January 20, 2010 at 3:09 pm | Posted in Human Factors in Security | 2 Comments
Tags: Facebook, group identity, human behaviour, Identity Economics, LinkedIn
From the age of 16, for the next 15 years, I served in the Royal Navy. Like all uniformed, military organisation, a vital part of the induction process is learning the etiquette attached to membership. I don’t just mean the rules necessary for large and (at that time) wholly male groups to live and work in extremely close proximity, away from their families for long periods. Nor do I just mean the discipline on which lives can depend in a fighting force. Finally, I don’t just mean the quaint and unique traditions that come from 500 years of history. What I mean is the way in which servicemen (and women) are expected to dress (both in and out of uniform) and to behave (whether on duty or not), particularly when in the view of the general public.
The pressure to conform to these standards (which generally far exceed the norms for society) is immense and is imposed by one’s peers, not through the hierarchy. Having said that though, the lessons a 16 year-old learns from a Gunnery Instructor tend to stay learned for life! A good example is the practice of saluting. Saluting is always a mark of respect to the Monarch. So, we face the mast and salute at morning Colours and at evening Sunset, we face the ensign and salute as we board the ship or go ashore. And, we salute officers, because they hold the Queen’s Commission and that’s what we’re acknowledging, not the individual. To illustrate that point, from their inception in November 1917, the Women’s’ Royal Naval Service (WRNS) were not formally part of the Royal Navy, having their own rules and organisation. WRNS officers did not hold a commission and thus, Royal Naval personnel were not required to salute them. This all changed on 1 July 1977, when the WRNS became subject to the Naval Discipline Act.
Why am I telling this long winded story? Well, although I left the Navy nearly 30 years ago, MrsV1951 and I still live in a naval town, so seeing uniformed RN personnel in the town centre is a common occurrence. A few days ago, in search of sanctuary and free wi-fi, I was headed to a local coffee shop and I happened to be following a naval officer, in uniform. Coming in the opposite direction were two naval ratings, also in uniform. They passed without even acknowledging the other’s presence, much less saluting. I was incensed, not just by this, but by the fact that the ratings were wearing their blue denim working uniforms (never, ever worn ashore in my day) and the officer was drinking Cola from a McDonalds cup as he walked! Why was I so annoyed? Maybe I’m just becoming a curmudgeon (I’m certainly old enough to qualify).
And then, today, an article in the Times by Daniel Finkelstein shed some light on my disquiet. Finkelstein was discussing how group identity has an impact on how we behave. This phenomenon has attracted the attention of the Nobel Prize-winning economist George Akerlof. Together with Rachel Kranton, he developed the idea of Identity Economics. The central concept is that we adopt an identity to fit in with our peer group and that preserving that identity is one of our major economic drivers. In their book “Identity Economics: How Our Identities Shape Our Work, Wages, and Well-Being” (to be published next month), they describe how the Armed Forces successfully exploit this behaviour to make service personnel adopt the identity of the service to build team spirit and morale – all the attributes that make every serviceman and woman determined to do their best for their colleagues every time. And they know that their colleagues will do the same – essential in the face of extreme danger (I served much of my time in submarines, where extreme danger was always close by, though rarely due to hostile action). So, maybe that explains my annoyance. What I saw was members of a peer group of which I am (subconsciously?) still a member not obeying what I think are the norms of group behaviour. If Akerlof is right, then I see that (subconsciously?) as a threat to my identity.
So, finally, what’s all this got to do with Identity Management? Well, it seems to me that some of the more perceptive commentators in the security industry, including David Lacey and Bruce Schneier, are saying that the real challenge for security professionals is to address the behaviour of the humans in the system. And, if Akerlof is right, then those humans have a composite identity, where each segment represents a peer group with which they identify and carries with it a set of behavioural norms.
It seems to me that this is reflected in the different behaviour people exhibit in revealing personal information on sites such as Facebook and LinkedIn. They expect to be able to portray an appropriate “face” to their peers in these different environments, without them interacting. And this, allowing a user to control who can see which parts of their identity profile and under what circumstances, is where we’re going to need some technology.