August 5, 2019

The Case for a Unified Identity

More than 980 million people do not possess any form of identification[i], according to the 2018 Identity for Development (ID4D) Global Dataset. They do not exist in official state records, and the restrictions their lack of official identity poses are staggering. Just how staggering? For a person with no birth certificate, no social security card, no registered name anywhere, it is impossible to get a license, a passport, or apply for any needs-based benefits such as welfare, housing, or unemployment. Without identity, people are unable to register for educational courses. Their job opportunities are limited. They cannot open an official business, pay taxes, file a patent, open a bank account, vote in an election, file a legal claim, or take many of the other everyday actions that most of us take for granted. Now imagine the same were true not just of everyone in the United States, but two other equally sized countries as well – one out of every 7 people in the world.

The most dangerous phrase a data processing manager can utter is ‘we’ve always done it that way. – Rear Admiral Grace Murray Hopper

The problem does not have an easy solution. What is required is a paradigm shift in how identities are created, validated and handled. Current systems are often run by central authorities with their attendant central governance and central access models. These systems are ripe with security vulnerabilities and frequently lead to massive hacks of personal information, identity theft, and cumbersome recovery processes when identification is lost or stolen. A better architecture design is needed.

Contemplating the future of data processing in the 1970s, Rear Admiral Grace Murray Hopper remarked that the most dangerous phrase a data processing manager can utter is “[w]e’ve always done it that way.”[ii] To define a better solution using a new way of thinking about data, the requirements for this new architecture design need to be established.

A good baseline of requirements would include:

  • The architecture should operate without central points of failure and without inherent mechanisms of censorship.
  • Security and data integrity must be of the utmost importance.
  • The first steps in creating an identity should be as simple and individually unique as possible.

Recent technological advancements can foster the creation of a system that meets those requirements. Focal areas include: blockchain/distributed ledger technologies (DLT), cryptography, distributed systems, biometrics, artificial intelligence (AI), and Internet-of-Things (IoT) and edge computing technologies. The convergence of these technologies enables a profound shift in the way that digital infrastructure is built and utilized. This shift moves away from centralized ID systems toward fluid and trusted systems with no central authority. Such systems can aid in proliferating technological access to the most remote regions of the world, while also embedding security-conscious design into standards that are free to use by anyone. They can provide each person with an inherently unique method of identification, such as a biometric identifier that can only be validated with the person’s consent.

The convergence of new technologies enables a profound shift in the way that digital infrastructure is built and utilized.

There are very few solutions that integrate all these advancements to-date, but one can be seen through the implementation of the IOTA Protocol. The IOTA Protocol is a distributed data management protocol specifically designed for scaling the Internet-of-Things into areas of our planet that struggle with poor or intermittent connectivity issues. It allows for the easy integration of global applications in the realm of artificial intelligence and can foster the utility of machine learning on so-called “edge devices” (think smart watches, as opposed to computers), and this has many benefits for an identity solution. What does this mean to the people that need it most – i.e. the ones still lacking any form of identification? It means we now have the technological capability to build a lightweight “trust layer” – a reliable, user-controlled digital identity system – for all of our digital infrastructure. This is how we can connect the world’s hard-to-reach areas and provide access to a secure and self-sovereign digital identity solution. We now have the tools to address the 980 million people who don’t have any form of identity.

When this solution is implemented, the capabilities can even trickle down to individual devices and organizations. It can dramatically reduce the security vulnerabilities in central authority systems. It can also help connect data sets that have previously existed only in hermetically sealed “data siloes,” so that industries as diverse as supply chain, mobility, telecom infrastructure, eHealth, smart cities and energy can benefit from shared data resources. More than that, such a solution takes all these different verticals and empowers the people who need the benefits of these services most. They can enjoy a valid and verifiable method of using benefits while protecting their personal data. They can truly make a better life for themselves.

It is no longer strictly necessary to rely on central governments to create the identity solutions of the future. In fact, doing so may be counterproductive.

Thanks to these technologies, it is no longer strictly necessary to rely on central governments to create the identity solutions of the future. In fact, doing so may be counterproductive, since all centralized systems are inherently flawed. The trouble is that whenever one government creates its own identity system solution, the others have difficulty determining whether and how much to trust it. By contrast, it is easier to place trust in a system that is not created by any single government but is instead based on an independently verifiable (and hence trustworthy) open-source technology such as the one developed by the non-profit IOTA Foundation. Central governments should consider coming to agreement on the mutual recognition of such solutions and adopt the necessary mechanisms for cross-border validation of individual identities once standardization has been achieved.

In this regard, it is important to learn from progress in countries like Estonia with its e-identity platform, India with the failures of the Aadhaar ID system, and the progress of the European Union’s regulation on identification and trust services for electronic transactions (e-IDAS). Studying the lessons learned from the successes and failures of such initiatives can lay the groundwork for all parties to come together and make a new standard for a unified, world-wide identity system – one that is free to use and technologically “lightweight” (having few hardware or software requirements), offers an easy user interface to individual users, places the utmost focus on system security, respects the right of personal data ownership, and complies with the most exacting of legal and regulatory requirements. This is the ID system – and the world – that we should all be striving for.


References

[i] “Identification for Development (ID4D) Global Dataset.” Identification for Development (ID4D) Global Dataset (Global ID4D Database) | Data Catalog, 25 June 2018, datacatalog.worldbank.org/dataset/identification-development-global-dataset.

[ii] Rear Admiral Grace Murray Hopper, ComputerWorld, Volume 10, Number 4, (January 26, 1976), Privacy Laws May Usher In ‘Defensive DP’: Hopper by Esther Surden (Computerworld Staff), Quote Page 9, Column 3, Computerworld, Inc., Newton, Massachusetts, Now published by IDG Enterprise.


About the Author

Mathew Yarger is Head of Smart Cities at the IOTA Foundation. He is a former US Army Combat Veteran, Cybersecurity Operations Planner and Department of Defense Digital Forensics professional. He has advised and developed multiple platforms in the distributed systems and blockchain spaces through prior work and while working for the IOTA Foundation with a focus on citizen-centric design and systems architecture implementations.

Comments from the Community

1 Comment

  1. mitra says:

    If there is one thing that is certain about the decentralized identity space its that its far from unified, and hasn’t been for the decades that its been proposing everything from OpenID through to IOTA and the various “self sovereign ID” proposals. For any distributed id to be likely to be persistent enough to be worth the phenomenal effort of getting the billion or so un-identified into it, its going to need something that goes beyond one company or protocol, it will need standards of some kind with multiple independent parties agreeing to them, otherwise the most likely outcome is a huge push to register people, followed by the demise of whatever technology/blockchain/database its based on and we are back to square one but with even less trust.

Leave a Reply

Join a global community of changemakers.

Become A Member