Digital Identity Today
Digital identity is a key ingredient to the flourishing of free societies and economies, and today there are only hints and whispers of its future. At its best, it empowers individuals in the digital world, expands free speech and expression, and drives incredible amounts of productivity in the economy. At its worst, it unjustly restricts freedoms, creates power imbalances, and extinguishes innovation.
SpruceID's mission is to let users control their data across the web. We want to make sure that digital identity is always stacked towards individual empowerment, that it is by default open and transparent rather than closed, and that it serves people instead of the other way around. Our values at SpruceID are therefore to:
- Practice honesty and integrity
- Enshrine people’s true needs, right to privacy, and ability to choose
- Foster a culture of excellence
- Promote principled experimentation
These are also the tenets that underlie all of our work at SpruceID, including this Knowledge Base. To set the stage, we’ll propose a working definition for the term “identity.”
The term "identity" is very difficult to define and also achieve broad agreement, but we must have a working definition to have constructive discussions. Many valid definitions exist. The best definition we found for our work is the following: identity is the way that we recognize, remember, and respond to people and things.
Digital identity is in its infancy. As an individual, you have accounts online, but those alone are not your identity. In some bespoke situations, a person may identify as their social media username, but more generally, identity online is challenging to represent and prove. Identity can be split into two categories:
- Foundational identities: often legal identities available to citizens or residents of a jurisdiction, like passports or driver's licenses, and
- Functional identities: information about people and things serving a specific purpose, often used to demonstrate necessary assurance to allow a function, such as proving a person is over a certain age or that a bank account is owned by a nonprofit organization.
The current way many people will prove their identity online for important use cases, such as opening a bank account, will rely on a combination of holding a physical ID card up to a webcam or smartphone camera, or traveling to a physical location in person to present a form of identification. These same actions can be made safer, more efficient, and easier to implement using technologies such as standard data formats, digital signing, and selective disclosure.
While these technologies have been around for decades, they have not been actively incorporated into mainstream identity use cases until recently. As Kim Cameron, the Chief Architect of Identity at Microsoft from 2004 through 2019, famously said,
“The internet was built without an identity layer.”
The internet was spearheaded by the US federal government and academic institutions to facilitate computer-to-computer communications for defense purposes, with important contributions from the United Kingdom, France, CERN, UNESCO, and individual innovators. This did not account for a way to identify who (or what organization or AI) was behind (or inside) that computer communicating with you.
These networks were first built for communications between individuals who already had a high degree of trust or mutual respect, predominantly other government employees or university researchers. As access to the internet expanded far beyond the closed-wall ecosystem that incubated it, the early pioneers could not have foreseen the level of commerce and societal infrastructure used it as a base foundation. So to this day, we do not have a universal approach to trusted identities online.
Every time an individual interacts with an organization, application, or another person online, administrative systems must differentiate between users in lieu of a universal digital identity layer encompassing all digital interactions. This results in a fragmented approach to an identity online, where each application stores different versions of you and your identifiers, which are specific attributes of your identity. We now live in a world where the average person has 100 passwords they need to maintain, according to a 2021 study released by NordPass. Each individual's data are stored in separate silos across various companies’ backend systems and servers.
Identity, for the most part, is not natively digital yet. We have digital artifacts that refer to real-world physical credentials, like driver's licenses and passports. Today's credentials mostly take physical forms in paper or plastic, and as a result are hard to manage and are frequently counterfeited. Verifying credentials today is expensive, requiring notarizations, phone calls, and manual reviews. The shift to native digital identity will be built on software automation and digital signatures, unlocking incredible amounts of efficiency, security, and possibilities across all our digital interactions.
There were attempts in the late 1990s to build digital identity market solutions, such as Microsoft's Windows CardSpace or VeriSign's Personal Identity Provider (PIP), but the efforts faced significant adoption challenges. Since the 1990s, the proliferation of smartphones, technological advancements, and rapidly increasing importance of digital interactions on the internet have changed the landscape. With these deep technological shifts, state-directed investments in digital identity, and a stark increase in demand for trusted identities online, we believe that the outcome of digital identity efforts will be very different in the coming years.
According to the World Bank, adopting trusted and inclusive digital identification can offer even greater opportunities for vulnerable populations by providing accessible official documentation, like birth certificates. Proper identification is such an important indicator of peace, justice, and social mobility worldwide that the United Nations adopted Sustainable Development Goal (SDG) 16 calling for legal identity for all, specifically birth registrations. The business benefits are clear as well, with identity management significantly contributing to the costs of financial compliance reaching $274.1 billion in 2022, up from $213.9 billion in 2020 (LexisNexis).
There are steps we can take now to ensure this transition is smooth and emphasizes building a safer, privacy-forward, and accessible internet that also unlocks exciting new markets. This Knowledge Base will address how the industry seeks to preserve privacy while simultaneously granting access and illuminate how these rights intertwine to create a successful future for citizens.