paint-brush
Identity Without Authority: A Decentralized ID System for the Whole Worldby@daniel-jeffries
5,063 reads
5,063 reads

Identity Without Authority: A Decentralized ID System for the Whole World

by Daniel JeffriesApril 1st, 2017
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

More than <a href="http://www.worldbank.org/en/programs/id4d" target="_blank">1.5 billion people on the planet have no ID</a> or way to get one. Getting identification is a catch-22. You need an ID to get an ID.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Identity Without Authority: A Decentralized ID System for the Whole World
Daniel Jeffries HackerNoon profile picture

More than 1.5 billion people on the planet have no ID or way to get one. Getting identification is a catch-22. You need an ID to get an ID.

Even in a sophisticated economy like the United States millions of Americans have no form of identification. That’s why voter suppression laws target the poor and disaffected with ruthless efficiency. Politicians know that catch-22 exists and exploit it deliberately.

Stop for a moment and consider how insane that really is:

You have to have a piece of paper that says you exist before you can get another piece of paper that says you exist.

It’s not enough to simply exist.

Fifty years ago it didn’t much matter if you had a birth certificate. The world was analog. Communities were smaller. But today the world is increasingly digital. Without a birth certificate forget about getting an ID. That’s why the UN created their ID2020 project. Nobody should be able to say you can’t participate at the most basic level in the system. But that’s exactly what happens today.

But the ID2020 project doesn’t go far enough to protect privacy and abuse. That’s why we created a decentralized, privacy preserving, biometric ID system as the foundation of the Cicada distributed application platform. It’s a completely open Human Unique Identifier (HUID) for everyone on the planet.

It uses biometric markers as an input to public/private keys and a comprehensive layered system of reputation that is dramatically different from today’s concept of reputation systems. We outlined the platform in detail in the original Cicada whitepaper but it remains the most controversial and least understood piece of the system with 90% of the questions we get about IDs. The questions mainly swirl around whether it’s even possible to build a strong ID system, resilient to Sybil attacks, with no central authorities at all.

A common refrain is that it’s “impossible” mostly because it’s never been done and hence people have no frame of reference to compare it against.

We agree that a decentralized ID system is very hard but we don’t agree that it’s impossible. There’s a big difference between impossible and very hard.

That’s why today we are releasing a new paper that better details the Cicada universal ID system.

We realized that the problem was that we’d failed to outline exactly how the reputation system would prevent attacks because of a disconnect between how people imagined a reputation system (as a big version of Yelp ratings) versus how we’d actually designed it.

And don’t worry, it’s not a Black Mirror style system, where everyone gets points for smiling and everyone is rating everyone else on their hair to their smile and clothes.

Instead, the Cicada Reputation Bank is composed of powerful, algorithmic layers of trust that works at all levels of the system from the top to the bottom automatically. It protects and defends the system, prevents fraud and allows for special features like a built in Universal Basic Income described in our first article on Cicada.

We’re not doing it alone either. We’re united with the coders behind the Fermat Internet of People, collaborating as they create their ID framework over the next few months.

So how does it all work?

To start with, imagine a reputation system built into the TCP/IP protocol itself. It looks for anomalies and provides a universal sanity check for all nodes on the network. Its rules are automatic, pulled down from the blockchain. Think of it as a blockchain powered version control system with a combination of intrusion detection, firewall rules and sanity checks.

The rules govern transactions on the network. None of the nodes on the network trust that the rules are being followed. The system expects attackers. We trust but verify. That’s one of the guiding philosophies of the Cicada platform:

To build a system, you first have to imagine all the ways to destroy it.

Each node does the verification itself to ensure that incorrect transactions do not propagate on the network.

Want to spin up a rogue node and ignore all the rules? Good luck. The rest of the system will ignore you.

Nodes that do bad things pay a price. Whether they’re deliberate attacks or malware infected nodes, they get automatically rated via the network reputation system. For example, a node may ask another node whether it can cryptographically prove it’s running the latest blockchain distributed network ruleset with the correct signature. If that node can’t, its reputation score takes an immediate hit.

If that node continues to behave badly, such as sending malformed packets, it continues to take hits to its reputation. Eventually the node under attack may enact a temporary local block via its firewall rules, stopping all traffic from the attacking node. It will then vote to the wider network that the attacking node is violating the shared trust. If enough votes are reached from the network the node may be blacklisted for escalating periods of time.

At first it might be five minutes and then seven and then ten and then fifteen. Eventually a node might be blacklisted automatically for days or even permanently until it can prove the correctness of its network stack again through an automatic verification process against another blockchain.

That’s just a piece of the reputation puzzle. Check out the paper for the rest of the details.

Of course, maybe you’re wondering why we don’t just create a central authority and issue the IDs? Wouldn’t that be easier?

Sure but it doesn’t work because trust is not permanent. Trust is a moving concept.

Despite supposedly strong central controls today, ID fraud is rampant. Centralized trust is an illusion. Breaches of big companies happen daily. The odds are currently one in seven that someone else has your social security number. Centralized trust is not even close to a panacea.

To make it worse, central authorities can go bad, even ones set up with good intentions. A central authority that you know and love today could turn on you tomorrow and betray your trust, leaving you with no way out.

Trust can easily change from positive to negative or back again. If a man is loyal to his wife for fifteen years and then cheats on her, all his trust burns up over night.

The Cicada project sees the need for a strong, privacy preserving, open ID that’s decentralized and has no central choke points for one simple reason:

It provides the best protection against fraud, abuse, overreach, and authoritarianism.

Some form of digital ID for everyone on the planet is virtually inevitable in the near future. So either we create it ourselves, or someone will do it for us and we will hate the results. It’s as simple as that.

Don’t believe me?

What if I told you that efforts are already underway?

Banks and foreign governments are creating huge, weakly secure, non-revocable biometric identification systems in centralized databases that we have no control over. Companies like GenKey are working with the Indian government to create universal IDs for a billion people, using a proprietary, copyrighted algorithm that people have no insight into whatsoever other than what the company chooses to share about it, which is not much, because opening the kimono means losing their competitive advantage.

If we allow private companies to continue to create this technology, you won’t know where or how your information is stored, whether the proprietary algorithms accessing it have good or evil aims, or even if it’s really secure at all. You won’t know most of this until it’s inevitably hacked and all of your personal data spills out onto the nets, including your iris or fingerprint template or your DNA hash, which is now useless as an ID because you can’t take it back or change it.

Centralized organizations do not create vast information stores without a secret purpose. Whether it’s a social media platform whose goal is to make money from advertising to you based on your personal likes and dislikes or a government that is looking to track, control, and surveil its citizens, those platforms will be corrupted from the start by those negative philosophies.

Those philosophies will get baked in to the final system and will remain inescapable.

  • You cannot build openness into a system founded on closed ideas.
  • You cannot retrofit privacy or security onto a system built to subvert privacy and security.

Privacy, openness and security must be foundational to the design of the system from the very start.

We feel strongly that these systems should be replaced with universally vetted, secured, and openly designed systems.

We simply can’t allow this to be a private, closed system locked away from public scrutiny. We also can’t allow a central chokepoint to control it. The reasons for that are simple too.

When it comes to governments, they can go from liberal democracy to authoritarian nightmare in a flash.

Leaving the controls of a such a powerful system to any one group is a disaster waiting to happen. If that group moves from trusted to untrusted, the game is over for everyone.

That’s why creating a decentralized identity is not just a useful idea, it’s a moral imperative.

And we need to create it before it’s too late.

We still have time. But it’s running out fast.

We’re still looking for a few good coders and more alpha testers and you can sign up here to be either one.

Join the project.

Code the future. Save the world.

############################################

If you enjoyed this article, I’d love it if you could clap it up to recommend it to others. After that please feel free email the article off to a friend! Thanks much.

############################################

If you love my work please do me the honor of visiting my Patreon page because that’s how we change the future together. Help me disconnect from the Matrix and I’ll repay your generosity a hundred fold by focusing all my time and energy on writing, research and delivering amazing content for you and world.

###########################################

A bit about me: I’m an author, engineer and serial entrepreneur. During the last two decades, I’ve covered a broad range of tech from Linux to virtualization and containers.

You can check out my latest novel, an epic Chinese sci-fi civil war saga where China throws off the chains of communism and becomes the world’s first direct democracy, running a highly advanced, artificially intelligent decentralized app platform with no leaders.

You can get a FREE copy of my first novel, The Scorpion Game, when you join my Readers Group. Readers have called it “the first serious competition to Neuromancer” and“Detective noir meets Johnny Mnemonic.”

You can also check out the Cicada open source project based on ideas from the book that outlines how to make that tech a reality right now and you can get in on the alpha.

Lastly, you can join my private Facebook group, the Nanopunk Posthuman Assassins, where we discuss all things tech, sci-fi, fantasy and more.

############################################

Thanks for reading!