NO MERCY / NO MALICE

In 1791 an obscure baroness and her daughters left Paris in a carriage headed west. Along the way, at Sainte-Menehould, their male servant went to change horses, and the town’s postmaster, Jean-Baptiste Drouet, thought he looked familiar. Drouet took out a banknote and confirmed, from the face printed on the back, the servant’s identity: King Louis XVI, who was supposed to be confined to his palace under revolutionary guard. Within hours, the “servant” was detained at Varennes. It was a costly ID: Two years later, an executioner would hold up the King’s recognizable head.

Anonymous

The ability to don a disguise and take on a new personality is in our DNA. It’s key to the plot in half of Shakespeare’s plays and the focus of my favorite holiday. Our nation’s liberty was won with the aid of anonymity. Madison, Hamilton, and Jay wrote the Federalist Papers as “Publius,” Ben Franklin and Thomas Paine often wrote anonymously. On the flip side, state tracking of identity should not be taken lightly: See Nazi Germany, the Soviet Bloc, and modern China. In sum, identity can be weaponized.

In its early days, the Internet seemed like a haven for reinvention and anonymity. However, unchecked anonymity online is not working. The prevalence of anonymous accounts and bots has evolved into a sociopolitical scourge. It has threatened the integrity of our elections, divided our nation, and — as Jonathan Haidt put it — systematically made us more stupid. We should change course and require proof of identity online. Enforced ID won’t solve all these problems, but it would be a step in the right direction.

Tagged

Binding ourselves to the administrative state sounds ominous — “Your papers please” — but verified identity is a cornerstone of modern life. In the two centuries since Louis XVI inadvertently created himself a photo ID, we have institutionalized identification. In 1803, Napoleon introduced internal ID cards for workers, which reduced the levels of trust needed to transact and employ, unleashing economic growth. Other nations followed suit. In World War II, fear of saboteurs and spies spurred heightened ID requirements. The rise of the administrative state in the years after rendered persistent identification essential. Today, driver’s licenses, passports, social security numbers, email addresses, and a hundred other pins and flags of personal identifiable information tag us like endangered species in a reserve.

Nearly 90% of the world’s population has some form of official identification, and we couldn’t function without it. Keeping dangerous drivers away from our highways, psychopaths off our airplanes, and 14-year-olds out of our bars makes us safer and lubricates economic growth. Nobody likes paying taxes, but automation makes it (reasonably) fair and efficient. When we moved to London this year, I rented our house in Miami to a family I never met. And it didn’t occur to me to do so … because the infrastructure of banks and agents and bureaucrats knew both our identities, and they’ll track either party down if we don’t live up to our end of the bargain.

Yet our appreciation, and enforcement, of identification has not extended online. When the internet appeared, we took to anonymity like Louis fleeing to Varennes. We could be anyone, go anywhere, say and do anything.

Online freedom from institutionalized ID has virtues big and small. No interesting adult human is the same person in every context, so it’s best for all concerned that I don’t know my employees’ Reddit handles, and they don’t know mine. (Note: Don’t have one.) Online anonymity allows us to try on new identities or express our true ones — honest expression can be dangerous in many contexts and communities. On the geopolitical scale, protests against oppression, like we’re seeing right now from brave women in Iran, are often coordinated and leveraged using anonymous accounts.

Cost

That freedom has come at a cost, however, and the downside is both too great and not necessary. Similar to oil’s extraction and conversion to energy, converting attention to influence and purchases produces emissions. When users can hide behind pseudonymous usernames with anime profile pictures, many of the real-life disincentives for acting, well, shitty just disappear.

For decades, studies have demonstrated how crowds, anonymity, and obscurity unleash our worst instincts. There’s a term for the online version, the “online disinhibition effect.” Research shows anonymity is an accurate predictor of cyberbullying. It also causes a lack of empathy. In sum: When we don’t have guardrails or face consequences, we’re prone to being assholes. And the incentives of ad-driven media promote the most aggressive and uncivil among us to prominence, coarsening the discourse further and crowding out a key component of civilization’s progress: civility.

At least in the physical world, the number of assholes is capped at one per human. But thanks to technology — and its leadership, which hides behind the illusion of complexity — no limits exist online. A single human can be a virtually infinite number of masked bad actors. Russia has been using armies of bots to sow seeds of unrest in America for years. A recent New York Times article revealed how Putin’s regime used bots to pit Americans against one another in 2017. Pretending to be real Americans, Russian operatives posted aggressive and inflammatory tweets about the leadership of the nascent Women’s March movement. One message gained traction, targeting a movement co-chair with racial and religious abuse. It shattered the organization. Now China is getting in on the action.

Verifying online identity is not a new idea — it was actually the original plan. For years, Facebook demanded its users go by their “authentic name.” Google had a real-name policy for its (now abandoned) Google+ social network. What happened? Google’s policy was described as “evil,” “dangerous,” an “abuse of power.” Facebook’s was criticized for being racist and transphobic. These criticisms reflect real issues. The list of situations in which attaching your real name to a public online profile can be unreasonable or dangerous is extensive. But these concerns can also be addressed. The real reason the platforms opened the door to bots and fake accounts? Short-term profits. Fanning the flames of incivility generates traffic (at least at first), which means more inventory to sell to advertisers.

Now that our online world has been rendered a post-apocalyptic dystopia, with the living and the undead wandering amongst one another, the platforms claim that cleaning up the mess is just too difficult. The illusion of complexity is a bullshit rap performed by incumbents who want to protect and enhance their wealth. If Amazon can figure out a way to ensure that reviews for Lord of the Rings are from genuine viewers, shouldn’t we expect the same veracity re our elections, vaccines, and asset values?

There is broad public support for identity verification online; 80% of U.S. adults support verification for creating accounts. To be clear, there should be safe spaces and platforms where people can remain anonymous. We all have the right to send confidential messages to others, and to not have our data surveilled or used against us or without our knowledge. But when you mix real and fake accounts, and profit from the explosive results, you’re not pursuing anonymity … but fraud.

KYC

Under Know Your Customer (KYC) laws, certain companies (mostly in financial services) are required to obtain credentials that prove the identities of their customers. Providing the infrastructure for compliance with these laws is a growth industry. The average U.S. bank spends up to $130 to validate the identity of each new customer, and roughly $60 million a year — globally it’s a $1.4 billion market.

KYC isn’t perfect, as we learn every few years with another document dump detailing how the rich and powerful use shell companies and lax jurisdictions to hide their wealth. But the complexity of those schemes is testimony to the robustness of the system they seek to circumvent. Just compare traditional banking with the “anonymous” crypto version, so-called DeFi, which suffers from a massive fraud problem: Over $12 billion was stolen in 2021 alone. The success of KYC proves we can build secure systems to confirm that a real live human is attached to every online identity, and to provide recourse if that human breaks the law.

Platforms could employ KYC directly, requiring ID for every new signup, and limiting the number of accounts each person can control. But not everyone wants to have to trust Meta with their personal information, because the company’s data security team is about as reliable as Man U’s back four. (Sorry, had to.) Social media’s untrustworthiness is a business opportunity, however. The solution to confirming online identity is a profitable layer/middleman in waiting. Users could set up a single identity account with a trusted provider, who’d then vouch for the uniqueness of that user with any social media company or other online business where they open an account. Sort of a Clear for platforms.

First in line for this role is … still Big Tech. If you’ve signed up for any new website service lately, you’ve probably been offered the chance to “Sign in with Google” or “Sign in with Apple.” Even Meta is in on this, hoping you’ll forget about its track record. (It’s not going well.) But consumer trust is everything here, and these companies have revenue goals that depend on harvesting your data, selling you stuff, and manipulating you, not keeping your data safe.

If Big Tech can’t earn our collective trust such that we’re willing to give them the keys to our online identities, an alternative model is emerging. Pure-play identity companies that are financially incentivized to maintain security — not sell more ads or upgrade your phone. There are some startups working on this. Footprint, for example, is a security company that stores important user data and then verifies the information before the user is onboarded to other platforms. I.e., KYC.

Once an identity is affixed to an account, a platform could decide whether to permit pseudonyms. LinkedIn likely sees little value in anonymous accounts, and Facebook’s basic premise is in opposition to pseudonyms. Both brands would benefit from maintaining an environment where real people post under their real names (perhaps with exceptions for worthy cases). Twitter, on the other hand, might see the virtue in continued anonymity, and even allowing multiple accounts (a subscription perk, perhaps?), but it could wipe away its bot problem with KYC. A “no-anonymous account” Twitter competitor might also emerge.

Incentives

Why would platforms do this? Even in the current environment, there’s a business case for fixing identity online. Bots and fake accounts are a cancer on these platforms, and they drive content creators away. The vast majority of Twitter users may not encounter the bot problem directly, since there is minimal engagement on most Tweets. But, having a reasonably large following, I can confirm the bot problem is severe. When I discuss crypto, Elon/Tesla, VC-backed firms’ valuations, or say anything Trump, an army of Joeybagofnumbers accounts floods my mentions. Most of it is noise, but some of the replies — clearly coordinated attacks from accounts wearing masks — are just troubling. Nobody would say this traif out loud. And I don’t endure a fraction of the grief others do.

We can dial up the incentives further by tying social media’s sacred 230 protections to robust KYC standards. Section 230 is the U.S. law that protects social media companies (any online publisher) from liability for user-created content. But an implicit assumption behind 230 is that the user, who remains liable for harms their content causes, can be brought to justice. Which is an empty assumption when the platform is handing out accounts to spoofed phone numbers and burner email accounts.

We can absolutely provide anonymity to good actors and should begin the process of carbon capture of the toxicity platforms emit under some adjacent cries of free speech or privacy. Last week, California passed the FLASH Act. Now you can be fined if you send a pic of your junk to someone who didn’t ask for it. Shouldn’t we also have (dis-) incentives for people pretending to be someone else (or thousands/millions of someone elses) or harassing or misleading people?

When you step up to the bar that is discourse in our society, you should be asked the same question that used to bother but now delights me: “ID, please.”

Life is so rich,

P.S. If you’re new to platform strategy, the Platform Strategy Sprint, created by Mohan Sawhney, is one of our best. Become a member to take it on your schedule, or watch the first lesson for free.