I Click, Therefore I Am: Self-Sovereign Identity and the Internet of Wealth
Identity on the blockchain and its emergence as self-sovereign identity has the potential to take the value created by user-generated identities and data out of the grip of organizations and back into the hands of users themselves. The future of wealth will be determined by the ownership of identity, and yet what identity is in the first place, digital or otherwise, remains murky.
The Merger of Our Physical and Digital Identities
The answer to the question what is identity? is philosophical in nature and can differ from person to person. Nonetheless, we can create a working generalization about identity. Identity is who you are: The concept of who you are is composed of myriad connections and relationships to family, friends, employers, nature, memories, desires, dreams, pets, likes, dislikes, and so on.
At birth, after having been given a name and birth certificate, your place in the world is confirmed. Your parents know you when they see you and so do your friends and teachers at school. Your identity persists, you own this identity, no one can take it from you. It is fused to who you are and so you are the sovereign owner of it just as you are, in a sense, the owner of yourself and own-most potential.
Why does any of this matter? Because our digital lives are coming into equivalence with our physical lives. We are approaching an even split between the two realms and the identity we enjoy in our physical lives does not persist in a completely equivalent way across our digital lives. When you see your friend on the street, someone with whom you have an established relationship, they remember who you are and the relationship continues.
Yet when you open up an app, be it Facebook, Gmail, Slack, Telegram, Twitter or a website where you keep an account, you will need a shared secret (also known as a username and password, motherʼs maiden name, name of your first pet, etc.) to prove you are who you say you are, and to prove the existence of the relationship between your identity and the organization you are trying to access.
This form of identity is known as siloed identity: Identity issued to you by an organization which forms a credential you can use to remind the organization of who you are in order to regain access later on. This is digital identity at its most rudimentary and widespread.
Siloed Identity Keeps Users in
The Digital Stone Age
For every organization, or silo, we must create an entirely new foundation of trust by entering all of our information from name and address to birthday and e-mail. When you think of how many times youʼve re-entered all of the same sensitive data to create account after account, each organization siloing your information, itʼs no wonder catastrophic data leaks are so prevalent.
Credit card data, social security numbers, and in the case of KYC for ICOʼs, even passport details and photos, all of it stashed away in data repositories that users must blindly trust with the security of their sensitive information.
In the current paradigm of siloed identity, organizations set the terms for trust and own fragments of the constellation of accounts and puzzle pieces of data which form your digital identity. The ownership of user identities and the data collected from having relationships with those users (tracking your searches, relationships to others, viewing and spending habits, location, and so on) form the backbone of an incredibly profitable and powerful mechanism of digital control and, importantly, it is a relationship in which you, the user, lack any rights over how your identity is used or the profits generated from it.
Putting Organizations on a Need to Know Basis
But wait, isnʼt there something obviously wrong with the premise of this set-up? The ownership and management of user-generated identities and their corresponding data by centralized services means that in a sense your digital self does not enjoy the freedom of your physical self. Think of this as a type of digital serfdom, where our activities generate value yet we do not retain that value for ourselves. Besides this, the siloed identity model is incredibly inconvenient for all parties involved.
The organizations retaining your information have to securely store it which creates a massive security and cost burden. The users creating accounts need to remember and maintain the shared secrets required of the seemingly endless accounts they access resulting in a piecemeal experience that is cumbersome, time-consuming, and worrying when widespread fraud and security leaks of personal data are factored in.
The oversharing of data is in large part responsible for the current paradigm. Does the car rental service need to know and keep all of your personal details to determine your rental eligibility? Outlier Ventures has the following to say on the car-rental hypothetical:
For almost all cases of online services we need very little information from our users to be effective. And the information that we do need to provide, does not need to be related to previous purchase behaviour, interests or health situation. So why donʼt we pursue a “need to know” model instead of a “gather as much data as possible” model?
For example, to complete a car rental request I should be able to prove “is able and allowed to drive a car” and “has paid the fee amount” and ideally I should be ready to go. Even insurance and liability is something that could be handled without providing the sensitive information in the first place. Think of putting my personal data in escrow with a third party that would only release it to the car rental in case something actually happens.
How can identity ownership change to something more akin to what we enjoy in our non-digital lives? Self-sovereign identity proposes to do exactly that by allowing individuals to create their own persistent identities which are key-bound (an individual generates a set of public and private keys). The public key is used to identify the individual while the private key is how the individual proves that it is really them in instances that require a signature or some form of access.
All of the information a user wants to bind to their SSI will be privately
held and knowable only by them and relevant authorities who attest to various parts of that information and provide time-stamped attestations of that information which is then released on a need-to- know-basis to the requesting service as approved by the user. A visual flow of how this system works is represented by bitsonblocks in his excellent guide to SSI:
A self-sovereign identity paradigm returns the use and ownership of personal data whether itʼs ID numbers or spending habits to the SSI who is then able to make decisions about how and to whom to distribute their information to.
Pieces of the emerging smart economy which takes SSI into account
are already amongst us.
Brave browser, for instance, monetizes user ad-blocking by allowing those users to be paid in BAT for their attention if they choose to view the blocked ads.
Civic provides users with a secure identity ecosystem which includes “reusable identity elements,” allowing users to provide organizations with certifications that attest to their credentials being valid without actually having to provide sensitive data like passport details to third parties such as KYC providers.
Elastos represents one of the most comprehensive and detailed efforts in the SSI space, calling itself “smart-web powered by blockchain.” Elastos is creating a decentralized smart web which issues a unique identity to every entity existing on the blockchain- powered web. This means digital books, films, music, or devices will all have unique identities issued to them allowing for a correspondence between the SSI and the ownership of digital goods. The Elastos whitepaper states:
The creator of digital content can use a tool, provided by Elastos, to determine the number of digital assets to produce. Authors, for example, can decide that they only want to have 5000 copies of their books in circulation on the Smart Web. Setting a finite amount of digital content produces scarcity and enables the realization of capital.
Sovrin is a self-sovereign identity platform that aims to protect user data, eliminate identity-related fraud, lower transaction costs, and streamline processes such as voting, amongst other stated goals.
Self-sovereign means a lifetime portable identity for any person, organization, or thing. Itʼs a smart identity that everyone can use and feel good about. Having a self-sovereign identity allows the holder to present verifiable credentials in a privacy-safe way. These credentials can represent things as diverse as an airline ticket or a driverʼs license.
Decentralized identity surely has a long way to go, but if centralized organizations continue misplacing user trust through scandal and the inability to safeguard user data, then the appeal of self-sovereignty for our digital lives will make itself evident very quickly.