What is your identity? Who or what defines it?
Who you are is hardly defined by your drivers license or passport. And yet, this is often how we understand ourselves and others. The metrics of our birthdate, ethnicity, eye color, height. The document number linked to a government database. The photo taken on a bad hair day despite our best efforts.
Not only do these documents reduce our identifiable information to fixed numbers, they don’t hold any information about our communities, relationships, profession, skills, interests, or desires. They also lack the nicknames, in-jokes, and knowledge that comes with those connections.
I’m not sure I want my in-jokes or hobbies included in my passport, nor do I want to be defined by such a flat description as what is currently included. But identity documents are just a tool for representing ourselves, not who we are. In reality we show up as multiple, fluid identities in different settings: parent, investor, co-worker, friend, activist, and many more. Both how we see ourselves and how others see us matters in these social equations.
On the internet we also show up as multiple identities. Just think about how many separate email accounts you have and how you might use each for different purposes. I have nine I can count off the top of my head. From personal identities to school and work, to organizations and accounts I share with others. So some of my online identities aren’t even solely ‘me’ — they’re also ‘we’. A single identifier used to represent a group in digital space.
In some ways, the internet enables this multiplicity, yet it is also data-first. Everything is inherently numbers, quantified metrics that have trouble capturing nuance and flow. There is a risk of identity being reduced to digital markers, detached from the complexity of living humans.
Without answering “what is identity,” as that seems to be incredibly contextual, I want to explore with you the uses and challenges of digital identity infrastructures while holding in mind the multiple ways we can think about identity.
Why is Identity so Hard?
Developing a comprehensive identity infrastructure for the internet has proven to be a wicked problem.
One clue in the above is my nine separate email accounts. I control each of them, but in order to keep those parts of my digital existence separate, I have to keep them as distinct logins without any continuity for me as a user. I don’t need work emails in my personal inbox, nor do I want to sign into social media with the email of my collaborative writing project.
Developing a comprehensive identity infrastructure for the internet has proven to be a wicked problem.
There is a tension between secure, authenticated, cross-platform digital identity and compartmentalized, fluid, personas that let us show up as different parts of ourselves in different spaces. Thus attempts to develop a single identity tool that does it all face a lot of issues, from ethics to usability, that come from collapsing multiple personas into a single identity.
For instance, one issue we can imagine is that my job title might be attached to my digital identity, which makes sense in a professional setting, but which I might not want to forefront in a social setting. Now, even without my digital identity credentials providing you that information, you could google me and learn it for yourself fairly easily, but there is a little bit of friction to that interaction — you have to intentionally seek the information out. This is where the concept of progressive trust comes in.
Rather than relying solely on cryptographic trust (which is actually about developing “trustless” environments) Christopher Allen suggests Progressive Trust as a model of how trust functions in-person. In different settings I’m going to present different information about myself and slowly reveal more as it becomes relevant to an interaction. This lets me disclose information at a rate that I'm comfortable with, maintaining my privacy, and for you to understand the information because you aren’t overwhelmed with every available fact about me, unable to distinguish what is important and what isn’t.
Identity infrastructures also raise the issue of control. Who should be able to say who I am? Should my digital identity always tie back to my legal identity? Should my digital identity be controlled by a corporation like Google, as is the case for many people’s email addresses? There are often different answers to these questions depending on the particular use case, but as these infrastructures are developed it’s important to consider who they give power to. In many situations it should be possible for users to self-assert and control their identities. Certainly, users should be able to control what information they make visible, when, and to who.
Identity infrastructures face a lot of conflicting needs. Some of those conflicts include:
- Anonymity and identity authentication are both important in different situations.
- We want to provide information, but also seek to control how and when.
- We want to compartmentalize our personas, but also want to be able to prove the continuity between them when needed.
There are technical challenges to get identity to work well, but there are also social ones like usability. An identity infrastructure that allows users to manage all of these conflicts themselves risks being unwieldy. Further, we as designers, developers, and builders of all kinds face the challenge of getting down to basics and away from our own preconceptions so as to build composable systems that can hold all of these contradictions together.
How then to navigate all of these contradictions and do digital identity well? Instead of claiming to have the answers, let’s explore the technical and project landscape, consider some important critiques, and keep learning together.
A Brief Recent History of Identity Technology
When we log in to a website online we are providing identity credentials. It used to be that each site would hold data about us like our username and password in their databases and thus would be the authority over our identity. This also meant that identity was balkanized, without any continuity between digital spaces. To this day, many websites require unique login details. But a new option has become prevalent. You can sign into many websites via a third party like Apple, Google, or Facebook that acts as the authority on who you are. You gain continuity between digital spaces and the individual sites no longer hold your password — which is good for security but centralizes data into the hands of a few organizations. This is how digital identity works for most today.
Each of these solutions has approached the tradeoffs inherent to identity infrastructures from different perspectives. And over several decades of incredible work, members of the IIW and other organizations have continued to evolve this technology, developing capacities to balance the contradictions posed by identity.
The newest developments in the space, coming from many of the same minds, center around Self-Sovereign Identity, which comes from a desire for persistent credentials that originate from the individual. Much like data sovereignty, this is a claim that instead of external authorities holding our identity information, each one of us should be able to hold and provide all of our identity information.
Self-Sovereign Identity: Decentralized, Digital, and Self-Proving
Controlling your own identity is technically tricky. You need a unique name, a way to prove that it is your name and not someone else’s, and ways to prove information about yourself. The main standards that have been developed to solve these problems are Decentralized Identifiers (DIDs) and Verifiable Credentials which we’ll explore in a little more detail below. Additionally, I’ll talk a little about how this is playing out in Ethereum.
There are also situations where you need to not only prove your name, but that it refers to a unique person. This will be discussed in a section about Sybil Resistance.
Decentralized Identifiers (DIDs)
Decentralized Identifiers allow a name (a URI) to be authenticated without needing to reference a central authority. W3C’s specification (which exists under an open, royalty-free license), describes how the holder of a DID can prove control over that name by providing a document with verification methods for cryptographically authenticating the identity. OpenID (who are behind the standards Google and others use for their identity infrastructure), are developing standards with DIDs to allow end-users to self-issue identity credentials to themselves which they’ll be able to use to login across a variety of sites without needing a central authority like Google.
Now, these identifiers don’t only have to refer to people; they could also refer to groups, datasets, or any other digital object. They also don’t possess, on their own, a way to say what the name refers to; rather, what is important is the ability to independently verify the name itself and that the agent presenting it has a right to it. To say things about a name, we’ll have to use Verifiable Credentials.
Verifiable Credentials
Verifiable Credentials (again defined by the W3C) are a way for credential holders to prove that a third party has said something about them and to present that information in an authenticatable way without verifiers needing to check it against the issuing party’s databases.
Take your driver license. It’s tied to your name and has tamper-resistant markings on it verifying that it was issued by the local government. It also asserts other information about you like your date of birth or nationality. At the same time the document contains its own constraints like its expiration date.
Instead of pointing to a legal name, a Verifiable Credential will point to a DID or other URI. The Verifiable Credential then is filled with all the appropriate information about the particular credential, including who is issuing it. It also includes a proof which allows a verifier looking at the document to confirm that the issuer generated the document without the verifier needing to contact the issuer for confirmation. The owner of the credential also has the ability to present only part of the information in the credential if they desire. For instance, if a verifier is looking to confirm the holder’s age, they can use zero-knowledge proofs to show just the information about their age and the issuer from a driver-license-like document without needing to reveal anything else from that document, enabling minimization of data sharing.
Verifiable Credentials provide a framework that can be used to say all sorts of different things about an agent, ranging from possession of concert tickets and club memberships to legal identity. Coupled with DIDs, they allow agents to self-assert their name and to carry authenticatable information about themselves without needing to rely on a central authority to hold that information.
Soulbound Tokens
Ethereum is doing something a little different. Because they already have wallet addresses which serve as URIs, they are operating outside the W3C’s standards to provide identity solutions that operate within their ecosystem. Soulbound Tokens have been proposed as a way to hold credentials and other attestations in a crypto wallet which make them similar to a non-transferable NFT. Like with Verifiable Credentials, issuers can attest any sort of information about an agent, in this case by minting a Soulbound Token directly into the agent’s wallet.
Binance for instance recently released an implementation of Soulbound Tokens as an identity credential to their customers who completed KYC. This token effectively ties user’s wallet addresses back to their legal identities through Binance’s KYC databases, making the company the trusted authority for other projects that want to accept that identity credential.
Sybil Resistance
Fake identities and bots abound on the internet and are often used to disrupt spaces or give individuals undue influence like in a vote. These are known as Sybil attacks and create an issue for identity infrastructures. After all, I shouldn’t be able to use all nine of my email accounts to create fake social media profiles and repeatedly ‘like’ one of my own posts.
So how do you prove that a particular DID or wallet address refers to a unique individual? Many current digital identity infrastructures tie to legal identity in some way or another depending on the level of security needed. For instance, verifying your phone number on Google or Discord ties that account back to the phone company. For more secure implementations like KYC on exchanges and the like, you have to provide direct confirmation of your legal identity by uploading images of your state issued ID or similar documentation.
You could theoretically authenticate your legal identity in a similar way under a Self-Sovereign paradigm by getting the phone company or government to give you a Verifiable Credential authenticating your legal identity. There are even government projects working towards this like Ontario’s Digital ID.
In the web3 space there are also projects attempting to develop alternative methods of sybil resistance that let individuals prove that they are unique human beings without needing to rely on legal identity. This 2020 paper reviewing approaches to “Proof of Personhood” is a helpful introduction to the space. The methods they use feel more like the key signing parties of old, but updated for the modern internet. So instead of getting together in person to check each other’s public keys, they authenticate identity on a peer-to-peer basis via video chat or recorded attestations. The protocols also utilize social graphs or other mechanisms like financial incentives/penalties to help weed out bots and fake accounts.
Without taking the narrative too deep into the pros and cons of different implementations, I will say that I love the idea of peer-to-peer authentication of identity, but that we are still on rocky terrain that needs to be navigated carefully.
Generative Identity: Critiques and Opportunities
From this broad overview of Self-Sovereign Identity projects, you can see that the tools for a secure, authenticated, cross-platform digital identity are in development, and while there is ground yet to cover, a lot of promising work has been done in this space. But you’ll also notice that there is little discussion of the other face of the coin. The multiplicity and contextuality of identity and the need for compartmentalized, fluid personas is really missing from the technical developments and conversation around them. And this is where a lot of the following critiques come from.
Philip Sheldrake has proposed Generative Identity as a framework for thinking about digital identity from a perspective that allows for evolution, change, and fallibility. It builds on Self-Sovereign Identity and makes a call for transdisciplinary work that moves beyond code in order to design from a holistic perspective. The following is largely in reference to his work and is presented here to help us consider how to design identity infrastructures that are better suited to meeting our conflicting needs.
A Verb not A Noun
One way of thinking about the contradiction of identity is to ask whether it is a noun or a verb. Is identity a thing? Or is it a series of living processes that we enact? And if identity is something we do, then how do we build infrastructures that are representative of that?
One danger of digital identity is that our multiple identities, which are always shifting as we act them out over time, could be collapsed into a single, definitive document which is used to define “who we are.” Now, this happens some with legal identities, but legal identity is limited to a narrow set of use cases. The diversity of ways that we interact online don’t all require legal identity, and many would be negatively affected by it. Unfortunately a lot of identity projects are developed with a legal conception of identity. After all, “code is law” is a pervasive refrain.
Cultural Pitfalls of a Datafied Self
Let’s look at an example of how this could play out.
Imagine that Bob and Alice meet on a dating site. Now, in order to ensure that everyone on the site is a real person and relatively safe, the site requires them to link their Self-Sovereign Identities which have been through a KYC process. If progressive trust tools are in place and everyone has the ability to keep their information private (while sharing certain details with the platform for safety) then the site might function fairly similarly to how dating sites do today. But if those tools aren’t in place, or if there is a culture that doesn’t prioritize them, then we might expect some serious privacy issues. For instance, if Alice is a whale and has her crypto accounts linked to her DID, Bob might have ulterior incentives for asking Alice out. They might also judge each other based on their college degrees, height, genetics, or any other metric that might be attached to their identities via a Verifiable Credential.
As Sheldrake has stated:
“If you fail to offer up the requisite verifiable claims then you fail to get to ‘trust building’ first base in the SSI century. (Note: this is in fact trust avoidance not trust building.)”
Part of what is happening here is the decontextualization of information. Shared merely as verifiable facts rather than as rich accounts, we lose sight of the person at the center of these data points. If Bob never finished a college degree, the story of ‘why’ might be really important to who Bob is, but it’s entirely missing from his identity credentials.
Molly White warns about the social divides this could accelerate. If our college grades or criminal records are no longer locked up in frustrating bureaucratic processes and are rather tied to our digital identities, they become available as requirements and disqualifiers for access to any number of activities and spaces.
Interpersonal Information
Part of this loss of context comes from a focus on “personal data.” Most information is in fact interpersonal. Our identities are bound up in the ways that other people identify and experience us. My trust in someone is also solidified much more by the recommendation of a mutual friend then by seeing their legal ID. It’s our relationships who really make us who we are.
This is a lost opportunity as well. “Big Data” knows that interpersonal information is valuable, thriving off of the overlap in our data trails and looking at the ways we are interconnected. Now, I’m all about data sovereignty, but I also want our shared data to be used in productive ways that help our communities. Data cooperatives, data commons, and other similar projects feel like a positive middle ground between data extraction and private data silos. Similarly, I am wondering how identity might take on similar patterns.
The Fable of Rationality
Finally, I want to warn against assumptions of rationality. A lot of identity projects are well designed for people who act in their own best interests. But we are all fallible, and it’s not just technical systems we have to navigate but social, legal, and cultural systems as well, each with competing goals and rules. My best interests in a cultural sense might be directly opposed to the actions I need to secure the technical privacy of my digital identity. I might be compelled to give up information or rights I would normally protect fiercely, if it meant I could access valuable cultural or economic opportunities. This is not to disparage the capability of end users but rather to recognize the complexity we all exist within. It’s always wise to design for humans who make mistakes.
Complexity: Holochain’s Perspective
Learning about this topic, I was reminded of how we at Holochain talk about Mutual Sovereignty. Holochain is designed to protect and enable both the agent and the community. These parties are always bound together in responsibility and agency. Digital identity seems to have a similar dynamic with the tension between identity infrastructures and our multiple lived identities.
Holochain is designed to protect and enable both the agent and the community. These parties are always bound together in responsibility and agency.
Rather than a proper conclusion, I want to leave this article with an invitation to think expansively and critically about identity, and to join us as we continue to explore digital identity and how Holochain might factor in. As always, Holochain is committed to holding space for the complexity of these issues and is looking to approach identity with sensitivity and intention. We obviously have strong beliefs about the matter, but I don't want this to be a one-sided conversation led by supposed experts — I want it to be a starting point for discussions which will lead to much richer answers than we could come up with alone. More soon.