A persona is a data entity that represents an offline actor, like a discussion board avatar, an email address, a social media identity or a chat name. A persona can also represent an offline group, company or organization. A program agent can also act on behalf of an offline actor, as installation software represents the company that owns it. Since accountability for actions ultimately traces back to people, if an installation does wrong we blame the company not the software.
A persona is created when an offline person registers with the system. Registration is the creation of a persona that can be activated by a logon operation that connects it to the offline party, usually by giving a password only that party is assumed to know. Open systems let people register a persona themselves rather than the administrator doing it. The logon persona name can be an online nickname not the person’s real name and still retain online accountability, e.g. an eBay seller nickname that cheats loses any online reputation it may have developed.
A persona owns itself. The social principle of freedom is that every person owns themselves, i.e. is free to choose what they do. If your online persona is doing things you didn’t choose, like sending messages or accepting posts, you are an online slave, and indeed many online viruses aim to create virtual “zombies”. If I adopt an online persona, whether a Hotmail identity or game avatar, it should belong to me as an inalienable right that cannot be given or taken away, based on the natural freedom of the inner self. Applying the same social standard online, a person owns the persona that represents them online, giving the access control rule:
Rule 2. A persona always holds all rights to itself.
“Always” makes this self-ownership inalienable, so even the system administrator cannot take it away. That the system cannot allocate a persona to another party means it can never be the slave of another. Freedom implies that people also own data properties of themselves like their name, e.g. people can apply to the state to formally change their name because they own it. Freedom implies a person has the right to control the display of personal data, or privacy:
Privacy Corollary. A persona always holds the right to display itself.
Privacy is about choice not secrecy, so while a persona can choose to be private, i.e. not seen by others, it can also choose to be public. People who choose to publicly reveal personal data lose secrecy not privacy. Privacy is not some unimportant “fluffy” ethic but rather critical to society. Note: nature values privacy as camouflage and the military values it as stealth.
Every online persona has the right to view and edit itself. A person who registers with an online system must always be able to view and change details about themselves that others can see.
Every online persona has the right to unregister itself. Unregister as the undo of register can occur by:
- Deleting. When a person deletes their persona, any dependent posts, pictures or messages must also be deleted.
- De-activating. When a person deactivates their persona they revoke their connection to it, so it ceases to be a persona, i.e. a data entity with a logon method that can give an online actor. It simply becomes a system data entity.
Different systems handle requests to unregister a persona in different ways, see here:
- Twitter: The Twitter “Deactivate my account” link is a permanent delete, although it can take up to a month for tweets and the account to disappear entirely from their system.
- Linkedin: Has a “Close Your Account” that removes the persona and your data.
- Facebook: A “Deactivate Account” link immediately makes it invisible to others on Facebook but keeps all data to let you later reactivate the account. To permanently remove data one has to complete an online form that takes 14 days to come into effect. If at any time in that period you logon to Facebook, the request is considered cancelled!
- Wikipedai: Doesn’t let editors delete accounts at all, as that would remove all their contributions which is not possible for their system. They should however allow an account to be deactivated even if it is not deleted
- GMail: Delete account permanently deletes the account and all its messages.
Since the persona has meta-rights to itself, it can in theory be:
1) Transferred. A person can permanently transfer a persona to another, along with any reputation.
2) Shared. One can share ownership to let another party act for you, e.g. look after your Facebook page.
Abandonment. Currently most social media deactivate and delete accounts that are not used for a period of time, e.g. HotMail accounts inactive for over 90 days are permanently deleted, i.e. if not used they “die.” In access control terms, the administrator who owns the system can deactivate a persona by denying the logon right to enter the system. Without that, a persona becomes a simply an information object that can be deleted. What the administrator cannot do, by Rule 2, is take control of the persona to use for their own purposes while it remains allocated to the person concerned.
Death. If the person behind a persona dies, their data can be deleted, made available to relatives, or even converted to a memorial as Facebook allows. A person’s physical will does not usually cover what happens to their online data, yet many online programs act as if death does not exist, e.g. one can get an eerie Facebook message from a person after going to a funeral. By some estimates there are over 30 million profiles of dead people on Facebook and tens of thousands are added each day, so death is relevant to social media. One answer is a digital will, but a better approach is to let people specify what happens to their digital estate when they die as part of the registration process.
Table 6.1 summarizes persona access rights.
Table 6.1: Persona access rights
Persona |
View |
Delete |
Edit |
Unregister |
Transfer, Delegate |
System Admin |
√ |
√ |
|
√ |
|
Owner |
√ |
|
√ |
√ |
√ |