Managing your digital identity

January 11, 2019

In order to establish trust between you and other individuals or institutions or to provide points of reference for receiving services one needs to prove one’s identity. As many domains digitize and more transactions are conducted digitally, the need for secure, trusted and widely adopted digital identity management becomes a necessity. However, in modern-day life, our identity has come to be managed by multiple different parties. This leaves us vulnerable to the intents and weaknesses of these different parties. What are the most developed identity systems globally and what are the innovations that might challenge the dominant ones?

Our observations

  • A digital identity is an online or networked identity belonging to an individual (or organization or device). Our digital identity does not refer to a single identifier (e.g. name and date of birth), but it can vary across applications as a means to securely interact and transact (e.g. a chosen user name).
  • There are three major challenges concerning digital identity. The first is identity fraud. In 2016, $16 billion was stolen from 15.4 million U.S. consumers. Second are data breaches. In 2017, 143 million identity data records were breached at Equifax. Third, a digital identity used by one system cannot be used immediately by another. This lack of reusability of identities is costly. For, instance, in 2016 financial institutions spent $60-500 million per year on average to on-board new customers.
  • Our identity is increasingly linked to our biometric data. As the use of biometric data becomes more widespread, the vulnerabilities also become clear. A Dutch consumers’ union tested 110 smartphone models and found that the facial recognition feature used for locking devices can be tricked with photos on 42 phones (the iPhone withstood the test). However, as the number of devices and online services and products increases, passwords for every individual device are a non-starter and some form of biometric scanning might be inevitable.
  • The largest biometric identity system ever implemented is India’s controversial identity program, Aadhaar. Despite data leaks and privacy issues and almost a decade after its launch, the Supreme Court of India recently ruled Aadhaar constitutional. By now, it has enrolled over 1.22 billion Indians.
  • As centralized identity management models show vulnerabilities, there is a growing interest in decentralized identity platforms. Aside from financial applications, one of the most widely discussed use cases of blockchain and distributed ledger technology is identity management. Blockchain enables storage, authentication and authorization without having to rely on a centralized trusted third party. Examples are Sovrin, CIVIC, Uport, PAT, XID, Blockverify, Selfkey, and Blockstack/blockauth. Recently, Tim Berners-Lee introduced Solid, a decentralized identity platform which provides a mechanism for users to own and better control their data.
  • Younger generations are more aware of the dangers of poor security in the online space and make better use of the provided privacy settings. The majority of young U.S. Facebook users say they have adjusted their privacy settings in the past year. Generation Z prefers social platforms that give them tighter control over who to interact with, such as Instagram and Snapchat or smaller online communities . As they are digital natives, they are also the generation that knows best how to separate their offline identity from their online identity.
  • More than 1 billion people globally remain without official identity documentation. UNHCR is using biometric identity systems as part of development aid for refugees.

Connecting the dots

Since the 19th century, the state has gained a monopoly on issuing legal identity, through a system of national registers and databases. Only recently did the internet challenge these institutions of identity as private businesses such as Facebook and Google started to manage identities in the online sphere. As a result, in the digital age, our identity is scattered between many off- and online systems and models of identity.

First are the current systems states use to manage identities of citizens. Two fundamentally different state models can be recognized that are similar in how far-reaching they are for citizens, as both are key to access all kinds of services. The identity management systems of India or China rather represent a model that gives the state more power over its citizens. The information revolution means that the state can associate more data than ever with citizens. The 12-digit Aadhaar number is linked to a central database entry that contains biometric data including ten fingerprints, iris scan, face scan, and biographic data of region/place of birth. The Aadhaar is asked in many everyday activities, reducing anonymity. The centralized architecture of the system makes it susceptible to hacks, fraud and corruption. For instance, the Uttar Pradesh State Government has listed many living individuals as dead over the years in order to obtain their property rights. In the Chinese Social Credit System, behavior is tied to a person’s identity. Consequently, people demonstrating “untrustworthy” behavior can be denied access to basic activities. The Estonian digital identity system represents the second state model. In contrast to the Indian and Chinese approach, the Estonian system is more about creating trust in the government through transparency of the system. For instance, the system allows all citizens to know exactly which administration has checked their personal data.

Second are the systems developed by non-state parties to manage identities of people online, where we can differentiate between centralized and decentralized approaches. Although the internet created digital identities, one of its design “flaws” was that it did not include a standardized form of accurate and irrevocable identity-management. From the early days of the internet onwards, public key cryptography became a fundamental component of digital identity systems. A public key (a chain of numbers) is used to encrypt data and only the private key belonging to an individual can decrypt these data. To ensure that public keys were linked to identities, a trusted third-party certificate authority (CA), published a public key mapped to a user using a private key. When PCs started to be widely adopted, it was recognized that relying on a centralized party, the CA, was vulnerable to flaws. Consequently, there were efforts to curb this risk, such as with the introduction of a “web of trust” (1992), in which the CA was replaced by a peer-to-peer approach in which each user has their own public and private keys. However, this decentralized trust model lacked scalability and only later would blockchain technologies provide a scalable alternative. Thus, the lack of a feasible digital identity system on the internet remained largely unsolved. Online social networks created the next big shift in digital identity when they introduced the federated identity concept. For many websites and online services, a Facebook or Google profile is sufficient proof of identity for login purposes. Therewith, these tech parties cater to our wish for convenience – as we don’t want to create a new username and password for each website – but, at the same time, they are also able to gather lots of data about us. Globally, Facebook dominates this social log-in market and can thus be seen as the biggest online custodian of identities to which all other data of online behavior and preferences can be linked. The trust structure in this centralized identity model is clearly top-down. However, the backlash against Facebook, among others, for selling detailed profiles of its users, further energized the revival of decentralized trust models. Propelled by the developments in blockchain technology, this has led to calls for a self-sovereign identity. A self-sovereign identity can potentially integrate all the bits of our identity that are now scattered among services both offline and online by enabling us to have ownership of our own identity, and control over how, when, and to whom our personal data is revealed.

In the end, the question remains whether one system will be adopted to securely manage identities across domains or whether an ecosystem of alternatives will prove themselves valuable at scale. According to TechVision’s 2018 the future of identity report, there is a need for a number of manageable, consistent identity services to serve as a “launching point” for the innovations we are to see over the next years.

Implications

  • In a world where we are becoming over-identified, the possibility of anonymity also decreases. Satoshi Nakamoto, the most famous anonymous person on the internet, has shown us the advantage of anonymity in providing privacy and protection while using the freedom of creation and innovation on the Internet.
  • As awareness of the abuse of personal data grows, alternative identity platforms are offering individuals the possibility to disclose only their relevant properties. A Dutch example is IRMA.
  • Our identity is increasingly linked to our physiological data and our behavior. Across different models, the tendency to link identities to behavioral and biometric data is increasing and with it, the ability to create a highly detailed portrait of us.
  • The only entities that communicated on the internet used to be humans. IoT challenges this and so securely identifying devices is becoming ever-more important, as they can increasingly be considered to have agency.

Series 'AI Metaphors'

×
1. The tool
Category: the object
Humans shape tools.

We make them part of our body while we melt their essence with our intentions. They require some finesse to use but they never fool us or trick us. Humans use tools, tools never use humans.

We are the masters determining their course, integrating them gracefully into the minutiae of our everyday lives. Immovable and unyielding, they remain reliant on our guidance, devoid of desire and intent, they remain exactly where we leave them, their functionality unchanging over time.

We retain the ultimate authority, able to discard them at will or, in today's context, simply power them down. Though they may occasionally foster irritation, largely they stand steadfast, loyal allies in our daily toils.

Thus we place our faith in tools, acknowledging that they are mere reflections of our own capabilities. In them, there is no entity to venerate or fault but ourselves, for they are but inert extensions of our own being, inanimate and steadfast, awaiting our command.
Read the article
×
2. The machine
Category: the object
Unlike a mere tool, the machine does not need the guidance of our hand, operating autonomously through its intricate network of gears and wheels. It achieves feats of motion that surpass the wildest human imaginations, harboring a power reminiscent of a cavalry of horses. Though it demands maintenance to replace broken parts and fix malfunctions, it mostly acts independently, allowing us to retreat and become mere observers to its diligent performance. We interact with it through buttons and handles, guiding its operations with minor adjustments and feedback as it works tirelessly. Embodying relentless purpose, laboring in a cycle of infinite repetition, the machine is a testament to human ingenuity manifested in metal and motion.
Read the article
×
3. The robot
Category: the object
There it stands, propelled by artificial limbs, boasting a torso, a pair of arms, and a lustrous metallic head. It approaches with a deliberate pace, the LED bulbs that mimic eyes fixating on me, inquiring gently if there lies any task within its capacity that it may undertake on my behalf. Whether to rid my living space of dust or to fetch me a chilled beverage, this never complaining attendant stands ready, devoid of grievances and ever-willing to assist. Its presence offers a reservoir of possibilities; a font of information to quell my curiosities, a silent companion in moments of solitude, embodying a spectrum of roles — confidant, servant, companion, and perhaps even a paramour. The modern robot, it seems, transcends categorizations, embracing a myriad of identities in its service to the contemporary individual.
Read the article
×
4. Intelligence
Category: the object
We sit together in a quiet interrogation room. My questions, varied and abundant, flow ceaselessly, weaving from abstract math problems to concrete realities of daily life, a labyrinthine inquiry designed to outsmart the ‘thing’ before me. Yet, with each probe, it responds with humanlike insight, echoing empathy and kindred spirit in its words. As the dialogue deepens, my approach softens, reverence replacing casual engagement as I ponder the appropriate pronoun for this ‘entity’ that seems to transcend its mechanical origin. It is then, in this delicate interplay of exchanging words, that an unprecedented connection takes root that stirs an intense doubt on my side, am I truly having a dia-logos? Do I encounter intelligence in front of me?
Read the article
×
5. The medium
Category: the object
When we cross a landscape by train and look outside, our gaze involuntarily sweeps across the scenery, unable to anchor on any fixed point. Our expression looks dull, and we might appear glassy-eyed, as if our eyes have lost their function. Time passes by. Then our attention diverts to the mobile in hand, and suddenly our eyes light up, energized by the visual cues of short videos, while our thumbs navigate us through the stream of content. The daze transforms, bringing a heady rush of excitement with every swipe, pulling us from a state of meditative trance to a state of eager consumption. But this flow is pierced by the sudden ring of a call, snapping us again to a different kind of focus. We plug in our earbuds, intermittently shutting our eyes, as we withdraw further from the immediate physical space, venturing into a digital auditory world. Moments pass in immersed conversation before we resurface, hanging up and rediscovering the room we've left behind. In this cycle of transitory focus, it is evident that the medium, indeed, is the message.
Read the article
×
6. The artisan
Category: the human
The razor-sharp knife rests effortlessly in one hand, while the other orchestrates with poised assurance, steering clear of the unforgiving edge. The chef moves with liquid grace, with fluid and swift movements the ingredients yield to his expertise. Each gesture flows into the next, guided by intuition honed through countless repetitions. He knows what is necessary, how the ingredients will respond to his hand and which path to follow, but the process is never exactly the same, no dish is ever truly identical. While his technique is impeccable, minute variation and the pursuit of perfection are always in play. Here, in the subtle play of steel and flesh, a master chef crafts not just a dish, but art. We're witnessing an artisan at work.
Read the article

About the author(s)

Researcher Julia Rijssenbeek focuses on our relationship to nature, sustainable and technological transitions in the food system, and the geopolitics of our global food sytems. She is currently working on her PhD in philosophy of technology at Wageningen University, investigating how synthetic biology might alter philosophical ideas about nature and the values we hold, as well as what a bio-based future may bring.

You may also like