fgnopporn - stock.adobe.com

Why identity is the central problem for the future of the internet

As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day?

If you strip back the competing agendas and hyperbole, there is a split in how the internet is viewed by different governments and companies. Some see it as an essential place for free speech that has enabled people and companies from around the world to communicate and share information like never before. The problem for regulators is that this freedom puts too much power into the hands of a small group of companies, which has led to significant abuses of both individuals and countries.

The solution offered by some authorities that want to wrestle control from the internet companies while protecting free speech and privacy, is regulation such as the European Digital Markets Act (DMA). In the US, the debate focuses around section 230 of the Communications Decency Act.

The alternative approach adopted by more authoritarian governments is to demand complete control over internet access. These regimes have the ability to monitor their citizens in every aspect of their lives, leading to well-documented abuses of power and restrictions on free speech. It does mean, though, that these authorities, not Google and Facebook, have ultimate control.

They are also pushing for even greater powers through processes such as data localisation, which will enable them to identify precisely content and individuals that they do not like.

The consequences for free speech are obvious. A report by Freedom House last year made the potential threat very clear when it said: “Renewed interest in data localisation poses a heightened risk for users’ privacy and other fundamental rights. This is particularly concerning as some of the most stringent data localisation requirements can be found in countries with poor human rights records and restrictive information environments.”

Who has the right to control our internet identity?

Fundamentally, this debate boils down to identity. Who owns it? Who has a right to access it? Who has the right to benefit from it commercially?

If we don’t come up with a workable solution to these questions, we face the very real prospect that the internet as we know it will become a mechanism for control. After all, if we cannot allow data to flow around the internet, while still protecting privacies and freedoms, what purpose does it serve?

Of course, governments in countries such as Russia and China might say that their ability to control the internet – even literally switch it off – protects their citizens from the widespread misinformation that plagues the wider internet today. However, as Freedom House explained, this model enables controls that are a real threat to the future of free speech.

If, on the other hand, we stick with the version of the internet as operated by the likes of Google, Facebook and Twitter, we are equally exposing ourselves to another kind of centralised internet where we do not necessarily have control of our data or, more importantly, our identity. Indeed, if we are using Facebook, we are granted an identity that is taken away from us when we leave the service.

Decentralised identity – the third way

I believe there is a third way. The notion of self-sovereign or decentralised identity came along shortly after bitcoin, when users began to use the blockchain. Today, it enables users to create and manage their own identities. Organisations can issue verifiable credentials to an identity, enabling individuals to show authorities or verifiers only the attributes they need to see in order to verify their identity, or prove some other piece of information about themselves.

For example, if you are applying for a job, the hiring company could use a similar process to cryptographically verify whether you have a qualification from a particular university. Research by the American Association of Collegiate Registrars and Admissions Officers says: “Just over a third of those who thought the use of blockchain-verifiable credentials in higher education could be impactful thought there could be an increased trust in credentials.”

In fact, identity technologies can be further enhanced with the addition of privacy-respecting features, such as anonymous credentials. In these schemes, the holder would be able to reveal only a specific piece of information requested by the verifier. Continuing the university example, this could see the user only revealing their results in a specific module of their degree or the final grade, rather than having to go into details about which university they attended and when.

In short, anonymous credentials give the holder control of what they want to reveal and to whom. At a time when greater emphasis is being placed on equality of opportunity, only being able to judge candidates on relevant academic achievements, rather than what school or university they attended or what age they are, has the potential to support blind recruitment processes.

Innovative ways to complete transactions

What is certain is that organisations are becoming more willing to explore innovative ways to complete transactions. Verifiable credentials give organisations confidence in who they are transacting with, while still enabling individuals to have more control over their identities. In one pilot we are running with an Australian training company, it is using a credentialing system to replace a hard copy paper-based system.

Checking the credentials of an individual using a paper-based system is time-consuming and expensive because the details often need to be manually checked with the issuer by phone or email, a process that can sometimes take many days.

Conversely, decentralised identity enables the company to complete the process in a matter of seconds. It can also issue credentials to individuals and these credentials are stored in their virtual wallet, similar to those used with cryptocurrencies such as bitcoin, and individuals have control of them.

Covid vaccination passports

In another project, San Francisco company Xertify is working with the Mexican government on a pilot for the issuance of Covid vaccination passports to its citizens. These credentials will enable third-party verifiers to confirm the vaccination status of the holder.

While not suggesting that decentralised identity will solve all the challenges facing the internet, I do believe we are entering a new phase where next-generation identity solutions built on the blockchain are maturing rapidly. At the same time, understanding among commercial and public sector organisations is growing and application programming interfaces (APIs) are becoming available to integrate these identity technologies without requiring highly specialised skills.

It is critical now that we all encourage those in positions of authority to evaluate and embrace these decentralised technologies as an alternative to the traditional “either or” debate that seems to be the mainstay of discussions around the future of the internet. Decentralised identity is one of a raft of new technologies that will put control back into the hands of users while still giving commercial enterprises far greater confidence in transactions on the internet.

There is a great deal to be positive about the future of the internet.

Nick Lambert is CEO of Dock, which is developing a platform designed to provide a solution for organisations to manage credentials using blockchain technology.

Read more on Identity and access management products

CIO
Security
Networking
Data Center
Data Management
Close