When we think of our identity, we might think of who are and who want to be, our values and our aspirations. It’s a very personal concept, one in which we all have individual ownership over. But outwardly, our identity also plays a crucial part in how our society functions, particularly when it comes to doing business. Does this person keep his promises? Does he pay off his debts? In other words, is he trustworthy?
It wasn’t long ago when the issue of personal identity was managed mostly by reputation. If you lived in a small town, you were known and judged by the community, whether it be the local shopkeeper or the local banker. Yet the intersecting forces of industrialization, globalization and the arrival of the Internet meant that more robust and flexible solutions for managing identity were required.
Naturally, these solutions were developed as needed, generally based on various bits of identifying information that were readily available and conveniently unique. Trivial platforms like social network platforms might only require an email while financial services will ask for government issued identification, such as your Social Security number (if you’re in the US). In general, each service you interact with today has its own unique method for authorizing your identity.
Yet this setup presents a series of profound issues with how we deal with personal identity, both practical and philosophical.
On the practical side of things, it makes very little sense for every service provider to manage its own identity functionality. For one, it’s a pain for existing companies, which now must become experts in data management and cybersecurity, but it’s also damaging to innovative upstarts, which must deal with higher barriers of entry.
And having such redundancies across essentially all systems isn’t just inefficient from a cost perspective, it actively undermines the security of our personal information. If every service provider has a copy of our identifying information, it provides hackers that many more targets. According to the Bureau of Justice Statistics, identity theft costs Americans tens of billions of dollars every year.
It doesn’t get much better from a user perspective. The fact that our personal identity is dealt with on an ad-hoc basis means that it isn’t portable. I might have ten years of outstanding history on Ebay, but if I decided to open a store on Etsy, I’d be starting from zero. The same goes for a German professional emigrating to the US. It won’t matter if he or she is earning a six figure salary. Good luck getting a mortgage to settle down without an American credit score.
Moreover the costs, requirements and lack of flexibility with the current system means there are billions who lack any meaningful way of identifying themselves, limiting their access to the global economy.
But perhaps what’s most egregious about how the system is set up is how it flies in the face of common sense. Why should corporations own who we are? Why should every company we interact with get to own and hold all of our personal information? Shouldn’t we be the owners of our identity? Shouldn’t we be able to decide who gets what information?
What’s beautiful is that we finally can — enabled by technology that didn’t exist until recently or wasn’t yet economically feasible for mass adoption a decade ago. These technologies include:
- Trustless distributed ledgers
- Ubiquitous mobile devices and connectivity
- Biometrics that are unique and persistent
Properly executed and governed, these technologies allow us to create a tokenized representation of our identity that maximizes trust for individuals and organizations, notably, without compromising privacy against security.
Under this proposed method, everyone (both rich and poor) has access to a mobile device that can privately and securely hold their personal information with authorized access being granted with a thumbprint.
This information is then linked with a distributed ledger of all named users, via a public database that stores and manages credentials — what we call attestations — relating to a person’s identity. An attestation is essentially a third-party validation of a person’s identity.
For instance, you might provide your personal information (stored on your mobile device) to your bank. That bank checks your information and confirms that you are indeed you and issues a formal attestation to the public database.
Now, let’s say you want to login to your online trading account, let’s call it Trade Platform. Rather than providing Trade Platform with your personal information, you instead point to your recent bank attestation on the public database. That bank is on Trade Platform’s list of approved attestors and as a result can confidently trust your identity without actually requiring any of your information.
In a sense, your private information is only shared on a “need to know” basis. And broadly speaking, it could be implemented across borders in a geopolitically neutral fashion.
The elegance of such a system means that the private information about an individual can remain privately and securely with that individual on the biometrically secured mobile device. But at the same time, mere attestations to the validity of that private information can be publicly accessible to every other party in the world that needs to trust those credentials to enable efficient and effective permissions and commerce in the world.
Most importantly, the final result? We’ll finally own our personal identity.
