Digital Identity: What It Is and Where It’s Heading
What Is Digital Identity?
A Digital Identity is a unique personal credential that authenticates an individual in their interactions with other individuals or organizations on the internet or through a mobile phone or in any other digital environment.
A true digital ID has the following attributes:
- A Digital ID is unique. There can only be one per person. Of course, it has to be unique otherwise all sorts of disputes would arise. This necessity leads us to the second attribute.
- A Digital ID is completely secure against any kind of compromise and cannot be destroyed. We will discuss how this is achieved below, but it is obvious why this is necessary.
- A Digital ID must be validated via trusted credentials. This probably comes back to the birth certificate, unless there is some alternative official registration of the existence of a new individual. Whatever the circumstances, the digital ID must be authenticated against an official record of birth and that authentication must be recorded indelibly.
- The Digital ID is the legal possession of its owner, who has full rights to control its use.
- The Digital ID has full legal validity while its owner is alive. Its status changes on death.
Naturally, it’s a little more complicated than that. There needs to be parental oversight until the ID owner acquires the age of legal responsibility, and there will be other health situations where legal responsibility may be assigned to someone else. Such regulations will no doubt vary from country to country. But let’s not sweat those details, and focus on the bigger picture.
Digital ID’s and Blockchain Technology
Personal IDs are established via national credentials such as birth certificates, social security numbers, national identity cards, passports, driving licenses, and so on. There are many such credentials-each one is intended for a different situation: the birth certificate for proving age and citizenship, the passport for crossing borders, and the driving license for driving, and so on. We can think of these as surviving relics of the pre-digital age that will likely persist for a few years yet.
There were no successful Digital ID initiatives prior to the advent of blockchain technology. The blockchain made Digital IDs possible because it was an automated mechanism that could be trusted. Blockchain data could not be corrupted and the whole system could exist independently of any government or any other organization, including the one that sets up the blockchain itself.
It is generally acknowledged that the blockchain is fully secure in respect of cryptocurrency transactions. In the same way, it is fully secure in respect of digital identities. In fact, you can think of a Digital ID as being similar to a cryptocurrency wallet. It is simply a blockchain reference to your digital credentials rather than a cryptocurrency amount. Only you can access it and you can use it to authenticate yourself to any other person or organization.
To create a digital identity it is only necessary to create a blockchain record that is protected by a public key/private key mechanism (like a cryptocurrency wallet) and link it to a valid trusted credential like a birth certificate. The identity is protected by the private key, so the owner of the Digital ID needs to keep it secret and carefully store it away.
ID2020: The Global Picture
If you are thinking that Digital IDs are just a neat technology for the world’s developed economies, think again. You may not have noticed it in the news-such events are not the stuff of headlines-but in 2015, the 193 Member States of the United Nations signed up to The 2030 Agenda for Sustainable Development. Among other things, this initiative embraced the goal that everyone in the world would be provided with a legal identity by, at the latest, 2030.
At the time about a fifth of the world’s population (1.5 billion people) lacked a legal identity, the lack of which excluded them any rights that citizenship conferred. To fix that meant issuing those people with an ID, and it was in the interests of governments to do that, if for no other reason that you cannot tax non-people. However, there is plenty of commercial motivation, because once people have IDs they can participate more easily in economic activity.
Soon after the UN initiative, ID2020, an organization that brings together governments, nonprofits, and commercial organizations, formed with the aim of guiding the global progress of digital identity. Their manifesto, which you can find on their website includes the words:
We believe that individuals must have control over their own digital identities, including how personal data is collected, used, and shared. Everyone should be able to assert their identity across institutional and national borders, and across time. Privacy, portability, and persistence are necessary for digital identity to meaningfully empower and protect individuals.
A neat thing about all of this enthusiasm is that the technology has gotten cheap enough for governments to afford to issue Identity cards with an embedded chip that holds biometric information about the owner. Even if the owner loses the card, another can be created.
It is only a small step from there to providing card owners with Digital ID’s that work on mobile phones and anywhere on the Internet.
Digital ID’s Two Dynamics
In case you were wondering, at the time of writing (July 2020), very few people have Digital IDs. Regular internet and mobile phone users have what could be thought of as a digital footprint: mobile phone accounts, email, bank accounts, logins to social networks and e-commerce sites like Amazon, and so on. All data stored in these locations might collectively be thought of as a Digital ID. But, there are very few people who have an ID that is authenticated against accepted personal credentials.
So, as regards the adoption of Digital ID, the developed world is no better off than the undeveloped world. Indeed less developed countries may have an advantage by being able to base Digital IDs on a single national identity card and linking everything to that. Their citizens have less technology history to sort out. And there is also the fact that while the take-up of Digital IDs is inevitable in time, at the moment there is no “killer application” that motivates individuals to acquire a Digital ID.
A Killer Application?
No doubt you have realized that we at Permission.io have an interest in this. We are in the business of enabling our members (users) to own, control, and profit from their time and personal information. For several reasons, we expect that the proliferation of secure Digital IDs will help to grow our user base as well as making them more active, both in earning our digital currency and spending it.
To help progress the Digital ID trend we are formulating an Open Source project, which has the goal of making Digital IDs available not just to Permission.io members, but also to anyone who wants one. The intention is to enable a kind of password manager capability for personal logins. We would also want this Digital ID to be interoperable with all other Digital IDs, which is why we are designing an Open Source project that shares the code and capability with anyone who can find a use for it.
There are already many blockchain businesses that include the creation of Digital IDs (Cambridge Blockchain, KYC Chain, Selfkey, Peer Mountain, Uport, and Civic, to mention just a few) as part of their activity. The project goal will be that all an individual’s Digital IDs could be merged into a single set of credentials that can be used in any context.
The project is likely also to expand into enabling Digital IDs to associate together all of the ID owner’s personal data, including their cryptocurrency holdings so that it can be accessed as a single resource. This is a natural enhancement for Digital IDs once the base capability is created.
The logic behind making this an open-source project is:
- We believe that the killer application for Digital IDs is for the Digital ID to span the old Web 2.0 world of logins with its high risk of cybercrime and the emerging Web 3.0 world where interactions can be secure and trusted.
- The standard that is emerging in the area of Digital IDs is open-source software that goes by the name of Indy, donated by The Sovrin Foundation. It is a component of the Hyperledger blockchain platform, a multi-project open-source initiative hosted by The Linux Foundation. We would be able to make use of that well-proven software. (Software heavyweights IBM and Microsoft make use of it and both of them have developed Digital ID capabilities that are fairly mature.)
A query capability may also be included. Permission.io expects to make use of data algebra on this project. Because this is an open-source project, ultimately the capabilities it provides will acquire a destiny of their own, determined by the development team.
Digital Identity: Leveling the Playing Field
Finally, let us consider the less obvious, and perhaps the most far-reaching consequences of Digital IDs. What digital IDs do is to put organizations and individuals on an equal technological footing. Organizations, whether commercial, non-profit, or governmental, will also have digital IDs, and like personal Digital IDs, these will also be fully authenticated against credentials. This eliminates a great deal of cybercrime because it is impossible to circumvent authentication.
Web 3.0 will thus be a web of trust. Individuals will always be able to know the true identity of every organization they deal with. The penalty for any proven violation of trust will be immediate reputational damage that may exclude the perpetrator, whether organization or individual, from the web of trust or even result in criminal charges. As the current cost of cybercrime is somewhere in the region of $2 trillion per annum, this web of trust will significantly reduce the cost of Internet commerce.
It is likely that individuals will form common interest groups that can, by agreeing to share their data and act in concert, make use of the same Big Data technology that the likes of Google and Facebook currently employ against them. Analytically, this will put them on an equal footing with organizations that have previously been able to exploit their data. If they then choose to deny such organizations access to that data, they will have leveled the playing field.
The relationship would not necessarily become adversarial. At Permission.io we believe it is more likely to become collaborative. This, in fact, is the premise of our business model. We expect individuals and commercial organizations to collaborate on an equal footing throughout the sales process.
Originally published at https://permission.io on July 21, 2020.