Kaliya Young: It’s great to be with you this morn­ing. So I thought I’d start at the begin­ning. I found­ed the Internet Identity Workshop with some col­leagues in 2005, and we are still con­ven­ing. We began meet­ing real­ly ask­ing this ques­tion, how can indi­vid­u­als own their own dig­i­tal iden­ti­fiers? How can we get out from being under­neath the plat­forms that we’re inter­act­ing with? Just a user­name and pass­word, or now more recent­ly you have these inter­me­di­aries like Google and Facebook, that you’re using to log into var­i­ous things.

And then, if you got your­self your own iden­ti­fiers how do you actu­al­ly prove mean­ing­ful things about your­self using them? And the good news is after fif­teen years of con­ven­ing, we’ve got­ten some­where. Our next one’s actu­al­ly hap­pen­ing next week, and you’re all invit­ed of course.

There’s a whole set of open stan­dards around self-sovereign iden­ti­ty that have emerged. And I’m gonna touch on them real­ly briefly.

At the core of them is this, the decen­tral­ized iden­ti­fi­er. And it’s an iden­ti­fi­er that indi­vid­u­als them­selves cre­ate, along with a pub­lic key and a pri­vate key, and they can post them to ledgers. And there’s lots you can read online about the tech­ni­cal details and I’m not gonna go into them now. There’s not enough time. But I invite you to explore them.

And con­cep­tu­al­ly at the top you have iden­ti­fi­er own­ers. Then you have the next lay­er. You have indi­vid­u­als have dig­i­tal tools that work on their behalf. So at the core of this is a wal­let that they would prob­a­bly car­ry on a smart­phone.

And then next you have what is hap­pen­ing in the cloud, so that indi­vid­u­als will have agents that are cloud-based that are con­nect­ed to their wal­let. And these are also under their con­trol. And the vision for these is that they act much more like a bank does today. We go and we put our mon­ey in a bank, and the bank helps us do things with our mon­ey. But it’s our mon­ey; we go back to the bank and go, I want my mon­ey, I’m going to take it to the oth­er bank.” The same should be true with our data. It should­n’t break down if we choose to change ser­vice providers and those that are act­ing on our behalf with it.

And then next you have, as has been men­tioned, shared ledger, dis­trib­uted ledger tech­nol­o­gy, of which there are quite a few dif­fer­ent folks (Sovrin is the one that’s been named here) already that are sup­port­ing this. And it’s real­ly a rout­ing infra­struc­ture. There isn’t very much infor­ma­tion stored on these in the dis­trib­uted ledger. It’s real­ly a way to go find and con­nect between agent to agent for indi­vid­u­als, and to con­nect using pub­lic key infra­struc­ture.

And the oth­er thing that you can do with this is ver­i­fi­able cre­den­tials to sup­port the move­ment of attes­ta­tions, cre­den­tials, claims—however you want to call it—from insti­tu­tions to indi­vid­u­als.

So where do these ver­i­fi­able cre­den­tials come from? And one source is reg­istries. And this is what I’m real­ly grate­ful for Mike’s work, is kind of to go oh right, okay, that’s one way to look at them. And I spent the last two years at UT Austin in their new Masters of Science and Identity Management pro­gram. And I’ll tell you a lit­tle bit of the sto­ry and then I’ll walk through what we have.

In that pro­gram, we were in a cohort of twelve folks. And we would get new teach­ers, right. This hap­pens in a cohort pro­gram. And we kept talk­ing about iden­ti­ty as if it was one real­ly big thing. And I was like wait a sec­ond. There’s dif­fer­ent forms of iden­ti­ty, in dif­fer­ent places, and we need to have a frame­work to think clear­ly about it.

And so this is actu­al­ly part of Mike’s paper. So what are the dif­fer­ent places that PII, personally-identifiable infor­ma­tion, ends up in data­bas­es? And this is the anchor for how I thought about divid­ing up the world of iden­ti­ty into some man­age­able chunks.

And so at the top of this is me and my iden­ti­ty. And this is the place where I as the indi­vid­ual col­lect and man­age and store my own infor­ma­tion. And we have sev­er­al vari­eties. User-centric dig­i­tal iden­ti­ty, this is what the folks I’ve been sup­port­ing, con­ven­ing at the IIW, have been work­ing on for a long time. There’s the Indie Web efforts. Folks have been work­ing on these chal­lenges in that con­text. You have the quan­ti­fied self move­ment, which is all these track­ing and all sorts of tools for peo­ple to man­age and track their own infor­ma­tion. And now this new kid on the iden­ti­ty block, the self-sovereign iden­ti­ty work. So this is me and my iden­ti­ty.

Next is a cat­e­go­ry that often gets over­looked, but how do elders, chil­dren, folks with dis­abil­i­ties, and oth­ers man­age their iden­ti­ty? They do it with folks act­ing on their behalf. So you have you and my iden­ti­ty,” or del­e­gat­ed rela­tion­ships that we need to have account­abil­i­ty in the sys­tems to sup­port folks who aren’t man­ag­ing their own iden­ti­ties hav­ing oth­ers do it on their behalf, but in a way that means they’re not giv­ing away their credentials—that there’s account­abil­i­ty.

So, these are the sources for data and iden­ti­ty infor­ma­tion in the next twelve domains. And we’re gonna step through them.

So the first one is gov­ern­ment reg­is­tra­tion. And there’s two forms, real­ly. There’s pri­ma­ry reg­is­tra­tion, which is done by par­ents on behalf of their chil­dren. This is when you reg­is­ter your child’s birth at the coun­ty lev­el, and now more recent­ly also with the fed­er­al gov­ern­ment to get the issuance of a Social Security Number. And then also sec­ondary reg­is­tra­tion is all the reg­is­tra­tions you do after that, often your­self, using those pri­ma­ry doc­u­ments to get a dri­ver’s license, to get a pass­port. All kinds of dif­fer­ent things need you to get anoth­er iden­ti­ty issued to you by var­i­ous gov­ern­ments.

And all of these sys­tems and process­es are very recent inven­tions. Most of them are less than a hun­dred years old. And there’s a loop that hap­pens, actu­al­ly, where mod­ern states came into being in part because they went out and reg­is­tered their cit­i­zens, who then thought to them­selves, I’m part of this thing called a state.” So this actu­al­ly forms a recur­sive loop in terms of peo­ple’s sense of iden­ti­ty when these process­es are put in place.

And this is a map from Mia Harbitz, whose work is in the CRVS space (civ­il reg­is­tra­tion of vital sta­tis­tics) about what hap­pens when you have effec­tive civ­il reg­is­tra­tion in terms of enabling a holis­tic pic­ture of its impact on soci­ety.

Next you have gov­ern­ment trans­ac­tions, and this is where you show up with the doc­u­ments you had in step one, which is get­ting reg­is­tered, and you go and use them to do things, actu­al­ly. And this is actu­al­ly where you find a bunch of reg­istries. You can’t reg­is­ter your car unless you have a dri­ver’s license in which to make the con­nec­tion, right. And when you do land trans­ac­tions that are record­ed by the gov­ern­ment, they ask you to present government-issued ID.

Next we have civ­il soci­ety. This is a whole clus­ter of orga­ni­za­tions that come togeth­er for the pur­pos­es of this, which is orga­ni­za­tions which you have an ongo­ing rela­tion­ship, and that are pro­vid­ing not just com­mer­cial trans­ac­tions but health, edu­ca­tion, many oth­er things. And all of these insti­tu­tions have a reg­is­tra­tion process and some sort of issuance of cre­den­tials that you re-present when you show up to ask for the ser­vices.

And you present the cre­den­tials you got through the reg­is­tra­tion process, and you’re able to trans­act to get the ser­vices. And this is also a place where we find, ta da, a reg­istry. Professional licens­ing often hap­pens in these types of insti­tu­tions, right. This is anoth­er reg­istry.

You have com­mer­cial reg­is­tra­tion. This is where you sign up to get that loy­al­ty points or a cus­tomer num­ber with a ser­vice provider.

And then when you present, you show up, you share what­ev­er it was you got in the reg­is­tra­tion process along with pay­ment and you get your goods and ser­vices.

Next you have employ­ment reg­is­tra­tion. This is where indi­vid­u­als are apply­ing for jobs, shar­ing infor­ma­tion about who they are. Once they’re offered a job and it’s accept­ed they’re enrolled into the enter­prise sys­tems, and they get a cre­den­tial and they present that cre­den­tial to do work. And in return they’re paid for that work.

So, this next cat­e­go­ry is where we end up with PII in data­bas­es and sur­veil­lance. And in my research there were three main kinds: vol­un­tary known, invol­un­tary known, and invol­un­tary unknown. And this hap­pens across all of the con­texts that I’ve already gone through. So you have gov­ern­ment sur­veil­lance hap­pen­ing, of all three types. You have civ­il soci­ety surveillance—so this is like CCTV cam­eras going into school or you know, var­i­ous ways that peo­ple are being tracked. And a lot of it’s vol­un­tary. Like I put on some sort of health mon­i­tor and it’s going back to my doc­tor, I under­stand that’s hap­pen­ing and I’m choos­ing it.

And then you have com­mer­cial sur­veil­lance. And final­ly, employ­ment sur­veil­lance. So this is where…this is real­ly old. Taylorism is not new.

So those are the next twelve domains. And then final­ly you have the data bro­ker indus­try that’s pulling data from all of the above contexts—public data, data from com­mer­cial enti­ties, com­pil­ing it into dig­i­tal dossiers and reselling it to gov­ern­ment and the com­mer­cial sec­tor.

And then final­ly all of these domains are sub­ject to attacks on the black mar­ket both by state actors and crim­i­nals. And this data is being spread around in that way. So there you have the domains of iden­ti­ty.

Now, I want to quick­ly tie it all back togeth­er and be like, how do we actu­al­ly— If you notice in all these lit­tle dia­grams there’s the per­son. And what if we put the per­son at the cen­ter? Going back to SSI, using their wal­let and their cloud agent, that they could col­lect the cre­den­tials that they get from gov­ern­ment and then reuse them when they show up on the door of gov­ern­ment to do trans­ac­tions.

They can col­lect cre­den­tials from their civ­il soci­ety insti­tu­tion­al engage­ment, their pro­fes­sion­al licens­es, their num­ber from the water polo asso­ci­a­tion—all kinds of cre­den­tials in dig­i­tal form. And when they use them it’s real­ly easy for them. Their employ­ment reg­is­tra­tion cre­den­tials, proof of where they’re employed, and use those in a much more secure way to even log into those sys­tems of the enter­prise. And then, com­mer­cial reg­is­tra­tion, all their loy­al­ty cards, and points, etc. And use them.

So, self-sovereign iden­ti­ty is what sits in the mid­dle enabling indi­vid­u­als to man­age all these dif­fer­ent rela­tion­ships in a way that is sig­nif­i­cant­ly less com­plex than each of those insti­tu­tions need­ing to have a busi­ness rela­tion­ship with each oth­er to see those cre­den­tials.

So, we are real­ly see­ing the emer­gence of a new lay­er of the Internet for peo­ple, I believe. Layer 8, on top of the one we have right now. And I want to close with this quote, Protocol is a lan­guage that reg­u­lates flow, directs net­space, codes rela­tion­ships, and con­nects life forms. It is eti­quette for autonomous agents. And these are also the new set of pro­to­cols to real­ly enable us as peo­ple to con­nect to one anoth­er and con­nect to orga­ni­za­tions.

And I’ll leave you with this. To get to this future we need to coor­di­nate the devel­op­ment of com­mon build­ing blocks, code, infra­struc­ture, and pro­to­cols. We must ship inter­op­er­a­ble prod­ucts, and we need to work towards align­ment and con­trol. So with that I thank you, and look for­ward to the pan­el.


Help Support Open Transcripts

If you found this useful or interesting, please consider supporting the project monthly at Patreon or once via Cash App, or even just sharing the link. Thanks.