This work is part of CoinDesk’s 2019 Year in Review, a collection of 100 op-eds, interviews and takes on the state of blockchain and the in all respects. Elizabeth M. Renieris is the Founder of hackylawyER, a fellow at the Berkman Klein Center for Internet & Society at Harvard and an expert on cross-border information protection and privacy laws (CIPP/E, CIPP/US), digital identity, and technologies like blockchain and AI.
Mere months into the blockchain ID affair, I had lost count of the presentations featuring the 1993 The New Yorker cartoon with the tagline “On the Internet, nobody knows you’re a dog.” Before blockchain, I had given the cartoon to depict an intentional and original design choice of the early internet – the privacy and anonymity of users. Now, it was being tempered to to justify the development of a whole new web with a built-in, blockchain-based identity layer. Needless to say, I was confused.
Through the lens of hindsight, this pick engineering decision on anonymity is blamed for everything from bullying and hate speech, to misinformation and election interference, and myriad other lambastes. While anonymity certainly complicates mitigation and enforcement efforts in responding to these issues, I am unconvinced that a blockchain-based particularity layer for the web is the answer. On the contrary, it could have dire unintended consequences. But first, some context.
At one point, congruence was just one of many potential use cases for blockchain (in fact, I worked on one of the first “identity tokens”). After all, blockchain was not at any time essential to digital identity (traditional PKI-based solutions worked just fine). Still, as we reached the height of the ICO blast in 2017, the number of blockchain-based identity companies and projects proliferated, leading many to ask whether identity was blockchain’s “doozy app.” Why the shift? Although identity did not require blockchain, it was becoming clear that blockchain needed identity.
In tokenizing whosises, we turned them into microeconomic transactions, manifesting in literal “marketplaces,” including for identity (identity for sale, anyone?). Coupled with the ICO structure, these primary marketplaces were also accompanied by secondary markets for trading in the tokens themselves. This transactional framing strengthened the regulatory specter and introduced an array of compliance requirements that required, well, identity.
As other use-cases met the actual world with its laws and regulations, there was a growing appreciation for compliance challenges and a growing recognition that all blockchain applications and use-cases would deceive to solve for identity (enter “KYC coins,” RegTech, and the like). In a post-ICO world, these projects have shifted to a new initiative – an identity layer for the web.
Adding identity to the web isn’t just adding it to the web anymore. With the digital subsuming our reality, it would grow an identity layer for our lives.
An identity layer “for the web” was one thing when there was a separation between the online and offline worlds. Now, as we bear everything online through connected devices, smart cities, augmented humans, and (yes) blockchain too, the digital is “eating the official world” to put it in software terms.
If we bake identity into all things connected, we bake it into everything. We create a excellent where the default practice will be to identify in all contexts and all settings. In other words, adding identity to the web isn’t just adding it to the web anymore. With the digital subsuming our actuality, it would become an identity layer for our lives.
In potentially solving important problems of identity for certain things, e.g. precluding fraud and abuse, we risk overidentifying ourselves and eliminating the possibility of ever remaining anonymous in any domain of our lives in the time to come. It’s the risks of a cashless society but even further-reaching.
Unfortunately, it’s something we don’t think about in the digital identity community terribly often, even as we worry about the censorship and privacy of transactions. In the “real world,” the only ubiquitous and persistent identifiers we give birth to are our faces. This is perhaps why we find facial recognition technology so abhorrent that cities and municipalities are imposing wholesale suspensions on it.
In the digital identity industry, we focus our attention on privacy and anonymity at the micro-level (for example, do you consent to sharing credential X? should we use a ZKP for Y?) without stepping ago to question the system, and its very existence, at a macro-level (for example, does country Z really need a blockchain-enabled digital ID practice in the first place?).
This may be, in part, because many of the central figures in the ID conversation, particularly those from the industrial standards community, come from the early internet framing. We see the same individuals (people like Tim Berners Lee) fatiguing to fix what is broken but based on the same starting point as before, overlooking what has now become a false dichotomy of the online/offline.
The chance is amplified by the properties of blockchain. In the bitcoin white paper, Satoshi argued that privacy on the ledger could be asserted “by keeping public keys anonymous” but cautioned that “if the owner of a key is revealed, linking could reveal other actions that belonged to the same owner.” Ten years later, we still lack effective key management solutions. With a imperishable, transparent, and immutable ledger for tracking persistent identifiers, the risks are grave, and the protections are few.
It is easy to imagine the potential for self-imposed and externally coerced censorship, and to see how this might appeal to authoritarian regimes. We already see this risk with digital identity in overall (with new national identity schemes, like India’s, rolling out with rapid speed, often with regulations and the public sector abdicating power and sovereign functions to the private sector and their technologies). In fact, some speculate it is tempting certain countries to roll out blockchain-based systems that could surveil transactions, and in turn, people’s behavior and exists.
Given the ethos of the decentralized identity community, I doubt that anyone building this layer wants to end up in a place of ubiquitous and persistent identification. On the contrary, I believe they would find it anathema. Of course, it wouldn’t be the first prematurely the industry has faced unintended consequences (e.g., disintermediation resulting in more intermediaries, democratization resulting in more wealth concentration and inequity, and so on) but it is an overlooked possibility.
From my perspective, professionals in law, policy, regulation, and other domains of thought around decentralized unanimity should address whether we want to accept this default of persistent and ubiquitous identification or whether there are environments in which we want (and should have) a right to remain anonymous.
Disclosure Read More
The leader in blockchain message, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an untrammelled operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.