28 comments

[ 4.7 ms ] story [ 16.8 ms ] thread
I once had a friend who, due to some ancestral tradition of retaining multiple clans in names, had a name which consisted of six parts. A first and last name with four middle names in between is not quite an accurate breakdown given the tradition (which, as I understand it, is more akin to the Spanish "uno y dos" surnames), but seemed like a close enough representation that ought to be possible in many systems. Of course, it actually was not possible in many systems, and of all the bizarre handlings of his name perhaps the strangest was the motor vehicle division, which decided to use the first three parts as first name, the second three parts as last name, and then apparently some automated system later on helpfully removed the spaces and apostrophe and truncated after so many characters. The resulting driver's license was both comical and nearly illegible.

This case was fairly innocent in that it was seldom even annoying. However, even more common seems to be transgender individuals who have completed a legal name change but cannot get the name field updated in automated systems, a case that can cause a great deal of offense. It seems that the underlying cause here is less format assumptions, though, and more immutability, which I worry the article doesn't quite hit hard enough. I once had my name simply misspelled in, of all things, a university ERP, and it took over a year of nagging to get it corrected. I got the impression that a consultant had to be brought in to make the change. Years later I worked in the kind of corporation that had a lot of "for life" employees, and it was frustrating how often people's usernames no longer matched their names because they had gotten married and been told their username simply could not be changed. Building any system which is e.g. keyed on a name field is absolutely going to cause frustration and expense down the line when someone does something odd like get married. Unfortunately, many software systems make an implicit assumption of immutability by using username as a key for integration purposes, so it cannot readily be changed. MS AD in theory tackles this problem by internally using a GUID to identify users but this is far from complete and username is still critical in some places (mostly third-party integrations), most Linux environments haven't even tried to address the problem.

Finally, the article's section about evaluating whether or not there's a real need for a legal name field reminds me of Heath Fogg Davis's concept of a "gender audit," which is similar and helps to address similar situations. Essentially, he calls for organizations to systematically review every case in which a person's gender is recorded and determine whether or not it is really required. In many cases there's actually no underlying reason (other than someone's thinking that gender was a key and immutable component of identity), and the gender field can simply be removed, preventing a lot of down-the-line frustration in handling cases like transgender individuals. In other cases there is a purpose but it's one that requires no particular constancy (e.g. selection of pronouns in notifications) and so it's better to both make the property readily changeable and, even better, stick directly to the purpose for which you need the information and nothing more--for example, instead of asking for gender, ask the user which pronouns to use.

Thank you very much for your empathy for transgender individuals. The other field that causes a lot of pain for us is prior names and aliases. It's usually found in government systems and credit reports.
A significantly misunderstood reason to ask gender questions is to try and quantify a gender imbalance. My field (internet governance) clearly has this problem and we need to quantify it to meet wider societal goals.

I don't care what title people use or expect in delivery of goods and services. I do care that some activity needs to demonstrate equity and cannot without measurements

When you have this need, you should clearly articulate this to your users, and you should provide flexible options. Not doing so, as is unfortunately mandated for US EEO compliance, leads to poorer quality data as employees who are non-gender-conforming are uncertain or unable to answer the question in a way that reflects their identity.

Collecting demographic data for equality purposes is admirable but still needs to be done carefully and with an eye towards capturing the diversity of your user base. Simply throwing in a gender male/female question can actually make this situation worse rather than better by actively turning away certain individuals.

My name consists of four parts and I have a similar experience as your friend. My birth certificate just combines all four names into one string but systems represent me as either having two middle names, two hyphenated last names (which is technically incorrect although one of my middle names happens to be my mother’s surname) or only the first of my two middle names. It hasn’t really caused a meaningful impact on my life with the notable exception of when I was applying for my passport. That ended up turning into a month-long side project of acquiring updated documentation with consistent naming just so I could verify my identity to the passport office.

To add more chaos to the equation, I’m transgender and going through the process of changing my legal name now. I feel oddly prepared to handle this given my past experiences with legal name based verification. I’ll probably end up abandoning my PayPal account of 17 years though. I hear you need some sort of blood sacrifice for them to update your name and honestly their service just isn’t good enough.

> I’ll probably end up abandoning my PayPal account of 17 years though. I hear you need some sort of blood sacrifice for them to update your name and honestly their service just isn’t good enough.

By abandon, I guess you mean closing the old one and creating a new one?

PayPal's processes and customer service are notoriously incompetent and customer-hostile. Three months ago, they asked me to provide charity information for my personal account, and subsequently limited my receiving/sending privileges.

> By abandon, I guess you mean closing the old one and creating a new one?

Yeah that seems to be the way to go. Although to be honest I haven’t really used PayPal much in recent years. Apple Pay / Card has pretty much usurped all other payment methods for the vast majority of my purchases. All it needs it single-use card numbers and I think it would be perfect as far as a payment solution is concerned (assuming you’re as invested in the Apple ecosystem as I am).

As far as receiving money is concerned, I just don’t see the appeal of PayPal in this day and age. If I’m taking money from a friend who wants to pay me back (for drinks or whatever), I would much rather use something like Venmo or Cash App. Fast, easy, straight to the point. When it comes to e-commerce however, I don’t think anyone holds a candle to Stripe. It doesn’t bring me any pleasure to say that (I don’t love caping for any large corporation) but they really do have the best solution. The APIs are a joy to work with and they really seem to have thought out every situation as far as business requirements and compliance are concerned. Even Square (which you might think is a worthy competitor) fails to provide solutions to specific use cases, something I had to learn the hard way.

All in all, I really just don’t see the point of using PayPal in 2020. There are so many superior options out there. But I guess the ubiquity of PayPal means it is here to stay.

I use PayPal mainly to pay a subscription to a business that I like, but doesn't want to break anything that's already working.

PayPal also gives me the option of cancelling the regular payment on my end. Stripe has nothing like that.

A related concern:

My wife and I both changed our surname when we were married. Later, when my son was born, I discovered that my US State's birth certificate authority very much assumed that people didn't do this. It hasn't caused us any problems yet, so ... here's hoping.

May not affect you, but rather your son at some point in his life.

My mom had a weird case were the Patriot Act's requirements for name construction "broke" the legal name she used for herself (firstname givenmiddlename husbandlastname) on everything. Her driver license was renewed about 8 years ago, and suddenly her DL name was firstname misspelledmaidenlastname husbandlastname. Suddenly her DL didn't match any of her official documentation like her passport, marriage license, and I think all social security / medicare IDs and documentation, plus bank accounts, property records, and on and on.

She couldn't use the DL to change her name with all of the impacted person records because the maiden name used by the DMV was misspelled. Example of the error, DL maiden name was Jordan, but her actual maiden name was Jorden. She challenged the DMV, they pulled up her birth certificate only to find that there was a typo on the birth cert dating back to the 40s. Nobody in all that time caught the typo.

In order to have the birth cert corrected she had to go back to the state she was born in and request a fix. They required out of a list of things, 2 or 3 (can't exactly remember) forms of proof of error. She found one proof easily, but not anything additional. Spent months trying to find anything else that proved she went by Jorden as an unmarried woman. Finally found that my brother's birth certificate required her maiden name and on that she had spelled her maiden name as Jorden. My birth cert issued from a different state did not have her maiden name.

At that point, she was able to apply for a correction with secretary of state, apply for a new DL / passport. Then spent another 1-2 years fixing all SS/medicare, bank, insurance, credit card, property records...

This all happened after her parents had died, and iirc one of the forms of proof she could provide was a birth parent attestation of error. Obviously dead men tell no tales.

I am fortunate in that my preferred name and my legal name are identical, and not the least bit exotic, so all the IT systems I've had to deal with over the years haven't felt the need to mangle my name.

I also have several pseudonyms I use for various purposes. I am an exceptionally private person, so I use a pseudonym for the poetry I write, and another one for the more serious stuff I write. I also have another one I created for some of the technical stuff I've written over the years, mostly because several of the companies I've worked for had this silly idea that any thought that popped into my head belonged to them.

> there is almost always a human in the loop somewhere verifying that the documents submitted by the user are valid. This is harmful to the user...

This might be the first time in which I've heard someone call the human in the loop "harmful to the user". It's a good thing that name changes require a human in the loop; the potential for abuse is astronomical otherwise, and the upside of having a human in the loop for legal name changes greatly outweigh the potential downsides.

Most of the other problems that the article mentions fail to exceed the threshold of "minor annoyance or moments of embarrassment". It would definitely be nice if any system that needed your legal name would also provide a "preferred name" field to avoid these moments, but I'm not sure that this problem actually rises to the level of importance that the author gives it.

"Just don't record legal names" is nonetheless good advice for the majority of systems.

I'm not sure if you're confused about the human in the loop. She's saying it's harmful when there's a human in the loop at the university trying to confirm the legal name change, not that there's a human in the loop in the name change process in general. If a database doesn't require a human to verify new records and records only a person's real name to the exclusion of their legal name, this seems pretty obvious to me. The question therefore is limited to occasions when a database requires a human to verify new records and/or record's a person's legal name. I think if there's some kind of "know your customer" requirement, as in a bank, they probably need to verify the change. But even then it's probably sufficient to record the name and the original name, use the new name for salutations, and have someone follow up the change if need be.

The registrar charged with recording a person's legal name, by contrast, obviously has a responsibility to make sure it's a valid name. This doesn't change whether it's a child being born or whether it's an adult changing their name.

Two cases I recently heard about - apparently some parents weren't ready to name their newborn son when the nurse came around asking for the name. They said "come back in a day or two", as is their right, but the nurse just submitted a form that said UNNAMED. He didn't realise what had happened till he was 16 and applying for his learners permit. This shouldn't have been permitted; the registrar should have put that certificate aside and come back to verify it. (Source: unverified caller on radio.)

Also, a boy changed his surname to his mother's maiden name, which was also the surname of his uncle, a famous serial killer. He had good reason to change his surname: He had a strained relationship with his stepfather. Such a change is, in general, highly questionable, but in this case it was probably quite correct to allow it. Only human intervention can really divide the cases. (In any case, this particular boy shortly went on to kill his mate in an attempt to associate himself with some of his uncle's notoriety.)

I understood the OP correctly, and I stand by my point. If someone claims that their legal name has changed, it makes perfect sense that any organization which needs to operate with legal names will be checking to see that the papers supporting this claim are real, and I don't see why this should be considered harmful.

I too know some families in which name requirements cause problems. I have an acquaintance whose name was never recorded on her birth certificate and who was not initially issued an SSN. She managed to get to the age of 18 without too much trouble, but when she wanted to apply to college she had a very difficult time proving that she legally existed.

> If someone claims that their legal name has changed, it makes perfect sense that any organization which needs to operate with legal names will be checking to see that the papers supporting this claim are real, and I don't see why this should be considered harmful.

The misunderstanding here is subtle but important. I absolutely agree that a human needs to verify _legal_ name changes. This is why I suggest that legal names shouldn't be recorded most of the time. Humans do not need to be involved, generally, with name changes that have no legal or tax implications, so when legal names aren't the default, that human's time can be used elsewhere, and the user's experience streamlined.

My impression of the article's point was that if you can be clear that you've recorded a preferred name rather than a legal name then you don't need to validate name changes at all.
Pleased to see the reference to there not being a concept of a legal name in the UK. Which made it even weirder when a spate of insane billboards appeared with the slogan "It's illegal to use a legal name"; presumably some sovereign citizen nonsense infecting the UK over the Internet.

Another essential piece of reading for names in the database context, and the idea of social "legibility", is Seeing like a State (see long review at https://crookedtimber.org/2007/10/31/delong-scott-and-hayek/ ).

Also thinking of a certain South African industrialist who has recently given his child a name that is not only unpronounceable but un-renderable in ASCII.

> un-renderable in ASCII

That's common enough. And even in countries which should know better, accents often get mangled or dropped altogether from names, even the most common accents. Talking about é in Belgium, in my case - in Flanders, though I assume that it's handled better in Wallonia and Brussels since it's very common in French names.

> un-renderable in ASCII

It's inexcusable for a modern user-facing system to be limited to ASCII for names or strings. Most of the world's languages, English and Malay being the biggest exceptions, cannot be rendered in ASCII. ISO 8859-1 (Latin-1), and its derivative CP 1252 help a lot but still don't provide characters for all Latin-alphabet languages. My own language, despite using the Latin alphabet as a base, didn't get a standard encoding until 1998, and I'd usually see it rendered incorrectly until Unicode took over. And that's without even considering languages that use other scripts.

It's pronounced Kyle. X is Greek "chi", the "ae" ligature is pronounced like a long I, and A-12 is the 12th letter from A.

(Yes, I'm aware that this isn't true.)

For what little it is worth, I read on the Verge or somewhere that the "official" pronunciation is "Ecks Ash Ayy Twelve", so it is pronounced almost exactly as it is spelled. (Ash actually is the old English name for the "ae" ligature, derived from its Futhorc rune, rather than any traditional pronunciation [1].)

Apparently for meaning they intended "[Unknown variable] [Closest traditional ligature to AI] [Model number of favorite plane]", which I suppose is some sort of meaning.

[1] https://en.wikipedia.org/wiki/%C3%86

If you're wondering what the definition of a legal name name even is in the US, it's explained here (at least as the SSA sees it): https://secure.ssa.gov/apps10/poms.nsf/lnx/0110212001

It's also interesting how they handle different spellings of the "same" name, e.g. apparently "Elsa" and "Alice" have only a "minor difference": https://secure.ssa.gov/apps10/poms.nsf/lnx/0200302460

They probably use soundex codes as a form of error correction or fuzzy match.

Most federal govt use of ssn includes name+ssn+dob; while there are presumably many people with the same dob and closely related ssns (so typos would match something) an approximate name could reduce the number of false negatives quite a bit.

The definition of “legal name” is interesting. When I got married in California 30(!) years ago I “changed” my name by simply asking for a replacement DL with a different name on it, then used that to change my ssn. At the time you could use any name you wish, as long as it was not for fraudulent purposes.

Which makes sense to me — it’s my name after all; why should it be rigidly locked to some decision my parents made over which I had no input?

And a benefit of coming from a small country: the consul was able to issue me a new passport in my new name (she wanted to see my marriage license) which I’ve been able to renew even though in my home country that’s not my “legal” name.

None of that is possible any more: after September 2001 there was a rush to useless, officious busybodying around things like names which really aren’t anybody else’s business

I think the general issue here is that of having semantical (or semantically generated) identifiers.

Intuitively, we often assume that the UUID of a person is his name (for some definition of name). Then when this changes all hell breaks loose because we are mutating an ID that has been shared to 3rd parties.

Some countries don't have a UUID for its citizens. Some countries don't even have a register of its citizens.

Even those countries that have a register AND a UUID for each citizen still often make the mistake of making it derived from the "name" (thinking for example of the Italian "Codice Fiscale"), which can obviously cause confusion if you then attempt to change your name.

This is very common in a lot of IT systems even when its not names. It's windowIds VS windowNames, it's username VS userId, email VS userId, primaryKey vs ID field etc.

The hill I'll die on is the preaching of never ever ever ever using a semantical id. Sure, they are handy (humans can reason better about those than about random strings), but DON'T MAKE THEM THE ID.

A handy test to avoid this pitfall is: if tomorrow every value that represent some id-like property (i.e. foreign keys in a db) in my system (string or numeric) was replaced by a unique 1-to-1 mapping to another set of random strings, would my system still make sense? A good ID-based system would survive this. One where there are assumptions like ID = name ++ email not so much (because name <-> aaa, email <-> bbb but name ++ email <-> ccc, violating the assumption)

The UK's Government Digital Service spends a lot of time considering how people interact with computers, especially people with accessibility requirements.

For example, here one of their team describes building a fictional government service: https://www.youtube.com/watch?v=JHaLzm-FGsc

> A person’s “preferred name” is their name, their “legal name” is something else, and it’s our duty as software engineers not to muddle the two up.

I strongly disagree, having dealt first-hand with the fallout of identity fraud. These escape hatches negate the purpose of names. The problem with storing "legal" names is the custodial burden of storing any personally identifying information; however, the benefit of dealing with a bona fide person may outweigh the cost.

In the case of an academic institution, it is completely reasonable to use a legal name as the standard. If a person doesn't like their name, then the onus today is on them to change it. This article doesn't propose any constructive alternative, that maintains the integrity of the academic system which is relied upon, in an important way, for things like visas, scholarships, and employment.

The preachy disagreeable manner that this article was written in doesn't help. The appeal to collective cause indicates a defective and illogical mode of thinking. The argument as presented lacks a logical basis, instead trying to appeal to emotion through example and anecdote. Who is this person, to dictate my duty? And furthermore to decide the meaning of basic terms, such as what a name is?

No thanks.