Post 4 - Identity enabling Data as an Asset Class

This is part four, where I draw, once again on a conversation with Michael Clark about how data ownership requires: data, value and identity.

Identity implies an owner whether an individual or some organization, in our context with digital data this is necessarily a digital identity.

Things like your phone number, passport number, or email address are not identities but identifiers used to link you to your identity.

Your identity is who you are and includes the types of music you listen to, the choices you have made, and what you believe and subject to change.

In the digital realm, as in life, we want to control how we project our identities. For the IRS we need to provide certain elements such as name and social security number, but we don't want to provide much in the way of personal information such as our beliefs and tastes. On social media however, we want to share some of these attributes and not others such as our home address and phone numbers.

So one way of doing this is through a self-sovereign identity (SSI) which gives us control as to when to use whatever identity we wish to project including an anonymous persona.

Problem

Now we need to consider some of the problems with identifiers being used to 'steal our identity' and 'deep fakes'.

Identifiers are easily stolen by a variety of means and the main problem is that the identifiers cannot be easily traced back to a person, your passport may be stolen or your email account hacked.

Ultimately, the holder of your identifier is someone else. What if you were the sole holder and controller of the digital source that links to your identity and identifiers?

Solution

The concept of decentralization is focused on governance and control, that is the systems that are decentralized are not controlled by any single entity. The BitCoin network functions this way, no one is in 'charge' and thus the whole network can be trusted.

This is where the use of Decentralized IDentifiers (DIDs) come in. I won't get into the technical detail, but let me put the concepts together now.

You (a person/entity) will have a secure digital 'twin' by using a decentralized token such as an NFT. This token will be used to generate secure identities and identifiers.

At first, I will use my 'Entity token' to create a new identity of 'Stuart the Author' which is created and verified by my 'Entity token'. Then I will use my 'author' identity token to sign my creations including those I publish to various web sites.

The beauty of these tokens is that they can be easily used to verify who I am if I chose to make that information public.

As a second case, I can create a new identity, called 'Shadow' which allows me to create documents that are anonymous. The document can be traced to my digital identity (Shadow) but since it is private no other information is revealed. In the future, if I choose, I could then choose to reveal myself as 'Shadow' using my 'Entity token'. The key concept here is that I can create as many identities as I would like, each verifiable but still controlling my privacy on each one.

What is missing?

These frameworks are already available, but a few opportunities now arise.

1. Make it easy. Software builders are able to create decentralized applications that would allow people to use what is described without having any technical knowledge. It is easy to imagine a variety of 'Entity creators' to choose from that would issue the 'Entity token' needed to create my identities. Then a multitude of 'identity creator' services would allow me to create an author DID, a Facebook identity, a Reddit identity, an anonymous identity, an IRS identity, a passport identity, etc.

Sound complicated? Yes, on the backend where you don't have to get involved. But once the IRS or Facebook or an author's site adopts this you can have a single simple 'sign on' using your master 'Entity token'. No more password, no more email addresses as identifiers, no more social security numbers needed. We don't need all of these services from day one, as the first one gets built, then another one and another one as people realize how much better this is for everyone.

2. Make it secure. Blockchain and decentralized systems are very secure today, but there is one element that needs to be implemented, your 'master key'. Today with BitCoin there is a 'private key' which is very long and stored in a digital wallet. Protecting that digital wallet is paramount to the security of the system. Lost and stolen wallets have been a weak aspect of these systems, which have led to online exchanges like Coinbase managing a wallet for you, however this means you are trying them to protect our wallets. Ideally a simple but secure system would be designed for the public. One example might be microchip implant that contains your wallet but can only be used when you use a device with a rental scanner.

3. Decentralized services. These are being built today, however a framework with recognized standards and fully audited will provide assurances that these systems can be trusted and are 'fool proof'

4. End user applications that support DIDs. The first compatible applications will be low risk and provide some value but over time all online systems will see the reduced costs and increased security as invaluable.

Let me know your thoughts.

Next week, I plan to discuss how we can store data securely in a decentralized manner in order to tie your identity to your data.

It is generally recognized that for an identity system to be self-sovereign, users control the verifiable credentials that they hold, and their consent is required to use those credentials. This reduces the unintended sharing of users' personal data. This is contrasted with the centralized identity paradigm where identity is provided by some outside entity.

By Christopher Allen

Part One is an introduction found here: https://www.garudax.id/feed/update/urn:li:activity:7232477593537536000/

Part Two Value of Data, more than money: https://www.garudax.id/pulse/part-2-value-data-more-than-money-stuart-berman-r7mcc

Part Three Holy Trinity of Data Ownership: https://www.garudax.id/pulse/part-3-theholy-trinity-data-ownership-stuart-berman-6bzlc/