Do you want to be able to "pull the plug" on your online life? If so, you need to think about your "self-sovereign identity"

Andy-Tobin-of-Evernym-talks-about-self-sovereign-identity-810x456.jpg

As documentaries like Netflix’s The Great Hack are showing us, we are living in a digital society which all-too-easily trades our personal data - our behaviour with our networked machines - with anyone powerful enough to buy that information. Fortunes can be made, but also elections influenced, with that information. 

Yet the situation is structured against scrutiny - all those blithely clicked “I accept”’s - and certainly against and clear vision of what our rights to our own data should be. 

Much of the early fervour around crypto-currencies and blockchain has been based on their ability to profoundly anonymise our digital interactions - keep us from the scrutiny of state and corporate eyes.

Yet anyone with a sense of history and culture can imagine that these technologies will eventually need their philosophical underpinnings. Who or what is the “identity” that these systems protect? What does it mean, psychologically as well as digitally?

This philosophical approach is emerging, in the concept known as “self-sovereign identity” currently being discussed and developed in tech cultures. It’s effectively an attempt to outline the nature of the self in a data society - how its rights might be asserted and defended.

Outlier Ventures describes the challenge well:

None of us actually owns a digital identity. We simply ‘rent’ identities from each of the websites or apps we use, resulting in an inefficient, fraud-riddled, privacy-invading mess. Additionally, each organization we interact with must store our personal information in massive databases. These ‘silos’ become gold mines to hackers and toxic liabilities for anyone obligated to store the data.

A siloed approach to identity may have worked in the early days of the Internet, but with practically every business and billions of people now online, problems such as fraud are growing rapidly. The costs of these problems will soon balloon as billions more identities come online with the Internet of Things.

Regulators try to police misbehavior by dishing out billions in fines each year, but they don’t address the root cause. Data breaches continue to occur almost daily, often because siloed identity creates massive troves of data attractive to hackers.

Solving the identity silo problem begins with a digital identity that you literally own, not just control — a “self-sovereign” identity. When combined with verifiable claims, it enables any person, organization, or thing to interact directly with any other person, organization or thing, with trust and privacy.

If anyone other than you can “pull the plug” or change the rules for your identity, it isn’t self-sovereign, it is siloed – even if it uses ‘blockchain’ technology.

The bloggers at Metadium have handly summarised self-sovereign identity this way:

Self-sovereign identity (or SSI is the concept of individuals or organizations having sole ownership of their digital and analog identities, and control over how their personal data is shared and used. 

This adds a layer of security and flexibility, allowing the identity holder to only reveal the necessary data for any given transaction or interaction.

Since identity is such a central part of society, we need to ensure that user control will be the primary foundation that self-sovereign identity will be built upon

Based on the work of Christopher Allen, they outline the ten guiding principles of SSI - each principle in bold links to a longer article:

Existence — Users must have an independent existence.

Control — Users must control their identities.

Access — Users must have access to their own data

Transparency — Systems and algorithms must be transparent.

Persistence — Identities must be long-lived.

Portability — Information and services about identity must be transportable

Interoperability — Identities should be as widely usable as possible.

Consent — Users must agree to the use of their identity.

Minimization — Disclosure of claims must be minimized

Protection — The rights of users must be protected

It’s worth digging into, but even here you can perhaps see how deeply these thinkers are trying to reattach the internet to our personal actions and agency. 

And as a few posts on this platform have noted, self-sovereign identity is beginning to have a very concrete real-world importance, in a world of increased migrant flows. From Life with Alacrity:

In the last year, self-sovereign identity has also entered the sphere of international policy. This has largely been driven by the refugee crisis that has beset Europe, which has resulted in many people lacking a recognized identity due to their flight from the state that issued their credentials. However, it’s a long-standing international problem, as foreign workers have often been abused by the countries they work in due to the lack of state-issued credentials.

If self-sovereign identity was becoming relevant a few years ago, in light of current international crises its importance has skyrocketed.