Table of Contents 

Executive Summary

This document shows how current domains of application of the term “virtual person” can be extended in order to better describe and understand new forms of identities in the Information Society in relation to rights, duties, obligations and responsibilities.

At the beginning, we give a detailed description of two typical uses of the term “virtual person”: the first example is related to avatars and new forms of identities in online games, while the second one comes from the legal domain.

Then, we motivate the introduction of a new model with two layers – the physical world and the virtual one – to better represent new forms of identities in the Information Society. The virtual world allows a unified description of many identity-related concepts that are usually defined separately without taking into consideration their similarities: avatars, pseudonyms, categories, profiles, legal persons, etc. This unified description is based on a generalization of the traditional concepts of virtual person.

Some sections in this document are aimed at an audience of non-experts; others are for experts who are interested in applying the model of virtual persons to represent new forms of identities, as well as to describe identification and authentication processes in the Information Society.

This document does not aim to cover the implications of using such a model, for example in the legal domain. However, it brings the necessary foundations to pursue the research, to investigate further and assess the possible need for new legal entities – based on virtual persons – in order to describe and cover the new paradigms induced by new forms of identities appearing in the Information Society.

Introduction

Scope

This document, created in the context of Workpackage 2 of the FIDIS Network of Excellence, proposes to formalize and stabilize the core definitions of a two-layer model based on virtual persons. These definitions, as well as the model itself, will then play a central role in Workpackage 17 on “Abstract Persons”.

Objective

The objective of this document is to present a unifying model for identities in the Information Society. This model is driven by typical applications such as identification, authentication, or authorization schemes in relation to rights, duties, obligations and responsibilities. These applications are themselves connected to some of the main issues in our modern society: identities in the digital world and related problems such as profiling of users, identity fraud, single sign-on, universal identifiers, biometrics, etc.

The model presented hereafter is not supposed to be definitive or universal; however, it fits particularly well with the current diversity of these schemes; furthermore, we hope it to be broad enough to evolve and adapt itself when new schemes appear.

We attempt to define the concept of “identity” in the Information Society. We will consider identities of human beings, as well as identities of other entities. In this model, when an identity refers to a human being, it clearly does not refer to the entire person: for example, discussing the existence of a soul for people, animals, or even programs is beyond the scope of this deliverable. It is not our goal to cover all aspects of identity; this would be too ambitious.

We will present a set of unifying concepts based on virtual persons and virtual identities. Virtual identities emphasize the indirection between acting subjects and the identifying information related to their actions and/or the objects supporting these actions. We will use the same set of concepts to model the identity of a physical person, its pseudonyms, or the identity of a legal entity.

Several topics discussed in this paper (authentication, privacy, anonymity, etc.) are studied more thoroughly in other publications, see e.g. Kent & Millett [2004] for the field of authentication and privacy, Bowder and al. [2004] for a discussion of identity, and Pfitzman & Hansen [2006] for the field of anonymity and unlinkability. In contrast to those publications, we focus on the fundamental concepts underlying those fields, i.e., the basic building blocks of identity, identification, and authentication.

The document first introduces virtual persons in an intuitive way, starting with common uses of the concept in Sections and . It is an approach based on examples. The aim is to give the reader the opportunity to get a feeling of the concepts before definitions are introduced in a more formal way.

Sections and of the document visit and illustrate current occurrences of the concepts of virtual person and virtual identity in different fields. Section , on avatars, introduces an important use case for virtual persons. The relation between the players and the avatars (virtual persons) is described from different perspectives. This case will be further investigated, with respect to the model, in Deliverable D17.1. Legal issues related to avatars will be more thoroughly discussed in Deliverable D17.2. Section gives a first illustration of how virtual persons could be used or could intervene in the legal context. This section is based on an article written by Danièle Bourcier in 2001 where she explicitly uses the term “personne virtuelle” in a legal perspective. A deeper study of the possible need to give some new virtual persons a legal status – or even a legal subjectivity – will be carried out in Workpackage 17.

Section of the document gives an intuitive introduction to the model based on virtual persons. It motivates the introduction of two layers to describe more faithfully both the reality of new forms of identities induced by new technologies in the Information Society, and the corresponding privacy issues. It is aimed to be accessible to an audience of non-experts. It describes some limits of current models and motivates the need for a new one. We recommend it to be read before Section which gives a formal description of the model. Section also explains, in a natural way, certain motivations behind the introduction of an abstract layer – the virtual world – in our model.

Section gives a formal description of the model. It is aimed at an audience of experts. It starts with a lexicon of the most important terms (in particular, entity and identity, physical and virtual entities, physical and virtual persons, physical and virtual worlds, subjects, virtual identities) and introduces formal, mathematic-like definitions. It is a refinement of the intuitive approach. In particular, time aspects in the model are studied and described in detail. This section is more abstract than the previous one, but is necessary and valuable in order to reach a scientific definition of the model. This section contains the core information and definitions of the model. The specifications explained in this section will allow a finer description of use-cases and scenarios with the model in Deliverable D17.1.

Section briefly illustrates how to describe virtual persons; pseudonyms are represented in the model, as an example.

Section 7 gives an overall conclusion for the document in relation with Workpackage 17. 

Virtual persons as characters in Multi User Dungeons (MUD), Massively Multiplayer Online Role Playing Games (MMORPG), or other computer games

Introduction

The term “virtual person” often refers to avatars, i.e., to characters in a Multi User Dungeon, Massively Multiplayer Online Role Playing Games, or other computer games. Avatars are a special kind of virtual persons. However, as we will see in Sections , and , the concept of virtual person is much broader and should not be reduced to avatars only.

 

Figure : Two avatars in an online game

 

Avatars interact in a game; some of them rely on human beings (players) for their actions and/or behavior, while others might be directed by the game itself. Avatars can have rights and obligations associated to them within the game.

In the advent of the Internet a lot of debate arose with regard to its regulation. The first reaction of the developers and the users of the Internet was that it should remain unregulated. As Schellekens describes “the Internet users […] proclaimed that the law was not applicable to the Internet”. He also believed that the Netiquette would be sufficient for this new space. The great implications that the Internet had for activities with economic impact, and mainly for copyright, lead, however, to the approach that “what holds off-line, also holds online”. Both these approaches present a number of advantages and disadvantages, which leads many legal scholars to sustain that the best approach stands somewhere in the middle. There is an undoubted need for equivalent protection, but this would be better accomplished via the application of different rules that would bring the same results.

The wide spreading of Multi User Dungeons (MUD), Massively Multiplayer Online Role Playing Games (MMORPG), and other types of games (we will further refer to them as “virtual games”) has given rise to a similar problematic with regard to the regulation in these virtual worlds. Shall the virtual worlds be seen as a sui generis representation of the off-line world? Shall the same rules be applied and are similar behaviors to be expected by the virtual persons? What are these virtual persons anyway and what are their rights? Some of these questions we will try to tackle in this section, not daring to believe that we will be able to definitively answer them. These questions, and in particular the issues related to avatars, will be more thoroughly discussed in Deliverable D17.2.

In this section, we will focus on the relation between the players and the avatars (virtual persons) and describe this relation from different perspectives. This use case will be further investigated, with respect to the model of virtual persons, in Deliverable D17.1.  

When people first think of virtual games and virtual worlds, they imagine an environment, where players enter just to spend some of their time and to get engaged in a “game”. However this is quite far from the reality. It has been repeatedly demonstrated by several social scientists that the players of virtual games grow a tight bond with their avatars. They act as if they were themselves really the characters in the virtual game. The players feel pleasure, they get upset or hurt or even insulted, exactly because they have projected themselves into an avatar body. Whilst playing in an online game, the players have simultaneously a dual role and they act as two persons: their avatar and their off-line self. They use “I” or “me” to refer to both and in some cases they invent codes in order to differentiate between the two, when they are discussing with other participants: IRL (in real life), IC (in character), OOC (out of character) etc. Such behavior continues even when they are no longer acting in an online environment: they can narrate to their friends about their online activities using the first person singular. But would this be enough in order to consider the avatar as a partial identity of the player?

Anonymity in virtual games

The player and the avatar are different, but they are undoubtedly linked. We shall however examine how strong this link is between them and what are the legal implications of this link. Players of virtual games take it for granted that their anonymity, especially towards the rest of the participants, will be ensured. The right to anonymity in the off-line world is a very controversial issue and as B.J. Koops says “if a right to anonymity were established as a generic right, it would be so relative as to become meaningless”, There are numerous occasions where the right of identification someone else can hold against you overweighs your own right to remain anonymous. For instance, you can not claim your right to anonymity in order to avoid being interrogated for a crime, let alone if you have committed that crime.

Nevertheless, the players of virtual games have a diverging approach towards identification and anonymity. In virtual games anonymity is considered a condition sine qua non and plays a determining role for your participation in the game and your role therein. Or maybe we should better refer to the anonymity of your offline self and pseudonymity of your online one. In any case, both are rendered absolutely necessary, when acting in virtual game environments. In the game you are “Anshe Chung”, “Malcolm Landgrabb”, or “Jandoleer” and you behave accordingly. You become braver, more compassionate, crueler or more arrogant… And still, you know that the other participants of the game will most likely not be able to find out your civil identity and your physical world social image will always remain intact.

If the avatar is a new way of expressing opinions or adopting behaviors for the modern citizen, what exactly is its relation to the “man behind the avatar”? Undoubtedly the link between the player and the character is stronger than in traditional board games. However, it is broadly sustained that the strength of the link between the player and the character is analogous to the time spent developing the character, something that resembles the case in the traditional “pen & paper” role playing games.

The experiences of the avatars have a great influence on the psychology of the players, who can get traumatized when they become victims of virtual crimes, such as in the case of so called “virtual rape”. In March 1993 a character in the LambdaMOO community called Mr. Bungle forced some other characters into sexually humiliating activities. J. Dibbell described the incident very vividly: “Into the online, text-based, virtual reality known as LambdaMOO strides Mr. Bungle. And after a few weeks’ residence there he finds himself, like a good many of the other inhabitants, in possession of an object known as a voodoo doll. And when I say "object" what I mean is a program, a piece of code, for when you left out the players who interacted in LambdaMOO what you were left with, essentially, was a collection of programs, all designed to enable the players to manipulate the text of which LambdaMOO was constructed in various more and less interesting ways. And more specifically, what the voodoo doll enabled its owner to do was to spoof other players. Spoofing is, of course, a netwide term denoting the appropriation of a user’s identity by other users; and in the context of the MOO this meant that by typing actions into the voodoo doll, its owner could make it appear as if another player were performing those actions. This was something of a violation of the social conventions of virtual reality, a kind of flouting of the sanctity of a player’s control over his or her virtual body, but on the other hand it was an easily detected violation, it could amuse both victim and perpetrator if deployed with the proper esprit de corps, and it was often a big hit at parties.”

This behavior was criticized by the other members of the community and was even called a “virtual rape” by several of them. This incident has given rise to a strong debate as to whether it could be considered as rape or not. Prof. Catherine MacKinnon stated that “a virtual rape leaves the same scars in the soul of the victim as a real rape leaves in the body of the victim”. It seems that the psychological trauma experienced by persons that were behind the “raped” avatars was actually real and they have been used as an example for sexual assault that did not involve physical contact.

This is just one out of many examples that can illustrate that the players project themselves into their avatars. And for this exact reason they expect that their avatars are granted their own identity and are vested with rights. But should there be a response of the law to that? Law naturally has to adjust to the needs of the society; but is there an actual need for regulation via the law? Even if we accept that the player is affected by the experiences and the behavior of his avatar, that as a virtual character he has specific role in a game, making friends and developing a second life; even if we accept that today we have the right to say that “you only live twice”, even then it would be extremely difficult to recognize some kind of identity rights to the avatar.

Crawford has very simply summarized that “Your identity is ‘really’ a database entry”. It is always the player that makes the decisions, that leads the conversations and presses all the buttons. If we accept this position that we need to punish the virtual rapist, considering that just expelling him from the game, eliminating his account and his object – as it happened in the aforementioned example – would not be enough, shall we then punish the virtual killer with the same severity as the real serial killer? make a comparison of virtual games to a real case related to a game of hockey, where social circumstances were also taken into consideration in the ruling of the court. Starting from this example they make the comment that “the harm suffered by victims within virtual worlds is generally only an emotional and social discomfort and, to some extent, a putative financial harm where players have the right to trade virtual properties”.

Privacy concerns in virtual games

Even when questioning that the existing law shall regulate many of the online activities of the avatars and the relevant players, it is beyond question that severe privacy concerns arise in virtual games. Participation in virtual games reveals personal data to the service provider and the owner of the platform. In case of breaches of the EULA, the owner of the platforms will refer to the real identity of the player. Similar will be the case, when online (and not virtual) crimes are committed and law enforcement authorities will demand from the owner of the platform to reveal the identity of a specific player.

But mainly the participation in virtual games is a place where a player, “the man behind the avatar” – as we have already called him – reveals a lot of information about himself: information about their family, friends, job, sex life, habits etc…. Discussions can get very personal and the information revealed can serve as the basis for the creation of profiles or even for identity theft.

Problems also arise with regard to the archiving of the discussions that take place on the platforms that are offered in the virtual games. Service providers store the conversations for a very long period of time. It is usually the impression of the players that the forums are private and hence they express their opinion about a variety of – occasionally even sensitive – issues. However, this is not the case, as the forums are actually public in nature. Furthermore the fact that the discussions are stored for so long, entails the danger that the writer of a comment can be “haunted” by that for a long period of time. Ideas change, beliefs change, but the problem is that scripta manent. So, people can get to the position to justify themselves for something that they wrote – and eventually believed – several years in the past.

Conclusion

As these games evolve into alternative places not only for leisure and entertainment but also for working and investing, the law should step in to protect the inhabitants from arbitrary judgments of the game developers. In those virtual environments various privacy issues, regarding the identity of the avatars, the relation between the avatar and the player, as well as the rights of the later arise. This new “virtual reality” poses questions relative to the way the law shall react to these new developments. Shall existing law apply to virtual games? Is there a need for such regulation? Or shall these new circumstances bring along new regulations? Perhaps “virtual games” will manage to self-regulate the issues that arise in them and any invasion from the “real world” may be rendered redundant. Till then, we will all follow the lives of our online characters…

 

In this contribution, we will examine the proposal to initiate a new legal category, “the virtual person”, as proposed by Danièle Bourcier. To understand her point an introduction is provided about some of the key concepts that are relevant for the proposal: the legal subject; legal consequence, legal action, legal fact; and some attention is paid to the difference between criminal and civil liability.

The persona: legal subjectivity

Within legal theory and legal philosophy the concept of the legal subject is often described in terms of the Greek “persona”. The “persona” was the mask used in Greek theatre, to hide the face of the actor of flesh and blood behind the material picture of the role that was played. In law the legal subject or persona is used to mark the difference between the person of flesh and blood and the legal subject, to emphasize the fundamental indeterminacy of the human person, who should not be equated with the legal role she is attributed. The legal persona thus achieves two things:

1. It provides the human person of flesh and blood with an instrument to act in law: to exercise her rights, to take on certain obligations, or to be attributed certain competence; 

2. While providing the legal instrument to attribute civil or criminal liability, it also protects the human person against transparency, by marking the difference between the indeterminate (indefinable) person of flesh and blood on the one hand and the role played or attributed in law on the other hand.

Legal Subjects

By thinking of legal subjects as roles attributed by the law, it becomes possible to attribute legal subjectivity to entities other than the human person. The realization that a human person is not a legal subject by nature, because the category of legal subjectivity is an artifact, created by law, enables one to extend legal subjectivity to other subjects if it makes sense to grant such a subject the possibility to act in law and/or to be liable for harm caused.

Examples of legal subjectivity granted to subjects other than the human person: 

1. the unborn human person, 

2. a corporation, a fund, an association, 

3. the state or other public bodies. 

The fact that legal subjectivity is attributed by the legislator opens up the possibility of considering other subjects, such as:

1. animals, 

2. intelligent robots, 

3. software programs, 

4. smart environments, 

5. hybrid multi-agent-systems. 

Before investigating the question of which subjects should or should not be granted legal subjectivity, we must explain the difference between legal actions and legal facts, and between civil and criminal liability.

Legal consequence, legal action, legal fact

The difference between an act and a legal action is that a legal action has legal consequence, attributed to that action by the law. A legal action presumes that the legal subject had the intention to achieve the legal consequence, while a legal fact can also be established when the legal subject did not act intentionally. 

Some examples: 

1. The conclusion of a contract is a legal action; it has as a consequence the legal (enforceable) obligation to deliver whatever the contract stipulates and this legal consequence was intended when concluding the contract;

2. Committing a tort is a legal fact; it has as a consequence the legal (enforceable) obligation to compensate damages, even though this legal consequence was not intended when the tort was committed; 

3. Being born is a legal fact; it has as a consequence that certain rights are attributed, that the parents have certain legal obligations towards the child, that a certain nationality is attributed, etc.; this is the case even though the child did not intend such consequences (not being in a position to intend much more than enjoying the milk and warmth of a loving parent).

It should be noted that whenever a non-human subject is attributed legal subjectivity it will need representation in law to perform legal actions. This also means that such a non-human legal subject will need representation to have standing in a court of law, to contest charges in the case of tort or crime and to fulfill its legal obligations.

Criminal and civil liability

The fact that a legal subject can be held liable in civil law does not imply that it can be held liable in criminal law. Corporations can be liable for certain criminal actions under some jurisdictions, but this will depend on the jurisdiction. One of the reasons for not enabling criminal liability for a corporation is the fact that criminal liability requires mens rea (in the common law) or guilt (in continental law), and one can argue that an organization cannot be blamed because moral blame only makes sense with regard to an individual. While in civil law moral blame may also be a condition for liability, many torts depend on strict liability, which would be a problem for the criminal law. Regulatory offences may come close to establishing a kind of strict liability, but the whole idea of a punitive intervention is either that the punishment is deserved (which can only be the case if the subject can be blamed) and/or if the subject will be deterred by the punishment (which can only be the case if the subject is capable of reflection). One could object, of course, that training a dog by means of threatening it with a stick, works very well, without depending on the dog’s capacity for reflection. However, in that case we are discussing discipline rather than punishment.

The virtual person: emerging legal lacunae?

What happens if machines begin to act, e.g., cause harm or initiate transactions? Like in the case of animals, machines are treated like legal objects, they have no power to act in law or to be charged with liability, either civil or criminal. If an animal causes harm, the possessor of the animal is usually liable, and this is mostly a matter of strict liability (this of course depends on the jurisdiction). If a horse wins a race, the legal obligation to provide the prize money is directed towards the owner of the horse, not to the horse itself. If a dog bites a child, it may be killed due to a court order to that effect, however, this is not considered a punishment but the destruction of a dangerous object.

In this section we will investigate the need and the utility of providing legal subjectivity to “virtual persons”, being machines, software programs, networked artificial agents, etc. As announced in the introduction, we will draw on Danièle Bourcier’s well-informed article “De l’intelligence artificielle à la personne virtuelle: émergence d’une entité juridique?”.

The virtual, the fictional and the artificial

Literature has created fictional characters with a mind of their own, and even if the author seems in charge, literary theory has accepted the fact that the reader may interpret his novel in a way the author never anticipated. Some robots have been created to simulate human beings, if only their brains, creating artificial intelligence or at least aiming for such a thing.

At this moment fictional characters and artificial intelligence are being combined in virtual communities – developing a life of their own in cyberspace – presenting us with a new phenomenon: the virtual person. This virtual person seems to be acting, directed by the human person that uses it while being constrained by the character it develops in the virtual world that is beyond its control.

Profiles, expert systems, virtual persons

Profiling is a statistical technique that allows a software program to find significant correlations in a mass of perhaps seemingly trivial data. We refer to the reports written within Workpackage 7 and the ensuing volume on Profiling the European Citizen for further exploration of the process of profiling. In the end, personalized profiles seem to constitute sophisticated representations of a particular person.

Expert systems are developing into much more than ordinary search machines, as they seem to represent certain cognitive functionalities particular to the human mind. Especially those expert systems that are trusted with autonomic decision making in fact represent one of the most crucial capacities of human beings: making rational decisions after taking into account the content of a specialized domain of knowledge. One may wonder to what extent such a system in fact replaces the professional whose knowledge it has integrated and what this means for the issue of legal subjectivity. Who is responsible for the decisions taken by an expert system?

When we move on to what Clarke called the digital persona, and what Bourcier calls the virtual agent, we arrive at the software program that can act in our name, taking trivial queries or decisions out of our hands and providing ourselves with goods and services we are assumed to prefer. Such digital butlers in fact represent us and may conclude contracts in our name and even commit torts that will be attributed to us, because the virtual agent has no legal subjectivity. In the vision of Ambient Intelligence (AmI) we may expect such digital butlers to negotiate with a host of digital agents representing the service providers that “people” the smart environment. What happens if the computer scientists who write the programs for such digital agents resort to autonomic computing, meaning that the software reprograms itself in unpredictable ways in order to repair eventual faults and enhance its performance? Who is to be blamed for harm caused, or contracts concluded that we would have never concluded had we given it our conscious attention? Who is to be legally liable: the author of the program, the service provider who took the risk of involving such independent machine (and enjoying the profits), or the user of the smart environment who took the risk of being out of control (and suffering the consequences)?

Intermezzo: Legal protection against automatic decision making

Before raising the question whether the virtual person may need a new legal status, Bourcier discusses an important legal protection in the case of automatic decision making. As discussed extensively in FIDIS Deliverable 7.5, Chapter 13, Art. 15, of the data protection directive (D 46/95 EC) grants the right to individual persons to resist the application of decisions that have a legal or significant other effect on oneself (for instance in the case of insurance, employment etc.). Some jurisdictions have gone even further and simply forbidden decisions with such consequences to be taken by machines.

We should realize that an AmI environment depends on recurrent real time decisions of precisely this sort, e.g., contracts concluded about services that are provided, all based on sustained monitoring, refined group profiling, and customization based on sophisticated segmentation of (potential) customers. However, as is often the case, the second paragraph of Art. 15 grants several grounds on which the applicability of the first paragraph is excluded, providing space for a very ambiguous grey zone. Whether autonomic computing, as inherent in unobtrusive pervasive and ubiquitous computing, will be illegal or fall into the exceptions of the second paragraph is as yet unclear. One could argue that once the smart technologies become liable for harm caused and are recognized as legal subjects, the need to protect human beings against their automatic decisions may diminish, but it remains to be seen whether such upgrading of the legal status of virtual agents would in fact solve problems without creating even more serious problems.

Towards a new legal category: the virtual person?

Bourcier raises the question whether the present data protection legislation is the right response to virtual agents, capable of anticipating our decisions, suggesting we may need to create a new legal fiction by the name of “the virtual person”. She starts out with some terminological clarification about the notion of the virtual person, which can denote different realities in different contexts:

1. The numerical person, composed of digital data of a physical person, present on the internet;

2. A new creature – not necessarily created in the image of man – which acts on its own initiative, for instance an autonomic software program;

3. A profile, inferred from masses of data, which represents a physical person.

An emerging legal category or a novel technical device?

Bourcier states that, in a legal context, the notion of the virtual person can be used for two different purposes:

1. the protection of personal data; 

2. the securitization of transactions. 

As to the protection of personal data the virtual person would be the (virtual) profile of a physical person, as consented by that person and a physical person could create several such profiles, depending on the context and the amount and type of information she wants to disclose about herself. In this case we refer to the third meaning of “virtual person”, under (c) above.

As to the securitization of transactions, one could imagine using an intelligent agent to act in one’s name, enabling at the same time a restricted disclosure of personal data and the security of the transaction. In this case we refer to the second (and third) meaning of “virtual person”, under (b) and (c) above.

The question is whether such a construction would imply: 

1. Recognition of the existence of a virtual person with rights that are distinct from those of the physical person that is represented;

2. Recognition of full legal subjectivity to software programs.

The virtual person: an example of ambient law?

In her conclusion Bourcier suggests that there is no problem in according legal subjectivity to a technical device, because lawyers have been used to creating legal fictions if this makes good sense. The objections of natural law theorists claiming that only a human person can be attributed legal personhood overlooks the fact that law is an artificial construction, meaning that legal subjectivity is a legal artifact from the very beginning, not to be confused with the subjectivity of the person of flesh and blood.  

By providing legal status to virtual persons in the sense of (b) a software agent or (c) a profile, the law seems to inscribe itself into the emerging technological infrastructure, allowing it

1. to be more easily instrumental in achieving certain goals, while at the same time, 

2. protecting the human person by providing her with a virtual mask. 

If we compare Bourcier’s way of joining legal and technological artifacts to the findings of FIDIS Deliverable 7.9 on Ambient Law, it should be clear that the idea of granting legal subjectivity to virtual persons could be an interesting example of realizing Ambient Law, especially in that it integrates instrumentality with protection at the level of the technological architecture.

Conclusions: a virtual person as a new legal category?

For a conclusion we think it makes sense to detect which relevant questions are raised, without as yet providing elaborate or definite answers.  

If we link the discussion of Bourcier’s article on the virtual person as a new legal entity to the legal notions discussed in Section and , the following can be established:

1. A legal subject has rights and duties in law;

2. A legal subject can perform legal actions, achieving an intended legal consequence;

3. A legal subject can incur criminal and/or civil liability for its actions.

In the case that a virtual person of type (b) (autonomic software program) is granted legal personhood, this raises the questions of:

1. What it means for the virtual person to be obliged or to exercise discretion?

1. To what extent can one appeal to a sense of obligation in this virtual person? 

2. Can one expect the virtual person to weigh different alternatives in the case that mechanical rule application is not at stake? 

1. What it means for a virtual person to intend legal consequence? 

1. Is the intention derived from the physical person who is represented? 

2. Must intention be understood in a non-psychological way? 

1. How can the virtual person compensate damages for which it is liable? 

1. Does it generate its own income or property? 

2. Should strict liability apply to a limited amount, guaranteed by the person it represents? 

1. What does it mean to punish a virtual person? 

1. Is the virtual person capable of independent desert? 

2. Is the virtual person capable of learning or only of being disciplined? 

In the case of a virtual person of type (c) (profile) many more questions are raised when this profile is under the control of the physical person represented as it does not seem able to itself negotiate, enter into transactions or cause harm. Granting legal subjectivity seems a bit odd here, but this does not erase the question about the legal status of this virtual person. Also, we may guess that the three types of virtual persons as described by Bourcier are related. Types (b) and (c) are composed of numericals and in that sense they are both also a. For our purpose it is of importance to note that a type (b) virtual person may use a type (c) virtual person in its negotiations, in order to prevent unintended disclosure of the person that is represented.

In Sections and , we studied two typical uses of the term “virtual person”: the first one was related to avatars and new forms of identities in online games, while the second one came from the legal domain. In this current section, we will extend the domain of application of the term “virtual person”.

This section gives a first, informal introduction and description of a model based on “generalized” virtual persons. In particular, it motivates the introduction of an abstract layer in our model, to better describe new forms of identities in our modern Information Society. A formal description of the model will then be given in Section .

The two-layer model that we will introduce creates an indirection between acting subjects and their corresponding identifying information. Several new technologies introduce severe threats for privacy, especially when identifying information from different sources, or from a different point in time, is linkable. To protect privacy, the link between one person and its identifying information should be weakened. In our model, the indirection between acting subjects and their corresponding identifying information helps to understand and represent more faithfully the link between a person and its identifying information.

Persons and identities

The traditional simple model for identities consists in associating to each person a unique, if possible universal, identity:

This model presents several advantages, one of them being its simplicity. An identified person gets for example some rights, like the right to travel and to pass a border, the right to vote, or to be on welfare. Those rights are indeed strongly related to the person’s identity itself.

Traditional Identity Management Systems (IdMS) usually associate a list of rights, duties, obligations and responsibilities to each identified person, i.e., to each identity. The absence of such a strong identity model may prevent a person to be fully recognized as a citizen; such a person might be denied important rights given to identified citizens. That is one of the reasons why governments usually promote official registers where all citizens of their country are recorded exactly once; the social security number register is a typical example. These arguments are emphasized by people who consider the right to have a unique universal identity as a fundamental right.

Another advantage of the traditional simple model appears when we consider obligations and responsibilities. An identified person may use and enjoy some rights; he can also carry the responsibility of his acts and needs to fulfill his obligations. In case of fraud, a unique physical person is clearly identified and can be charged.

In the light of what precedes, the traditional simple model may appear very convenient from the point of view of both the person and society. However, this model has also some worrying drawbacks: a unique identity opens the door to the linking and analysis of a lot of information about its owner, about his actions and activities, about his preferences, etc. Profiles deduced from this information may be used to later deny certain services to the person: for example, a life insurance company may refuse a new customer because his profile suggests unusual risks. The convenience of a unique identity has a price which might overcome its advantages in the near future.

The simple model presents severe threats for privacy; moreover, as we will see, it is inadequate to represent the variety of new forms of identities induced by new technologies. 

To protect privacy, the link between one person and its identifying information should be weakened. Privacy preserving technologies promote, whenever possible, unlinkability between different actions, activities and preferences of a same person. One technique is based on pseudonyms, or even one-time pseudonyms. Each pseudonym may be seen as a kind of identity of the person; it does not usually reveal the true identity of its owner.

Nowadays, we all have several (partial) identities in our daily life. These identities are based on roles, actions, activities and may vary also depending on the context. New technologies have a direct impact on the very concept of “identity”, new forms of identities are appearing and the identity (r)evolution has already started. For example, the same person might have the following identities:

1. Dad, within his family; 

2. the director of a specific company;

3. the pseudonym “Shakespeare” as a seller (and buyer) on an electronic trade platform; 

4. the owner of a specific VISA card with a given number and expiration date; 

5. etc. 

In order to take into account these facts, some modern IdMS handle multiple identities for each person recorded in their system:

Actually, today’s situation is even more complex as an identity might also be shared in practice by several persons:

1. the guest account on a computer located in a library; 

2. the SIM card (Subscriber Identity Module) in a cell phone used by different persons; 

3. the e-bay account used by the staff of an e-shop; 

4. IP address; 

5. etc. 

Therefore, we also need to consider the following situation:

Shared identities can be considered, in some situations, as privacy enhancing tools as they hide a person within the group of people sharing this identity.

Our model will allow a faithful description of the variety of new forms of identities induced by new technologies. 

In order to maintain the traditional idea of a strong link between an identity and a specific entity while describing new forms of identities, we propose to introduce an abstract layer that creates an indirection between identities and the corresponding physical entities. Entities in this abstract layer will be called “virtual entities”. A virtual entity corresponds to an abstraction, a perception, a thought, a concept or an illusion. Physical entities belong to the physical world. Virtual entities belong to the virtual world.

Some physical entities are physical persons; others not: for example, stones, buildings, animals, etc.  

Some virtual entities can have rights, duties, obligations and/or responsibilities associated to them in some context; such virtual entities will be called “virtual persons”.

In particular, virtual entities that could represent or be represented by a physical person are virtual persons. Not all virtual entities are virtual persons; the virtual entity described by “a white sheet of paper” is not a virtual person, for example.

In this abstract layer – the virtual world – we impose the following condition:

This is in particular true for virtual persons. A physical person having several (partial) identities is replaced by a physical person linked to several virtual persons, each having a unique identity:

 

Figure : Multiple identities

 

A “virtual identity” of a physical person is the identity of a virtual person linked to it:

 

Figure : Virtual identity

 

Pseudonyms form an important family of virtual identities. Indeed, a pseudonym is the identity of its corresponding virtual person, which in turn is linked to the user(s) of the pseudonym. The virtual person creates an indirection between the pseudonym and its user(s).

Virtual persons play the role of a mask. In front of the mask, we have the identity. Several physical persons can hide behind the mask.

When several persons share an identity, they are all linked to the same virtual person. The shared identity becomes in our model a shared virtual identity.

 

Figure : Shared virtual identity

 

In doing so, we keep some of the advantages of the simple traditional model. For example, we can associate a list of rights, duties, obligations and responsibilities to each virtual person. But we loose the direct link between the identity and a physical entity (for example a physical person). This indirection helps to describe important concepts such as anonymity, pseudonymity, unlinkability which play an important role in privacy enhancing technologies. Moreover, as we will see, this indirection describes more faithfully what happens in today’s reality.

Last but not least, a virtual person continues to exist whatever happens to the physical person(s) once linked to it. It survives its corresponding physical entities. 

The introduction of an abstract entity – the virtual person – can lead to further development. Let us consider two examples to examine more thoroughly what is behind the mask.

First example:

“Zeus” is the identity of an abstract concept in the Greek religion. The corresponding virtual person is described by “the one who is Zeus”. What is behind the mask? Is there a physical person, a physical entity or nothing? This answer might vary depending on one’s belief.

 

Figure : Is there somebody behind the mask?

 

Second example:

“The sender of a given email” is the identity of the actor, a virtual person. What is behind the mask? Is it a physical person? Is it a computer program? Is it a dog?

 

Figure : Physical persons are not the only one that can hide behind the mask

 

The introduction of “virtual persons” allows the description of situations where an action is not necessarily initiated by a physical person but possibly by a computer program or an animal for example. Therefore, physical entities behind the virtual persons should not be reduced to physical persons only. We introduce the concept of subjects in order to include the possibility of having non-human physical entities behind virtual persons.

Intuitively speaking, a subject is any physical entity that can “hide” behind a virtual person. Physical objects can be subjects too.

 

Figure : Different types of subjects

 

Note that we could make a distinction between a “human being” and a “physical person”. A human being or an animal might be more than its living physical body. The soul, for example, might be neither physical, nor virtual. However, these questions are more related to religion and philosophy than to the identity in the Information Society. In the scope of our model, we consciously do not cover entities that would be neither physical, nor virtual: a physical person is the living body of a human being. It can be seen as a kind of mask too:

A legal person is an abstract entity with its own, unique identity, which has a legal status. Rights, duties, obligations and responsibilities can be associated to a legal person. To guarantee the uniqueness of the identity, legal persons are usually recorded in official registers. In some situations, the responsibility is carried directly by the legal person and not by any of the physical persons representing it. To shift the responsibility is also one of the reasons why legal persons have been created. Another one is that a legal person continues to exist even after the death of its “owner(s)”.

A legal person is a virtual person according to our definition. Actually, a virtual person generalizes the well-accepted concept of legal person: it is an abstract entity that can have rights, duties, obligations and/or responsibilities associated to it.

 

Figure : A legal person is a virtual person

 

The term “virtual person” often refers to characters in a MUD (Multi User Dungeon), MMORPG (Massively Multiplayer Online Role Playing Games), or other computer games. Section , on avatars, has introduced this important use case for virtual persons. The relation between the players and the avatars (virtual persons) has been described from different perspectives. Avatars interact in a game; some of them rely on human beings (players) for their actions and/or behavior, while others might be directed by the game itself. Avatars are virtual persons according to our definition too; indeed, they can have rights and obligations associated to them within the game.

For an external observer, it is often hard to decide whether the subject behind such a virtual person is a real player or just a computer program. We see these virtual persons (characters) as masks used by subjects (human players, computer programs) to act or interact within the game.

Even though avatars are also virtual persons according to our definition, the concept of virtual person is much broader and should not be reduced to avatars only.

 

Figure : Avatars are virtual persons too

 

A group of physical persons, as an abstract concept, describes a virtual person too. For example, a couple, as an abstract entity, is a virtual person. Categories resulting of profiling also describe virtual persons.

Profiling techniques allow the creation of categories of physical persons sharing similar attributes. These attributes and their corresponding values define the category and therefore the identity of the category.

Figure : Profiling: a category is a virtual person

 

In other words, the category is a virtual person whose identity is defined by a set of information: a set of attributes and their corresponding attribute values. Several persons may belong to this category, i.e., may hide behind this virtual person. As an example, we could consider the category defined by “People who are older than 45 and that earn more than 100K€ per year”.

We have seen that virtual persons can hide subjects in the physical world. Nothing prevents a virtual person from hiding another virtual person in the virtual world. Indeed, such a situation is not exceptional.

Consider the example of “the first owner of a given car”. This is a virtual person described by its role. The entity behind this virtual person could be a physical person, a couple or a legal person. Couples or legal persons are two types of virtual persons.

Virtual persons can hide virtual persons hiding other virtual persons and so on. This creates chains of virtual persons. 

 

Figure : A virtual person hiding another virtual person

 

Conclusion

This intuitive introduction of the model based on virtual persons motivates the introduction of two layers to describe more faithfully the reality of new forms of identities induced by new technologies in the Information Society, in relation with rights, duties, obligations and responsibilities. 

The model takes also into consideration the corresponding privacy issues. 

The first layer – the physical world – is the collection of all physical entities. Physical persons belong to this world. The second layer – the virtual world – is an abstract layer. It creates an indirection between acting subjects of the physical world and the identifying information related to their actions and/or the objects supporting these actions.

This abstract layer allows a unified description of many identity-related concepts that are usually defined separately without taking into consideration their similarities: avatars, pseudonyms, categories, profiles, legal persons, etc. This unified description is based on a generalization of the traditional concepts of virtual persons.

Section is a lexicon of the main definitions. It is recommended to use it as a dictionary and to skip it when first reading the formal description of the model. Most of the information in the lexicon also appears in the main text with extra explanations.

 

A 

Abstract Personabstract person is a synonym for a virtual person.

 

 

E 

Entityentity is anything that has a distinct existence; it is the fundamental “thing” that can be identified.

 

* Digital entitydigital entity is any entity which primarily exists in some digital context, e.g., as a digitally encoded information or as a running computer program.

 

* Legal entitylegal entity is any entity which has some sort of legal subjectivity, or which is legally recognized in a judicial system.

 

* Physical entityphysical entity is an entity for which some sort of physical constituent is compulsory.

 

* Virtual entityvirtual entity is an entity which is or has been the product of the mind or imagination.

 

I 

Identifying informationIdentifying information is any information which characterizes exactly one entity within a specific context or environment.,

 

* (Full) identifierfull identifier (or simply identifier), is equivalent to identifying information.

 

* Partial identifierA partial identifier (or partially identifying information) is any information which characterizes at least one entity within a specific context or environment.

 

Identity An identity of an entity – according to an observer – is identifying information that can be linked to this entity by that observer.

 

* Partial identitypartial identity of an entity – according to an observer – is partially identifying information (a partial identifier) that can be linked to this entity by that observer.

 

Identity-related InformationIdentity-related information is any information that characterizes an entity.

 

 

L 

Linklink between two entities, if one entity represents the other one.

(characterization) link between some identity-related information and an entity if this information characterizes this entity.

 

P 

Physical PersonA physical person is the legally living body of a human being.

 

 

S 

Subjectsubject of this virtual person.

 

 

V 

Virtual PersonA virtual person is a virtual entity that can have rights, duties, obligations and/or responsibilities associated to it in a certain context.

A virtual person is like a mask for a subject or another virtual person.

It is a synonym for an abstract person.

 

Virtual Identityvirtual identity, for a given entity, is the identity of a virtual entity linked to this given entity.,

 

 

W 

Worldworld is a time-dependant collection of existing entities.

 

* Physical worldphysical world at a specific point in time, is the collection of all existing physical entities at that specific point in time.

* Virtual worldvirtual world at a specific point in time, is the collection of all existing virtual entities at that specific point in time.

The basic conceptual elements of the proposed model are called “entities”. An entity is anything that has a distinct existence; it is the fundamental “thing” that can be identified.

What is an identity? What is the identity of an entity? Our goal is not to cover all aspects of identity; this would be too ambitious. We consciously restrict our view to the Information Society. Even in this restricted context, the question remains difficult to answer as illustrated by the rich number of attempts to define identity in the specialized literature. We can read, for example,

1. An identity is any subset of attributes of an individual which sufficiently identifies this individual within any set of individuals, in the document coordinated by Pfitzmann and Hansen.

2. The total list of attribute values associated with an entity within a context that provides recognition to the entity in that specific context in recent ISO working documents.

3.  A “name”, or identity, is a set of information that distinguishes a specific entity from every other within a particular environment in the Encyclopedia of Cryptography and Security.

The ITU-T has even compiled several scientific definitions of “identity”: 

1. The properties of an entity that allows it to be distinguished from other entities.

2. The attributes by which an entity is described, recognized or known.

3. The essence of an entity and often described by its characteristics.

4. The fundamental concept of uniquely identifying an object (person, computer, etc.) within a context. That context might be local (within a department), corporate (within an enterprise), national (within the bounds of a country), global (all such object instances on the planet), and possibly universal (extensible to environments not yet known). Many identities exist for local, corporate, and national domains. Some globally unique identifiers exist for technical environments, often computer-generated.

5. Etc…

“Identity” is closely related to “identification” and to what can be identified. We introduce the concept of entity to describe the fundamental “thing” that can be identified. Our definition of “identity” applies not only to persons but explicitly to any entity. This becomes especially relevant with the emergence of the Internet of things. Both physical and virtual entities will be identifiable.

As we will see, our definition of “identity” is very close to the one given by Pfitzmann and Hansen, but it is not equivalent. Actually, it is even closer to Carlisle Adams’ definition.

The term “identifier” has many, sometimes non-converging, definitions in the scientific literature; we introduce the concept of “identifying information” in order to avoid possible confusion. In our model, “identifier” and “full identifier” are equivalent to “identifying information”. Our concept of identity is based on “identifying information”: the main component of an identity is identifying information. However, we make a clear distinction between “identifying information” and “identity”.

“Identifying information” is any information which characterizes exactly one entity within a specific context or environment., “Partially identifying information” is any information which characterizes at least one entity within a specific context or environment.

 

Examples: 

1. Names, fingerprints, social security numbers, role-pseudonyms are typical examples of identifying information.

2. “John” can be identifying information within the context of a family, but is only partially identifying information with respect to the population of the EU.

Identifying information becomes an “identity” of an entity, according to an observer, if it can be linked to this entity by that observer. In other words, the identifying information becomes an identity, according to an observer, if the existing link between the entity and the identifying information is visible to this observer.

In order to illustrate the difference between identifying information and an identity, we consider, as an example, the fingerprints of a specific individual. These fingerprints might be an identity of this individual from the point of view of the police (who can link this identifying information to this individual when it finds a match in its database), but remain identifying information only (an information known to be very discriminant) according to most other observers. On the contrary, Pfitzmann and Hansen’s definition would consider fingerprints as an identity in both cases, independently from the ability to link this information to a specific individual. 

Note that our definition of “identity” covers in particular

1. “my identity” from the point of view of others (the me) and

2. “my identity” from my own point of view (the I).

Indeed, in the definition, nothing prevents the observer to be the entity itself. 

When the entity is a group, identifying information of the group is partially identifying information (a partial identifier) of each member of the group. In other words, the concept of “group identity” is also covered by our definitions. 

 

Physical entities and virtual entities

As already mentioned, the basic conceptual elements of the proposed model are called “entities”. An entity is anything that has a distinct existence; it is the fundamental “thing” that can be identified. The nature of the existence can be material or abstract. In the former case, in which some sort of physical constituent is compulsory, we call it a “physical entity”. Examples of physical entities are specific living organisms (e.g., human beings, animals or plants), concrete non-living objects (e.g., stones, buildings or clouds) or instances of other physical phenomena (e.g., sunbeams, wind or the terrestrial magnetic field). Human beings, a particular type of physical entity, are closely related – if not equivalent to – physical persons. A “physical person” is the legally living body of a human being. It can be seen as a kind of mask: ,

The existence of a physical entity is time-dependant and the lifetime of a physical entity is usually bound in time. At any specific point in time, a physical entity either exists or not. For example, a physical person will no longer be considered as a physical entity after her death, when her body will have disappeared. In 2000, the physical buildings known as the Twin Towers were still existing physical entities. In 2008, they do not exist as physical entities anymore.

In case the existence is abstract, which means essentially that the entity is or has been a product of the mind or imagination, we call it a “virtual entity”.

Virtual entities are thus entirely detached from any physical reality. They typically belong to concepts, thoughts, perceptions, illusions, categories, or abstractions. Examples of virtual entities are specific roles (e.g., the French President), concrete classes, categories or groups (e.g., the female Harvard students, the Swiss citizens), legal persons (e.g., Microsoft Corp.), objects in a virtual reality environment (e.g., a specific mountain in Google Earth), avatars in online games (e.g., in Second Life), pseudonyms in anonymous internet or web applications (e.g., in chat rooms, eBay or Skype), autonomous software agents or the virtual image in a mirror. In 2008, the Twin Towers still exist as a concept, as a virtual entity. They have been existing as a virtual entity way before they were ever built, actually since the very first time somebody imagined them.

Each virtual entity requires at least someone’s mind by which it is or has been perceived or produced. This means that virtual entities never disappear; they outlive their physical originators.

 

Virtual persons

Some virtual entities can have rights, duties, obligations and/or responsibilities associated to them: for example, “the CEO of Apple Inc.”, “the President of France”, “the owner of a house”, avatars in online games, etc. Other virtual entities cannot have such rights, duties, obligations and/or responsibilities associated to them: for example, “the Sun”, “a white sheet of paper”, etc.

This allows us to make a clear distinction between those two categories of virtual entities. A virtual entity that can have rights, duties, obligations and/or responsibilities associated to it in a certain context is called a “virtual person”. This is one of the key concepts of our model that relates identities with rights, duties, obligations and/or responsibilities.

Avatars are a special kind of virtual persons. However, the concept of virtual person is much broader and should not be reduced to avatars only.

Legal and digital entities

Two types of entities are worth being mentioned explicitly. First, if an entity has some sort of legal subjectivity or if it is legally recognized in a judicial system, we call it a “legal entity”. Legal entities can be physical (e.g., a specific physical person) or virtual (e.g., any specific legal person). Second, if an entity primarily exists in some digital context, e.g., as digitally encoded information or as a running computer program, we will call it “digital entity”. Again, digital entities can be physical (e.g., magnetic storage of bits on a hard drive) or virtual (e.g., one bit of information or a specific avatar in a computer game). The sets of legal and digital entities are mostly disjoint, but there are a few important exceptions (e.g., a legally binding digital signature, DRM protected files), which clearly belong to both sets.

Other types exist: inert entities, living entities, etc. But again, on top of this, any entity is either physical or virtual.  

 

Physical world and virtual world

For any specific point in time, the collection of all existing physical entities is what we call the “physical world” at that specific time and the collection of all existing virtual entities is what we call the “virtual world” at that specific time.,

Both worlds are time-dependent, but only the virtual world is cumulative (monotonically increasing) as virtual entities never disappear. This makes the virtual world much less time sensitive than the physical one.

We say that an entity belongs to the physical (resp. virtual) world if there is at least one point in time when this entity belongs to the physical (resp. virtual) world at that point in time.  

In our model, we suppose the physical world and the virtual world to be exhaustive and exclusive, i.e., anything considered being an entity belongs exactly to one of the two possible worlds. More precisely, the exhaustivity condition means that, for any entity, there is at least one point in time when it belongs to one of those two worlds at that point in time. The exclusivity means that if an entity belongs to one of these two worlds at a certain point in time, then it cannot belong to the other world, even at another point in time.

The model proposed in this document has two distinct, but interconnected layers at any specific time T.

 

 

Figure : The physical world and the virtual world are time-dependant

 

 

Links between entities

Links between physical entities and virtual entities

According to the above-mentioned dualistic separation between a physical and a virtual world, the model proposed in this document has two distinct, but interconnected layers at any specific time T. The interconnection consists of individual links between physical and virtual entities existing at time T. We say that such a (direct) link between two entities exists, if the physical entity is represented by the virtual entity, or vice versa, if the physical entity represents the virtual entity at this point in time.

In this way, a particular physical entity may be linked to many virtual entities, and a particular virtual entity may be linked to many physical entities (while some entities may not be linked at all). Note that links are supposed to exist at time T, i.e., new links may arise and outdated links may disappear over the course of time. This is the dynamic component of our model. In mathematical terms, we assume thus a time-dependent n-to-n relation between the sets of currently existing physical and virtual entities. This relation tells us precisely which entities are linked and which are not linked to each other at a particular point in time. It can be represented by a bipartite graph connecting the two worlds.

Examples of links between physical and virtual entities are shown in the following list.

1. The “Empire State Building” (a physical entity) is linked to the virtual entity “The world’s tallest building in 1950”

2. The physical person “Neil Armstrong” is linked to the virtual person “The first man to walk on the moon”

3. A specific human player (a physical person) of an online role-playing game is linked to the avatar (a virtual person) under her control

4. The football players “T. Henry” and “Ronaldinho” (two distinct physical persons) are both linked to the virtual person “Player of F.C. Barcelona”

5. The physical person “Steve Jobs” is currently linked to the virtual person “CEO of Apple Inc.”

 

Subjects

At any point in time, we call a “subject” of a virtual person, any physical entity that is linked to this virtual person at that time. The subject can be a physical person, a cyborg, an animal, the wind, a specific instance of a computer-program, etc.

The collection of subjects for a given virtual person is time-dependant. It can even be empty either for a certain period of time, or forever. For example, the virtual person “The first man to walk on the sun” will very likely never have any subject linked to it. 

The concept of subject, in the physical world, allows also to handle in a similar way physical entities of different nature that share, for example, some acting capabilities or some identity-related characteristics. 

 

Links between physical entities or between virtual entities

To further augment the generality and possibilities of the proposed model, we may also consider a similar type of (direct) link between two physical entities or between two virtual entities. For example, by its legal empowerment to act on behalf of the company under her guidance, we may link the virtual entity “CEO of Apple Inc” to the virtual entity “Apple Inc.”. A picture of the Eiffel Tower is a physical entity that represents the Eiffel Tower. Therefore, there is a link according to our model between the Eiffel Tower (a physical entity) and its picture (another physical entity).

Such links between two entities of the same type can then be used to establish indirect links over corresponding chains of direct links. For example, we may link the physical entity “Steve Jobs” indirectly, that is via the virtual entity “CEO of Apple Inc.”, with the virtual entity “Apple Inc.”. This mechanism gives our model a recursive component.

 

An identity of a physical entity is described in Section . In particular, it depends on the ability of the observer to see the link between the entity and its corresponding identifying information.

In the virtual world, as we will see in Section , the link between a virtual entity and some identifying information is always visible.

 

Being the product of someone’s mind or imagination does not give a virtual entity its identity. However, any identity-related information defines a unique virtual entity: the abstract entity for which this information is tautologically an identity. In other words, any identifying information becomes the “tautological identity” of its corresponding virtual entity.

The tautological identity of a virtual entity is valid for any observer and becomes therefore independent from the observer(s). 

As a consequence, there is no reason to make a distinction between “identifying information” and “identity”, in the virtual world. Let’s consider again the example of a fingerprint. “The one who is characterized by this fingerprint” is a virtual person whose tautological identity is the information contained in this fingerprint. Any observer can link this information and this virtual person. In the virtual world, the tautological identity is in line with traditional definitions of the term “identity” that make it independent from the observer. 

The tautological identity is time-invariant; it is a property of the corresponding virtual entity.  

A defined virtual entity has a unique tautological identity in the virtual world. Therefore, there is a one-to-one correspondence between defined virtual entities and their tautological identities:

Only defined virtual entities can be virtual persons. Therefore, in the virtual world, we also have the following one-to-one correspondence:

Virtual identity

As we have seen, any identity-related information defines a unique corresponding virtual entity: the abstract entity for which this information is the tautological identity. All entities characterized by this (partially) identifying information are linked to this virtual entity.  

A “virtual identity”, for a given entity, is the identity of a virtual entity linked to this given entity. Both physical and virtual entities can have virtual identities.

A virtual identity, for a subject, is the identity of a virtual person linked to this subject.

Pseudonyms form an important family of virtual identities. Indeed, the pseudonym “Gauss375” is the tautological identity of its corresponding virtual person (“the one called “Gauss375”), which in turn is linked to the physical person(s) using the pseudonym. The virtual person creates an indirection between the pseudonym and its user(s).

 

Figure : A pseudonym is a virtual identity for its user(s)

 

Virtual identities emphasize the indirection between acting subjects and the identifying information related to their actions and/or the objects supporting these actions. the ISO/IEC 4th Working Draft 24760: “reference to a unique object that is used by an entity to be uniquely represented within a specific domain or process; the purpose of an identifier is to provide entities with means of representation independent of the entity’s identity in a given context without necessarily revealing the entity’s identity; the validity of the identifier is limited to the object life cycle.”

Actually, “identifiers” as they are defined in the ISO/IEC 4th Working Draft 24760 are covered by the concept of “virtual identities” which are also identifiers (identifying information) according to our definition. However, in our model, (partial) identifiers are more general and are not limited to virtual identities. 

Virtual entities can have virtual identities too.  

This happens whenever a virtual entity is linked to another virtual entity: the tautological identity of one virtual person becomes the virtual identity of the other one. 

 

 

 

Figure 10: Virtual identity of a virtual entity

 

Conclusion

In this section, we have given a formal description of the concept of identity in the Information Society in relation with rights, duties, obligations and responsibilities, as well as a formal description of a two-layer model based on virtual persons. All core concepts used in this model are precisely defined.  

The first layer – the physical world – is the collection of all physical entities. Physical persons belong to this world. The second layer – the virtual world – is an abstract layer. It creates an indirection between acting subjects of the physical world and the identifying information related to their actions and/or the objects supporting these actions, information that is used to describe virtual persons. Virtual persons belong to the virtual world.

Rights, duties, obligations and/or responsibilities can be associated to virtual persons. 

We have described the influence of the parameter time on both the physical world and the virtual one. In particular, the existence of a physical entity is time-dependant and the lifetime of a physical entity is usually bound in time. Both worlds are time-dependent, but only the virtual world is cumulative (monotonically increasing). This makes the virtual world much less time-sensitive than the physical one.

The virtual world allows a unified description of many identity-related concepts that are usually defined separately without taking into consideration their similarities: avatars, pseudonyms, categories, profiles, legal persons, etc. This unified description is based on a generalization of the traditional concepts of virtual persons.

The concept of subject, in the physical world, allows also to handle in a similar way physical entities of different nature that share, for example, some acting capabilities or some identity-related characteristics. 

A virtual person is a virtual entity – an entity which is or has been the product of the mind or imagination – that can have rights, duties, obligations and/or responsibilities associated to it in a certain context. This section illustrates how to describe virtual persons in practice.

The information used to describe a virtual person, i.e., its tautological identity, is typically related to what it is and/or what it has and/or what it does and/or what it knows. A virtual person is also very often described by its attribute(s) and/or role(s) and/or ability(-ies) and/or acquisition(s) and/or preference(s) and/or habit(s), etc. We present some examples of virtual persons with their tautological identities.

1. “The owner of a given fingerprint” is a virtual person described by one of its attributes. The physical entity (a physical person) behind this virtual person usually does not change over time and is commonly supposed to be unique.

2. “The richest human being on earth” is also a virtual person described by one of its properties. The physical person represented by this virtual one is not constant over time.

3. “The tallest living person on earth” is a virtual person described by one of its attributes. The physical person behind this virtual person changes either because the previous corresponding physical person died or because a new physical person grew taller.

1. The one who knows a certain secret is a virtual person described by its knowledge. The subject behind this virtual person is not necessarily a physical person. Indeed, a computer program or a memory card can “know” a given secret. For example, a smart card knows the private key stored (and possibly even produced) on it.

1. To be “President of France” is a role. The corresponding virtual person (the President, as a role) is not always linked to the same physical person; it may change after each presidential election.

Each time a physical entity acts, we can decompose the process into the creation of an actor (virtual person), which represents the subject, and the action done by the actor.

1. “The one who opened the door” is a virtual person described by an action. The subject behind this virtual person could be a physical person, an animal or even the wind!

2. “The moderator” or anyone using a pseudonym in a group of discussion on the Internet is a virtual person described by its action, i.e., its participation in this group of discussion. The moderator itself is also described by its role.

1. “The instigator of a crime” is a virtual person described by its role and action in this crime. To find which physical entity/ies (one individual, several people) is/are hidden behind this virtual person falls on the criminal investigators and on the justice.

2. A writer who uses a pseudonym to publish a book creates a virtual person described by its role and action. The physical entity behind this virtual person (the human being who has written the book) will stay unchanged as long as he/she is alive.

3. An agent-program on the web can be seen as a virtual person too, acting on behalf of its owner. The corresponding physical entity is an instance of a computer-program. “The owner of this agent-program” is another virtual person described by its role or what it has.

Pseudonyms

A pseudonym, in the light of virtual persons, becomes the identity of a virtual person. If the virtual person can be linked to one physical person (blue link), the pseudonym becomes a virtual identity for this physical person. However, when a specific observer cannot link the virtual persons and the physical one (red link), the observer’s view is restricted to the virtual world. In this case, pseudonyms play their role of privacy enhancing technologies by providing anonymity for the physical person, as well as unlinkability between some of the virtual persons, with respect to this observer. 

 

Figure : Linkable and unlinkable pseudonyms

 

Conclusion

In this document, we have given a formal description of the concept of identity in the Information Society in relation with the concept of virtual person (virtual entities that can have rights, duties, obligations and/or responsibilities). We have also presented both an intuitive and a formal description of a two-layer model based on virtual persons. The concept of virtual person used in this model generalizes current uses of the term.

This two-layer model allows a better representation of new forms of identities in the Information Society. The first layer – the physical world – is the collection of all physical entities. Physical persons belong to this world. The second layer – the virtual world – is an abstract layer. It creates an indirection between acting subjects of the physical world and the identifying information related to their actions and/or the objects supporting these actions. Virtual persons belong to the virtual world.

The virtual world allows a unified description of many identity-related concepts that are usually defined separately without taking into consideration their similarities: avatars, pseudonyms, categories, profiles, legal persons, etc. This unified description is based on a generalization of the concepts of virtual persons. Virtual persons can have rights, duties, obligations and/or responsibilities associated to them.

The concept of subject, in the physical world, allows also to handle in a similar way physical entities of different nature that share, for example, some acting capabilities or some identity-related characteristics. 

The indirection between acting subjects of the physical world and the identifying information related to their actions and/or the objects supporting these actions allows a more faithful description of the reality of new forms of identities in the Information Society.

This document does not aim at covering the implications of using such a model, for example in the legal domain. However, it brings the necessary foundations to pursue the research, to investigate further and assess the possible need for new legal entities – based on virtual persons – in order to describe and cover the new paradigms induced by new forms of identities appearing in the Information Society. The precise definitions of the concepts, as well as the model itself, will play a central role in Workpackage 17 on “Abstract Persons”.

References

Anrig, Bernhard, Browne, Will, & Gasson, Mark. 2007. The role of algorithms in profiling. In: Hildebrandt, Mireille, & Gutwirth, Serge (eds), Profiling the European Citizen. Springer.

Benoist, Emmanuel. 2007. Collecting data for the profiling of web-users. In: Hildebrandt, Mireille, & Gutwirth, Serge (eds), Profiling the European Citizen. Springer.

Bourcier, D. (2001). "De l’intelligence artificielle à la personne virtuelle: émergence d’une entité juridique?" Droit et Société 49: 847-871

Bowder, Caspar, Bramhall, Pete, Cameron, Kim, Casassa-Mont, Marco, Colville, David, Goodman, David, Hilton, Jeremy, Marthhoefer, Michael, & White, Michael. 2004. Toward Understanding Identity. Washington, D.C.: eema report, National Academies Press.

Cameron, Kim. 2005. The Laws of Identity. http://www.identityblog.com/?page_id=354 (may 1st 2005).

Dempster, Art. 1967. Upper and Lower Probabilities Induced by a Multivalued Mapping. Ann. Math. Stat., 38, 325–339.

Haenni, Rolf, Kohlas, Jürg, & Lehmann, Norbert. 2000. Probabilistic Argumentation Systems. Pages 221–287 of: Kohlas, Jürg, & Moral, Serafin (eds), Handbook of Defeasible Reasoning and Uncertainty Management Systems, vol. 5: Algorithms for Uncertainty and Defeasible Reasoning. Kluwer, Dordrecht.

Hildebrandt, M. and S. Gutwirth, Eds. (2008). Profiling the European Citizen. Cross-disciplinary Perspectives. Dordrecht, Springer

Hildebrandt, M. and B.-J. Koops (2007). A Vision of Ambient Law. Brussels, FIDIS

Hogenhout, Wide. 2006. Report on the workshop “Distributed security and dynamic trust” (DISTTRUST). http://cordis.europa.eu/ist/fet/gc.htm (june 21st 2006), Global Computing (GC) follow-up, Proactive Initiative in the 6th Framework Programme of the European Union.

ISO 15408-2. 2003. Text for ISO/IEC 1th WD 15408-2, Information technology - Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements. http://www.commoncriteria.de (sept. 1st 2006).

ISO/IEC 4th Working Draft 24760 - Information technology - Security techniques - A framework for identity management

ITU-T Y.2091 – Terms and definitions for Next Generation Networks – http://www.itu.int/rec/T-REC-Y.2091/en (Jan. 29th, 2008)

ITU-T Y.IdMsec – NGN Identity Management Security –- document in draft

Jaquet-Chiffelle, David-Olivier. 2007. Reply to chapter “Defining profiling: a new type of knowledge?”. In: Hildebrandt, Mireille, & Gutwirth, Serge (eds), Profiling the European Citizen. Springer.

Jaquet-Chiffelle, David-Olivier, Benoist, Emmanuel, & Anrig, Bernhard (eds). 2006. D2.6 Identity in a Networked World, Deliverable of FIDIS’ Workpackage 2. FIDIS http://www.fidis.net (sept. 10th 2006).

Jonczy, Jacek, & Haenni, Rolf. 2006. Implementing Credential Networks. Pages 788–799 of: iTrust’06, 4th International Conference on Trust Management, Pisa, Italy.

Jøsang, Audun. 1999. An Algebra for Assessing Trust in Certification Chains. In: Kochmar, J. (ed), Proc. of the Network and Distributed Systems Security (NDSS’99) Symposium. The Internet Society.

Kantorowicz, E. H. (1957). The King’s Two Bodies. A Study in Mediaeval Political Theology. Princeton, NJ, Princeton University Press

Kent, Stephen T., & Millett, Lynette I. (eds). 2004. Who Goes There? Washington, D.C.: National Academies Press.

Kohlas, Jürg, Anrig, Bernhard, Haenni, Rolf, & Monney, Paul-André. 1998. Model-Based Diagnostics and Probabilistic Assumption-Based Reasoning. Artificial Intelligence, 104, 71– 106.

Kohlas, Reto, Haenni, Rolf, & Jonczy, Jacek. 2006a. Formalizing Evidence for Authentication, Trust Management and Identification. Draft version available at http://www.iam.unibe.ch/~run/publications.php?link=publi st 2006).

Kohlas, Reto, Jonczy, Jacek, & Haenni, Rolf. 2006b. Towards Precise Semantics for Authenticity and Trust. In: PST’06, 4th Annual Conference on Privacy, Security and Trust, Toronto, Canada.

Modinis –Common Terminological Framework for Interoperable Electronic Identity Management– – https://www.cosic.esat.kuleuven.be/modinisidm/twiki/bin/view.cgi/Main/GlossaryDoc?code=nldsv13294 (Jan. 29th, 2008)

Nabeth, Thierry (ed). 2005. D2.2 Set of use cases and scenarios, Second Deliverable of FIDIS’ Workpackage 2. FIDIS http://www.fidis.net (feb. 3rd 2005).

Nabeth, Thierry, & Hildebrandt, Mireille (eds). 2005. D2.1 Inventory of topics and clusters, First Deliverable of FIDIS’ Workpackage 2. FIDIS http://www.fidis.net (feb. 3rd 2005).

Pfitzman, Andreas, & Hansen, Marit. 2007. Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology, TU Dresden, http://dud.inf.tu-dresden.de/Anon_Terminology.shtml, v0.30 (January 29th 2008).

Roy, Bernard. 1991. The Outranking Approach and the Foundations of ELECTRE Methods. Theory and Decision, 31(1), 49–73.

Schneider, Bruce. 2005. Two-Factor Authentication: Too Little, Too Late. Communications of the ACM, 48(4), 136.

Shafer, Glenn. 1976. The Mathematical Theory of Evidence. Princeton University Press.

Smets, Philippe. 1998. The Transferable Belief Model for Quantified Belief Representation. Pages 267–301 of: Gabbay, Dove M., & Smets, Philippe (eds), Handbook of Defeasible Reasoning and Uncertainty Management Systems, vol. 1. Kluwer Academic Publishers.

Smets, Philippe, & Kennes, Robert. 1990. Constructing the Pignistic Probability Function in a Context of Uncertainty. Uncertainty in Artif. Intell., 5, 29–39.

Solum, L. B. (1992). "Legal Personhood for Artificial Intelligences." North Carolina Law Review 70 (April): 1231-1287

Turing, Alan M. 1950. Computing machinery and intelligence. Mind, 59, 433–460.

Van Tilburg, Henk C.A., editor-in-chief (2005) Encyclopedia of Cryptography and Security, Springer, ISBN-13: 978-0387-23473-1 

 

 

0 / 0