Arwen Smit, a specialist in the ethics of technology and its intended and unintended consequences on society, will be a panelist at Think Digital Identity For Government 2020 in our session on SSI (Self-Sovereign Identity). Here, she shares some of her thoughts in advance.
The way we structure identity is not neutral – going deeper than just a name or an address, identity is a collection of claims of who you are and who you have been. The combination of those claims is something that allows you to do things. To go to university, you need a valid secondary school diploma, and to go to secondary school you need a valid primary school diploma. In the US, nationality, residence status and age are verified to determine the right to vote. In most countries, opening a bank account requires a valid proof-of-address and proof-of-ID. Babies receive an ID from the day they are born. From that day onwards, we spend our lives building attestations about ourselves to navigate society. To signal who we are and to get what we want. In other words, identity is nothing less than the foundation of rights in society.
To measure rights, “Identity Proxies” are being used. Are you allowed to cross country borders? Nationality will be one of the first variables taken into account. Are you entitled to receive child support? You will need to prove that you meet government requirements. Are you old enough to drive? Prove it. As inseparable from us as our shadow, identity is an ever-present reference to the degree of freedom we have within the constraints of those rights. Yet the concept of “identity” as we know it today is incomplete.
As in the physical world, we need proxies to function in the online world. Because the Internet cannot identify people, websites and applications must do that job. The wild success of the tech giants underscores just how urgent, lucrative and important filling the Internet’s identity gap really is. While governments issued passports in the early 20th century to keep track of people, Facebook and others introduced social login to ultimately increase advertising revenue. Shortly after, the likes of Airbnb introduced the concept of reputation to more efficiently share high-value assets.
Firstly, the passport proxy is plagued by voluntary interpretation, a single point of failure, and a physical nature not equipped for the digital world. The European refugee crisis drove home the limitations of passports when identities needed to be verified at each border, leading some to falsely claim Syrian nationality which consequently sadly left those entitled to protection sometimes unrecognised. Secondly, the social login proxy is characterised by silos and fragmented identity across platforms. For example, even as you download the data surrounding the Facebook-you, you cannot easily copy it to the Snapchat-you. We can access data, but not move it. Thirdly, the reputation proxy is by nature subjective, vulnerable to social retribution, free, unforgiving, and not portable. As a result, a high reputation means increasingly little. Uber drivers with high ratings have committed crimes ranging from rape in India to murder in America. Since the status quo is inadequate and unsustainable, this gives us the licence to reboot identity.
Identity is a multi-layered problem and demands a multi-layered solution. One layer of this solution could be self-sovereign identity. Self-sovereign identity, powered by distributed ledger technology (popularly known as blockchain) is relevant to citizens, corporations and governments.
If you liked this content…
Identity Thinker Arwen Smit Wants Us To Wake Up To The Fact That Human Behaviour Has Become ‘An Optimisation Problem’
Think Digital Partners unveils a key new engagement medium: video
Digital Identity: Global Roundup
UK public doesn’t trust tech firms with digital identity data
The Past, Present, and Future of Identity
Self-sovereign identity is relevant to citizens. A self-sovereign individual has the power to project attestations about him or herself, reimagining identity as a web of relationships. You are different things to different people, so why should the person to connect the dots not be you? Re-centring the human model of identity around the individual promises a radically different paradigm of interaction. In a nutshell, if claims (attestations) are verified (authenticated), this empowers somebody to do things (authorisation). It is key that these verifiable attestations are fully under the control of the identity owner, independent from any centralised registry or authority. In other words: decentralised. In a decentralised system, many parties offer many features, granting many individuals the power to make many verifiable claims. This multitude of verifiable claims unleashes the right of self-determination for everyone. Self-sovereign identity could become the keystone for human interaction in the 21st century.
Next to its clear potential to restore dignity and autonomy to the lives of millions, if not billions, across the globe, self-sovereign identity is relevant to companies. The potential to combat fraud across sectors and geographies suggests a clear commercial reason for its existence. There is also reason to hope that data overcollection will be reduced if the legitimate purposes for that overcollection are more easily met. Lastly, there is reason to believe that the duplicated corporate costs of collecting, storing and protecting data in parallel to the liability associated with holding such data (currently a cost running into the many millions and billions) will be reduced. In sum, commercial benefits and reduced cost could make self-sovereign identity an attractive alternative to companies.
Lastly, self-sovereign identity is relevant to governments. Just like access to a passport, digital identity is a human right as well as a public good. This implies that governments are responsible for foundational identity. Foundational identity is a fluid term. In 2020 and beyond, this will most likely to include, at least, the same information now captured on passports. More specifically, it will contain the information that allows people to cross borders: name, date of birth, nationality, etcetera. Once this foundational identity has been provided by the government, individuals are free to strengthen these claims with additional attestations. The next step is to regulate private identity infrastructure, so non-governmental identities become feasible. For example, what are suitable criteria for an identity provider? What types of attestation should be inclusive, and where is monetisation suitable, perhaps even desired? What are design requirements? For example, is the inclusion of a revocation registry mandatory in every “wallet”? What forms of cryptography (the preferred blockchain-method for “authentication”) are allowed or even encouraged? There is a historic opportunity for governments to define guidelines on what a “good” identity encompasses.
In conclusion, in self-sovereign identity solutions people control inherent, assigned and accumulated attestations following customisable rules, which can be decentrally verified and multi-directionally used. Again, the way we structure identity is not neutral. Based on societal values, different countries will make different decisions, so at Think Digital Identity for Government 2020 we will ask: what choice will the United Kingdom make?
Smit is the author of Identity Reboot: Reimagining Data Privacy For The 21st Century, available from March 9th.
To make sure you hear her and her other panellists and speakers, grab one of the few places left here.
