by Patrick Deegan - [email protected]
The Internet was initially architected without consideration for a secure, viable identity infrastructure. Passwords were an afterthought and there was little consideration given to privacy and how individuals could assert control over their personal data. These factors combined with the move towards “personal data clouds,” mobile and sensor data, and the recognized importance of protecting and sharing personal data is forcing a fundamental rethinking of the global Internet architecture for secure and privacy preserving communications and computations. The decentralization of trust and the shift towards a device centric network (i.e., pushing intelligence towards the edge enabled by Trusted Computing and remote attestation) are paving the way for a massive new ecosystem of distributed marketplaces occupied by autonomous agents and their real-world counterparts.
While the meager URL or URI (Uniform Resource Identifier) has served us well. We now need to account for affording a digital identifier with attributes, that bridge into the realm of legal personhood and regulatory compliance and blur the distinction between and API resource and physical property. Yet, this is no small undertaking. What we need is a comprehensive reboot that anchors trust in such a way that the physics of information applies with the same certainty as our measures of the physics of the real world.
Today we are faced with an unprecidented opportunity to reshape the manner in which we engage with resources represented on the world wide web. At the center of this shift is how we account for trust. In order to unlock the potential of P2P and decentralized transactions taking place between entities, a relational matrix must be constructed. That is, a web of trust to empower digital entities to seamlessly and at low cost/low friction- transact with each other in a regime that can secure the interests of all parties. In other words, the next great internet revolution will take place once we can simultaneously interact with existing systems and their legally binding constructions and a new fabric for Identity and digital assets powered by algorithmic governance.
- How do we make self-sovereign identity compatible with decentralized property ownership systems? For example, does it actually help to flip the typical notion of identity and empower an autonomous agent with virtual citizenship? Can we then think of the agent "owning" the physical entity that it refers to? That is, can my digital identity hold the "title" to me as a person and otherwise be afforded the rights of a property owner? Can this agent help me originate my attributes as digital assets and realize the potential and value in my latent human capital?
- Can we extend identity to ALL things and completely solve the attribution problem? That is, going forward, let's assume that there will exist enough connected devices with sufficient sensing capability to literally identify and track all relevant agents/actors in the world. Thus at minimum, a unique a behavioral based identity can be granted to every entity and in many cases, the link between these attributes and the real world entity could be known only by its owner. In other words, how do we ensure that the owner of this information can remain anonymous and yet be fully compliant with top down regulation? If we fall short of such aspirations in the short term, how do we manage the trade-offs of incomplete anonymity (e.g., vulnerable individuals in unstable jurisdictions) while ensuring that all lawful interests are protected as long as undetectable bad actors remain? Can we construct self-executing trusted escrows that hold reindentifying information for the purposes of satisfying AML and KYC regulations without leaking this information, notifying all named parties of queries and following the rule of law?
- How do we solve the remote attribution problem such that we can trust that the information physics of sensors and effectors is robust and reliable enough to enable global scale simulations? Can we establish identity with the granularity necessary to quantify risk at all scales and from all perspectives? That is, not only is real-time auditing and compliance a desireable result in some cases but we may further benefit from qualifying future states and their likelihoods. If better data allows us to detect bad things when they happen and what caused them, why not discover them before they happen and prevent them entirely?
- How do we make it nearly impossible for a digital identity to be stolen yet make it very easy and extremely accurate to recover a trusted identity.
- How do we ensure the benefits of globally deployed block chain technologies yet provide seamless quality of service across localized network interruptions or subject to valid subsets of the network remaining viable during connection outtages?
- If Identity is the new money, how do we make sure that it remains fluid and make sure that we can always unlock its value? Should we think of identity as something that constantly needs to be burnt? That is, instead of trying to protect a small number of highly valuable HD private keys, should we engineer the solution such that the entire system constantly expects the "root of trust" to be changing? If so, what other systematic risks remain?