International Identity-of-Everything Day
It’s a mess in the universe, but maybe the metaverse will be a vector for digital identity.
Dateline: Woking, 16th September 2023.
I remember when the son of a friend of mine decided not to go to college. Instead he went into well-paid work as a programmer, having made the calculation that the use of social networks will replace the “hack” of using intermediaries such as college degrees as a substitute for more valuable and accurate information that used to be too expensive to gather. Such intermediaries provide what Sam Lessin (as Head of Identity Products at Facebook) called “hacks” and what Rory Sutherland (as Vice Chairman of Ogilvy & Mather UK) called “patches”. It is interesting to explore whether using patches such as credit ratings (instead of real, immediate reputational data) is really good enough to survive our connected world, which is why the idea of the social identity as an alternative structure in which digital identities are relationships (what Ian Grigg used to call “edge identities”) is so attractive. Not just for people, but for everything.
Things
That way of looking at the existing business models around identity (i.e., hacks to deal with incomplete authentication, attributes and reputation data) provides a means to understand that young man’s choice. Social capital (the result of computations across the social graph) is now accessible and usable at the transactional level. Proxies such as high-school diplomas and glossy CVs are therefore being replaced by that social capital because it is a more efficient form of the kind of memory we need to make transactions work (i.e.,: reputation).
You can see exactly where we are headed if you think about the way that people and organisations already use LinkedIn, X (Twitter), Instagram and so on. In the old world, I would use the social hack of finding out which university your degree came from and whether you had paid back a car loan a decade ago as a sort of proxy for things I wanted to know about you. But I no longer need to do that because from the social graph I can find out if you are smart, in stable employment, a team player, an expert on identity management or whatever.
As I argued in Identity is the New Money, these networks mean that the concept of identity in today’s post-industrial society is profoundly different to the concepts of identity that we are accustomed to, both the bureaucratic notion of identity that emerged from the 19th and 20th century industrial society and urban anonymity, and the pre-industrial notion of identity that builds on extended family and clan. We might call the future version “social identity” in response to Marshall McLuhan’s wholly-accurate pre-internet prediction of a new form of identity based on relationships and a connected word.
with kind permission of Helen Holmes (CC-BY-ND 4.0)
Social identity is the enabler of a genuine reputation economy, an economy based on trust. It will be reputation rather than regulation that will animate trust in economic exchange and that social graph, the network of our social identities, will be the nexus of commerce, government and all other human interaction. But how do we get there from here? It is all very well to ruminate on the benefits of this very different view of identity, but how does such an identity get implemented? What is the practical roadmap going forward?
To start on this roadmap, we need to zoom out and see the wood as well as the trees. We know that notions of identity will have to change to enable society to function in a post-industrial paradigm. But there is more to the subject than that. When we think about identity and identification we generally tend to think about people, as in the examples above. Sometimes we think about companies, but most of the time regulators, lawmakers and the public tend to think about people. However, people are a rather small subset of the general category of “things that will need to be identified in the always-on and always-connected world of future”.
Instead of just thinking about people and companies then, we need a bigger picture to help us to formulate digital identity concepts in context. The bigger picture I drew up is this:
This picture provides a simple way to start thinking about the identity big picture, sufficient for our purposes. We begin by dividing the universe into two categories: things that exist and things that do not exist.
Things that exist are things like me, my toaster and my cat. Easy. Things that exist can quite easily be subdivided into things that are living and things that are not living. Things that are living can quite easily be subdivided into people and everything else, with the possible exceptions of virus is which are a sort of grey area that we can skip over for the purposes of this discussion.
Things that do not exist need a little more explanation. Remember Yoval Harari and his view of the cognitive revolution in Sapiens. He frames this revolution as the point at which “history declared its independence from biology” because human beings gained the ability to think about things that do not exist, such as Citibank. He writes that
Corporations do not exist in nature any more than Catholicism or human rights. These are stories. Lawyers are shamen who tell stranger tales.
Indeed, limited liability corporations (LLCs) are one of our species’ most ingenious inventions and strangest of tales. They are an important example of the things that do not exist that will need identities, but there are others. Artificial intelligences, for example. Elon Musk’s travails with bots throw into sharp relief the need to identify things that don’t exist so that their reputations can be part of the calculus.
Things that do not exist can also be easily divided, building on the distinction noted earlier, into things that are legal constructs and things that are not legal constructs. Not illegal, but extra-legal. Thus, in my head at least, there is a distinction between the identity of the company, an identity that can take part in contracts and transactions, and the identity of a “smart” “contract” which is something entirely different.
As an aside, I can certainly imagine a future in which certain kinds of artificial intelligences are given legal personhood and the ability to form contracts but I cannot imagine a future in which the same status is afforded to apps on a block chain, as was proposed to the legislature of Malta. That really is a discussion for another day though.
Frameworks
If my conception of the future reputation economy is even approximately right then, the ability to recognise all of these things (that is, things that do exist and things that do not exist), to form relationships with them and produce communicable reputations from these relationships generates a workable paradigm. We can then use this paradigm to think clearly about problems and to communicate effectively to create practical solutions.
This is where frameworks come in. These different kinds of identities must be able to interoperate. My online identity should be able to recognise your company's online identity. My toaster should be able to recognise authorised users. I should be able to delegate to my brother the ability to drive my car. I should be able to understand the reputation of a financial services wealth management AI and give consent for it to access my bank account.
For this to happen there have to be trust frameworks that these identities can work with him. There does not necessarily have to be just one trust framework, and that may well be a weakness in some of my previous thinking on the topic. Within a framework, there may be very many different kinds of identities but the framework will establish the standards and mechanisms for interoperability. Should I be able to login to create an account with British Airways using my bank identity? Probably yes. Should I be able to login and create a bank account using my British Airways identity? Probably not.
In some countries and in some cultures the idea of having a single trust framework and a single identity within that framework is seen as being the natural way forward because, apart from the cultural environment, it is the simplest and cheapest way to proceed. But for a variety of reasons I am wholly unconvinced that this is the right way forward. We need a much more sophisticated infrastructure to simultaneously deliver goals for previously, security, practicality and cost effectiveness.
A Meta Vector
How will we get there given the awful mess that we are in right now? I wonder if the Metaverse might provide the channel. The Internet was built without an identity layer, as we are often reminded, but the Metaverse won’t be. It seems a wholly reasonable speculation for International Identity Day to wonder if the “web3 + digital identity” infrastructure in the Metaverse will provide a lower fraud, lower criminality, lower deception version of the online world because it will be a reputation economy from the beginning.
If the Metaverse succeeds in doing so, then business will steadily shift into that lower cost space, where everything has an identity (and privacy and security), leaving the “real world” to muddle along with utility bills, driving licences and social security numbers for another generation or two.
Are you looking for:
A speaker/moderator for your online or in person event?
Written content or contribution for your publication?
A trusted advisor for your company’s board?
Some comment on the latest digital financial services news/media?
Hugely interesting. At IdenTrust when we build the 'Policy Legal Operational and Technological" (the PLOT) OpRules/dimensions/parameters of the Trust Network underpinned by regulated Financial Institutions....., a crucial part was the definition of the Liabilities of each party...who is on the hook for what..... substantially on the basis that (notwithstanding periodic Crises) FI's like banks are fundamentally in the business of managing such operational risk......
So.....to extend your cogent thoughts about whether your toaster as a thing, or Citibank also a thing.... can trust the identity of me a person via my British Airways identity, each party needs to understand the liabilities and entitlements that go with such "trust". As Kevin Werbach argues in his book, enter "the Blockchain and the New Architecture of Trust" John G Bullard