Functional data includes electronic data that can be used to, among other things, establish or verify an identity, access a data system or account, or otherwise enable functionality in a digital environment. We all live with functional data. We typically invoke myriad functional data elements on a daily basis to sustain and enrich our lives.
An important aspect of the functional data landscape is identity. Character-based identity elements such as name, birth date, social security number and street address are powerful elements of functional data. A drivers' license—with a number of its own—may entitle one to cast a vote, drive a car on a public road or purchase a bottle of wine.
The personal signature is an equally powerful image-based identity element. But—some special categories of transactions aside—the personal signature has been largely replaced by the digital persona. Proving your identity in the digital world involves its very own dimension of functional data, from usernames and passwords to PIN codes to security questions to any number of trivial details that can help to prove you are who you say you are.
With proof of identity, countless other dimensions of functional data become accessible. For example, a credit card number can be used to purchase a staggering variety of products. A bank account identifier or investment account number is generally required to access financial resources. An email address or phone number enables personal communication with other people all around the world. Under certain circumstances—particularly if one's identity has been compromised—any one of these functional data elements can be abused without the knowledge or express consent of their “owner.”
In the digital world, protecting functional data has become very complicated. We regularly create lasting records of various functional data elements across countless digital systems and networks. Despite the best of intentions (in most cases) and the most advanced technologies, these systems and networks are increasingly vulnerable. If perpetrators can amass a sufficient number of functional data elements to convincingly portray your digital persona, they can invoke those elements to exploit your resources for their gain.
But we must share our functional data nonetheless, to invoke it for our own gain. In sharing it, we may authorize others to invoke it for a particular electronic transaction or transactions. Sometimes we do so as a matter of personal trust—such as sharing a credit card number with a spouse, a child, or an assistant, to invoke it for our benefit and/or for theirs. Other times we do so as a matter of commercial necessity—such as answering a series of personal questions for a customer service representative, handing a credit card to a waiter, or completing an online form for a trusted retailer.
The challenge is to somehow control propagation of authorization to use our functional data elements, and further to limit the scope for the use of our functional data elements in the digital world.