I was reading an article by Robert Hackett (@rhhackett) and saw that Esther Dyson appeared to come down pretty hard on the idea of self-sovereign identity at the World Economic Forum this past week. In Robert’s article, Bitcoin and Blockchains in Davos, Starbucks Coin, Nuclear Hacks, he writes: But Ruff’s rosy vision had its skeptics. Esther Dyson, the investor (whose father is famed physicist Freeman), noted from the audience that even though “self sovereign” identity—the idea that people should ultimately be in control of their own data—sounds nice, it’s a misleadingly simplistic notion. Technology alone cannot easily overcome socioeconomic and political challenges, Dyson suggested. People have less control over their identities than they might believe; consider those living under oppressive regimes, or in places where organized or other crime runs rampant. Are you “self sovereign” when there’s a gun to your head? Not quite.
I think the issue here is that Esther has misinterpreted what Sovrin and perhaps other self sovereign identity solutions offer – and the real problem that they are solving.
It isn’t about a gun to the head – though Sovrin can play a role in making that gun to head problem far stronger (imagine an NGO IT admin with a gun to their head being asked to share a database – there is nothing to stop that – Sovrin and other self sovereign solutions protect each identity record uniquely so this is much harder). But, that’s a whole different topic.
Sovrin is solving an underlying problem – that organizations have taken on the expense and liability of digital identity because they had to. They created databases that are targets for abuse – either willing abuse by aggressive marketers or criminal abuse by the hackers that breach them. They end up controlling aspects of me that they never needed to. There will always be a different level of control on various dimensions of what I can (and can’t) control and influence when it comes to how I present my identity to you – it is all about context.
Here’s the funny thing – those CEOs of companies (profit and not-for-profit) are realizing that they created the complexity that Esther speaks of – they created siloes because they had to. By making digital identity a global public utility (that is the mission of the Sovrin Foundation) we actually remove much of the inherent complexity that digital identity has right now. The CEOs that “get it” are seeing that new ways of focusing on the relationships with customers instead of some hacker target database of identities simplifies things.
Here’s a theory – the name “self sovereign” may be the trigger here. It has its own connotations. Many in the US (note: I am Canadian) hear it and begin to think about anarchists and militias creating pseudo-countries that are “self sovereign”. That’s not was Sovrin and the other self sovereign identity solutions are about. Not at all.
Self sovereign identity is about a person, organization or thing providing basic information about themselves to the world – in a proper context. “My digital identity” is the simplest phrase I use but it isn’t great either. Here is what it means to me (this thinking is evolving):
- My digital identity allows me to present myself to the world in various ways:
- Anonymously in some places – even with extra info (e.g. proving I am over 21 and allowed to drink at a bar, but not sharing name, address, height, weight and everything else on my license)
- Pseudonymously in others – I may be DisasterMasterBlaster in a video game that digital identity is mine – though that one is likely shared with the company that owns the game (or games).
- Very explicitly with some – I have a different set of information that I share with banks, utilities, government services, etc. Each may require a particular set of information – and I need to comply (I likely have fewer freedoms here).
- My digital identity allows me to establish relationships with various other people, organizations, and things.
- My digital identity may open up a secure communication channel that allows both parties to know who each other is (to the required level).
There are many other aspects – and they are not “simplistic” (“misleadingly simplistic” in Esther’s view). They are critical and important. Right now – as they sit in a bank database, in Facebook, in some gaming forum – they are fractured and broken. By allowing me to anchor them to my digital identity things get a bit simpler – but there is still a lot to do.
The key here to me is that before self sovereign identity, particularly Sovrin, much of what I raise above was possible but it was utterly impractical and effectively impossible. Now, with a layer of complexity pulled back it is still hard – but it is at least approachable.
I am truly excited about the discussions that are happening. Esther Dyson is incredibly well respected and I look forward to hearing how her thinking evolves. It took a while for me to “grok” it – and I continue to go deeper and adjust my views.