimate, desirable subjects: most of my interviewees did not feel they fit on platforms like LinkedIn and Computrabajo (me neither); some on them not even on Facebook. “One limitation to the possibilities for self-presentation on social media is the very design of profiles” (Szulc). On LinkedIn, unless you graduated from university, your profile is incomplete, lacking, and wrong. And on Facebook, “we can choose our own main and cover photos, but why is it necessary to have a profile and a cover picture in the first place? Facebook has simply designed it this way, subtly suggesting that this is how we should present ourselves in this digital environment” (Szulc). These are corporatized identities designed for targeted advertisement and made up with an ideal user in sight: one with the desirable live-work pattern, the right education, and the right income.

Overall, one idea that kept appearing in the interviews was that the Internet is not a welcoming space. That it isn’t a life changer not even a floating device you can turn to in times of trouble! And identifying yourself online adds trouble. “My kids had to write my passwords at the back of my phone, otherwise I forget!” “I solved it by having the same passwords”.

An article called puts it perfectly: verifying our identities online “is a minefield of unanswerable and discriminatory narratives”. Those security questions nobody ever remembered, like what was your first car, “rest on unexamined assumptions about what constitutes identity, and what biographical details can be assumed as universal, private, and memorable to Internet users” (Pendergrast).

Photo by Pablo González

Identity and legal identification might be more linked than ever before. Shouldn’t we have the right to keep them separate?

Digital literacy and managing our digital footprints are the usual calls. However, these calls miss a crucial point: “Our ‘digital footprint’ as a term collapses the vast and diverse swaths of data generated through digital interactions into one entity, holding individuals personally responsible for its creation. This lulls people into a false sense of control over their digital representations and makes people feel guilty for not doing enough to manage their data. It removes attention from the networked and institutionally driven operations that largely shape digital impressions” (Kumar, Pendergrast and Pendergrast). It is not about protecting ourselves online, but demanding we are protected.

We need to care a lot more governments are taking relevant decisions about identity and identification without debating with us. New and accurate narratives are needed. Can we hire the best writers, novelists, storytellers, so they work together with activists?