So, identity validation is upon us “soon”. Having let the message sink in — after all, it’s no surprise, Linden Lab has been talking about it for quite a while — it’s time to try to understand the implications. In other words, like LL likes to call it, a post-mortem analysis of what this might mean for our fellow residents — the kind of thinking that sadly LL does not do a priori, or, if they do, they almost never tell us why.
The Cultural Issues
Regrettably I’m not really the best person in the world to talk about “identity validation” in general. My country, Portugal, has a very weird relationship with “identity”. Having survived 50 years of what now is called a “benign dictatorship”, the current democratic constitution of 1974 actually forbids the State to correlate any individual data, and all State-controlled identification documents are in separate databases with different ID numbers (unlike more rational countries like Spain, who have only a single number). Legally, or rather, constitutionally, they cannot be held in the same place. So Portuguese citizens (and legal residents) have at least a tax number (which is freely given to anyone, really), a social security number, a voter’s card, and a national ID card number. Everybody who has signed-in for high school will have a national ID card (and since going to high school is mandatory, this means that everybody over the age of nine will have a card). Everybody who works will have a tax number and a social security number, and this means that technically all adults — and also many teenagers, since you can legally get a job if you’re 16 — will have those other cards as well. All have different numbers and are emitted by different ministeries, using incompatible databases — from the early paranoia days when democracy was young and citizens feared the totalitarian control of the State.
Only the national ID card provides valid identification (in extreme cases, the passport will also work). Unlike what happens on most countries in the world, providing your identification is almost an universal requirement. Until recently it was a minor felony if you didn’t carry your ID card, since you would almost invariably need to identify yourself — to claim a packet on the mail, to drive, to enter a nightclub, or even to enter corporate buildings where all people are identified at the entry. You also need to show it if you want to rent a room at a hotel. Or, obviously, to go to a casino. But there are lots of other situations where you need to show it, too — when opening a bank account (obviously), signing a contract (also pretty obvious), but even when joining your favourite soccer club (ridiculous)! Or to register for a gym! So, in my country, validation is ubiquitous. It becomes so commonplace that we don’t lose our sleep fretting over it.
This means that obviously I’m used to go around with a card that looks pretty much like the one pictured above. You can observe that it has my fingerprint, too. Indeed, all 10.450.000 Portuguese (or, well, everybody over 8 years old anyway) will have their fingerprints on a national database (no, it’s not a computer-based database, so it’s pretty useless). We’re used to it. It’s a pain when you lose your ID card; it’s another pain every time you change your address, or every five years, when you need to get re-validated and spend a morning filling paperwork and stand in queues (a new automatic machine will soon replace that, but it’s not widespread yet).
In effect, on average, you’ll be showing your ID card at least once a week — more if you’re doing business, since almost every building these days will ask for your ID before letting you inside. After a while, you get used to it and don’t think twice about the implications.
More worrying perhaps is that most entities asking for your ID card will also want your tax number. Banks, for instance, will require both. Allegedly, when signing a contract, you might be taxable — so you need to show your tax card and give your number. However, since the tax card is not a valid identification card, and is not even signed, it means that you have to show both. Thus, in effect, “someone” is going to correlate data that way. And if you want to get employed, you’ll have to show your social security card as well — so at least your employer will have three numbers for you, and very likely, copies of all your cards. So will your bank. Or your credit card company. Or your insurance company. Or, well, your soccer club — since they’ll emit a receipt of the monthly fees and they need your tax number for that. So, in effect, the issue of “anonymity” doesn’t really exist in Portugal. The only reason why people are not paranoid is simply because all those systems are not really interconnected — so there are hundreds of thousands of separate databases — although this might change in the very near future. But the Portuguese are very “soft” and not keen to make a fuss about that — universal ID validation of some sort has been around since 1911 at least and nobody remembers anymore how things worked before that, when people didn’t even needed to register a last name.
Coming from this particular background —”the land of no anonymity” — it’s naturally obvious that I’ll be always biased about identity validation, since I’m so used to it on a daily basis. It doesn’t mean that I worry about what goes on in RL. Identity theft is certainly possible, but harder than most people might think.
And, of course, there are authorities that control very closely what people are doing with all those databases. All that is required is a formal complaint; the authorities are even eager to follow up on complaints!
The whole point here is that your relationship towards your identity is, first and foremost, a cultural one. You’re part of a society that establishes norms protecting and safeguarding your identity, and keeping a balance between your privacy and the requirement to provide a valid ID. More liberal (or libertarian!) states will definitely consider privacy a “sacred” issue — an unalienable right! — and will only require a valid ID in a few extreme cases. In those countries, “you are who you say you are”, and the State has no reason to mistrust you. On the other extreme of the scale, on the autocratic, totalitarian states that still exist, your ID card is a form of State control, where your movements are tracked by the State. Most countries, however, are in-between both extremes, depending on how sensible they are. Some, like Portugal, are an oddity among democracies, where a privacy-paranoid Constitution is actually completely disregarded daily, just because it’s more convenient for the State, the companies, and even the individuals, to be quickly able to prove who you are by presenting an universally valid identity card.
Let’s see how this relates to what Linden Lab is proposing to introduce in Second Life. In essence, the technology is rather simple and even naive in its simplicity — it’s also not breathtakingly new. A “trustful” third party asks you a few questions — basically, you’re asked to supply some of your ID card numbers, or part of the number — and checks it across some “public” database where this information is “freely” available (where exactly they find these databases, is anybody’s guess, specially when we’re talking about world-wide ones). If they find a match, they’ll send an acknowledgement back to Linden Lab: “this person is known to be who they claim to be”. That’s all LL requires. LL does not need to store any personal data; and, conversely, the third party that provides a validation service has no clue what that person is going to do in Second Life. In effect, there is never an established relationship between your own private data, Linden Lab, Second Life, or the external third party validation service. All are separate and not related to each other. The only thing that LL knows is that a certain avatar, claiming to be person X, is, indeed, person X. But the data you provide to LL is not the data you provide to the validation service: in effect, only you know that both are related to each other.
This is significantly different from, say, getting a digital signature from Verisign or confirming your data with PayPal. In both cases, these entities will indeed require you to send them a lot of documents, most often by fax, proving that you are who you claim to be. The “validation” in this case is made through a thorough papel trail. You need to reveal all your information — the less you send to these entities, the less likely they are to provide you a valid digital certificate in your name, or validate your account with PayPal. In my personal case, for PayPal validation, I needed to send them about 20 pages of documentation (I’ve never applied for a Verisign certificate, so I don’t know how painful that process is). A friend of mine sent them 13 pages — copies of ID cards, proof of residence, extracts from your bank account, your credit card, and a lot of things in that style. It’s a tough process and takes days, weeks, or (in my personal case!) several months, until the “validation authority” is happy that you’re sending them everything they need in good faith.
There is still a broad margin for error and for “faking” identity, of course – short of personal presence it’s almost impossible to allow people to get “fully validated” in real life. That’s why banks still rely on looking in your eyes to make sure you are who you claim to be, even if all the rest of their transactions may occur simply via electronic means.
Linden Lab’s choice of validation service — Integrity — however, is quite different. They do not really “prove” anything. Think of them as “Google for Identity Validation”: they simply look up your personal data against several publicly available databases and see if they find a match. If they do, they can say that you “exist” and are who you claim to be. You don’t need to provide any documentation: either you are on Integrity’s database, or you aren’t — and “verification” is simply based on that.
You might now think what’s all the fuss about verification then. Keep in mind two important things here:
- Linden Lab will never know what data you submit to Integrity.
- Integrity will never know what data (ie. avatar name, credit card, PayPal account) you have submitted to Linden Lab.
So in effect, Linden Lab and Integrity never see the whole picture — Linden Lab only knows that you have “proved” to exist in Integrity’s database (but don’t have a clue on what data you have sent them!), and Integrity will only know that you’re a resident of Second Life (since they will know where the request has come from), but won’t know your avatar’s name, or the credit card you’re using for the LindeX or for paying your tier fees.
It’s also important to dispel the myth that you’re going to provide “personal data” to Integrity. Unlike what happens with Verisign, PayPal, or other similar organisations, you’re not going to tell anything that Integrity doesn’t already know about you! Put into other words: Integrity already has your personal data on their databases. All they’re saying to LL is simply: “yes, we know about this person, they’re on our database”. And they’re only going to tell LL that if you authorise Linden Lab to check you up on Integrity’s website — but without telling LL what your personal data is!
This naturally raises a few questions:
- What happens if you’re not in Integrity’s database? (I wonder where they get all that “publicly available data anyway!)
- How can you be so sure that Linden Lab does not store your personal data somewhere else?
- And most important, how does this system prevent anyone to simply get the data from a friend, a parent, or some stranger they happened to meet in the street (and who, say, dropped their wallet on the ground, with an address and their social security number, and you just “happened” to get a glimpse at it)?
So, in effect, what is really being “verified” here?
Linden Lab’s Reasons for Identity Verification
Let’s try to go through LL’s argumentation and see through their curtain of smoke hidden in their words:
The IDV [Identity Verification] system aims to deliver two things.[…] This will help establish trust by removing a layer of anonymity for those they interact with. It’s much easier to trust someone who puts their name behind their words and actions.[…] The second benefit of the IDV system is to help land owners and content publishers be sure that minors do not get access to inappropriate material.
So this goes through two assumptions. One is that people now suddenly require trust to interact in Second Life — and that trust comes only from a lack of anonymity; the other is related to minors getting access to “inappropriate material”.
We’ll see these in turn. First and foremost — why is trust equated to lack of anonymity? One can consider the old argument: RL businesses and RL companies are in SL, and they need to know whom they’re dealing with. In essence, this is like claiming that you need to show your ID card when buying some groceries at the supermarket. As we all know, buying groceries is pretty much anonymous, and that never prevented any supermarket to conduct serious business.
On the service industry, however, it’s common to sign contracts between companies providing services, and these contracts, usually, are signed. The signatures are also usually verified with some form of ID (but not always; again, this is mostly a cultural issue and varies from country to country). In effect, even in my country, it has been a long time since anyone validated formally my signature — mostly when opening a bank account. But I don’t remember needing to send a copy of my ID card when buying, say, a mobile phone with the associated service plan — or installing an ADSL connection at my home. In fact, I don’t even remember needing to prove my identity when registering a trademark — and this is in the identity-paranoid country where I live! So, although I’m pretty sure I showed my ID card when registering a company with a public notary, most of the contracts that are signed by myself or my colleagues are not “verified” for identity. People enter those agreements in good faith, most of the time.
But what about the few cases where RL businesses want to make sure they’re dealing with a legitimate company in SL? Well, to be frank, whenever this happens, you’re very likely to meet them in meatspace, or send them some faxes, or letters, from your RL office. Put in other words: if someone mistrusts the avatar they’re dealing with, all they need to do is to call your office up and see if you pick up the phone.
RL businesses couldn’t care less if your avatar has a checkbox on your Profile saying “Fully-verified identity”. Actually, for the reasons I’ll soon be showing, that checkbox will highly likely be pretty much worthless. And RL businesses are not in SL for having fun with the drama, or dealing with the paranoia, or the fuss that LL and their residents make about verification — all they want is to conduct business with serious companies and individuals. And trust me, they know pretty well how that is done in real life, you don’t need “high tech” for that. A copy of the registration of your company will usually be very easy to gather (in most countries it will be public; in several, you can even look that up on a Web-based database).
So perhaps LL is hinting at SL business, ie. implying that if you sell hair or clothes for L$, and have a validated avatar, people will “trust” you more because of that. Unfortunately, that argument is ridiculous. Business ethics don’t have anything to do with your ID — people are not “more honest” because they flash ID cards at you. Criminals have ID cards, too. So “proving your identity” is definitely not a precondition for “being honest”; what one can argue is that most crooks will try to avoid giving you ID cards so that you cannot bring them to court. That’s certainly true, but it’s pretty much misleading. After all, in SL, you won’t be able to know whom you’re dealing with. You’ll just see the checkbox saying “Verified Avatar”. Not even LL will be able to help you out — they don’t know how the avatar was verified, just that Integrity told LL that this person has matched their database, without letting LL know who they’re talking about.
A very small number of people even have cynically suggested that the only people willing to verify their avatars will be crooks — since they’ll be able to leverage in the false sense of security provided by that checkbox in order to engage in business transactions in SL. I also think this is too cynical; however, if I were a crook, I would most certainly validate my avatar with fake data!
The supermarket or retail shop example shows that everyday business transactions simply don’t rely on validation to work in real life — every day, for billions of human beings. You can still be cheated by buying rotten eggs although the package claims otherwise. Most of the billions of RL transactions, however, are legitimate. All that happens without the need to show your ID card to the supermarket employee, or, vice-versa, requiring the employee to identify themselves. And, in SL, we have survived four years with mostly legitimate transactions (they far outnumber the illegitimate ones!) without validation.
Very honestly, I don’t buy that argument. Let’s see the next one.
LL claims that this mechanism will give landowners a new advantage: being able to exclude minors from viewing adult (ie., “broadly offensive” or “inappropriate”) content. This is in fact the most discussed argument in the whole SLogosphere. Usually, residents complain that the Main Grid is for adults only anyway, so this extra step is surely not needed; LL claims that they cannot use a credit card to validate the age (this is legally correct) and so have no way to keep minors out.
But sadly the issue is not so black-and-white as most people seem to be arguing these days. First of all, “getting minors out” is not LL’s major reason for introducing validation services in SL. The major reason is getting rid of the liability.
Quoting again from Robin Linden’s post,
The burden of responsibility lies with the parcel and estate owner for the content displayed and activities offered on their land.
So now we understand better what this is all about. In effect, Integrity does not really provide “just a verification service”. Their core business is actually far more interesting: they buy LL’s liability in case LL gets a lawsuit for letting minors to see “inappropriate content”. Even more interesting is that LL does not need to worry about what “inappropriate content” means: this is a cultural question, not a philosophic one, but LL does not need to care. Whatever lawsuits will come LL’s way, they will simply get Integrity to pay for them.
Put into other words: Integrity is an insurance company. In this day and age where parents basically don’t care what their children are doing, and blame the State for not taking care of a “children-friendly environment” by filing lawsuits against “the big bad companies who display terrible content”, a new business opportunity has arisen: selling insurance against the (albeit remote) possibility that you get a lawsuit for displaying “inappropriate content”.
How does Integrity work? Well, if you’re familiar with insurance companies, you know that they rarely lose any money. They employ highly-trained mathematicians and statisticians to develop a set of tables to find out how likely an event is going to happen, and how much it will cost. This is the amount that you charge as a premium, plus some extra as a profit. You buy insurance trusting that the “bad thing” will never happen, and the insurance company hopes the same. After doing business for several years, you can pretty accurately “predict the future” and establish the lowest possible value for the premium. In fact, this system is so popular that it was invented in the 15th century, and insurance companies have been fine-tuning it for over 500 years. They’re very good at foreseeing the future.
So what they do is look at LL’s resident base, and say: how likely is it that any of the 10 million users in SL is going to file a lawsuit because a minor is looking at “inappropriate content” (ie. a woman’s bare ankles, if you live in Iran), and how much could that lawsuit cost? Based on the number of lawsuits filed in the past, and the amount of expenses due to those lawsuits, they can pretty well establish a value for their insurance. And this is what LL pays. It has to be a very low value, since LL always claimed “it will be just a few L$”, and I actually trust LL when they claim that the premium is very low: the probabilities of “something bad happening” are really, really low.
Still, all it takes is a huge lawsuit to bring LL down to its knees. And very likely, just as they have insured their servers at the colocation facilities they use, they are now insured against lawsuits arising from “displaying inappropriate content”.
Why does Integrity require any data at all, if they are basically just working as an insurance company? Well, to keep the risk low, and thus provide LL with a lower premium for their insurance, they have methods to minimise their risk. Most people are honest when providing their ID data. Most of Integrity’s databases are correct. Let’s say that 99% of all the validation requests will be absolutely correct if they just correlate your address with an ID number stored on a public database for that same address. By requiring this extra test, they will dramatically minimise their own risk, and thus charge LL less for insurance. This is not different from buying life insurance and requiring a physical examination by a doctor — that way, the insurance company will know that, in exchange of providing some very personal data (your full medical records!), they will have a far lesser risk when calculating your premium, and have a higher margin of profit.
So far, so good. As a faithful resident for so many years, I’m naturally happy that LL is starting to get insured against lawsuits, something that always worried me in the very recent past, when it was clear that things were starting to become, well, messy.
This will also hopefully explain why LL banned gambling. It was not because “they were under FBI investigation”, like many (including myself!) assumed. It was not because of any “governmental pressure”. In fact, some friends of mine implied that “gambling” was not part of the “better world” that LL wants to build, and so this was a political agenda. Not at all. It’s stated on Integrity’s site: they don’t insure gambling sites. For now. This article on their website seems to promote Integrity’s own political agenda, which allegedly is that online gambling in the US should be promoted (because it provides a lot of taxes to be collected by the IRS!) but only if the websites are protected by a validation system that shuts minors off. Which is, of course, the type of service that Integrity can provide.
So it seems that LL is now part of the lobby for regulated gambling in the US, but, until the legislation changes, they play “nice” and subscribe the service that Integrity is allowed to legally offer — website insurance against minors having access, but only if you don’t offer gambling. So, the casino shutdown is just a consequence of LL signing a contract with Integrity and nothing else.
There is just a nagging issue: what about the transfer of responsibility to landowners?
The Implications, Short-Term and Long-Term
I will not repeat what others have explained in such detailed analysis in their own blogs. Basically, once LL “sold” their liability to Integrity, they gave landowners the following choice: join us in keeping unverified avatars out of your property, and we’ll give you the benefits of the insurance we bought.
This is the positive aspect of the whole issue. Right now, if a minor comes into the grid, and sees “inappropriate content”, there is a bit of a legal problem. Who is exactly liable? Well, the way things are seen by some US lawyers, the answer can be either “the kid’s parents” or “the entity having allowed the kid to join”. I believe that the real issue is: “how big can be the lawsuit against LL?” I think that very likely LL will not be criminally charged for “allowing minors in” – since they clearly state that minors are not allowed, require everybody to place their birth date on good faith when joining SL, and parents are still responsible for their children, even in the US 🙂 The fact that minors can — and will — lie about their age is of no legal concern to LL, and I’m pretty sure that the current system is strong enough to hold in court if criminal charges are brought against LL.
The problem, however, are civil lawsuits, when a disgruntled parent (or a greedy one!), having engaged pro bono one of the top lawyer companies in the US, is able to claim compensations from LL because “the inappropriate content” has “troubled their poor child”. I believe that a pretty convincing story will get a jury to shed a few tears, and LL be forced to pay a few million US$ as “compensation” for “wrecking the kid’s life” after seeing the “disturbing images”. I’m very sorry if I sound too cynical for you; but I was raised to believe that the parents are always responsible for what their children are doing, and I can’t agree with the concept that companies (or the State) are supposed to take over that responsibility. I’m also not really convinced that “nowadays parents are totally unable to control their children” or that “pornography is so widespread that you cannot prevent kids to find it”. Whatever the reasons, we have to deal with the fact that in this politically-correct age and era, the parents can sue others for things happening due to the parents’ inability to control their own children; and instead of complaining about the current mentality, we have to live by adapting to the changes. So, while LL is very likely “safe” from criminal charges, they’re still liable to litigation. And this is where Integrity will save them, by accepting that liability.
So after validation is introduced, LL is actually providing us residents with a new service (for free), which, simply stated, means: in case of doubt, you won’t be liable either if a minor watches your “innapropriate content”, if you agree to configure your land parcel to disallow not-verified avatars. This is stating it the positive way, just like LL writes on their official statements.
The negative side is, of course, that you will be held accountable and liable if any lawsuit is brought against LL because of a minor viewing “inappropriate content” and your land is open to any avatar. This means that, in effect, you can either do it “LL’s way” — get insured too, by clicking the checkbox — or you can take the risk all on your own (it’s up to you). Until now, you had a way out: if someone filed a lawsuit against you, you could still try to put the blame on LL, and thus avoid the lawsuit, basically stating that you had no reason to believe that minors could enter SL, since LL clearly stated otherwise. From now on, the tables are turned: LL will only guarantee that validated avatars are not minors (and is fully prepared to back that guarantee with money, through their agreement with Integrity), and if you opt-in for just allowing validated avatars in your own land, that “guarantee” will be extended to you as well. If not — you’re on your own, and LL will not help you!
Of course, LL is naive. They imagine that a huge percentage of residents will “validate” themselves, and, conversely, that a huge percentage of landowners will also block non-validated avatars, and thus that we can all peacefully exist in a very mature, and very adult world, safe from harm. This would be a nice counter-move to the terrifying “Disneyfication” of SL that has been going on. With a fully-validated world, shutting out minors once and for ever, we can all breathe deeply again. This rather lovely dream, alas, is just an utopia. LL does not really understand how paranoid their users are. The estimates for the number of people willing to go through validation is really quite low — nobody trusts LL any more, and much less this “strange” third party of dubious reputation (as said, where do they get all those “publicly available databases” anyway?).
There is thus a huge issue that will arise pretty soon. We’ve lost a third of the L$ exchanges at the LindeX when the casinos shut down; and there is an estimate that close to two thirds of all content developed in SL, if not straight-out “mature”, is so pretty close to “inappropriate content” that people will fear having it displaced on their land. Since residents will either self-flag content as inappropriate, but Ll will also allow others to flag it, it’s quite likely that people will be over-zealous in their flagging (or, as well, use it as a griefing tool). Merchants are very likely starting to panic: there might never be enough validated customers to buy their wares! And without merchants selling content, the economy grinds to a stop – merchants will close their shops, they will sell their land, and even if they stay in SL (assuming it is still attractive to them), they will certainly spend much less.
I don’t think that LL is ignoring the issue. I think they’re just very optimistic in the long term, ie. as always capitalising on the growth of SL. I can imagine that the new registration page will soon have an extra field saying: “Second Life is an environment with mature content. To allow you to view this content without restriction, you can safely click here to get validated as an adult. The procedure is simple and painless and will take just a minute. Please use it to get full access to all the fantastic content that millions of users have created for your pleasure!” And by the end of 2008, we’ll have ten million new, clueless users, who naturally clicked that button, never knowing what the fuss was all about.
So I guess that they’re gambling (pun intended!) on the increasing growth of SL to offset the minor collapse of the economy. Like in so many cases where people panicked and left, it will be the long-runners that will reap the benefits. The mature content providers will smugly validate themselves and flag their own content and parcels as “validated avatars only”. They will wait a few months, seeing their customer base dwindle and disappear in a few weeks, possibly with loud complains at the beginning — but then look forward as having, effectively, get rid of the competition that won’t be around selling mature items during 2008. Believe me, the ones that will patiently wait will reap huge benefits (and remember — the ones complaining about your decision today, since they refuse to get validated, will very likely not be around tomorrow to complain further, so they’ll be easily and swiftly dealt with by just waiting).
But SL is all about short-term planning. Everyone wants to make a quick buck. Nobody is really planning ahead for 6 months or a year. Even the more optimistic sellers of mature content have doubts if SL will be around by the end of 2008. So “panicking” is the natural reaction. The big question is, how many people will be still around by the end of the year selling mature content?
If the answer is “not many”, will we really have Disneyfied the whole of the SL grid? (thus making the whole purpose of the validation service basically worthless)
The Alternative That Linden Lab Never Gave Us
I wish I had an answer, of course, since the Disneyfication of SL will basically mean that other competitors, with less qualms (and probably better lawyers!) will be able to compete on a lower-quality virtual world, but one that is addressed to the mature market. On the other hand, if people came over from There.com or other worlds because of the mature content, what is the incentive now to stay? They can have “Disneyland” anywhere else. Shutting down the whole mature content industry — even if just for a while — means that SL doesn’t offer a big enough incentive for people to stay. The number of residents that are in SL “just because it allows you to exploit your creativity” is naturally less and less, in relative terms — they have changed to SL because of it — but the number of pure consumers that don’t want to create anything (either because they lack talent, time, or motivation) by far outnumbers the rest. And for the pure consumers there are so many choices around, and SL is not even the best-looking one. However, it was, so far, a good compromise: although the technology might be more unstable, and the graphics lower quality, you could engage in the hugely widespread adult environment.
Obviously, too, this will not prevent universities or even some companies to stay around — the ones that are interested in studying virtual worlds and/or using it internally for several areas (training, communication, etc.) will not even notice that the mature content disappeared. For them, SL is the alternative to things like OpenCroquet, and they will stay around.
So the issue is really about the millions of resident that, in 2007, are not willing to trust a third party to validate themselves, even if the process is painless, quick, very easy, and doesn’t require revealing anything, either to LL, to Integrity (who has all your data anyway), or, more important, to other residents. Still, the psychological effect is the one that counts.
Linden Lab had, actually, a different way of dealing with this. Instead of relying upon a single entity to provide validation, they could create a verification API and allow several companies to provide the same service. Let me give you Verisign’s example again. Verisign effectively validates a person — not just some simple “database matching” mechanism — by requiring a lot of documentation. But in return you just get a digital certificate — no “real” data is placed inside the digital certificate. So if you don’t trust Integrity or Linden Lab, all you would need to do is to copy & paste your Verisign certificate into LL’s site, and your identity would be “certified”. Verisign is quite expensive, but there are far more similar entities providing that kind of service. In fact, even PayPal provides that service, and it’s for free — although it trades off “cost” for “bureaucracy”. But there are many many others.
If Linden Lab really, really wanted to validate avatars, they would have opened their system up to several providers. In fact, you could even start your own validation/certification service and provide it for a fee. A good example — hinted at by Zero Linden on some of his recent office hours — would be some companies “validating” their employees as being “adults”. Using OpenID or a similar mechanism this is easily accomplished. And it would also mean for us residents that we would have a choice.
For Linden Lab, however, this doesn’t work. They really don’t care if you’re an adult, certified, validated, or verified. All they really want is insurance against potential lawsuits. And I’m afraid that this is what they can get by working with Integrity, unlike what happens with other companies. So we’re stuck with this system.
It’s also important to understand that this system will not guarantee that minors won’t get into the grid: they will very easily be able to type their parent’s ID numbers and addresses on Integrity’s website, and log in safely — in fact, it’s quite possible that all teenagers will do that pretty quickly once this system is out! But, again, let me stress out that LL doesn’t care what teenagers are doing with their parent’s data — all they wish to avoid is the cost of a lawsuit. And in that case, LL would be safe — the parents can sue LL for as long as they wish, for giving access to their children so easily, but LL will simply point to Integrity to get the checks written, and go on with their business as usual.