This week, Michael Casey and Sheila Warren talk to Hyperledger Executive Director Brian Behlendorf about the future of identity on the internet.
A developer whose three-decade career has seen him deeply involved in efforts to foster a more open internet, Brian grasps, like few others, the nuances of how human beings should live within a rapidly changing digital economy.
Getting Internet Identity Right, 30 Years On
We tend to think of governments, with the data they collect on births, drivers licenses, tax returns and passports, as humanity’s primary identity managers.
Arguably, internet platforms have usurped that role. Some store more identifying records than China – Facebook has 2.7 billion active users; Google manages 1.5 billion email accounts. Just as important, they can tie those records to our online behavior and gather immense predictive power. Facebook’s algorithm even knows if you are going to break up with your partner – before you do.
This isn’t another Facebook-bashing column. It’s just that its all-knowing power highlights how the fundamental human question of identity has changed in the internet age.
It also illustrates why we need a new “self-sovereign” model of identity to match our digital existence and why the latest moves toward that deserve widespread support.
Flawed from the start
An original sin was committed at the internet’s conception: its underlying, decentralized architecture was built without an identity layer.
The internet’s founders had good Intentions. To ensure universal availability, the system controlled access by assigning addresses to computers but was agnostic about the identities of the people, companies and devices using them. As a famous New Yorker cartoon quipped in 1993, “On the internet, nobody knows you’re a dog.”
This became a problem when entrepreneurs started building e-commerce businesses in the 1990s. Users needed to trust the person on the other side of a transaction, which, according to offline practices, meant identifying them to hold them accountable.
So a jury-rigged solution was installed at the internet’s application layer. Certification powers were introduced, allowing web-based companies to gather and verify users’ identifying information. Over time, this gave rise to a new class of immensely powerful gatekeepers.
We ended up in the worst of both worlds. On the one hand, end-users still don’t know who’s controlling disinformation bots. On the other, as CoinDesk’s Ben Powers put it in a great contribution to our “Internet 2030” series, the centralized data-gatherers “not only know you’re a dog, but also what breed you are, what your favorite kibble is and whether you’ve been microchipped.”
This power asymmetry has fueled a severe deterioration in societal trust, and solutions have been hamstrung by a pre-internet mindset. We’ve placed responsibility for policing behavior with intermediaries, which has further empowered centralized data-gatherers.
This contradicts the internet’s decentralized, identity-free base layer, creating unique opportunities for abuse. Web sites accumulate giant honeypots of personal identifying information (PII), which are constantly breached by unidentified hackers.
Meanwhile, even though companies complain about the liability in storing user data, they find it hard to resist surveillance capitalism, the data-exploitation practice that has become the core business model of the internet.
We need a new mindset. Since the internet’s underlying architecture is decentralized, the identity solution must also be decentralized. Control over PII must reside with those to whom it refers – with you and me, in other words. This is the principle behind the “self-sovereign identity” (SSI) movement.
Controlling attributes, not identity
Let’s be clear: This isn’t easy. Identity is an extremely complex concept.
In the metaphysical sense of “who I am,” identity is at once highly personal and completely social. We value a unique selfhood, but it’s meaningless without reference to the society within which that self exists.
It’s also fluid and multilayered. We occupy – or "perform”– different versions of our identity, or personas, depending on context. We all play a different persona in job interviews than the one we play at home with family.
And in the wider economy, where proofs of identity solve the deep-seated challenge of trust, allowing us to transact, what matters is not our selfhood but the distinct attributes that comprise it. Do you have a degree? A driver’s license? A credit score over 740? These are isolated attributes. They are not our identity per se.
With SSI, sophisticated cryptography allows individuals, as sole custodians of their data, to prove they have the credentials that describe their attributes and selectively reveal them in an encrypted form to service providers.
In an oft-cited example conceived by identity expert David Birch, you could legitimately enter a bar after furnishing a cryptographic proof that answers one question: are you over the designated drinking age? The bar owner doesn’t need to know all the other information displayed on your driver’s license: not your name, your address, your license number or even your actual birthday.
Still, standardization across the internet will be critical. An important piece is the decentralized digital identifier, or DID, being developed within the world wide web consortium, or WC3. Groups of tech and finance heavyweights have also formed associations to promote open-source collaboration, including the Digital Identity Foundation and the Trust Over IP Foundation.
Within the standard SSI model, blockchain technology plays an important but minor role currently. Some SSI projects have dabbled in tokenization to raise funds and incentivize stakeholders such as credential providers. But the troubles caused by the Sovrin Foundation’s token sale have quelled enthusiasm for that.
A blockchain is not used for storing identifying data. That’s up to the individual data owner, who could choose to store it on a hard drive, for example, or with a cloud account they control. Rather, a blockchain is used as a public key registry and management system to prove that the private keys with which a user enables access to encrypted credentials are associated with the right person or company. In this way, a hospital can decode and validate medical records shared by a patient, while keeping its privacy compliance officer satisfied that the patient is indeed authorized to do so.
More important is how SSI could help other blockchain applications. If decentralized finance (DeFi) applications are to spread to traditional finance, for example, there must be a way to identify market participants without inserting a centralized authority into a necessarily decentralized environment.
The most important use case for SSI lies in protecting our humanity. In an age when data leads to economic domination, shifting control to those who generate it is a really impactful way to empower individuals.
Instead of thinking of digital data as a sinister threat to our privacy, SSI could turn it into an asset they can sell or use to get credit or obtain other services. Think of people who live without credit cards and can’t generate credit scores but whose trail of internet connections – their so-called web of trust – show a history of fulfilling commitments.
Within an SSI framework, we can use our data to safely connect our identity to the society with which it is intrinsically associated. We could map and measure our social connections, capture that data as an attribute and then communicate it to others so they’ll trust us enough to transact.
Courtesy of COVID-19 and the public interest in contact tracing, there’s now an immediate use case for this kind of controlled measurement of social activity. It’s why Hyperledger Executive Director Brian Behlendorf, appearing in this week’s Money Reimagined podcast, argued that the first prominent deployment of SSI would come next year in the form of a “digital yellow card” for vaccination records.
Whether we like it or not, society is digitalized and decentralized. We need an identity system that aligns with that.