The number of large research projects in the fields of identity, privacy and related topics has burgeoned in recent years. This is a development of great importance to academic scholarship but also to a wider range of audiences and ‘users’, including policy-makers and regulators, the information and communication technology industries, and the general public. New issues have been spotlighted as we move into what some call ‘surveillance societies’, along with a clearer sense of the problems created, and the advantages afforded, by the ability of governments and businesses to identify people and groups, monitor and track their behaviour ad movements, provide them with services at home, in the workplace, online, and in the streets, and enable them to engage in important transactions involving flows of information as well as money. New ways of mitigating adverse effects and enhancing the benefits have been explored, although we are only near the beginning of thinking through and acting on these issues, problems, and solutions. The 5-year FIDIS programme, of which this edited volume is the published product, is one of the most extensive of these research endeavours, and is amongst the most fruitful. The cast of individual and institutional characters, and the separate but linked ‘deliverable’ studies that have been involved, take some 75 pages to be described in this book: more than 61 studies, 43 researchers, and 24 organisations in 31 countries have been involved.

This book is a magisterial condensation and integration of this multidisciplinary work, providing something of a long-lasting handbook and an anchor in this rapidly changing field. There are an Introduction and nine further chapters, as well as an Appendix that proposes a user-centric identity metasystem, and eight ‘vignettes’— short futuristic scenarios involving the fictitious characters Frank and (the unfortunately-named— to British readers— Fanny) as they go through their everyday lives in a technologically saturated world. The chapters are each based on a number of ‘deliverables’ whose authors are fully acknowledged, and there are extensive references. Some chapters are better integrated than others, but all are at the cutting edge of the field. This review cannot deal with all of them in great depth, but it is useful to give an account of the scope and depth of FIDIS by highlighting a number of the collected contributions.

Thierry Nabeth’s chapter on ‘Identity of Identity’ is a useful mash-up of interesting parts: taxonomic, conceptual, illustrative, and scenaric. It sets out the building blocks of identity types and concepts, although it is somewhat repetitive in places and the distinction between formal conceptualisations and definitions, and informal narratives, are not, after all, always so clearly exemplified in sections 2.3 and 2.4. For practitioners especially, and for academics as well, the chapter— as with most of the leading work on ‘identity’, to be found in other books and articles— should caution us against misleading or dangerous simplifications about what identity is, and against policies and practical systems that fail to take into account the many and various ways in which identity can be thought about. As Nabeth reminds us, there is no question of arriving at a delimited and clear definition of ‘identity’ so long as there continue to be new technologies and services that transform the landscape in which we try to get our bearings. His chapter concludes with a table of FIDIS 2.0 Web initiatives or participatory tools (e.g., wikis, blogs, etc.) that may in future contribute to creating shared conceptualisations of identity.

‘Virtual Persons and Identities’ are next discussed by David-Olivier Jaquet-Chiffelle and four colleagues in a chapter that covers, in separate subsections, the ground of virtual identities, avatars, legal persons, pseudonyms, and the law. It interestingly explores identity in the physical and virtual worlds, and develops a model to represent these forms, before looking extensively at pseudonyms, and at the legal perspective. It then deals with trust and its conceptualisation in a formal and elaborate definitional mode that, unlike Nabeth’s approach, lacks informal illustrations and examples, although it reviews the question of trust as seen in different disciplinary literatures. These authors say that trust has to do with opinion, belief, and mental state, and they talk about trust as a dynamic process and relationship, although this would have benefited from some examples. The further elaboration of the discussion of trust becomes rather more mathematical and less approachable, but this seems important in practice when it comes to the design of public-key infrastructures, for instance. The authors leave us with the summary that ‘trust is a subjective, dynamic, context-dependent, non-transitive, non-reflexive, non-monotone, and non-additive relation between a trustor and a trustee,’ (p. 116), and invite further investigation; obviously, this is badly needed.

Next, Martin Meints and Mark Gasson consider ‘High-Tech ID and Emerging Technologies’: the world of public-key infrastructure, electronic signatures, biometrics, radio frequency identification (RFID), credential systems, and the like. They evaluate the strengths and weaknesses of these for identity management purposes, and embed various critiques in their analysis of these technologies. Privacy protection provides an important criterion in this, and the authors’ discussion of RFID and biometrics is particularly strong. They call for a holistic approach to RFID that should take account of legal, social, technical and ethical dimensions. Their remarks on privacy policy languages and protocols are particularly well taken, touching on important contemporary concerns about privacy-friendly design (for which Lessig’s work is seminal), about privacy impact assessment (PIA), and the possible, but as yet largely unfulfilled, role of data protection authorities in the design process. Meints and Gasson go on to consider emerging technologies, including Ambient Intelligence (AmI) and Ubiquitous Computing— again, possible subjects for PIA and ‘privacy by design’— and human implants and enhancement. They informatively describe ID documents in various countries and contexts, including electronic passports and CardSpace, that rely on some of the new technologies, and apply normative criteria in evaluating these and making FIDIS recommendations for design and implementation. As they conclude, applying a legal framework ‘should be accompanied by addressing the ethical and social issues that the development of new devices may bring. It is not only privacy and data protection that are at stake and the discussion on security issues forms only a (temporary) part of the wider debate on how to live in tomorrow’s information society’ (pp. 184–5) in which rights and freedoms are at stake: human dignity, equality, and freedoms of thought, expression, assembly and movement, among others.

Dennis Royer and his co-editors focus attention next on ‘Mobility and Identity’, continuing with the theme that issues of privacy, regulation, economic, and socio-cultural aspects are crucial and best seen in interdisciplinary perspective. In the authors’ conceptualisation, location-based services exemplify the use of mobile identities, as distinct from mobile identification management, and they show the contribution to our understanding that is made by different disciplines and specialities. They highlight how context extensions to location information can contribute to profiling (e.g., Fanny is not only at a certain place at a certain time, but is watching a soccer match), beyond the person’s control. A scenario on medical emergency response shows how useful mobile identification can be, but at the same time how information can be misused and pose a threat to privacy. The chapter’s description, with diagrams and tables, of how positioning technologies and different methods work is valuable, and so is the discussion of the legal and data protection rules and deficiencies in the context of the European regulatory situation and the vexed question of what constitutes ‘personal data’. Based on the work of Cuijpers, Roosendaal and Koops, Figures 5.15 and 5.16 say it all, concerning the tortuous and perhaps hilarious complexity in the applicability of various directives to personal, traffic, and location data. This regulatory mess contributes to legal uncertainty, and the chapter authors rightly call for a revision of this fragmented legal framework. However, the section offering a model of the ‘price of convenience’ is somewhat incoherent, or perhaps insufficiently explained, in terms of trade-offs between privacy and convenience when using mobile applications. Once again, trust is an important dimension in regard to mobile identity management systems, and is explored here before the authors give a list of factors to be taken into account in developing these systems.

James Backhouse and Ruth Halperin next draw attention to ‘Approaching Interoperability for Identity Management Systems’ in a short chapter that worries away, usefully, at the term ‘interoperability’. This has social as well as technical aspects, and requires a holistic definition in order to capture the part played by human behaviour. The ‘TFI Model’ highlights this, showing technical, formal (polices, rules, standards), and informal (behaviour, beliefs, culture) layers that comprise information systems. The authors note, for example, that alongside failures of technical interoperability, there have also been political frictions amongst public agencies. They give some instructive European illustrations of interoperability in identity systems before describing the views— gathered in research— of different kinds of expert on the main requirements to which policy-makers should pay attention in developing interoperable administrative systems. Citizens’ perceptions and interests are then conveyed: there is considerable scepticism among the public about the competence and integrity of identification institutions, for example, regarding the handling of personal data. If that is so, then governments need to address this, but the authors do not say how this could be done.

Ambient Intelligence (AmI) rests upon profiling, as Mireille Hildebrandt’s exploration of ‘Profiling and AmI’ shows in an occasionally disjointed chapter that is based in her work in a related book, Profiling the European Citizen. In her view, the lack of integrated studies on profiling points to the need for a coherent legal perspective, in which data protection and non-discrimination are among the main issues. This chapter continues with the taxonomic and definitional preoccupation of the book as a whole, identifying several meanings and applications of profiling in a variety of domains and sectors. These are valuable contributions, bringing some order to this topic. The risks posed by profiling— ‘ the process of “ discovering” patterns in databases that can be used to identify or represent a human or nonhuman subject…and/or the application of profiles…to individuate and represent an individual subject or to identify a subject as a member of a group’ (p. 275)— are examined, with a useful reference to Roger Clarke’s development of the concept of ‘dataveillance’ more than 15 years ago. Privacy, autonomy, and social sorting are among the dangers highlighted here, affecting the rule of law. Although AmI is still not a full reality, Hildebrandt delineates several types of ‘autonomic profiling’ that are preconditions for an AmI environment, before— once again— looking at AmI through the lenses of democracy and the rule of law. In this, she makes the crucial point that ‘[t]hough privacy can be seen as a private interest, it is of importance to realise that privacy is also a public good…part and parcel of the constitution that sustains our democratic system’ (pp. 290–1): a point that has often been forgotten in ‘individual rights’ treatments of privacy, but that is being reconsidered by several commentators, including this Reviewer. Reiterating previous work, Hildebrandt next discusses privacy and identity in terms of ipse (selfhood) and idem (sameness, similarity, continuity) and shows how the latter, involving profiling, affects the former. She aims to develop Ambient Law for inscription in the technology architectures of AmI environments. This is roughly the world of privacy-enhancing technologies (PETs) and transparency-enhancing technologies (TETs), privacy by design, Lessig’s (and others’) ‘code as law’, ‘value by design’, and related theoretical and practical efforts to regulate technologies. AmI environments are a severe test of the possibilities of this ‘digital law’, but the current array of laws and regulatory tools for data protection and the like are greatly deficient in this context, and are likely to be so in future. Although the closing sections of the chapter are slightly sketchy on these points, they are highly stimulating and important.

A particularly fascinating chapter is contributed by Bert-Jaap Koops and Zeno Geradts, who write on ‘Identity-Related Crime and Forensics’, giving us yet another useful taxonomy (of identity-related crime). The authors eschew the tag ‘identity theft’ as misleading and unclear, and also worry that the prevalence of identity-related crime is unknown and hyped, making it difficult to make policy. They outline 17 different modes of attack on users’ identities in online interactions, but observe that we lack hard evidence of their likelihood or incidence: this may occur when official data are not collected on modi operandi. The authors also point out the disparity across the legal systems of different countries in the way these crimes are dealt with. Non-legal countermeasures are valuable, including awareness-raising and the application of technical measures, but they bring their own sources of vulnerability. The remainder of the chapter is largely devoted to an informative account of forensic implications, covering many aspects of these processes and giving some examples, and describing forensic profiling in considerable and authoritative detail. The different models, related to different research specialities, pose practical problems, and there are many obstacles to the use of forensic profiling in investigations in order to ‘connect the dots’. There is much research to be done, beyond conceptual clarity and uniformity in order to collect better statistics, and the authors call for ‘more in-depth studies of the strengths and weaknesses of European identification infrastructures in the information society’ (p. 345) in order to keep ahead of criminals who seek to exploit the weaknesses.

Maike Gilliott, Vashek Matyas, and Sven Wohlgemuth address ‘Privacy and Identity’. This chapter is in some respects the least successful of the collection: the first main section, based on Buitelaar’s work on privacy-aware concepts for ID numbers, is not well articulated with the bulk of the chapter, which first concerns ‘privacy primitives’ and then turns to explain a technical solution to the problem of preserving privacy in transactions, in the form of an identity-management system called ‘DREISAM’. Data minimisation and pseudonymisation are the key privacy-protective approaches canvassed in this chapter. The privacy problems, and the need to resolve them in order to allow states and other data users to function while respecting privacy are clearly explained, but more could have been said about the way different countries approach the use of ID numbers, beyond some very brief remarks. In addition, the concluding discussion of how the circle might be squared between competing objectives is not greatly convincing. Although the prescription of a development of transparency and opacity tools, with the combination of multiple identifiers, interoperability, and ‘contextual integrity’ (Nissenbaum’s term), might yield a fruitful mixture, on the short discussion of this chapter it is not clear how the mixture should be constructed and whether the competing interested parties will be happy with it. When the chapter authors turn to considering ‘privacy primitives’, including pseudonyms, pseudonymous convertible credentials, and private information retrieval, the non-specialist reader will want a fuller description of these— especially the last-named, which is barely explained— in order to understand and evaluate the remainder of the chapter and its proposed solution. Public databases used for statistical purposes, customer relationship management (CRM), and e-Cash are the main cases in which the primitives are shown and DREISAM explained, with diagrams. However, there is considerable technical material and terminology involved in this, and this chapter is too short for a consistently clear exposition that would enable the reader to understand how the solutions work and to evaluate their effectiveness in addressing the problems that give rise to a search for them.

The book ends with Rannenberg and Royer briefly addressing ‘Open Challenges— Towards the (Not So Distant) Future of Identity’. Recognising that FIDIS has not answered all the questions, they sketch an agenda for future work that would deal with identity reference architectures, identity management and privacy, identity management and multinational security, and identity in the internet of things. This is a tempting menu, and its items are succinctly outlined but with enough detail to indicate their importance and how they might be studied. Whether there will be a successor to FIDIS, and to this valuable volume, and whether it will require 5 years or 15 in the making, is a matter for consideration.