A Federal Blue Checkmark, and Not Learning Lessons

People are wrong on the Internet every day; generally I don’t try to fuss about that too much. But when Sam Lessin, a former VP of Product Management at Facebook, publishes a wildly wrong recommendation about online identity in a credible media outlet, it’s worth correcting because others may take these ideas as credible and cause actual harm. I was frankly surprised by how absolutely broken this suggestion was because I've read other things from Sam that show him to be a smart person who understands a lot about product and out industry.

I was hoping this piece today is in the “Modest Proposals” category on The Information’s site because it’s some sort of Swiftian satire, but it appears that this article is meant sincerely. That's dismaying, because even as far back as when I wrote The Immortal Myths About Online Abuse, the insights of experienced experts from vulnerable communities had already explained the problems with these kinds of approaches many years prior. I hadn't imagined that people considered experts in this area were still so far behind what is common knowledge for vulnerable people on these platforms.

But, since this has popped up again, let's explain the problems.

I believe the federal government should mandate that all social networks  of any size adopt a national version of the coveted blue “validated”  check mark confirming an authentic identity that is popular among minor celebrities on services like Twitter and Facebook. That would make clear who has validated their status as a real citizen and who has not.

Phew! There are so, so many problems here. Let's see if we can find 10 fatal flaws in just this one paragraph:

  1. We currently have a fascist government that is regularly inflicting violence on people for exercising their free speech rights. This would centralize and simplify their access to tracking vulnerable people's speech.
  2. This system would by design limit promoted speech to citizens, explicitly disempowering non-citizens, and making even more incentives for the current administation to make citizenship contingent, harkening back to the past efforts that retroactively stripped citizenship from people in America.
  3. By applying this burden to networks of any size, massively-funded companies would see a trivial increase in the regulatory costs of maintaining their networks, but small independent networks would see a huge relative increase in their cost of compliance, putting a burden on the most at-risk communities online.
  4. What is "authentic" identity? Is that a government name? What about people whose true identities aren't described by their government names? What is the plan for important public speech that should necessarily not be tied to a individual person's legal identity, like whistleblowers or those reporting abuse?
  5. Given the repeated, effective, well-funded, deeply damaging efforts at spreading systematic misinformation on all the major social networks, who would trust the current administration to hire, fund, support and secure talent capable of creating and maintaining a verified identity network that would withstand constant, nonstop attempts to undermine its validity and reliability?
  6. What incentive does the current administration have to make a system that would increase the spread of accurate information? They have consistently worked to undermine all such existing systems, so why would we put the seat of trust in the hands of those who seek to destroy the concept of a shared public truth?
  7. How would such a proposal be funded? Passport control is currently under the Department of State. Which State programs would be defunded to support the creation of a Federal Blue Check Registry? Who would be accountable for auditing and oversight of such a registry? Who would pay for vulnerable people to be able to get access to a passport registry online?
  8. Have you ever seen any past issues arise when a single centralized government registry database was created by a violent, white supremacist fascist government?
  9. How would you address the fact that verified accounts on every major social network already regularly spread deliberate misinformation, intentional hate speech, and purposeful targeted harassment of vulnerable people? Society treats blue checkmarks as validating the content being shared, not the identity of the person sharing them.
  10. Can a government verification be rescinded? Who decides if it is? Do networks have to abide by it? Would the government be the only source of validation that a network could show?

By the time I got to the article mentioning the idea of "a national archive of speech from trusted Americans", I figured this had to be satire. But I fear it's not. So let's go over the facts again.

People using their "real" names does not solve abuse or misinformation.

There are people who are really white supremacists who want to cause others harm. There are people who will knowingly tell dangerous lies under their government names. Here, I already wrote it, let me just quote myself:

One of the most common reflexive solutions to abuse is to call for the use of “real names”. This is usually from people with little experience in managing large-scale online communities. Those who do run such systems can attest that an enormous amount of abuse is caused by people who are acting under their legal names; this is possible because many abusive behaviors can be extremely destructive without actually being illegal. (See #7.) For dedicated trolls, it’s also usually not very hard to create a name that seems “real”, which they can use for their attacks. For vulnerable people, using one’s legal name can make them targets for stalkers or others they are trying to avoid, or can force people to retain an identity that is no longer theirs. Worse, even if a user does want to use their legal name on a service, it can be almost impossible to capture someone’s real name in most common social apps. While persistent identities (pseudonyms) can be a useful tool for making a more accountable community when appropriate, legal names do very little to reduce abuse in large scale communities.

Just as importantly: The platforms using these verified accounts would have to want to stop abuse. And for the most part, they don't.

Take Facebook, where Sam used to work. When they found out that their WhatsApp platform was being used to spread misinformation that was used to incite a genocide against the Rohingya in Myanmar, they could have shut down the platform there, just as Twitter did for some accounts when they found out their service was hacked recently. But Facebook chose not to do that. When extremist American leaders call for military attacks on innocent people in our country, as Tom Cotton did recently, the inclination of major media platforms was to amplify him and give him more reach for his call for violence; we should expect that Facebook would do the same.

The systemic problems exposed here

Worse than even the proposal laid out here is the larger systemic problems revealed by the mere existence of this proposal. Imagine the reaction if a proposal were made to solve security issues in software by "creating a federal code security review program, maybe run by the Department of Interior?" Having such a breathtaking lack of fluency in the decades of research into online identity would be striking for anyone proposing such a grandiose solution; seeing it from someone who was in a position of significant authority at the largest social networking platform that's ever existed is terrifying.

Worse, seeing a bald trust in the benevolence of a government and administration that has *already *abused surveillance technology to cause real harm to the most vulnerable is astonishing, especially in a moment where we're literally seeing the largest civil rights demonstrations in the history of our country.

Then there's the casual handwaving around deeply complex and important systems that reveals a privilege that verges on "let them eat cake" levels. An offhand mention of a government ID page for every person who was registered in this system?! And this as a precondition for "legitimacy" on networks? We already have a blue check system on Twitter, and for years, many have outlined the Network Inequality that results in skewed amplification and distortion of messages. Twitter alone likely sends out 100 million emails a week offering free promotion to Trump's racist and sexist messages — now a government infrastructure controlled by him would get to skew which other people could be similarly amplified.

We know the dynamics of how abuse happens online. We know the patterns of how social networks are manipulated to amplify misinformation. It's telling that this piece doesn't even identify the harm it's trying to solve. What does "fix online speech" mean? In the introduction, it's described as "the same safeguards of accountability and reputation" as in the offline world. Who has the safeguard of reputation? Is it those who can get a platform to propose ideas without being fluent in the domain they're speaking to? How could such a dangerous and flawed proposal be presented as "broadly unobjectionable" unless there's a truly extreme bubble of cultural isolation amongst the most powerful in Silicon Valley?

I believe strongly in regulation-based solutions to keeping social networks and tech giants accountable. I believe deeply in the power of well-functioning government to serve the needs of its citizens. But I also believe deeply in protecting our civil rights and freedoms, and recognize the grave danger of thoughtlessly "solving" vaguely-defined social problems by overburdening fragile systems like the Passport office, already struggling to serve vulnerable immigrants and travelers, with the challenge of addressing an issue that's being shirked by the wealthiest companies that have ever existed.

A stated goal of this effort is to "create an incentive for voices who want to be trusted online to prove their identity as American citizens". It's telling that one of the first, and most effective, public profiles of Mark Zuckerberg that dared to be deeply critical of Facebook's shortcomings was this 2010 New Yorker piece. It is trusted. It is credible. It was written by Jose Antonio Vargas, a deeply talented journalist who is, among many other things, not a citizen and undocumented, and thus ineligible for having a passport and greatly at risk under this administration.

The core of the criticisms leveled in that piece, written 10 years ago just before Sam joined Facebook to run the Identity Product Group, was about the risks that Facebook's extremist view of identity could pose to the most vulnerable.