The mighty Vinay Gupta, incidentally (or not) co-founder of Edgeryders as @hexayurt, has published a very long-form piece on digital identity. Its added value is that it turns around the problem, trying different high-level approaches on for size. For example, blockchains (he muses) are secure now, but quite likely to be laughably insecure over the lifespan of a child born today. Money quote:
Many people sense huge economic opportunities from straightening up the identity mess and making things work, but we have to be sure the solutions proposed do not simply become the next generation of problems.
I am not buying 100% into his proposals (nor am I particularly qualified to), but, as far as I can see, he does have some good points.
I will read and get back on this. For now I want to say that th ultimate e objective is to break ‘identity’:
Identity
is thus distributed over architecture, service, and phone, signed in digital
signatures, federated and attribute-based only. A large number of technical (IoT),
financial (blockchain) and semantic (AI) experts see the need to move from the
present fixed-identity paradigms to more flexible or fluid frameworks of “entitlements”,
to allow the formulation of context-specific and attribute-based identities.
Let’s focus on that vision and build a new smart social contract. It will bring hope and hope is what
drives real change and society forward. Technically it can be
operationalised in a fully open-source hardware and software environment. The
hardware part needs to be procured from the EU industry. The operating system,
zenroom,[1]
is being developed in the EU project DECODE.[2] It
forms the heart, a virtual machine running embedded in a chip in the triangle:
device (EU passport), embedded SIM cards in services (wearables, home,
connected car, and smart city), and infrastructure (routers, 5G base stations).
He seems to agree on that. But he argues that is still quite hard to do, when planning for security on a long time horizon.
[…] something that’s a little less about storing the entirety of our being on a permanent record, but more focussed on disclosing the minimum required for people to be able to do business (or other critical functions) together.
Maybe information is partitioned: your school grades, but not your name, all separated with a zero knowledge proof. If you have to prove that those are, in fact, your grades — well, that’s what that public key is for. You demonstrate possession of the relevant private key — you know the secret — without revealing the key. Every piece of personal information about you is stored with a different public key: you have a big fat keyring, and each key reveals only a single fact.
And maybe those keys have blind signatures or proxies or similar arrangements which prevent somebody noticing that Applicant for Job 1 has the same “see my proven grades” key as Applicant for Job 2. We are not helpless in this mess: a certain perspicacity and awareness of how long time is, how fast things pass, and the sheer complexity of the upcoming 21st century leads to a sagacious approach to information partitioning, database translucency, use of temporary credentials for passing needs, being economic with disclosures, even guarded. These trends are very different to what has become normative in the social media age in the liberal democracies which are still, just barely, the majority of the internet. But this kind of blind trust that the data you publish will never, ever be used against you is very much a product of liberalism. People from countries with more to fear, or cultures which were ruled by aggressive empires, have quite different norms when it comes to personal disclosure.
Yes, these thoughts are very enlightening and necessary to address. There is no one size fits all, there is no ‘global’, there is no ’solution’. It is all part of ongoing praxis that will be dynamic and needs to be able to change with the ‘extra’ and serendipity that is happening because of the technologies and analytics seeing patterns difficult to see from a human time frame and perspective.
On community:
Accountability
over anonymity characterises this approach as it underlies society in the 21st
century itself. Tokenised trust is a key feature but only in the actual
locality where face-to-face interaction can occur and communities of people
work and live together.
Maybe we can have a session on this during the Edgeryders Festival, an open discussion?