Solution: Universal Identity
The biggest part of the so called “identity problem” is hidden in plain sight. The most significant issue with the current state-of-the-art by far is the enormous macro-economic costs forced onto the collective in terms of usage, integration and maintenence of a fragmented collection of identity systems. Other portions of the identity problem are mostly due to limitations of existing technology around security, privacy and centralization, that need to be mitigated by a future solution. There are also problems that come from the new set of decentralized identity technologies, namely with recoverability and usability.
Friction and non-interoperability across identity providers harms everyone including consumers, and creates enormous macro-economic costs.
For consumers, the proliferation of identity systems, depending on user name and passwords, across service providers covering the many aspects of our digital lives, has made managing our credentials more and more difficult.
For technology developers, the inability to rely on a neutral identity platform, means they have one of two paths:
- Create their own custom identity solution and pass the operational and usability costs to their customers.
- Choose to go with a big tech identity platform and make life a bit easier for their customers, but have to always worry about strategic dependency on big tech.
Needless to say neither of these paths are ideal. There should be a third better way.
One of the most significant negative impacts digital technology and the internet have had on society has been an unintended one, a much higher possibility of system compromises. As a result of the vast reduction of cost in information transmission and information storage, we now rely on systems that digitize and replicate our interactions and are commonly always-connected to the internet.
This means that the compromise of our personal information, and our access to these systems is more likely than ever, especially when compared to the paper-based bureaucratic systems of the past. These costs are incurred through hacked accounts, device, OS or apps with the goal of gaining access, information or resources. Mass account hacks at the provider side are a high-scale special case with enormous large scale cost.
As a result of the vast reduction of cost in information transmission and information storage, personal information is now more prone to replication and abuse, especially when compared to the past’s paper-based systems.
Privacy as a right has always had a place in human cultures but with varying norms. More recently with the ascent of digital technology these norms are being tested. Still there is some agreement, at least in western democracies, that personal information are akin to rights inherent to individuals, and that they cannot be treated like property.
Yet we see significant and large scale abuse of privacy rights are forced onto consumers through surveillance, tracking and advertisement.
The digital technology industry partly consists of a number of monopolized sub-markets. Given that identity (amongst others such as data, connectivity, device and web user interfaces, etc) is a basic underlying layer of all technology products, identity systems are often used effectively to reinforce monopoly. This often accompanies other problems such as customer lock-in, rent-seeking, stifling innovation.
Simulating a human being on the internet can be low cost, and can yield significant profit in various scenarios, such as product reviews, social media influence, political debates and voting, etc.
Many social and commercial systems depend on the ability to identify unique humans in roles such as citizens, customers, etc. And so it is possible to break the rules of these systems by breaking this assumption, through simulating unique human beings, especially on the internet.
There are a number of ways to mitigate against this type of attack, and most of them involve verifying identities outside of cyber-space, and securely tying them to a specific digital identity, with some degree of certainty.
As mentioned, there are other significant problems tied to identity systems, that may not directly be solvable by technology, yet should be considered when considering such a ambitious solution as a universal identity system.
The power of government agencies such as intelligence, law enforcement and military are intentionally concentrated on aim of suppressing specific political movements through surveillance, threats and force.
Denying access to citizens associated with undesirable groups or taking away their access to common platforms due to social and political pressure.
Most Web 3.0 identity systems are vulnerable to unexpected loss events, and mitigate through less usable processes. Undesirable and unintended events such as loss of account, data, credentials or other artifacts that can be mitigated through a set of recovery steps.
The final solution (Universal Identity system) is a distributed and decentralized identity system that supports private identities as well as public ones, and can work in a hybrid manner, namely in offline, online and on-chain modes. This identity system functions according to a software protocol (Universal Identity protocol) meant to fulfill the requirements of the above solution.
Universal Identity is secure by default, as it uses cryptographic keys stored on identity owners’ device hardware. No more guessing, or resetting countless passwords.
Supporting password-less interaction is one way to drastically improve usability, and security for the owners. The use of cryptographic public-private key pairs, with specialized hardware support, in the form of secure enclaves, increases security dramatically by reducing the risk of fraud. The pattern of secure hardware support can be seen in most modern phones including the iPhone, as well as many models of hardware authentication keys and hardware cryptocurrency wallets.
You own and control your identity instead of that big tech company. You get to choose trusted services to operate your identity or switch anytime. Any challenges introduced as a result of using this type of technology, including issues with recoverability and usability are addressed by the solution and its underlying protocol.
One identity app, one collection of identities, one contact list, one privacy source for all your digital and internet activities. This means consumers have a lot less identity information they remember or keep track of.
Universality also means that the same identity protocol operates across majority of digital interactions and transactions. For application and service developers, this means being able to rely on one set of rules for interacting with people and systems, resulting in unlocking of innovation.
Universal Identity is based on the human cognitive model of identity. Building systems and applications that operate based on concepts paralleling a typical user’s mental models, will inherently result in better user experiences, as well as a more intuitive understanding of these systems’ underlying processes.
While others tout blockchain-based identity, we realize that approach comes with serious limitations to privacy. To serve its users, Universal identity needs to support private identities that match the way people intuitively understand privacy in multiple social circles. This also includes working with task-based anonymous and pseudonymous identities. See “How humans understand identity”↗️ for more information about our understanding of multi-identity.
It also supports a method of formally expressing privacy preferences for consumers, which can be used along with public discourse and policy to tighten and enforce privacy rules.
In order to build a strong and global ecosystem, it is crucial for the base protocol to be permissionless, censorship resistant, and neutral, otherwise it will not be able to bring in developers and other ecosystem stakeholders and jumpstart protocol growth.
This is similar to the way that the internet, and the world-wide web have remained mostly neutral, decentralized and permissionless.
Serving all identity owners means being able to satisfy varying requirements from different audiences such as consumers, early adopters, businesses and institutions. Each of these identity holder profiles have their own set of preferences and requirements for operating their identity, most importantly around security, privacy, usability and levels of security.
As such it is not sufficient to only support fully public on-chain identities, or to just support online and always-connected identities operated by technology services. Any final solution should by definition support offline, online and on-chain identities.