Digital identity and identity are two distinctly different things. Our identity is all-encompassing, ephemeral, and constantly shifting as we reinvent ourselves based on our past experiences and current circumstances. Identity is a concept that philosophers have, and no doubt will continue to, grapple with. The awareness of self is often used to differentiate the human species from other species, although I doubt this is a trait unique to us. However, when we talk about digital identity, it, at least in its current form, is a representation of our identity in a format that a computer can interpret and understand. It is a bastardised version of our identity, in that we can not represent all the nuance, complexity, creativity and history involved in the forming of our identity. Quite probably we should not even try.
Digital identity was developed to fulfil a purpose and need in the digital sphere. The need to identify each other to differing degrees of certainty and associate this identification with information that can convey meaning. We all need to form digital relationships, to communicate and to transact. All digital interactions rely on trust, another hard to define concept, that is ever-present as we go through our lives.
In their current form, digital identity management systems fall short on many basic aspects: privacy, flexibility, usability and security. They still largely rely on username’s and passwords, provided for a certain domain space typically by an organisation to enable them to manage a representation your identity within their domain. Individual users are for the most part left to manage this complexity across multiple accounts, remembering usernames and passwords often without any digital tools that might simplify this administrative burden. Additionally, authentication in these relationships is uni-directional, leaving individuals with no mechanism, other than the green padlock, to authenticate the entities they are interacting with. Importantly most digital identity management systems today do not support private, peer to peer relationships across which trust can be established and built independently of any third-party oversight, control or censorship.
Digital identity, to me at least, is a collection of interactions and identity information that can be correlated to a single entity, typically through an identifier. Organisations provide individuals with identifiers in the form of a username, they often request identity information to give them the required assurance in that identifier and they associate all account interactions with that identifier. This enables them to build up a picture of the persons digital identity within their domain. This, on its own, sounds reasonable. As they learn more about you, within their context, they can provide better, more personalized services and recommendations. I imagine we all appreciate it when Spotify recommends us our next favourite song.
The more sinister side of digital identity is what Zuboff terms the shadow text. Where, generally large organisations, who sit as gatekeepers, identity providers or simply buy up huge quantities of identity information begin to correlate digital identities across domains and more broadly throughout the internet as a whole. A wealth of identity information, the use of common identifiers across domains (think email addresses) and the increasing power of big data analytics has created huge asymmetries of knowledge and power within our societies. A few powerful entities and their highly skilled employees can use this information to create digital identities representing each of us. They can then make predictions about these digital identities, about us, revealing highly sensitive information with staggering accuracy. However, these predictions are not perfect and can bake in biases inherent in our society, extending racism, sexism and discrimination into our digital lives. Often it is the inaccuracies that are most harmful and least understood.
It could be argued that a few entities know us better than we know ourselves, able to glean highly personal secrets based on our patterns of behaviour that we might not willingly share with our best friends. While, at the same time individuals struggle to form life long digital relationships between themselves and for themselves. Every interaction they have goes through someone else’s platform and relies on an identifier that is provided to them. Identifying the same individual across domains with a high degree of certainty? - challenging at best. Recovering contact with an individual due to loss or denial of service from an account provider? Certainly not easy. Just read about my experience with Facebook
The digital infrastructure, and the digital identities that they support, were designed by and for the organisations that manage them. The individuals that these digital identities represent were an afterthought, merely users and dependants in the system that is providing for them. I believe that the capabilities underlying Self-Sovereign Identity, or whatever other terms you want to use, will enable more personal and more human digital interactions. It can increase the cost associated with correlating individuals across domains and enable a digital, and increasingly cyber-physical infrastructure designed and built with the individual as first-class citizens, empowering them to take advantage of, rather than be taken advantage of, this new realm.