Journal of the Association for Information Systems


Despite individuals’ and organizations’ best efforts, many significant information security threats exist. To alleviate these threats, researchers and policy makers have proposed new digital environments called identity ecosystems. These ecosystems would provide protection against attackers in that a third party intermediary would need to authenticate users of the ecosystem. While the additional security may help alleviate security threats, significant concern exists regarding ecosystem users’ privacy. For example, the possibility of targeted attacks against the centralized identity repository, potential mismanagement of the verified credentials of millions of users, and the threat of activity monitoring and surveillance become serious privacy considerations. Thus, individuals must be willing to surrender personal privacy to a known intermediary to obtain the additional levels of protection that the proposed ecosystems suggest. We investigate the reasons why individuals would use a future identity ecosystem that exhibits such a privacy-security tradeoff. Specifically, we adopted a mixed-methods approach to elicit and assess the major factors associated with such decisions. We show that 1) intrapersonal characteristics, 2) perceptions of the controlling agent, and 3) perceptions of the system are key categories for driving intentions to use ecosystems. We found that trustworthiness of the controlling agent, perceived inconvenience, system efficacy, behavioral-based inertia, censorship attitude, and previous similar experience significantly explained variance in intentions. Interestingly, general privacy concerns failed to exhibit significant relationships with intentions in any of our use contexts. We discuss what these findings mean for research and practice and provide guidance for future research that investigates identity ecosystems and the AIS Bright ICT Initiative.