Legend has it that in the beginning there was Adam. He was all alone and the concept of identity was meaningless. Because Adam was lonely, he gave up a rib (a small price to pay) and he was not alone any more. Identity was now.…still meaningless for the most part.
Fast forward to the year 1, the year 2698 on the Chinese calendar, or the year 3761 on the Jewish calendar, the world was populated with about 300 million people. Taxes had been around for 1000 years by then and we have all heard of the famous census that was taken about that time. Identity had grown to be important and was becoming more so over time. Everything was pretty manual, and physical forms of identity would evolve over the next 2000 years to include passports and driver’s licenses, government IDs, employment badges etc etc.
Fast forward again to the 1990s and a new identity problem was being born in the form of a wide open information network that would come to include banking, commerce, services, games, software, entertainment and rich communications. In fact more and more services were becoming practical at a rate that was accelerating. Suddenly everything we knew and used for identity was more or less obsolete and we have paid a price in identity theft, fraud and misinformation.
The internet was conceived as an anonymous network. It would enable a great leveling or flattening of the planet by making knowledge universally accessible. It would allow workplaces formally confined by physical space to become virtual and teams to become truly global. In the great rush to make this happen, the concept of identity as a fundamental building block of this great experiment would be dealt with later. A compromise seemed necessary and one was made; folks could just use user IDs and passwords. It was clearly understood that Something better was needed and assumed that eventually (in a few years perhaps) this problem would be dealt with.
20 years later, we are struggling with the unintended consequences of that one compromise. On average, many individuals now have 200–300 identities on the internet; every email address, every password, every account, every service has its own way of dealing with identity and plenty don’t really deal with it at all. The result, not surprisingly is a form of internet anarchy. Passwords hard to remember (especially strong ones), often written down and too easy to steal or buy in the dark web. Passwords allow unauthorized persons to access sensitive data, steal identities and commit billions in fraud.
Anonymity is still at the heart of the problem. Verified trusted identity tools are just now coming into existence. The tools needs are identity verification tools that cannot be stolen. They are not things you know (passwords or publicly accessible information about you) or things you have (mobile phones that can be hijacked) but things you are. They are biometric, facial recognition, fingerprints and, voice prints and ultimately DNA.
“What you are” is a great first step, but in and of itself, it is still not enough. In addition to verified identity, there must be a way to protect the system that matches this identity. There needs to be a secure communications layer (Zero trust is fundamental) with no anonymous players and trusted verifiers. And finally, there must be a way to only expose necessary information to those who need it. The classic example is proving you are 21 to buy liquor should not require your address or date of birth just a trusted attestation that you are more than 21.
Of course when this compromise was made, many of the technologies needed to achieve these goals did not yet exist, hence the compromise.
Today, we find ourselves with many tools we did not have back then. We have advanced cryptographic technologies. Devices are equipped with sensors to enable biometric data gathering. Zero trust networks are possible to build and becoming more common. Zero knowledge networks that share only what needs to be shared are now possible. And finally the rise of cloud and the incredible advances in compute and AI have created a perfect storm of capabilities and possibilities.
We now have the wherewithal to truly solve this problem. We can make identity verifiable. We can secure the identity information and we can protect the raw data in ways that were simply not possible 15 years ago. The future is bright and the facial recognition can deal with the shades….