This article explains the ethical situation societies face in the context of a transition from an organisational to a self-sovereign identity.
Ethics is concerned with the study of morality and the application of reasons to elucidate specific rules & principles that determine right & wrong for a given situation. Morality is concerned with the norms, values and beliefs embedded in social processes, which define right & wrong for an individual or a community. Hence, ethics rationalise morality to produce ethical theories that can be applied to any situation.
“It asks the following questions: ‘How do we want to live?’, ‘How should a person act?’ and ‘Which values determine our lives?’ Ethics doesn’t ask: ‘What is technically feasible?’, but instead ‘What is desirable?’ and ‘For whom is it desirable?’” Dr. Petra Grimm
The choice between totalitarian surveillance and citizen empowerment
Governments have to decide, which measures they deem appropriate to guarantee a working society in an unprecedented crisis. The EU-Commission already obtained anonymised data from telecommunication companies in Europe to analyse the spread of the virus. Voices of privacy activists perish when the public demands control of the situation. While data about public behaviour is more important than ever, the behaviour of every individual is even more significant to get back to “normal”. The government won’t solve this crisis, but our society at large. Hence, the question: “How do we identify, authenticate and communicate with an individual or organisation in our society?”
Existing identity management structures are centred around single entities. This leads to a variety of issues regarding privacy violations, loss of control and fatigueness for individuals as described in my last article “the cross-road of online identity”. Single-sign-on (SSO) with *insert surveillance capitalist* won’t empower citizens to drive positive change in their local communities. Instead, you should be able to control your digital representation. This is especially important in times of social distancing and home-office.
China is known for their collectivism and a surveillance apparatus, which leverages facial recognition and bulk surveillance to gain unprecedented control of its society. That’s not something we want in Europe. Governments should not monitor people and punish those who break the rules. Mass-surveillance is not desirable. “Do we want privacy or health?” is the wrong question, to begin with. Piracy is not a necessary sacrifice in this situation. Taiwan and South Korea demonstrated that extensive testing, honest reporting and the willing cooperation of a well-informed public is more important than bulk-surveillance. The sum of intrinsically motivated individuals, which trust in science, media and public authorities is more effective than a policed and ignorant population.
The moral intensity, which measures the importance of the ethical issue couldn’t be higher. Imagine how different our world would look like if the early internet pioneers were able to include payments directly into the internet protocol. Now in the early days of self-sovereign identity (SSI), we have these opportunities again. I’m not referring to the opportunity to integrate payments, but the opportunity to shape basic infrastructure, which greatly influences the functions of applications build on top of it. Architectural foundations of a technology build for identity management require significant considerations. The 27. March was just established by Christopher Allen as a #Foremembrance to salute all those who died to protect the defenceless in WWII, and those on the forefront today doing the same. It reminds us that the systems we currently build can have devastating consequences once a regime change or similar occurs.
Self-sovereign identity: The holy grail of an empowered society?
While the concept of SSI gained quite some attention in the identity space, the public has no idea that it exists. Public debates about it are still rare and the resources available are mainly technology-related. Nevertheless, governments have taken notice and actively explore the concept. The technical foundation isn’t ready for prime time but already enables test implementations like minimal disclosure via zero-knowledge proofs. Did we finally find the technology, which can liberate our society? Probably not. Technology changes faster than our society can adapt, so we have no idea what’s coming for us.
However, we have to try! An SSI solution, which respects the principles set by the community is far better than a system characterised by a lack of user control and the empowerment of surveillance capitalist! We shall not be scared of our enemies, the consequences of our actions or a global pandemic, but instead, believe in the vision of data-sovereignty and its potential for humanity! (Utilitarianism promotes actions if it results in the greatest amount of good for the greatest number of people affected.)
Ethical guidelines, principles and values
Which privacy rights should an individual have in our society? Which data can a company harvest without the consent of the individual? How does the company use personal information? While we already defined the answers of the questions in privacy regulations such as the GDPR or the CCPA, the individual has almost no control to exercise his*her rights. While SSI could potentially grant this control, we face new (and old) challenges. To ensure that an identity infrastructure respects human dignity we require a set of principles, rules and values. We need a collective discourse about these principles to reach a state of conformity regarding SSI implementations.
The best way to start is to get familiar with the 10 principles of SSI set by Christopher Allen. I will not go into detail here but instead, link directly to the principles.
Another starting point for government representatives are the UN Guiding Principles, which are a set of guidelines for states and companies to prevent, address and remedy human rights abuses committed in business operations.
Another starting point for developers and product owners is the code of ethics and professional conduct published by the world wide web consortium (W3C) or the FAQ of their verifiable credential working group. Developers are also encouraged to implement privacy & security by design principles. One of the best places to get input from industry experts is the internet identity workshop.
But guiding principles are just one aspect of a holistic approach. We need to create new concepts to evaluate the impact our solutions have on the individual. One of these concepts could be the “Minimum viable user” concept. It describes what tools and services a user is required to use to participate in social activities. What hardware and software components does an individual require to get access to financial services, community activities and social communication? If the list is too long we failed. If the list mainly includes surveillance capitalist — we failed. If the hardware is too expensive for most people — again, we failed. We need to minimise the applications and devices required to participate in our society! Please note that this concept doesn’t exist and I just made it up, but we need to think about it.
Another one is the “sovereign domain” concept. “It includes the set of Agents, Wallets, Vaults, devices, services, and other digital resources over which an identity owner exercises sovereignty. Note that the actual sovereignty of the identity owner is limited to the degree such control is protected by the developer of the hardware or software the identity owner is using.” Sovrin Foundation. The sovereign domain is a subset of the minimum viable user concept illustrating the percentage of control over a persons identity.
I have an ethical dilemma — What now?
Ethical dilemmas are situations in which a difficult choice has to be made between two courses of action, either of which entails violating a moral principle. They occur especially frequent in the context of online identity. But there is no “one size fits all” approach. You have to choose a fitting ethical theory depending on your circumstances and the external factors involved in the dilemma.
Ethical theories — A starting point for Rights & Principles (R&P)
We generally distinguish between normative and descriptive ethical theories. Normative ethics is the study of how people should behave. It is an argumentative discipline aimed at sorting out what behaviours would be best. Descriptive ethics, on the other hand, is the study of how people do behave, and how they think they should behave.
Normative theories includes the concept of ethical absolutism, which states that ethical R&P are universally valid. But we know that this isn’t accurate. Ethical relativism says that R&P are entirely subjective and dependent. Probably we are somewhere in between, which is described by ethical pluralism stating, that some values are incompatible.
Descriptive theories describe how ethical decisions are made. There are four phases: 1. Awareness of the dilemma; 2. The judgement of the situation via an evaluation of right & wrong; 3. The intent to act; 4. The behaviour to act in line with the moral intentions. When it comes to digital ethics in the context of SSI this article aims to start phase one. While the SSI community is already discussing such issues and acts accordingly, the public isn’t.
But there are also alternative theories e.g. ethics of care, which emphasise on our interdependence with whom we have important relationships with acknowledges emotion and rationality. It is principle-based, has a female perspective and includes aspects of empathy and sensitivity. Or discourse ethics, which aims to solve ethical conflicts through a deliberative process of norm generation including rational reflection and open communication.
Ethical investments are socially responsible investments consider non-financial aspects of financial decisions. They are applied to asset management, equity investments and the creation of funds among others. An example could be a venture capitalist who has to choose an investment strategy for identity startups. He could use a positive screening, which identifies companies that positively contribute to the transition from user-centric to self-sovereign identity management. Additionally, he*she can use a norm-based-screening, which excludes companies violating international recognised rules and principles set by the community.
These are just a few of different ethical theories, which can be applied to any given situation. Unfortunately, the research about digital ethics in the context of SSI is quite scarce given its importance. There are the concepts of “Ethics in design” and “Ethics for design”, but we lack a holistic approach of “Ethics by design”, which hasn’t been properly defined and is used in diverse technology-related topics. The best research paper I found about it was published by the Ethics Centre, a non-profit based in Sydney.
My personal recommendations:
- SSI use-cases for Covid-19 have to be implemented with uppermost caution and should not be the outcome of a hackathon on the weekend.
- Short-term emergency measures shouldn’t become a fixture of life but have the tendency to stay once implemented.
- Transparency is paramount. Legislation needs to increase the protection of whistleblowers. Our world would be worse off without Edward Snowden and others.
- Identity and payments/money should be separated to a reasonable degree. SSI platforms, which try to introduce their own “native” token to fund their platform will get a toxic community.
It’s increasingly clear, that we not only need public bodies for the standardisation of SSI for the sake of interoperability but also their ethical implementation and protection of the individual. These include basic, inalienable and unconditional entitlements that are inherent to all human beings — without expectations. A combination of normative-, descriptive- and alternative ethical theories will be necessary to include the great variety of cultural challenges.
Disclosure: This article does not represent the official view of any entity, which is mentioned in this article or which is affiliated with the author. It solely represents the opinion of the author.
This article is strongly influenced by public opinions of Christopher Allen and Yuval Noah Harari. Special thanks to Alex Preukschat for hosting the SSI Meetup, which provides a platform for the SSI community.
Own your keys