What is your identity?
Have you ever stopped to think about what it means to truly own your identity? What is our identity anyway and why it is important in the digital world? “Identity” is an imprecise, unbounded term that lacks the rigour required to use in anything other than superficial discussion. Without a clear understanding of what an identity is, how can we form any opinions on matters of Digital Identity and how can we gauge the true danger of storing digital representations of our identity centrally?
Multiple Characteristics – universality, stickiness and uniqueness
The task of claiming an identity is the task of substituting the sentence “I am this person” with “I have these characteristics”. If someone claims they are King Arthur, and everyone is aware that King Arthur has the characteristic of being able to pull a sword from stone, then when the claimant proceeds to actually pull a sword from stone, they have sufficiently demonstrated this characteristic. It is then reasonable to conclude that the assertion is valid and the individual is who they claimed to be. The more unique the characteristic being identified, the higher the confidence in trusting the claimant. This process is expressed as “I am this identity because I have these characteristics”.
Subjectively, an individual’s identity can be comprised of any number of distinguishing characteristics, each with their own universality, stickiness and uniqueness. A date of birth for example is universal in that everyone has one. It is also highly sticky in that it remains constant for an individual’s life span. Given the limited number of days in a year however, a birthday is inadequate as a representation of identity because it is shared with around 0.3% of the population.
Another identity characteristic is a residential address. Addresses are not universal because they do not apply to the homeless. They are also less sticky than birthdays because they may change multiple times in an individual’s life. Residential addresses are however far more unique than birthdays. An individual may live alone or with a small number of other people. Seldom would 0.3% of a population be seen cohabitating. Similar universality, stickiness and uniqueness assessments can be made for other identity characteristics such as gender, phone number and club memberships.
Problems with Aggregating Identity Characteristics
Traditional identity verification systems suffer from numerous problems born from numerous causes. First is the fact that the number and types of characteristics that comprise a representation of identity vary. Any conclusions drawn from evaluating them can hence only be estimations.
Secondly, many of these characteristics are primarily intended for other purposes and are hence not fit for identity verification. A phone number for example is primarily used to call someone. This is a time-limited use, subject to involvement from relevant stakeholders like telcos. Likewise, a birthday is primarily used to determine age. Knowledge of age should again be time-limited and context specific, perhaps to diagnose a medical issue, purchase alcohol or decorate a birthday cake.
The uniqueness of a human being is not easily modelled by characteristic-registration systems in the way that a serial number models a piece of equipment. Each identity characteristic is common enough to be insufficient for unique identification. Consequently, the aggregation of multiple characteristics is currently required and necessary to create a sufficiently unique proxy for an individual’s identity.
Verification Thresholds
There is no hard rule that dictates how much aggregation is enough. The number and type of characteristics required to verify a claim is wildly variable because different verifiers will have different thresholds of confidence in claims made. By imposing the need to verify claims of identity via an imperfect, eclectic collection of verifiable personal characteristics, society’s existing trust model has backed itself into a corner. Because a representation of an individual is not the individual themselves, complexity must be stacked upon complexity to shoehorn together a system that best fits the bill. Simplicity scales whereas complexity fails.
Solutions
The lazy solution to these problems is to do more of exactly what caused them in the first place. We can see this manifest in many areas of online life, including the runaway demands of Know Your Customer (KYC) and Anti Money Laundering (AML) legislation. Under the status quo, people are expected to reveal increasingly more intimate nuances about their characteristics under the guise of increasing confidence in identity verification.
Doing more of something that does not work, however, is a fool’s errand. Problems experienced by a Formula One engine when run on vinegar are not solved by doubling the amount of vinegar in the fuel tank. Real solutions are those that are fit for purpose. They are derived from the pursuit of quality over quantity.
Today, our online experience is strained to breaking point. It suffers under the weight or problems inherent with systems built on dated thinking. The need to rely on fallible estimations of trust from monolithic public or private entities is neither effective or desirable. How are we to innovate and evolve when our online interactions hinge on the digital equivalent of a vinegar powered race car?
A simpler and more suitable alternative is already available. Blockchain technology offers properties actually fit for purpose in the identity verification space. It solves the characteristic-aggregation problem by not relying on analogue properties in digital domains. It solves the risk of abuse present in all large identity databases by abandoning the need for centralisation. It increases confidence in online interactions by removing corruptible intermediaries and places control of identity management where it belongs, in the hands of the individual.