It’s amazing we’ve gone this long with password protection as the primary way to prove who we are and what belongs to us online. Nobody likes user names and passwords and they’re a hacker’s dream. Dual-factor is more common now but it is proprietary and a short-term fix. Digital identity is much bigger than the convenience of logging into websites: without an expansion of this technology’s capabilities the future of our civil liberties are at stake.
A universal system of digital identity is a crucial piece of establishing meaningful and effective digital rights. To protect our future freedoms, we need an authentication system that is:
- sovereign (to the individual)
- and most of all, secure
So what is the big deal with digital rights? The answer is obvious for corporations; their value is directly tied to their ability to maintain the integrity of their intellectual property, all of which is digital.
For individuals, the data we give away increasingly determines how much liberty we enjoy and what opportunities come our way. What we share online can determine whether we’re approved for a loan, accepted to a school, hired by an employer, or asked out on a date.
Fortunately there have been positive developments in the establishment of digital rights for individuals in recent years (See links to articles at the end of this post.) Digital rights are an issue in the U.S. presidential race for the first time I can remember. It’s about time.
Digital rights should be as clear-cut as property rights, but there’s still a lot of gray area for individuals. Part of the problem is lack of awareness. Another issue is that most of our digital property exists outside our direct control. On a technical level we can say that an online account belongs to us and that the files associated with that account also belong to us. But if the data gets into the wild then how can we take credit or claim it’s ours? With the right approach, digital identity has the potential to protect our virtual property more securely than age-old property rights.
In decades past, if someone stole your precious collection of Credence Clearwater Rival albums on eight-track tapes, you could call the police, but chances are you’re not going to get any “leads” on who stole your old-school tunes. In more recent years, if you purchase a product, say a blender, that allows online registration (and you’re diligent enough to complete the process and hold onto the registration info), then you have at least the potential to claim indisputable ownership of that blender if it’s stolen and then miraculously shows up at a garage sale or an eBay auction. The online registration process is analogous to how Public Key Infrastructure (PKI) encryption works. The manufacture is the Certificate Authority. The serial number stamped into the blender is the private key, and the proof of purchase is the public key, as it’s transferable.
What’s the right approach for data? What about all the bits and bytes that come from our smart home, our refrigerator, and multitude of devices we use? With a universal system of digital identity, would every outgoing packet be digitally signed and tagged in a way that can’t be hacked? (See Oasis Labs, below.) Anyone who has worked in cyber security knows there’s no such thing as one hundred percent secure, but with today’s technology we can get close enough.
In the past couple of years there has been a lot of talk about “self-sovereign identity” and biometrics, secured with block-chain tech. Block-chain ledgers bring the system a little closer to impenetrable by making the certificate authority distributed. A startup called Oasis Labs is working to make this a reality, but they’re in the beginning stages. Microsoft has been backing “self-sovereign digital identity” for a couple of years. This is a technology that would be a huge benefit to individuals interested in protecting their digital rights. No surprise, Facebook is not on board.
Digital identity is a hot issue right now. Like most people I’m no expert on this topic now, but we’d all be well advised to follow it closely in the coming years.
Microsoft and decentralized identity “Microsoft believes everyone has the right to own their digital identity, one that securely and privately stores all personal data. This ID must seamlessly integrate into daily life and give complete control over data access and use.”
Oasis Labs “With Oasis Labs you can use data without liability, easily comply with new regulations, and collaborate on shared data without risking privacy or losing control.”
GoodID looks interesting, but I can’t tell from their website how the technology works or whether it meets the criteria for digital identity mentioned at the beginning of this post.
As for digital rights:
(For an illuminating example how data we give away can affect the course of our life, see “It’s time for a Bill of Data Rights” in the MIT Technology Review.)
Some other recent and noteworthy articles:
Contract for the Web “A global plan of action to make our online world safe and empowering for everyone”