I spent the day today at the Wealth of Networks II conference, the agenda of which was set out as the next-generation of the Internet.

It was a good event and the organisers managed to bring together some top-rate speakers in a great venue with rock-solid internet, for once. And it was free – yay for the ESPRC which created the funding.

The slight oddness was that all three of the three panel events at the conference, and one keynote, despite their ostensible themes, turned out to be about trust and identity online. I rather suspect that might have been in reaction to the top-down research model described in the first keynote which admitted that E70mn of EU research funding into the next ‘net was being spent without investigating users’ concerns or agendas.

We’re becoming increasingly aware that there’s an issue with the identity and trust thing. What are the headlines? Backlash against StreetView; Facebook’s T’s & C’s; stalking, bullying, frauds and impositions.

There are two poles in this debate that need to recognised and reconciled in whatever the Next Web brings.

Authentication is a good thing. Being able to prove that it’s you buying that DVD and accessing the details of your bank account; you (if you’re a 12-year-old-girl) joining that social network designed for 12-year-old girls; you registering your general election vote, should that come to pass. Tracking down cyberbullies, slanderers and child-porn disseminators also sounds good.

On the other hand, anonymity is also extremely valuable. If you’re in a repressive regime and blogging about that, then it ought to be possible. It should be possible here in the UK, if you stay lawful (I’m already inviting some big questions, to which we have no answer).

You might want to have separate professional and personal online personae – if you join a dating site, for example, you probably don’t want your colleagues finding that profile. Avoiding stalkers without retiring from online would be a good thing. Teens frequently maintain multiple personae to explore different social scenarios and make mistakes without (real) consequences, I understand, and that certainly sounds like a very good thing compared to the horror of my own teenage years.

So we need a way for people to prove their identity if they need to; to protect their identity if they need to. And about a million shades of privacy and open-ness in between.

The internet safety / government services agenda would sway towards everyone having a registered identity with some third-party, let’s say the BBC, who would act as a trust broker.

But how much are you going to trust anyone to be that broker? A panel late in the day highlighted several elements of grey in the word ‘trust’. For example, sometimes, a better word would be ‘confidence’:

• I trust that my bank won’t run off with my salary next month.
• I do not trust my bank to offer me the best financial advice for my individual situation.

So do I trust my bank or not? You see? The first example is better described as confidence. You know that NatWest would probably not be better-off running away to southern Spain with your month’s wages. It’s an informed gamble. But you don’t think they could be trusted with your finances full stop – you don’t think they’re all beautiful people who only care about your interests.

Trust (real trust) depends enormously on context and implies a belief in the moral character of a person/organisation/business. Most likely, a lot of the services we might be described as trusting (Banks, Amazon, eBay) would be better described as things we have confidence in.

Added to that, sometimes we have no choice but to sort-of trust. Helen Keegan pointed out that oftentimes we click through acceptance of a service’s terms and conditions, because there’s no real alternative. We either want to do banking online or we don’t – we can’t disagree with point 5 in the t’s & c’s and have them changed. It’s like it or lump it.

I don’t really trust anyone to be the trust-broker of my online identities – or yours, dear reader. Let’s look at the possibilities, currently:

• The Government. Obvious non-starter. I might be a dissident of some sort. (and *what!* 25% of government databases are already illegal)
• Government Organisation: e.g. BBC. Similarly flawed.
• Private Corporate: e.g. Google. Already massively failed in China.
• Private small company: might turn evil; vulnerable to hackers, potentially, eh monster.com. And who the hell are you, anyway?
• The UN: this is a possibility, but once the UN is hacked, then how do I recover my ID?

So this probably leaves the least neat, least integrated, least semantic possibility:

Lots of stuff. Regular password for stuff you don’t care about; unique passwords for stuff you do; OpenID and Facebook Connect and MyBlogLog and Google for social apps; NI number and PIN for government apps; Account Number and PIN for commercial stuff.

Messy. And I think it may be the case that ‘messy’ is the best solution to online identity, trust and anonymity for a long time to come. I can’t really imagine that computer scientists are going to be the people that manage to overcome that.

That is probably not what the ESPRC, or Southampton & Imperial Universities wanted me to walk away thinking today. But thanks again for the thinking.