The Limited Liability Persona
We've been promising to introduce you to our concept of a "Limited Liability Persona" for some time now; Lori Rowland first introduced the idea in a Burton Group telebriefing on Internet Identity. Jamie Lewis previewed the concept for a wider audience at Digital ID World 2006, and Mike Neuenschwander gave you a preview in his recent blog entry on the Laws of Relation. Now it's time to dive into the idea in depth.
Corporations were invented during the age of exploration, when the risk associated with mounting an expedition to foreign lands was so high that no single person - even a rich noble - could underwrite a venture without running the risk of total financial ruin.
The fundamental ideas underlying the corporation are (1) the notion of a legal person distinct from a "natural person", (2) perpetual lifetime, and (3) limited liability.
Limited liability was critical to the idea of the corporation, because it allowed investors to put a strictly limited amount of money into a risky enterprise without having to take the chance of losing everything.
We're in a new age of exploration now - the Terra Incognita we're exploring is the Internet. It's a risky place. You could lose your identity, your privacy, even your bank account. In this new age of exploration, we need a way to invest a little of ourselves in an online venture (a purchase, say, or an online game, or maybe a social network) without taking the chance of losing everything. But individuals, who bear a lot of the risk in this new world, don't have many liability limitation tools available to them. This means, among other things, that when individuals deal with corporations online, the corporations assume less liability than the individuals do - a relational asymmetry which creates risks like those Mike discussed in his recent entry here.
Here at the Burton Group we've spent the last couple of years thinking about ways to help you build an identity you can use online without losing everything. We've come up with an idea we think is interesting; we call it the "Limited Liability Persona", or LLP. We know that the acronym (LLP) can easily be confused with the similar notion of a Limited Liability Partnership - so we're open to new names. If you've got a good one, drop us a line.
The basic idea is that an LLP would be a legally sanctioned and recognized virtual person in which you could "invest" some of your financial or identity resources, while holding the rest of your resources back so that they're not exposed to online risk. Once you created an LLP, you'd have the legal right to use it as an online "alter ego", even in commercial transactions. You can't really do this today; if you use an identity other than your own in a transaction, it's usually called "fraud" (but not always; people in the witness protection program, for example, are given government-sanctioned alter egos which they can use to avoid various privacy and safety risks).
What are the details? Well, since LLPs don't really exist yet, it's hard to be too specific. But in principle an LLP is a legal entity with a name:
1. Created by an action of a court
2. Owned by one or more individuals
3. With its own resources distinct from those of its owners
4. In which owners can invest new resources
5. With its own "identity attributes" distinct from those of its owners
6. Whose actions are legally distinct from those of the owners
(though the owners may be held accountable for those actions)
7. Whose resources may be transferred to its owners
8. Which can be sold by the owners to new owners
9. Whose existence can be terminated by its owners
What good is such a thing? Let's look at a couple of scenarios.
In the first scenario, I want to buy a bottle of wine over the internet from eBooze.com. eBooze can't sell me the wine unless they can confirm that I'm old enough to buy it legally (since I'm in the USA, this means I have to be 21). eBooze has a bit of a problem here; they've got to confirm my age, but who can they ask? They can ask me, but if I'm really a 16-year-old who's planning a party while his parents are out of town, there's a chance I won't tell them the truth (you'll have to trust me on this one...) They can ask the Texas DPS, which issued me a driver's license, but the DPS isn't in the business of answering questions like these. They could ask my parents, but they'd have to know how to find them.
Here's an example of what one online wine retailer actually does to address the age-verification problem - they leave it up to the UPS driver to confirm my age:
"By finalizing my order, I certify that I am at least 21 years of age. An adult signature (someone over 21 years old) will be required at delivery."
It's pretty much the only option until someone sets up an online age-verification service. But now imagine that I create an LLP. To do this, I have to file paperwork with a court in my state. The court can do a lot to verify my age. It can require me to present driver's license or maybe even my birth certificate. It can require me to appear in person, and can check to see that the picture on the license looks like me. It can mail something to the address on the driver's license and see if I receive it. And, of course, the court can refuse to add the identity attribute "over 21" to my LLP unless I jump through all these hoops.
Once I have my LLP with the "over 21" attribute, I can visit the wine merchant's site and the merchant can be assured - by the court which created the LLP - that it's dealing with an entity which can legally order and receive alcohol. Note that I do not have to give the merchant my date of birth, and I don't have to produce any documents attesting to my age; the LLP's "over 21" attribute already does that, and its authenticity is attested by the court which created it (in a way that's consistent with my notion of an Identity Oracle. And here's another good thing - the court can also make me sign a statement agreeing not to provide anything inappropriate to minors as a condition of creating the LLP. This allows ME to assume liability for the actions of the LLP. This lets eBooze off the liability hook when it's dealing with LLPs - which is a good reason for it to prefer doing business with LLPs to doing business (in a privacy-intrusive way) with plain old humans.
In the second scenario, I want to be able to buy things online, but I don't want to expose my personal bank account to online thieves and fraudsters.
So instead of using my own bank account and credit card for online purchases, I head down to the courthouse and set up an LLP. I take the LLP "articles of embodiment", with the court's seal, down to my bank. I give the banker $2000 and the LLP paperwork, and ask him to set up an account in the LLP's name, and issue a secured credit card (with no overdraft protection) in that name.
This gives me an online identity with a $2000 line of credit. I can't overspend, because the bank will decline my transaction if there isn't enough money in the account to cover the attempted purchase - so the most I can possibly lose to an online scam is $2000. If I spend $1000 and want to spend another $1500, I have to transfer some more money into the LLP's account. And, of course, my own personal bank account and credit card information never have to be used on the Internet.
The idea can be extended much further. I can create "accounts" for things other than money. I could create an "account" with a subset of my personal information - so, for example, I could let the LLP have my state of residence and age, but not my name, religious affiliation, union membership, sexual preference, or criminal record. This puts a barrier between my online persona and my real self - and it limits both my liability and my exposure to risk. It's important to note that the LLP protects me against various attacks on my identity and resources by hackers, phishers, and other bad guys, and it also protects me against disclosure of a lot of my private information to commercial entities like online retailers. It does not, however, keep my personal information secret from the government. But it still does protect against certain forms of government data collection: the government can't compel a retailer to disclose information about me if I never gave the retailer the information in the first place because I was using an LLP identity instead of my own personal identity for a transaction.
LLPs don't exist today because the necessary legal structures haven't been set up - though we might be able to start experimenting with the idea using existing Limited Liability Partnership or Limited Liability Corporation structures. It'll probably turn out that the existing structures are "too heavyweight" and have some characteristics which make them hard to use to build Limited Liability Personas with all the characteristics we want. But the necessary legal structures can be put in place if we need them, and we can think of lots of good reasons they should exist and no good reasons they shouldn't. We'd love to hear your thoughts on the subject. You'll be hearing more of our thoughts soon on this blog.
[posted by Bob Blakley]
