Verifying Student Identities Online
From E-Learning Faculty Modules
Digital identities are increasingly being used to facilitate online learning, in a context of social networking, virtual collaborations, information sharing, and live real-time interactivity. Digital identities may be names in a learning / course management system (L/CMS); they may be three-dimensional avatars in virtual worlds. This module defines digital identities and then discusses the importance of verifying student identities in online courses.
- Describe what digital identities are
- Understand the importance of digital identities for e-learning
- Explain the importance of verification of digital identities
- Consider the importance of learner privacy
- Identify ways to verify student identities online
- Consider the uses of “controlled” anonymity in online learning
1. What is a digital identity? What does it consist of?
2. What is the role of a digital identity for an online learner? For an online instructor?
3. Why are digital identities important for e-learning? For social reasons? For identity authentication reasons?
4. Why is it important to verify digital identities of online learners?
5. Why is learner privacy (especially in the context of identity) important?
6. What are some ways to verify student identities online?
7. What is “controlled anonymity”? How is controlled anonymity useful in online learning (in some contexts)?
Digital identities come from a variety of information sources, some of it shared purposefully and others created from other sources and individuals. One conceptualization of a digital identity involves three tiers. “My Identity” is the most specific and informational. A “Shared Identity” involves pieces of the core identity. The “Abstracted Identity” is the most general, even though it does reflect the real world (Rowe, 2010, p. 36). In the same way individual identities are a social construct—based on interactions with other people—digital identities may also be shaped in that way. Identities are partially cultural constructs, partially psychological ones (Rowe, 2010, p. 36).
What Digital Identities Are
A “digital identity” is “the electronic representation of the information known about a specific individual or organization. Such information can be used for different purposes, ranging from allowing one to prove his/her claim to identity (e.g. the use of a birth certificate or passport) to establishing rights (e.g. the use of a driver’s license to establish the right to operate a vehicle). In principle, strong authentication technologies, such as smart cards and biometrics, may be used to link an individual with his/her own digital identities” (Jones, Antón, & Earp, 2007, p. 91).
Digital identities are linked to unique individuals, and these convey certain aspects of personality for self-expression as well as for interactivity and socializing with others. They involve access to information and certain defined privileges. These identities are “markers” that verify their identities and reinforce their trustworthiness. The poverty or absence of identity may lead to diminished trust because of the lowered accountability. Some authors note that lack of identity may free individuals to act in “socially undesirable and harmful ways” and diminishes the “integrity of information” and its provenance and source (Johnson & Miller, 1998, p. 37). Identity fraud is “the common denominator of all serious crime” (Boongoen & Shen, 2009), so much effort has been put into the effective verification of human identities.
Many technology-based digital identities work within particular systems and are not “federated” over multiple systems (Schwartz, 2010). Identity federation allows a user to access multiple service providers seamlessly through “single sign-on” for identity coherence and ease-of-access. Without federated identity systems, people who want to function in different systems need to create new identities in each in order to function. Some systems have light security such as a password sort of authentication; others use biometrics (physiological characteristics and behaviors). Common biometrics measures involve the uses of fingerprints, iris scans, facial scans, hand geometry, keystrokes, voice, and retinal identification (Ahmed & Moskowitz, 2005, p. 137), and others use a combination of information to verify user identities. On a very basic level, many systems use Internet Protocol (IP) address tracking to link to individual users and their respective locations; IPs and real people are closely related (Clauβ & Schiffner, 2006, p. 55). Personally identifiable information (PII) consists of information that may reveal the core identity of an individual. Systems designed to unmask identities use matching features to coalesce partial or inaccurate identities.
While some aspects of digital identities (and image management) are created by the person represented by the identity (such as through maintenance of their social networking accounts), there are many aspects of people’s digital identities that are created by their circumstances and their behaviors. For example, “data doubles” are the electronic trails left by people that may be coalesced for a more coherent vision of them. They may leave an electronic image on closed circuit televisions. There are nuanced ways of identifying and verifying identities—including something as subtle as keystroke latencies in word-processing (the pauses between the hitting of certain keys—that may be patterned for different individuals) (Joyce & Gupta, 1990). Individuals are interpreted by their associations—the networks of friends that they deal with, with research finding that people socialize with similar individuals. Others interpret a digital identity based to how their search interests have evolved over time (Rowe, 2010, p. 36). Another indirect way of telling an identity is tracking individuals through “access network providers” to evaluate the transported traffic through a network (Barisch, 2009, p. 45), with inferences about identities.
Reputation systems in online communities may rank users based on their contributions, online behaviors, and interactions with others in that community; these offer automated ways to understand reputation, social connections, and “value.” Other reputation systems depend on peer evaluations based on what people post about them. Text analyses of the posted comments may offer insights about peer opinions. “Metaidentities” are those that are formed from various closed systems—and the information is brought together into a coherent sense of an individual.
In e-learning, digital identities are sometimes known as “telepresence” or how an individual manifests electronically. This telepresence is created not only by the inclusion of biographical details but how the individual communicates and interacts with others in a shared online space. Group presence is often labeled “social presence.”
The Importance of Digital Identities for E-Learning
Identity fraud has been quite common on the WWW, with people using others’ images and identities for various financial and other criminal scams. Identities are “poisoned” through fraudulent accounts, with individuals impersonating others. Fake accounts are created to spam others with unwanted advertising or obnoxious messages. Different types of phishing attacks are launched to try to get people’s private identity and access information—for financial gain and information access. So-called “doppelganger attacks” involve the faking of a site’s interface to get privy information.
Recovering an identity that has been compromised is onerous and expensive. Individuals have to provide documentary proof of their identity to rectify a situation. Some harms to reputations may be hard to erase.
Others experiment with different senses of selves and identities for creativity. People have cybersquatted on others’ names to try to make money.
In e-learning, digital identities are critical in two main ways. The authenticated identities are critical for making sure that the actual person signed up for the learning is the one taking the course. This is important for academic honesty, and it’s absolutely critical for the reputations of the universities.
A second way digital identities are critical is for learner role plays, experimentation, creativity, and “play.” These may be imaginary or assigned or role-play-based identities. Avatars stand in for the individual selves in the virtual world and recreate social conditions from the real world.
For both purposes, learners need to closely guard their digital identities and authentication methods, through passwords or other methods. One researcher calls this “responsibilization,” which is defined as a “process of encouraging individuals to become more involved in managing the risks they face” (Whitson, 2009, pp. 41 – 42). Also, universities have responsibilities to verify student identities in an online context, based on impending federal legislation.
As e-learning moves into mobile learning and wireless interactivity, the issues of privacy and digital identity protections will become even more critical.
The Importance of the Verification of Digital Identities
Universities need to verify who learners are to ensure that the training and credential are going to the correct person. When people graduate and take on responsible jobs, the decisions they make can have long-term implications on other people’s lives, the environment, the economy, and the larger society.
Also, students have plenty of personal information that they share in an online course. They share personal information. Their work may be highly revealing about the individuals. The access to that information should be protected along with learner grades and personal information. Students are also now building e-portfolios in their online classrooms. These may be wholly private, disseminated among a small group, or published on the WWW, but whatever the case, the learner has intellectual property (IP) rights (oftentimes) to his or her own work, and that IP should also be protected.
Protecting Learner Privacy
One common online instructor role involves facilitation of the learning. Here, they create a safe environment in the classroom for acquiring knowledge and skills and even integrating into a professional field. They need to interact with learners with some sense of each one’s interests and capabilities in order to customize and tailor the learning. Identity is important here in terms of tracking learners and understanding their performance over a period of time. Online learning may not allow instructors to get a full sense of learners in a way that interacting with them face-to-face may (in terms of offering informal channels for learning about students). They may have fewer cues from each learner, and they may have opportunities to misread learners or confuse one with another.
Instructors must also protect learner privacy, codified in the Family Education Rights and Privacy Act(FERPA).
Ways to Verify Student Identities Online
There are different types of attestations of identity in online environments. Learning / course management systems (L/CMSes) can track user IPs and log-in patterns in terms of time. There are some biometric add-ons to computer systems to verify identity. High-value exams are given in the context of proctored exams, with live human verifiers.
Researchers have found varying familiarity with authentication technologies, with the most widely known ones as passwords (93.9% familiarity). Then, in descending order, the respondents were next most familiar with fingerprint scans (51.3%), signature analysis (47%), voice recognition (43.5%), RFID tags (36.5%), digital certificates (31.3%), smart cards (31.3%), iris / retina scans (27.8%), face recognition (25.1%), hand geometry (20%), and other tokens (16.5%) (Jones, Antón, & Earp, 2007, p. 93). There are concerns about the possible misuses of certain types of authentication information, with nuanced attitudes about when certain types of authentication may be used (with high reliability in financial domains but leeriness in others). There are fears of privacy compromises and misuses of such data. These attitudes will likely affect what may be used to verify online learner identities.
Various technological methods are used to detect deceptive identities. For example, logging in with a particular identity from various IPs in geographically dispersed locations may be one way of identifying concerns. There may be patterning learned from fraudulent academic activities, such as the tracking of plagiarized files through comparisons of submitted work with data repositories of known student works.
Beyond technological means, there are social ones for encouraging accurate digital identities and academic honesty. Some universities have students sign on to honor codes—and have methods for addressing academic dishonesty—that may encourage student supports of honor codes and peer pressures for academic honesty.
The Uses of Controlled Anonymity in Online Learning
Some instructors use controlled anonymity for some aspects of online learning. In situations of controlled anonymity, user identities are accessible, but not to the common learner. Rather, the digital identities used are non-representational of the learners. “Anonymity” refers to the fact of not being identifiable within a certain set of subjects. This is related to the amount of uncertainty associated with a particular identity. The less identifiable an identity, the more anonymous it is. The mere absence of identification is not anonymity. There is not a current widely used metric for anonymity. More information does not always necessarily reduce anonymity, but disambiguation of identity may occur with more relevant information.
Anonymity may allow learners the freedom to express a range of ideas and to role-play without real-world repercussions. These may offer a kind of protection from real-world identities.
On the WWW, anonymizers may be used to mask the IP addresses of those surfing to particular sites (Rowe, 2010, p. 36); they may hide the originating email addresses of email senders. Others argue that anonymity will allow for privacy and freedom-of-speech (including whistleblowing).
Digital identity authentication systems must be difficult to hack. They must be verifiable, non-repudiate-able, and tamper-proof. In federated systems, each part of the system must be robust and not introduce vulnerabilities into the rest of the systems.
To balance anonymity and managed digital identities, some suggest that third-party escrow accounts may be held—to protect the person’s original identity from discovery but to still make that individual discoverable if necessary. “The basic idea is that under ordinary circumstances, a person can act anonymously, but in case of a special situation, the identity of the involved person can be specified. This is achieved by preparing two tiers of identity in which the first tier carries the minimal amount of information required for online activities (i.e., practically anonymous), and the second tier bears the full identity to specify that person,” write the researchers (Taniguchi, Chida, Shionoiri, & Kanai, 2005, p. 37). Such identity systems may use certificates to identify users and their status within a system. Other systems enable the creation of public pseudonyms.
Avatars are a kind of pseudo-identity that may or may not have direct connections with the particular human embodying the avatar. 3D humanoid avatars used in immersive virtual worlds may convey personality through appearances, histories, real voices, and a range of behaviors and stances. People may maintain multiple avatars or quick-changes of looks and feels of existing avatars for playfulness, learning, and intentional deception. These various identities may allow people to socialize in the digital “third places” of society. Indeed, some researchers have found a poor match of avatar cues to the same information in the real world (Junglas, Johnson, Steel, Abraham, & Loughlin, 2007, p. 91), which suggests a greater range of identity exploration and differentiation. Such variant identities may allow them to pursue various games and casual entertainment. The ease of changing digital identities has resulted in a low commitment to the particular online identity by many (Junglas, Johnson, Steel, Abraham, & Loughlin, 2007).
Many advocate against digital identity anonymity because of the fear that anonymity would result in misdeeds.
The creation of identity is seen as a way to modify behavior and enhance skills acquisitions (Mamykina, Miller, Mynatt, & Greenblatt, 2010). Another aspect is storytelling through avatars as a way to raise learner awareness and to enhance the modification of their behaviors. Performance communities exist online for learning through dramaturgy and machinima creations.
Student electronic identifications and passwords are one layer of verification of student identities.
Depending on university strategies and official policies, instructors may use back-end tracking of learners to understand their behaviors in the learning / course management system.
Digital identities may be misleading.
Authentications of learner identities need to be non-intrusive, and they must also not compromise learner privacy.
There may be perfectly clear explanations why certain authentications did not function as they should. Instructors will need to finesse this situation with wisdom and legality.
1. What are some forms of digital identities used for online learning? (Consider the identities used in learning / course management systems, virtual worlds, social networking spaces, wikis, and blogs, for example.)
2. What is the importance of digital identities for e-learning?
3. Why is it important for instructors and institutions of higher education to verify digital identities?
4. Why is learner privacy important? (Consider both FERPA and professionalism.)
5. What are some technological methods to verify student identities online? What are some pedagogical methods to verify student identities online?
6. How is “controlled” anonymity sometimes useful for online learning?
Ahmed, F. & Moskowitz, I.S. (2005). Composite signature based watermarking for fingerprint authentication. In the proceedings of the 7th Workshop on Multimedia and Security (MM & Sec ’05): New York, New York. 137 – 142.
Barisch, M. (2009). Modelling the impact of virtual identities on communication infrastructures. In the proceedings of the Digital Identity Management (DIM ’09): Chicago, Illinois. Association of Computing Machinery. 45 – 52.
Boongoen, T. & Shen, Q. (2009). Intelligent hybrid approach to false identity detection. In the proceedings of the 12th International Conference on Artificial Intelligence and Law (ICAIL-2009): Barcelona, Spain. Association of Computing Machinery: 147 – 156.
Clauβ, S. & Schiffner, S. (2006). Structuring anonymity metrics. In the proceedings of the second ACM workshop on Digital Identity Management (DIM ’06): Alexandria, Virginia. Association of Computing Machinery. 55 – 62.
Johnson, D.G. & Miller, K. (1998). Anonymity, pseudonymity, or inescapable identity on the Net. Computers and Society. ACM Policy. 37 – 38.
Jones, L.A., Antón, A.I., & Earp, J.B. (2007). Towards understanding user perceptions of authentication technologies. In the proceedings of the Workshop on Privacy in Electronic Society (WPES ’07): Alexandria, Virginia: 91 – 98.
Joyce, R. & Gupta, G. (1990). Identity authentication based on keystroke latencies. Communications of the ACM: 33(2), 168 – 176.
Junglas, I.A., Johnson, N.A., Steel, D.J., Abraham, D.C., & Loughlin, P.M. (2007). Identity formation, learning styles and trust in virtual worlds. The DATA BASE for Advances in Information Systems: 38(4), 90 – 96.
Mamykina, L., Miller, A.D., Mynatt, E.D., & Greenblatt, D. (2010). Constructing identities through storytelling in diabetes management. In the proceedings of the Computer Human Interactions (CHI 2010): Atlanta, Georgia. 1203 – 1212.
Rowe, M. (2010). The credibility of digital identity information on the social web: A user study. IN the proceedings of the 4th Workshop on Information Credibility on the Web (WICOW ’10): Raleigh, North Carolina. 35 – 42.
Schwartz, M. (2010). Federated identity: A recipe for higher education. Educause Quarterly. Retrieved July 16, 2010, from http://www.educause.edu/EDUCAUSE+Quarterly/EDUCAUSEQuarterlyMagazineVolum/FederatedIdentityARecipeforHig/206550.
Taniguchi, N., Chida, K., Shionoiri, O., & Kanai, A. (2005). DECIDE: A scheme for decentralized identity escrow. In the proceedings of Digital Identity Management (DIM ’05): Fairfax, Virginia. 37 – 45.
Whitson, J. (2009). Identity theft and the challenges of caring for your virtual self. Interactions. 41 – 45.
Journal of Online Learning and Teaching: Themed Issue: Integrity and Identity Authentication in Online Education
Camilla Jones Roberts and Shalin Hai-Jew’s “An Online Course for Students Addressing Academic Dishonesty”
Jeffrey L. Bailie and Michael A. Jortberg’s “Online Learner Authentication: Verifying the Identity of Online Users”
Lori McNabb and Alicia Olmstead’s “Communities of Integrity in Online Courses: Faculty Member Beliefs and Strategies”
Wayne Bedford, Janie Gregg, and Suzanne Clinton’s “Implementing Technology to Prevent Online Cheating: A Case Study at a Small Southern Regional University" (SSRU)