When Neo's brain - portrayed by Keanu Reeves - is unplugged from the Matrix network in the 1999 cyberpunk movie The Matrix, he observes that the human species has largely been turned into an energy source, powering a world that has been taken over by intelligent machines. Similarly humans today are waking up to the reality that technology companies have turned individuals into non-player characters, feeding corporate objectives. While law makers and government agencies have sprung into action to mitigate against the most apparent externalities of technologies optimized for profit, one fact has become apparent:
Regulation directed at corporations and humans can never catch up to technological innovation.
Importantly, today's regulation efforts fail to address the core of the problem: the architecture of the internet itself. Current network topology - including maybe most visibly information distribution on the world wide web - positions human beings as consumers of endpoints, requiring individuals to commit/loose their own agency upon engagement or entrance, while largely overriding the individual's objectives with those of network operators or other network users (often charitably referred to as "advertisers"). This architecture has relegated human activity to data-generating oracle functions. In the context of networks oracles devices are entities that connect a deterministic system with non-native digital information.
Current internet topology regards humans in much the same way as weather stations, and other IOT devices.
Entering a single letter into the search box of your 'search engine' (not really the right term, since you are running a query against as database) and many other platform produces a programmed response designed to optimize for key performance indicators (KPIs) - i.e. click-throughs - ultimately feeding objectives of a paying client of that service - i.e. advertiser. The - often black-box AI-driven - polarization of online content and discussion is feeding yet another KPI: time-on-site, making the misdirection of user attention collateral damage in the pursuit of objectives set not by the individual but by the platform operator, and subsequently a 'marketer'.
You never were a search engine USER, you have always been a Non-Player Character in a game designed by Google.
This legacy of systems evolution and centralization can at the core be attributed to the implementation of database technologies, and consequent connection of these data siloes to networks including the internet. With the emergence of decentralized software solutions - such as blockchains and directed acyclic graphs - efforts are being made to mitigate against the hegemony of account-based systems, and return ownership of digital data and activity to the individual. As such, it is important to note that the true genius of the Bitcoin Whitepaper was indeed not the creation of a new "currency" - a somewhat unfortunate mislabeling (more here) - but sovereign control over a set of bytes by a user, without the need for a centralized database authority.
Mark Zuckerberg, 2004
The European 'Digital Identity Wallet' proposed by the EU’s executive commission is a smartphone app that would let users store electronic forms of credentials and other official documents, such as driver’s licenses, prescriptions and school diplomas, is the latest attempt in a long-line of failures to turn metaphors into viable technology.
Machines do not forget, and data digitally recorded is almost immediately copied and distributed. It is therefore a naïve attempt to invoke 'Rights To Be Forgotten'. - Humans have the unalienable right not to be observed!
Human agency refers to the human capacity to make decisions and enact them on the world, including machines and technologies. Human agency entitles the observer to ask should this have occurred? in a way that would be nonsensical in circumstances lacking human decisions-makers -i.e. the impact of weather conditions. If a situation is the consequence of human decision making, persons may be under a duty to apply value judgments to the consequences of their decisions, and held (legally) responsible for observable actions of those decisions.
Having rummaged through dozens of design papers on "decentralized identity" for more than six years, a common threat emerges: engineers introducing the designation identity to describe operational aspects and objectives of technology, consistently fail to establish a functional definition of the term before committing the concept to source code. Developers seem content to appropriate and combine the syntax from various disciplines in a futile effort to obtain clarity of nuanced legal, and behavioral concepts.
Despite disagreements among scholars of social sciences, philosophers, and psychologists about many facets of identity, a general consensus about its uniquely human quality exists. Further separating human beings from objects and other living organism is the ability to self-reflect and form intentions. Aside from situational and/or reflexive expressions, the basis for the latter is most often rooted in the sum of experiences, and memories thereof. Baring significant advances in human brain-monitoring technologies, engineering efforts serving human intentions thus far are limited to levels of observance and interpretation. In so far as this threshold is breached by technical implementations - i.e. software-assisted "social engineering" (a form of "hacking" human-assisted processes), definitions must allow for the attribution of human agency.
At the time of this writing there are no known technologies addressing identity management.
Solutions using the term "identity management" can readily be classified by the type and purpose of data collection and management: i.e. identification, including (for) access management and authentication, profiling, certification, etc. The often used term 'digital identity' is a figure of speech frequently applied to a collection of personal identifiable data. As with all metaphors it is not literally applicable to the design language of technology. Frequently the term can be replaced with an accurate designation such as persona or profile. The former aspect of the data is the subset available to the "user", while the latter is the totality of data collected and augmented by the the entity controlling the network or platform.
Metaphors are to be narrowly watched, for starting as devices to liberate thought, they end often by enslaving it. - Cardozo
During the largest gathering of 'identity management' companies at KNOW, in Las Vegas, it was obvious that every participant had their own definition of that term "identity", and little interest in refining it to have intellectually honest discussions.
Below is a simplified visualization of layers surrounding human activity as seen through current network architecture.
Importantly these layers must be considered both in the context of networks, and without any technology at all.
Human activity can be divided into thoughts and emotion, as well as physical expressions. Discounting elaborate implementations such a functional magnetic resonance imaging machinery, only the latter expressions are generally available for observation. However, it is important to note that any observation of physical human activity regularly affects human thoughts and emotion (observer effect). Considering that identity is formed by a process of (self-) reflection, observations must first provably pass conscious human approval processes. These paradigms which are regularly enforced in the physical world, can be returned to individuals via the use of cryptographic primitives which disallow, and/or invalidate copies. Just like border-agents do not get to keep copies of government credentials, control over online credentials must be implemented as digital bearer instruments.
We are currently working on a taxonomy for identity engineering (see Github). Contact me if you have a suitable legal or digital forensics background and want to contribute.
*We are blockchain investors. If you think, you have a solution to the outlined problems connect to me.
Interview on 'Privacy Investing':