This post is part of CoinDesk’s 2019 Year in Review, a collection of 100 op-eds, interviews and takes on the state of blockchain and the world. Elizabeth M. Renieris is the Founder of hackylawyER, a fellow at the Berkman Klein Center for Internet & Society at Harvard and an expert on cross-border data protection and privacy laws (CIPP/E, CIPP/US), digital identity, and technologies like blockchain and AI.
Mere months into the blockchain ID business, I had lost count of the presentations featuring the 1993 The New Yorker cartoon with the tagline “On the Internet, nobody knows you’re a dog.” Before blockchain, I had understood the cartoon to depict an intentional and original design choice of the early internet – the privacy and anonymity of users. Now, it was being used to justify the development of a whole new web with a built-in, blockchain-based identity layer. Needless to say, I was confused.
Through the lens of hindsight, this single engineering decision on anonymity is blamed for everything from bullying and hate speech, to misinformation and election interference, and myriad other abuses. While anonymity certainly complicates mitigation and enforcement efforts in responding to these issues, I am unconvinced that a blockchain-based identity layer for the web is the answer. On the contrary, it could have dire unintended consequences. But first, some context.
At one point, identity was just one of many potential use cases for blockchain (in fact, I worked on one of the first “identity tokens”). After all, blockchain was never essential to digital identity (traditional PKI-based solutions worked just fine). Still, as we reached the height of the ICO boom in 2017, the number of blockchain-based identity companies and projects proliferated, leading many to ask whether identity was blockchain’s “killer app.” Why the shift? Although identity did not require blockchain, it was becoming clear that blockchain needed identity.
In tokenizing things, we turned them into microeconomic transactions, manifesting in literal “marketplaces,” including for identity (identity for sale, anyone?). Coupled with the ICO framing, these primary marketplaces were also accompanied by secondary markets for trading in the tokens themselves. This transactional framing heightened the regulatory specter and introduced an array of compliance requirements that required, well, identity.
As other use-cases met the real world with its laws and regulations, there was a growing appreciation for compliance challenges and a growing recognition that all blockchain applications and use-cases would have to solve for identity (enter “KYC coins,” RegTech, and the like). In a post-ICO world, these projects have shifted to a new ambition – an identity layer for the web.
An identity layer “for the web” was one thing when there was a separation between the online and offline worlds. Now, as we bring everything online through connected devices, smart cities, augmented humans, and (yes) blockchain too, the digital is “eating the real world” to put it in software terms.
If we bake identity into all things connected, we bake it into everything. We create a world where the default practice will be to identify in all contexts and all settings. In other words, adding identity to the web isn’t just adding it to the web anymore. With the digital subsuming our reality, it would become an identity layer for our lives.
In potentially solving important problems of identity for certain things, e.g. preventing fraud and abuse, we risk overidentifying ourselves and eliminating the possibility of ever remaining anonymous in any domain of our lives in the future. It’s the risks of a cashless society but even further-reaching.
Unfortunately, it’s something we don’t think about in the digital identity community very often, even as we worry about the censorship and privacy of transactions. In the “real world,” the only ubiquitous and persistent identifiers we have are our faces. This is perhaps why we find facial recognition technology so abhorrent that cities and municipalities are imposing wholesale moratoriums on it.
In the digital identity industry, we focus our attention on privacy and anonymity at the micro-level (for example, do you consent to sharing credential X? should we use a ZKP for Y?) without stepping back to question the system, and its very existence, at a macro-level (for example, does country Z really need a blockchain-enabled digital ID system in the first place?).
This may be, in part, because many of the central figures in the ID conversation, particularly those from the technical standards community, come from the early internet framing. We see the same individuals (people like Tim Berners Lee) trying to fix what is broken but based on the same starting point as before, overlooking what has now become a false dichotomy of the online/offline.
The risk is amplified by the properties of blockchain. In the bitcoin white paper, Satoshi argued that privacy on the ledger could be maintained “by keeping public keys anonymous” but cautioned that “if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.” Ten years later, we still lack effective key management solutions. With a permanent, transparent, and immutable ledger for tracking persistent identifiers, the risks are grave, and the protections are few.
It is easy to imagine the potential for self-imposed and externally enforced censorship, and to see how this might appeal to authoritarian regimes. We already see this risk with digital identity in general (with new national identity schemes, like India’s, rolling out with rapid speed, often with governments and the public sector abdicating power and sovereign functions to the private sector and their technologies). In fact, some speculate it is motivating certain countries to roll out blockchain-based systems that could surveil transactions, and in turn, people’s behavior and lives.
Given the ethos of the decentralized identity community, I doubt that anyone building this layer wants to end up in a situation of ubiquitous and persistent identification. On the contrary, I believe they would find it anathema. Of course, it wouldn’t be the first time the industry has faced unintended consequences (e.g., disintermediation resulting in more intermediaries, democratization resulting in more wealth concentration and inequality, and so on) but it is an overlooked possibility.
From my perspective, professionals in law, policy, regulation, and other domains of thought around decentralized identity should address whether we want to accept this default of persistent and ubiquitous identification or whether there are contexts in which we want (and should have) a right to remain anonymous.