A Use Case Study
Who are you? It’s a core question that serves as the key entry point to almost all of our relationships, from a first date to business deal to posting on a chat board to picking up your morning Java at the corner café.
Not only that, it’s a question my car, home and bank ask of me daily. I respond with some sort of key, document or password.
To my dog, I’m a collection of familiar scents he can identify while I’m tripping over him in the dark. In social settings, I’m a set of visuals and memories held by those I’ve known. To my bank I’m an account or card number, with attached government-assigned documents. To my government, I’m mostly a tax check, occasionally a voter registration number.
Throughout human history, identification has managed means and extent of access to communities, resources and opportunities, used both for good and ill in various cases. Final authority of identification has largely fallen to governments—also used for good or ill—mostly as it’s important for legal reasons and no one else could be trusted to do it well.
The Internet has spawned new means of identification, and a fracturing of what it means to be you—again, used for good and ill. After all, you’re no longer limited to communicating with your immediate physical environment, nor even from a specific phone number. You’re an email address, a website commenter, an avatar, a username. Via TOR or VPN, you are even no longer identifiable by IP address. So you could be a valid individual user posting your genuine thoughts on Facebook, or you could have 15 email addresses and operate a programmatic bot for some grift. You can wrap yourself in a self-described virtual identity in an interactive online game, or you can do the same thing pretending to be Elon Musk and hack his iCloud.
Identification is not going away: it’s becoming more important than ever to get ID right. And with the rise of various hard and soft authoritarianisms, it’s also become more important than ever that whatever means we choose to use for identification, it needs to be equally open to all, rigidly neutral in its application and in terms of many of our human characteristics, and firmly in touch with this concept: there is only one of you.
Who do you trust?
Each of us have built circles of trust with those around us. This works for most interactions. The bank trusts my paperwork. My cell phone provider trusts my credit card payment. For times of peace and prosperity, this is mostly adequate. There are too many instances, however, in which the traditional and cultural methods of self-identification don’t work. For most online interactions. For the homeless, the stranger, the refugee, the villager in rural Africa, the limitations stack up. When they leave a familiar surrounding, their prospects are limited to the trusts automatically afforded to poor strangers: few. Where are your papers? Who are you, and can you prove it? In today’s world, trust is stretched thin.
While some may see the trust issue as a reflection on the churlishness of humanity or society, I see it as a natural outflow of learned experience. From earliest eras of human existence, we have had to monitor signals of intent, of affinity, of trustworthiness as a means of self-preservation. The naïve and simple among us tended to meet early and tragic ends; people are too frequently not who they say they are. As society has atomized from cultures to tribes to families to individuals striking out on our own, this reality has preserved and driven various forms of prejudice and discrimination even as we strive for a more equal world.
For some, the answer is government: only they have the power and—in liberal democracies at least—the beneficial nature to enforce systems of identification and guarantee equality of access to resources.
For others, the specter of handing greater control to central authorities would invite misuse of power, enforced conformity at the point of law and gun, and sclerotic development of solutions that would not end up solving the problems of identity, but harden them.
I fall in the second category. What’s then my solution?
Decentralized identity
From the first days that I understood what a blockchain is, it seemed to me that the most important use case for blockchain would be identity. The key features that blockchain technology affords to the use case are as follows:
Decentralized:
The well-constructed blockchain contains hundreds of computer nodes distributed globally, each of which run the same software and contribute in a small but not decisive part to the operations of the entire network. Each node monitors its fellows for any indication of deviation from the algorithms and network rules. Each node is motivated by appropriate incentives to maintain the network in the correct and designated way. Access to the network is thus available beyond borders, seas and cultures.
Consensus:
The decentralized nodes work together to achieve ‘network consensus’ about what has just occurred on and to the system, via algorithms designed for speed, accuracy and security for the particulars of the use case of the network. Nodes not operating appropriately and attempting to short-circuit the means of consensus are excluded from the network so that the system operations are preserved as designed. The nodes and the data on them thus operate in a ‘trustless’ way: no open trust must be extended for the network or its users to be sure of the validity of its operations. It can be verified and confirmed absolutely.
Immutable:
While the system can change—after all, a blockchain creates new blocks every few minutes—the history of what has already been validated does not change. This is done through complicated cryptography, but they key fact is that the past cannot be changed. These first 3 factors describe why a well-constructed blockchain cannot be hacked. Blockchain is with us forever outside a black swan, extinction level event.
Individual:
A user of the system is the holder of their own keys. No one else has access to their designated space within the system and its resources. The crypto term for this is ‘non-custodial’.
Open Access:
Anyone can obtain access to the system or project. Once you have your key, that is your means of entry to the system regardless of color, language, education, appearance, gender or personal preferences. While some may say ‘good and all, but it still requires money’, I answer thus:
I could have bought 10 Ethereum for $70 in 2017, today an investment worth more than $20,000. So could you. What a cryptocurrency investment really represents is the investment of 2 things we all own: minutes and risk. If I spend an hour to read up on new tech and thus understand the potential, I may decide to invest a day’s worth of paid labor for the risk of losing that investment if my understanding isn’t correct or circumstances thwart the project. Various people choose different options for their time and potential, and each of us are the principal beneficiaries of our own choices.
Openly Governed:
As stated before, the blockchain can change. The means of change is via algorithms as previously described, or proposals. Proposals are voted on by the stakeholders in the network, usually with the most voting weight given to those with the most to lose if the proposal corrupts the purpose of the system. This can include minimum deposits for creation of proposals and quorum requirements and vetoes, ultimately governed by—you guessed it—the algorithms.
What these characteristics boil down to is a system that cannot be manipulated by an individual or small group who achieve some measure of power, that operates in exactly the same way for everyone but is still nimble enough to meet the growing and changing needs of our existence.
ID problems to overcome
In my view, a truly useful decentralized ID solution will have these characteristics:
Individual: 1 person, 1 ID. No questions about this. This is key to an atomized and trustless society functioning with minimized prejudice. I can’t destroy one ID and pick up another to avoid accountability. I can’t pretend to be two different people, and no one can pretend to be me.
Private: while your ID accurately identifies you to the system, you should have direct control over who sees what about you from the system. Some would say anonymity, but the possibility of full anonymity invites risk and supports prejudice. The key distinction is that I can’t change my past either. I can’t trash my credit only to show up later with a new, freshly minted face.
Accessible: many companies make tools for the modern world; while there’s no escaping that technology is required to make all this happen, those without easy access to technology should not be excluded from using the system or being represented in it. The system should be usable by people in crisis whenever they can reach a place of safety.
Recoverable: if I lose my ID, I can get the same ID back with a minimum of fuss and damage.
Genuine: the ID can’t be duplicated or impersonated even if I’m robbed or lose my life.
Summed up together, we would call this ‘self-sovereign identity’: you are who you say you are, and everyone else can trust who you are. To meet these requirements, the key factor is biometrics. While biometrics can obviously be used to invade our privacy or abridge our rights, the mix of our biometrics is the one thing that guarantees our individual identity. The well-designed system will not subvert the privacy factor in favor of the individuality one.
Projects on the horizon
A number of DID (Digital ID) projects exist:
The solutions that tick all the boxes for me are a mix of two projects:
Uniris: “Be the only key”
Uniris makes use of a finger scan that identifies the pattern of veins in your finger (not a fingerprint) to identify you. Almost everyone has a finger, and I’m sure we can come up with accommodations for those who do not. The design is even able to detect stress or sleep status, to obstruct methods of coercion or subterfuge. The team has also created a new consensus algorithm that makes their network ultra-secure and resilient while still widely decentralized. Their blockchain mainnet goes live in June, and they are bidding to partner with the Paris 2024 Olympics as the ID provider for the games.
Kilt: “Credentials for Web 3.0”
Kilt is designed to handle the privacy part of the solution. With Kilt, once you’re identified, you have an encrypted space to record credentials and ownership, such as driver’s license, deeds, diplomas, certificates of completion, medical records, etc. It allows others to attest to certain claims and credentials, and also incorporates customizable zones of exposure of those documents to similarly identified 3rd parties. For instance, I can place my medical records in a folder that would be accessible by emergency room staff were I to get in an accident. My wife can have regular access to my bank account info, my kids not. Kilt plans to launch this year.
Your future is up to you
The power of returning the power of your ID to you is only starting to be understood. We live in a murky purgatory where the powerful and prejudice define us as much as our genuine relationships and our own actions. Where access to resources and systems rely on a pocket full of keys and random ID’s, which are constantly under threat by malicious actors and random loss. Where proximity and social customs limit growth and potential, where systemic inefficiencies are tolerated because they’re safer than risking the unknown effects of a new solution.
No matter what else occurs, there is only one you, and the Internet as it now exists barely recognizes that; the legacy physical world just a little bit more so. In our near future, we will have the ability—and the responsibility—to identify and define ourselves.