D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research

Title: ESTABLISHING PERSONS AS ENTITIES IN SOCIAL SYSTEMS

Establishing persons as entities in social systems

Persons 

From a traditional socio-psychological point of view we have to think of a person as an individual which has a body, has a view of himself in difference to others (Freud, 1978) and a "Core I", which is typically constructed as the source of a free will (Mead, 1934) From the social psychological-perspective and basing on the "Core I" understanding used here, identity is the difference between the physical body of a person at a certain time (past, present, future) and the self-consciousness of this person (I am myself, and I am the same person that I was in the past and that I will be in future). In other words, the identity of an individual is constructed as the operative difference of sameness as an object in time and selfness in its consciousness. Strictly speaking, only particular partial identities are affected by theft and fraud, the "Core I" is left unaffected. We will therefore focus our analysis on the "Me-related" parts of identity that are relevant for social interaction.

Social systems 

From a radical sociological point of view, the identity of a "person" (Luhmann, 1991) is a construction in a specific situation that largely depends on the social system in which this construction occurs. Social systems are pools of schemes, events and communicational components. These elements shape the behavioural and communicational repertoire of actors within the given social system. By adopting roles compatible with the adopted social system, such as customer in an economic (shopping) system, and by using the communication patterns associated with these roles, the identity of a person is defined. The relevant characteristics, or partial identity, that make up a person’s identity therefore depends on the social context. 

Sociologists distinguish at least three types of social systems:

• Interactional systems (types of communities in which members are not subject to particular rules, but nevertheless schemes apply; examples are spontaneous meetings as neighbours, spontaneous encounters) (Kieserling, 2000),

• Organisational systems (characteristics are membership and effective production of decisions; examples are public bodies, institutes and companies) (Luhmann, 2000; Baecker, 1999),

• Functional systems (economy, law, politics and science as "self-conducted" communication systems) (Luhmann, 1997).

Social functional systems reproduce particular patterns of communication that have particular social functions (e.g. buying and selling, political debate). These functions, in turn, define meaning (original German term: Sinnhorizonte) for organisations, which create particular sets of expectations (role conformity as "customer", "citizen", "responsible citizen", "human being") for the persons acting in them.

Table . Social functional systems

Organisations generally operate in different social systems at the same time, but they have a main emphasis in one. A shop, for instance, primarily operates as an economic system, but may be involved in a political system when proposed changes in zoning plans endanger its existence. The primarily economic target of the shop remains unaffected by this political engagement.

From the perspective of social systems, communication thus involves actors in socially typical processes, e.g. as citizens of a certain country, as a company’s customer, as a patient in hospital or as teacher in a school, but also as "my friend", "my mother" or "my neighbour". The role adopted by the actors is defined by the current social system, but often multiple social systems are at stake, e.g. during my criminal trial I happen to notice that I know the judge, we went to high school together, and hence the proper social system has to be selected. Selecting the proper context is partly done by addressing, for instance, I could in principle address the judge as ‘your honour’, but also ‘Jim’, my old high school friend, which would result in selecting either the (proper) context of a legal functional system, or the improper interactional system of a friendship. Apart from the addressing mode, also authentication and authorisation play a role as this functions as a gatekeeper to a particular social system. I, for instance, am not a judge. Imposing to be one would place me in a social setting where I should not be able to act. In this connection, addressing, authentication and authorisation is not to be understood in a pure technical sense as partly defined in chapter 6, but also extendedly referred to the social context. We understand the technical concepts of addressing, authentication and authorisation as incarnation of social structures. 

Addressing, authentication, and authorisation

In the following we examine typical processes of communication in different social systems to gain an operative understanding of the processes and mechanisms of "identity fraud" and "identity theft". The examples have been taken from the physical world. We describe persons in interaction systems as participants; persons in organisations as members; and persons who interact as externals with an organisation as clients.

Interactions in the offline world typically arise when the participants are within hearing range and communication takes place by use of speech. When the participants in such an interaction know each other’s names they will use these, or in particular situations nick names or pet names, to address each other, usually preceded by a salutation ("Hello Mike!" or “Hi Babe”!). The name functions as an identifier of the addressee. Instead of names, people also use bit strings that are frequently introduced to be able to address a person in a unique way (cp. chapter "Identity collision and identity change").

Merely addressing a person by an identifier does not guarantee that this person actually is the one to which the identifier ‘belongs’. Hence, some form of authentication takes place to establish the proper linking of identifier to known person, for instance through inspection (looking in each other’s eyes), but also, listening to the tone of voice, interpreting gestures, etc, play a role in verifying particular identity claims, the intention and its authority. When a particularly high claim for commitment is connected with a communicational relationship, for instance on a friend, the authentication and authorisation processes for the identification of who the specific person behind the role is and which rights they are entitled to within an interaction typically becomes lengthier. Authentication/ authorisation within social systems maps very well concerning its function and the use of different levels to authentication/authorisation used in technical systems. In this case intimate communication among the friends at the beginning of a communication, for example the exchange of a shared communicational history, can be part of this authentication/authorisation procedures aiming at planned future interactions.

Especially when the actors involved show different (or at least insufficiently specified) expectations, when role collisions are so to speak structurally very likely and an equivalence of motive and type of action is very unlikely, authentication and authorising procedures are deployed in a more deliberate and stronger way. It depends on the result of the authentication whether the supposed role collision can be solved or if it results in a role conflict. 

Generally speaking, we distinguish between the following three levels of authentication and authorisation: 

• the social level (related to the social system and the role taken there) 

• the personal level (identification of the person) 

• the technological level (through technological authentication and authorisation procedures) 

In the online world, the social and personal level of authentication have lost their nonverbal aspects (tone of voice, gestures) of communication, and authentication generally has to rely on written claims. This makes claims more difficult to prove, especially since what results are merely bit streams that can in principle be generated by anyone. As a result of this loss of quality of the social and personal levels of authentication, the technological mean s of authentication gains importance.

Authentication and authorisation in general rely on four factors:

• integration into the social system 

• assignment of the role 

• identification of the specific person, the personal authentication 

• generic (related to the role) or personal assignment of opportunities for action (rights), the authorisation 

The required level of authentication/authorisation depends on factors, such as, the nature and content of the communication (e.g.: open discussion or private exchange? Is the content confidential or not? Private sphere of one or more participants in the communication affected?), the kind of social system (Is the main system interactional or organisational? Which functional system is involved?), etc.. In interactional systems, for instance, usually a simple person-related mode of addressing by the participants is sufficient for most interactions (conversation). This type of addressing is also generally used by organisations towards their clients.  

Within organisational systems, additionally, function-related addressing is used. This allows the production of structures and ways of communication within organisations and to their clients (external communication to persons or other organisations) that establish clear expectations. A specific person is involved if an individual is addressable in interaction with other individuals or organisations. Apart from addresses, there are general organisation-related role concepts, such as "citizen", "client", "the human being" or "responsible citizen".

As far as persons are concerned, organisations are characterised by the fact that persons act as their members. Persons are function bearers who are internally addressable by use of particular way of addressing (departments, head, staffer or special designation) and who are addressable from outside in a similar differentiated way and via the organisation’s generic address. Organisation-specific communication is orientated towards decisions or the creation of the ability to decide. Decision-orientated communication is the general feature of all organisations. In general, it takes place in written form and is actionable, economically calculable, can be recorded scientifically (e.g., statistics, models and simulations) and forms the medial basis for further decisions. The authentication procedure is often quite simple and based on the analysis of the course of communication. This course is to a great extent structured by the fact that the person involved is a member or a non-member of the organisation. In this connection, the member/non-member (or insider/outsider) concept works in a resolution which is becoming higher and higher in progress of the communication. Knowledge about persons, which is revealed by calling them by their names and can absorb addressing, authorising and authentication aspects from interactional systems as a side effect, is consulted for decisions, as an authentication reference, so to speak. Forwarding by superiors or co-workers or the seemingly legitimate access to resources owned by the organisation (letterhead, e-mail sender, file access, but also keys and ID cards) play a similar role.

Interactional systems generally use other types of authentication and addressing than organisations. Therefore, different types of "identity fraud" may occur in both types of systems.