At last month’s successful Think Digital Identity For Government 2020, one of our featured panellists in our ‘Self-Sovereign Identity’ session was independent Identity researcher Arwen Smit, who shared some of the fruits of her extensive research into Identity trends that has shaped her new book, ‘Identity Reboot.’ We were so intrigued we decided to go back and find out more.
You made some very interesting contributions on SSI at the Conference, Ms Smit. For readers unable to make it on the day, can you summarise what you wanted to say about Self-Sovereign Identity? And was your thinking at all changed by what you heard at the Conference?
Although the Internet has made it possible for everyone to interact with anyone online, curiously little time has been spent on identification mechanisms on either side. In effect, the Internet launched an online identification gap, but a void never stays a void: capitalism does not allow for inefficiencies. It should come as no surprise that companies filled the void with great enthusiasm. The success of today’s technology giants, from Google (Gmail) to Uber (reputation) to Facebook (Login with Facebook), drives home just how lucrative filling the Internet’s identification gap really is.
The result is an odd patchwork of online and offline proxies, with varying interest behind these proxies. Governments prioritise reliable identification, companies care most about extracting useful data—and individuals just want something to work. This has created a culture of data overcollection and an ever-growing attack surface.
Hiscox statistics show that 55% of businesses faced a cyber attack in 2019. When individuals do decide that the value does not offset the risks, it becomes clear just how much data control has been sacrificed in the process of “personalisation”. People are no longer in control of who knows who they are, nor can they always reliably prove it themselves. What we actually need, then, is for identification to be viable, data to be useful, and for people, with dignity, to control their information. And we want all three at the same time.
Self-sovereign Identity (SSI) is an entirely new way of thinking about Identity and data privacy. Placing control at the individual level, self-sovereign Identity is a mix of technologies which allow you to be the authority on you. Governments are interested in SSI for three reasons: 1) for the benefit of their citizens, 2) for safeguarding the integrity of governmental services on offer, and 3) the wider geopolitical implications of their national data strategy.
Thanks. Let’s back up a second and understand a bit more about you and your work. Who is Arwen, and what’s led you to this point in your career?
I’ve always been incurably curious, and fascinated by the question of why things are the way they are. However, my career has gone through different phases and philosophies on what to do when I found things that just don’t quite add up.
At first, I decided to study business to be able to add commercial viability to problems worth solving. Discovering the exponential power of technology, the second iteration was to work on the business side of technology companies (i.e. Google, Facebook). The year 2016 was a turning point for me (i.e. Cambridge Analytica, Brexit, etc.). Ever since, I’ve focused on two things: technology ethics (i.e. the intended and unintended consequences of technology on society), and, more recently, the public sector—how those values and decisions are institutionalised.
Coming from the Blockchain space, it became clear early on that if Identity is broken, everything is broken; you cannot achieve decentralised consensus between trusted parties without some form of Identity. Meanwhile, every morning headline screamed a new privacy scandal. Data touches every aspect of our lives. Our attitudes towards privacy are reflected from the moment when we pick up our phone to check social media, to the data these social media websites collect, use and sell, to the backdoor mechanisms government mandate in light of national security.
To me, data privacy seemed like a problem so tremendous, so important, and so urgent, that I just had to create space to think about it on a deeper level.
Fascinating, thank you. You are about to publish the fruits of what seems some pretty intense research into the whole concept of Identity in your new book, ‘Identity Reboot’. What is the work’s overall theme, and what conclusions have you come to?
The data footprint left by the devices that we carry and the services that we use is unprecedented. For example, smartphones are equipped with an accelerometer (motion sensing), gyroscope (orientation), magnetometer (magnetic fields), GPS (location), barometer (air pressure), proximity sensor (infrared LED and light detector), ambient light sensor (measuring light), microphone (audio) and touch functionalities (pressure).
In parallel, online products and services weave our past behaviour with future predictions. It follows that the interest in this treasure of information is unprecedented also. In my book, I argue that human behaviour has become an optimisation problem, and that us humans are providing the data that is being optimised for. Whether it involves companies maximising profits or governments sculpting the perfect citizen, Identity and data reside at the very heart of the “optimisation equation”.
You might also like
A new wave of thinkers is exploring the ethics of data, and this effort, thankfully, translates into stimulating literature, such as Surveillance Capitalism by Zuboff. Building on this, Identity Reboot goes beyond the problem, and it is written as a blueprint for what we can do, with agency, to steer our own course for the future. Because data privacy is multi-dimensional, ranging from the artificial intelligence race to censorship to facial recognition to what information you, your children and your parents inadvertently share on a daily basis, there is no one size fits all solution. How do you fight a hydra with that many heads?
That is what this ‘Identity Reboot’ is about: where we are and how we could move forward.
One of the themes we picked up on the day was that we’ve spent a lot of time arguing about things that haven’t really worked in ID so far, so maybe it’s time to be a bit more positive and look at things that DO work. What’s your feeling about this?
When strategy plans are crumpled up to clear a desk and to start with a clean slate, the physical paper might lie in the bin, but the accumulated knowledge and learnings of getting to that point remain.
This is why dialogue between new and established players is important, with both emphasising different things. What has not worked and why, and what has not been tried before and why this might be the point to move ahead.
Rebooting Identity is tricky because it does not require incremental innovation, but fundamental change. Changing Identity ripples through all the services using that Identity. Which is why I expect, even though the stars might spell out a net benefit for all the individuals using it, to see serious resistance to implementing solutions such as SSI among those who have skin in the current game. For example, Login with Facebook works like a charm when logging in to a dating app like Tinder. However, it does not work to protect your data privacy in perpetuity; reputation works well enough to hail an Uber ride, yet it does not reflect your trustworthiness as a person. Ultimately, if we move the needle on this debate or not is directly related to which values we decide to care about. Excessively pointing to what does work might give us an excuse not to move forward.
Interesting. Our final question for today, Arwen: Where will ID be in 2025?
Quite incredibly, the usable Internet is around 20 years old; once digital change picks up speed, it can go incredibly quickly. How quickly Identity will change will depend on three actors: governments, companies and individuals.
Governments have a historical opportunity to define what “good” Identity looks like, to set the standards that ascribe to the values they hold. These values will change geographically. The US, the EU and China will likely institutionalise different value systems.
At the same time, commercial organisations have an existential opportunity to decide how they want to make money. Privacy is a lucrative business, too; extractive business models are not the only business models on offer. And finally, individuals like you and me make countless mini-votes of endorsements or dissent on a daily basis. What services and products we decide to use and not use helps force or systemise the issue.
The ultimate tension is going to be: who creates the data, who gathers the data, who uses the data, and why? Controversies such as Cambridge Analytica are but the very top of the iceberg.
My hope for a responsible government is to listen and lead. Listen to your citizens, and, if your position is to preserve human capability for reason, lead them into a world where human behaviour is not an optimisation game.
Very inspiring. Thanks so much for talking to us today, Arwen—and good luck with the book!