Identity: The hidden force that drives our lives
How identity is evolving, playing a central role in our lives, and driving the need for privacy-preserving systems.
I remember a recent conversation with a friend whose Facebook account was hacked. While it was unfortunate and stressful, given how much of one’s life and memories are stored within our social media accounts. But, it was the process of filing a complaint with Meta, and the difficulties they faced to prove who they were (from Nepal), was what I was specially surprised by.
How is proving who you are, still so difficult in this day and age?
How can the platform, which knows so much about us, shows us eerily specific ads. Heck, is known to sell our data to manipulate our behavior, cannot verify who we are in the real world?
Who we are
Identity is a term very familiar to us all, but at the same time — ephemeral and hard to explain. A person’s identity can be defined in terms of their inner personal identity, their outer social identity, or their legal identity.
The first two change and evolve over the course of our lifetimes. Our legal identity is considered fixed, and used to prove who we are.
To belong
It is reported that roughly 850 million people in the world lack any form of official government ID. It is hard to imagine what this means if you are one of the majority lucky to have one. To put it in context, this means they do not get access to what we take for granted.
Without an ID, they cannot easily find a job, get access to education and medical care, open a bank account, vote in elections, or travel outside their country.
And this is not a problem in the developing world. Even in the US, the richest country in the world, there are an estimated 21 million people who don’t have any formal ID.
A supercomputer in our pockets
The mobile age has however changed this notion of identity on its head. Not only have these devices brought our social lives (and thereby identities) into the digital world, but our mobile devices are also the center of our financial lives.
Your mobile number is as much your identity as any of your official IDs.
Despite this, however, there is still not an easy way for me to identify yourself across the various services. We mostly end up having to re-enter and verify the same information over and over. It is largely because the internet still lacks a “trust” layer.
Can Tech Lead the Way?
I always believed the banks or telecoms would solve the digital identity problem. After all, they have my identity and have the digital infrastructure in place. There appears to be a lack of incentive and innovative thinking on their part to really see this opportunity.
The good news is, this presents an opportunity for innovative tech companies to fill the void. There are already some initial examples of this.
- Apple is piloting using a digital version of driver licenses loaded on their iPhones in a few US states, and
- Plaid, which is already the used by most US users to link their bank accounts with other “fintech” apps, can also get verified through their API.
The technology that is enabling these companies to provide these alternate identity services fall under the category of Federated Identity.
There is, however, also a lot of challenges for both these companies despite their large customer base. Most of these stem from data privacy issues, as users need to entrust these private companies with something so important and sensitive.
The Digital ID
Due to the challenges with getting private companies to solve the identity issue, governments need to play an important role. After all, all our official identities are issued by them, and can create the legislations and regulations to bring this change.
Even here, some governments have already proved to be more innovative than others in building their Digital Identity Infrastructure.
Some examples, of this are India’s Aadhar, Estonia’s eID, and Nigeria’s NIN and BVN. This falls under the category of Centralized Identity.
Recently, the EU has put forward the mandate for the European Digital ID. This is one of the first such ID across multiple countries (although EU is well integrated in many ways). It will be interesting to see how this rolls out.
These initiatives hold a lost of promise, and should get the benchmark for others to follow. There are also challenges here, as governments need their citizens to trust them, and be assured that the data will not be used to double down on “big brother” like surveillance.
An urgent need for privacy-preserving Digital ID, is also due to the rise of AI. It is now possible to reveal attributes about an individual by analyzing seemingly unrelated data using AI algorithms. Another interesting challenge to ponder over is — as AI can now generate content like humans, it will be imperative to verify if the content was produced by a human or an AI.
The Self-Sovereign
Because of issues around data privacy and control over how it is shared, another solution has been developed that is getting traction. This is called Decentralized Identity or sometimes Self-sovereign Identity (SSI). The idea behind decentralized identity is to enable the individuals themselves to control their identity and data.
Most of the ingredients for decentralized identity are already there, and is an active area of development. A major feature of it is allowing anyone to selectively share their personal information with an ID verifier. This is an often overlooked and very powerful feature to protect privacy.
For example, we are often required to share our age to gain access to certain services. This mostly entails someone verifying at our ID card that we give them physically or upload in a webpage. This is exposing a lot of information about us that is actually not required to verify our age; like our address, ID number and even our exact birthdate. What if we could just share proof that we are above a certain age that the verifier trusts, and that’s it?
SSI also have its challenges that mostly stem from the lack of mature technologies around it, standardized and interoperable data formats and providing a solution that can is easy enough for an average, non-tech user.
We are in the cusp of a fundamental change. Identity will be a central part of how we live our lives (both digital and physical), and gain access to services to make it easier.
My hope is that this will be done in a way so that data privacy and the ability to control where and how our data is shared will be upheld.