The cross-road of online identity
This article aims to explain the current identity-management developments of our society on a meta-level and highlights the importance of self-sovereign identity.
Status quo of online identity:
A person’s online identity is split among a multitude of companies and organisations, which store the personal data of their users on centralised databases. But identity is more than the summary of our login credentials and physical identifiers. The importance lies in the relationship between the individual and the relating party. Currently, we face the problem that most of the time information can’t be proven — only trusted.
“Identity isn’t something an individual holds, it’s not the credentials. It’s firstly the relationship between the issuer and the holder of the credential.”
Emrys Schoemaker on Tim Bouma’s definitely identity podcast.
There are four main scenarios of how identity can be managed from a societal point of view as described in my scenario building article:
Total gov. surveillance: The government controls all aspects of identification, verification and authentication via the aid of bulk surveillance and facial recognition systems.
Identity chaos: The government and citizens lost control of their digital and real identities. Anonymity and throw-away-identities are the norm.
Surveillance capitalism: A few powerful companies manage all identities and their access to online services.
Self-sovereign identity: Users got back the agency to manage their credentials in a user-centric manner. Open and decentralised identity ecosystems provide verifiability to all stakeholders.
The concept of self-sovereign identity management offers a lot of benefits, which I explained in my SSI introduction video/article. So let’s take a look at what this kind of identity management would mean for our society on a societal level.
A balancing act of personal freedom and government intervention.
The two key aspects, which we need to take into consideration in these scenarios is the degree of government-intervention and personal freedom. While we want to achieve a high degree of personal freedom we also require government interference to ensure legal binding relationships in all domains as well as a suitable regulatory environment with aspects such as eIDAS, GDPR and other statutory law.
Balancing government interventions with the demands of industry stakeholders and the interests of the greater public is a fundamental challenge, which we need to address from multiple point of views. Maximal personal freedom as demanded by crypto-anarchists isn’t a blueprint for a working society either since governments need leverage to execute their duties regarding intelligence services and enforcement of statutory law.
On the other hand, a system, which is controlled by a central authority like a government agency has inherent risks since authority is being used to abuse people sooner or later. As a German who wants to build a national SSI network, I’m all too aware of the negative consequences if we build it the wrong way. Christopher Allen has a valid point when he cited the dutch prime minister Mark Rutte in the context of SSI:
“When authority became a threat, our government agencies failed as guardians of law and security.”
Mark Rutte said that on the 75th anniversary of the Liberation of Auschwitz. More Jews died in the Netherlands (in terms of percentage of total population) during WW2 than in Germany, because they had better citizen records.
The following graph illustrates the aspects of government-intervention and personal freedom with their maximal and minimal boundaries.
In an optimal scenario, we would have a high degree of both aspects and an overlapping on the chart. In practice this is hard to achieve, since one cancels out the other to a certain degree. Currently, we can only observe a significant overlapping of both criteria in the scenarios of self-sovereign identity and surveillance capitalism. Unfortunately, the latter is developing in an undesirable direction. Surveillance capitalists mainly got public attention recently because of election interference, privacy violations, dispossession of knowledge and the accumulation of behavioural data describing our habits. This data is used for the modification of individuals and our societal as a whole, shaping it towards a desired commercial outcome as described in my article. This is an extremely dangerous trend in which insignificant governments have no meaningful leverage against the influence of surveillance capitalists and their drive towards further accumulation of information and power.
Societies, which have a meaningful proportion of their citizens using identity-services provided by surveillance capitalists such as single-sign-on by Facebook will suffer continued dispossession of knowledge, agency and authority. Government representatives are all too aware of this trend and began to embrace solutions like SSI, which aim for a more open and decentralised user-centric approach.
The vanguard of the other extrem is Canada. They are pushing the envelope of SSI and just recently published their draft of the PCTF.
“The Pan-Canadian Trust Framework will facilitate the transition to a digital ecosystem for citizens and residents of Canada. A Canadian digital ecosystem will increase efficiency and secure interoperability between existing business processes, such as open banking, business licencing, and public sector service delivery.” Government of Canada.
These are interesting times. The government and the private sector finally came together to built an user-centric approach for identity management in which the user himself will be responsible for his or her keys. Does your nation already has a public debate about self-sovereign identity?
If yes — join it! If no — initiate it! Let’s initiate self-sovereign identity!
Own your keys
Disclaimer: This article solely represents the opinion of the author — Adrian Doerk