Shostack + Friends Blog Archive


Identities are Created Through Relationships

I’m listening to this really interesting podcast by Bob Blakley and Phil Windley. What really struck me was where Bob said “thinking of identity as an artifact all by itself is unsatisfactory because we can talk about an identity and the attributes of an identity leaves out important details about how identities are created and how they evolve…relationships are the landscapes in which identities exist.” I think this is interesting, but I’m reading a paper about ethnomethodology and information security. One of the claims it makes is that meaning is created through conversation, and that a history of conversation and shared reference points gives us an ability to converse in meaningful ways. When someone says we’re talking past each other, what they may mean is that the conversation lacks sufficient shared context to be meaning-full.

So I’d like to fuse these ideas, and propose that identity is created through relationships. That without relationships, identities actually don’t exist. In the pathological cases of solitary confinement or hermitage, identity is severely stressed or destroyed.

I think people understand this instinctively, although perhaps not formulated as I’ve said it. Who a child spends time with shapes them, for good or ill. What parent doesn’t ask to meet their children’s new friends? The relationships create identity. As people age, and intimate relationships end either by breakup or death, people say they feel like they’ve lost a part of themselves.

As regular readers know, I’m concerned about the impact of replacing personal relationships with dossiers, algorithms and their implementations, like background checks, the use of credit scores everywhere, etc. Dossiers and databases are fed by organizations with whom we have a relationship. But the relying parties often have no relationship with us. They start their relationship defining us by the contents of dossiers, and it impinges on our sense of self. Our identities are set aside. There’s no relationship, there’s no conversation, and we feel either elated — “they like my file me!” or dejected “what’s wrong with me?” This displacement also drives the emotional response to identity theft. We’re upset that the person or organization we’re talking to is confused about who we are. They’re confused because the dossier is confused, and the dossier is confused because of a web of relationships which are hard to see or understand. The relationship re-creates our identity.

The third place I’d like to look is the rise of new forms of ‘loosely coupled’ technological relationships, perhaps first created by usenet, and now visible in places like Tribe, Facebook or MySpace. Here, we see people presenting their identity — in part — by how many ‘friends’ they have. There’s also an element of restoration of older identities — reconnecting with a boy scout troop, high school friends — all relationships that contribute to identity.

In “The Presentation of Self in Everyday Life,” the idea is that we create personas to control relationships. From lawyers to doctors to waitstaff or auto mechanics, people present a view into their identity that makes sense. I would question if I want to give business to an auto mechanic who was reading the Harvard Law Review when I came in, or a lawyer who was reading a Chilton’s repair manual. People present themselves in certain ways to control the perception of ‘who they are,’ and so a professional relationship develops in the right way.

I also want to look at privacy in the sense of Schoeman’s “Privacy and Social Freedom.” Schoeman looks at privacy as essential to freedom because it allows us to explore ideas without having to ‘answer’ for them. If we have a conversation with a friend, we need to worry less about saying dumb things, because the conversation is private. We explore and shape our identity within relationships and through those we’ve chosen to trust.

So next time someone talks about identity or identity management, ask yourself, what are the assumptions about the relationship? And when you hear someone talking about ‘customer relationship management,’ as yourself what identity they seem to want to manage.

Photo: Which one, by BeViewed.

[Update: Corrected spelling errors, including someone’s name. I am the king of spelling errors today!]

11 comments on "Identities are Created Through Relationships"

  • DanT says:

    I have believed this for a while: each of us has multiple identities. You can have multiple identities with a particular organization: as both a customer and supplier for example. Your identity can change as well: credit card companies treat you differently when your credit score drops (don’t try this at home!).
    People like to control how their identities mix, but strongly fight forced mixing.
    The logical implications for identity management:
    – a single identity credential is appropriate and accepted for a particular identity context (like work or with a particular organization)
    – a single identity credential is NOT appropriate and NOT accepted for all of my identity contexts (like RealID)

  • So this is really interesting to me. On the one hand, the whole Second Life phenomenon seems to lend credence to identity-as-product-of-relationships. Would you “be” your avatar if not allowed to interact with other avatars? On the other hand, in this physical world, would your identity change if you were imprisoned in solitary confinement for the rest of your life? And if I develop a split personality, do I need separate HealthVault accounts for each one? 🙂 This is indeed a provocative subject!

  • shrdlu says:

    Yes, very, very true — which is why we take so naturally to role-based access control and are missing a big chunk when we ignore role-based identity. When you steal an SSN, people react as if you had exposed their mythical True Name.

  • This blog touches the very base of how we organize both our personal world and the (political) world of our formal relations. I found the introduction of the book “Questions of Cultural Identity”, edited by Stuart Hall and Paul du Gay, very helpful in understanding the relation between these two. In this introduction Stuart Hall asked the question: “Who Needs Identity?”. He refines the question to: “… in relation to what set of problems, does the irreducibility of the concept, identity, emerge?” (p. 2)

    He sees two area’s where you can’t get arid of the concept of identity: The first is politics, in the sense of locating people and locating resources to people. The second area is in defining the relations with other people: What do you have in common? Where are you different? This happens in the communication with others and is the base of ‘agency’, the process of realising your own position and actions.

    So when you are talking about identity, keep asking yourself if it is about power or about your own positioning?
    The power is about questions like does somebody have the right to access something (e.g. money, a building, care or a computer system), does somebody have the right to make certain decisions. Identity in this sense is always based on the act of identifying somebody as [manager|admin|having a certain credit rating|nobody|etc]. The power is the field of files and SSN’s.

    Your own positioning is about the relation with other people: what people do you identify with, in what sense do you make yourself different. This is the field of your clothing, the blogs you read, write and react to. This is the field of second life.
    The political process of power and the positioning process of relations are two different identity processes that might interleave, but can’t be regarded as one.

    I see two privacy problems in this respect: the first one is the ever increasing power of institutions. Personal identification numbers make it possible to link the identifications that different institutions made about me to each other. In this way they are forcing me more and more into positions that might or might not be just. What controls are there in place to limit (ab)use of this information? What controls are there for me to find out what is happening to me? What controls are there to correct wrong identifications? What controls power?

    The second privacy problem is the mixture of my own positionings inside relationships with the identification process of power. My own positionings can only be understood inside the relations I have with others. But more and more these positionings (or the public visible parts of it) are used to make decisions of power over me. Why should I be strip-searched because of the punk-clothes I wear? Should I be denied a job because it once was part of some relationships to publish a sex-video? This privacy problem is not about keeping my positionings secret, that would make it impossible for me to relate to other people. This is about who takes ownership of the positionings I have. I don’t want anybody to take my positionings out of context en (mis)use them for something else.

    “So next time someone talks about identity or identity management, ask yourself, what are the assumptions about the relationship? And when you hear someone talking about ‘customer relationship management,’ ask yourself what identity they seem to want to manage.”

    Very true indeed, and don’t forget to ask yourself: what power do they take and how do they treat the personal positionings of people?

  • Dave Birch says:

    I’m convinced that this is a very fruitful perspective and could be the basis of some genuine progress. I’m in the process of writing up something that came out some discussions with other people who are exploring a similar approach and I think it’s getting us somewhere. It has great resonance with Esther Dyson’s aphorism about content being an advertisement for a relationship as well.

  • Interesting thoughts Adam. While Goffman’s foundational “presentation” book is widely cited, the more contemporary approach to language and identity can be found in the area of linguistic anthropology (
    The role of language in identity-making has been a major focus in anthropology since at least since Dell Hymes ( developed the “ethnography of communication” along with concepts such as “linguistic community” and “community of practice.”
    Jane Hill’s recent work on Mock Spanish ( and on racism and identity in language is especially relevant in this field.
    We have found important applications of these concepts in our ongoing study of identity-making in African (419) scam letters, where language is deliberately constructed in such a way as to authenticate false identities and to scam unwitting victims.

  • Hi, I posted a comment but it hasn’t appeared in days. Looks like your filters will not release it so I put it on my blog instead.

  • Adam says:

    Sorry, Davi, I’d forgotten to hit “publish”–when you put in lots f links, the spam filter demons get angry

  • No worries. Gave me a good excuse to link to you 😉

  • Robin Wilton says:

    This is an excellent article. I suspect that there is some part of one’s “identity” which can be entirely introspective (i.e. does not depend on interaction and therefore relationships), but I also suspect that it is far less significant than that part which does depend on interaction.
    Physiologically, humans are built with a disposition to acquire and process external stimulus. Put someone in a sensory deprivation tank and they fairly soon go bananas. Deprive someone of human interaction and they don’t turn out the same as the rest of us (Enigma of Kaspar Hauser, anyone?).
    So, yes, I agree… I think relationships are an important/vital factor in developing/maintaining a person’s identity. Identity is, to a large extent, a social construct – even if that construct is founded on some very personal tendencies which are ‘internal’ to the individual.
    I think the same principles apply to privacy and confidentiality, too. One view of privacy is that it consists of keeping all one’s information to oneself. Unfortunately, that tends to reduce the utility of the information. Paradoxically, ‘practical privacy’ consists of disclosing information, not keeping it to yourself… though you may wish to keep that disclosure ‘confidential’ – that is, you may want to disclose something to someone else in the confidence that they will not disclose it further.
    So, privacy is also mostly relationship-based, and depends on the discloser either having some reason to believe that the recipient *cannot* abuse or further disclose the information, or could but will not do so (trust)…
    Hope this is of interest. Thank you for a very interesting post, and thanks also to Richard Veryard for pointing me to it.

  • Rob Lewis says:

    Your discussion of ‘practical privacy’ here,
    “you may want to disclose something to someone else in the confidence that they will not disclose it further… and depends on the discloser either having some reason to believe that the recipient *cannot* abuse or further disclose the information, or could but will not do so (trust)…”
    points out the whole problem of ‘practical privacy management’. Without an authorization component post-authentication, we have no guarantees that the recipient of disclosed information is indeed trustworthy, or that even if being of good intent, the system he uses will not cough up the disclosed goods if compromised.
    Thus, to properly manage the flow of business and private data flows, proper ownership-based controls (user, roles,groups) should be matched to a framework that represented the hierarchy of trust relationships within and between groups in an enterprise that would support the private data owner’s, or manager’s disclosure (or sharing) intentions.

Comments are closed.