New Hope for Digital Identity

Identity is personal. You need to start there.

In the natural world where we live and breathe, personal identity can get complicated, but it's not broken. If an Inuit family from Qikiqtaaluk wants to name their kid Anuun or Issorartuyok, they do, and the world copes. If the same kid later wants to call himself Steve, he does. Again, the world copes. So does Steve.

Much of that coping is done by Steve not identifying himself unless he needs to, and then by not revealing more than what's required. In most cases Steve isn't accessing a service, but merely engaging with other people, and in ways so casual that in most cases no harm is done if the other person forgets Steve's name or how he introduced himself. In fact, most of what happens in the social realms of the natural world are free of identifiers, and that's a feature rather than a bug. Dunbar's number exists for a reason. So does the fact that human memory is better at forgetting details than at remembering them. This too is a feature. Most of what we know is tacit rather than explicit. As the scientist and philosopher Michael Polanyi puts it (in perhaps his only quotable line), "We know more than we can tell." This is why we can easily recognize a person without being able to describe exactly how we do that, and without knowing his or her name or other specific "identifying" details about them.

Steve's identity can also be a claim that does not require proof, or even need to be accurate. For example, he may tell the barista at a coffee shop that his name is Clive to avoid confusion with the guy ahead of him who just said his name is Steve.

How we create and cope with identity in the natural world has lately come to be called self-sovereign, at least among digital identity obsessives such as myself. Self-sovereign identity starts by recognizing that the kind of naming we get from our parents, tribes and selves is at the root level of how identity works in the natural world, and needs to frame our approaches in the digital one as well.

Our main problem with identity in the digital world is that we understand it entirely in terms of organizations and their needs. These approaches are administrative rather than personal or social. They work for the convenience of organizations first. In administrative systems, identities are just records, usually kept in databases. Aside from your business card, every name imprinted on a rectangle in your wallet was issued to you by some administrative system: the government, the Department of Motor Vehicles, the school, the drug store chain. None are your identity. All are identifiers used by organizations to keep track of you.

For your inconvenience, every organization's identity system is also a separate and proprietary silo, even if it is built with open-source software and methods. Worse, an organization might have many different silo'd identity systems that know little or nothing about each other. Even an organization as unitary as a university might have completely different identity systems operating within HR, health care, parking, laundry, sports and IT—as well as within its scholastic realm, which also might have any number of different departmental administrative systems, each with its own record of students past and present.

While ways of "federating" identities between silos have been around since the last millennium, there is still no standard or open-source way for you to change, say, your surname or your mailing address with all the administrative systems you deal with, in one move. In fact, doing so is unthinkable as long as our understanding of identity remains framed inside the norms of silo'd administrative systems and thinking.

Administrative systems have been built into civilized life for as long as we've had governments, companies and churches, to name just three institutions. But every problem we ever had with any of those only got worse once we had ways to digitize what was wrong with them, and then to network the same problems. This is why our own ability to administrate the many different ways we are known to the world's identity systems only gets worse every time we click "accept" to some site's, service's or app's terms and conditions, and create yet another login, password and namespace to manage.

Unfortunately, the internet was first provisioned to the mass market over dial-up lines, and both ISPs and website developers made client-server the defaulted way to deal with people. By design, client-server is slave-master, because it puts nearly all power on the server side. The client has no more agency or identity than the server allows it.

True, a website works (or ought to work) by answering client requests for files. But we see how much respect that gets by looking at the history of Do Not Track. Originally meant as a polite request by clients for servers to respect personal privacy, it was opposed so aggressively by the world's advertisers and commercial publishers that people took matters into their own hands by installing browser extensions for blocking ads and tracking. Then the W3C itself got corrupted by commercial interests, morphing Do Not Track into "tracking preference expressions" If individuals had full agency on the web in the first place, this never would have happened. But they didn't, and it did.

So we won't solve forever-standing identity problems with client-server, any more than we would have solved the need for personal computing with more generous mainframes.

If we want fully human digital identity to work on the internet, we have to respect the deeply human need for self-determination. That requires means for individuals to assert self-sovereign identities, and for systems to require only verified claims when they need useful identity information. Anything else will be repeating mistakes of the past.

It should help to remember that most human interaction is not with big administrative systems. For example, around 99% of the world's businesses are small. (See "Small is the New Big": Even if every business of every size becomes digital and connected, they need to be able to operate without requiring outside (such as government or platform) administrative systems, for the simple reason that most of the ways people identify each other in the offline world is both minimally and on a need-to-know basis. It is only inside administrative systems that fixed identities and identifiers are required. And even they only really need to deal with verified claims.

So we need to recognize three things, in this order:

  • That everybody comes to the networked world with sovereign-source identities of their own, that they need to be able to make verifiable claims for various identity-related purposes; but that they don't need to do either at all times and in all circumstances.
  • That the world is still full of administrative systems, and that those systems can come into alignment once they recognize the self-sovereign nature of human beings. That means seeing human beings as fully human and not just as "consumers" or "users" of products and services provided by organizations. And it means coming up, at last, with standard and trusted ways individual human beings can alter identity information with many different administrative
  • There are billions (the World Bank says 2.5) of people in the world who lack any "official identification". Thus "official ID for all" is a goal of the United Nations, the World Bank and other large organizations trying to help masses of people who will be coming online during the next few years, especially refugees. Some of these people have good reasons not to be known, while others have good reasons to be known. It's complicated. Still, the commitment is there. The UN's Sustainable Development Goal 16.9 says "By 2030, provide legal identity for all, including birth registration".

What we need for all of these is an open-source and distributed approach that's NEA: Nobody owns it, Everybody can use it and Anybody can improve it. Within that scope, much is possible.

In "Rebooting the Web of Trust", Joe Andrieu says "Identity is how we keep track of people and things and, in turn, how they keep track of us." Among many other helpful things in that piece, Joe says this:

Engineers, entrepreneurs, and financiers have asked "Why are we spending so much time with a definition of identity? Why not just build something and fix it if it is broken?" The vital, simple reason is human dignity.

When we build interconnected systems without a core understanding of identity, we risk inadvertently compromising human dignity. We risk accidentally building systems that deny self-expression, place individuals in harm's way, and unintentionally oppress those most in need of self-determination.

There are times when the needs of security outweigh the need for human dignity. Fine. It's the job of our political systems—local, national, and international—to minimize abuse and to establish boundaries and practices that respect basic human rights.

But when engineers unwittingly compromise the ability of individuals to self-express their identity, when we expose personal information in unexpected ways, when our systems deny basic services because of a flawed understanding of identity, these are avoidable tragedies. What might seem a minor technicality in one conversation could lead to the loss of privacy, liberty, or even life for an individual whose identity is unintentionally compromised.

That's why it pays to understand identity, so the systems we build intentionally enable human dignity instead of accidentally destroy it.

Phil Windley, whom I have sourced often in these columns (see "Doing for User Space What We Did for Kernel Space" and "The Actually Distributed Web", for example), has lately turned optimistic about developing decentralized identity approaches His own work chairing the Sovrin Foundation is toward what he calls "a global utility for identity" based on a distributed ledger such as blockchain. And, of course, open source. He writes:

A universal decentralized identity platform offers the opportunity for services to be decentralized...I don't have to be a sharecropper for some large corporation. As an example, I can imagine a universal, decentralized identity system giving rise to apps that let anyone share rides in their car without the overhead of a Lyft or Uber because the identity system would let others vouch for the driver and the passenger.

That vouching is done by a verified claim. Not by calling on some centralized "identity provider".

Phil, Kaliya (Identity Woman) and I put on the Internet Identity Workshop twice a year at the Computer History Museum in Silicon Valley. We had our 25th just last month. All three of our obsessions with identity go back to the last millennium. At no time since then have I felt more optimistic than I do now about the possibility that we might finally solve this thing. But we'll need help. I invite everyone here who wants to get in on a good thing soon to weigh in and help out.

______________________

Doc Searls is Senior Editor of Linux Journal