Tuesday Project Spotlight: Human-Centered Identity for the Digital Age
Identity is a uniquely human concept. It is that ineffable “I” of self-consciousness, something that is understood worldwide by every person living in every culture. As René Descartes said: Cogito ergo sum — I think, therefore I am (1).
In modern societies, such simple rhetorical devices fall flat in the face of legally recognized entities which can issue identification documents and other forms of validation. But the conflation of state issued credentials and identity are inherently problematic. If identity and the validating credentials for that identity were merged into one, a person could theoretically lose his very identity if a state revokes his credentials or even if he just crosses state borders (2). Should Descartes choose to revise his infamous turn of phrase, he may instead proffer: Puto sed non sum — I think, but I am not.
In the face of this challenge to the very notion of what makes us identifiably human, a new startup called Civic created a blockchain-based digital wallet which doubles as an identification card for users who choose to validate their identity. Civic highlights the importance of challenging the web2.0 process of predicating digital identity validation on third parties. Instead, they are working toward a world where identity is not only defined by documents, but also personality (3). Thus, the unique expression of an individual contributes to the security of a digital identity that they own and control.
Civics work is grounded in their firm belief that identity is a fundamental human right, and should be universally accessible. This will not only broaden access to social services like voting and financial services; it will also allow more people to make a living in the coming web3 economy. To achieve this more-equitable future, Civic has created five pillars to ensure the reliability of their blockchain ledger (4).
The first pillar is Liveness which determines if the user attempting to access the system is a real human, and does this through use of CAPTCHA’s and video selfies (5). The second pillar is Uniqueness, in which the system asks if the real human is unique, and further validates this through use of video selfies which the users are asked to upload (6). This element is key as it provides for the user to control which videos are used to later validate their own identity.
The third pillar is ID Documents. Here Civic employs a two-part standard, first by allowing the user to upload documents to the blockchain, which can later authenticate their login. But it also looks beyond to known, and public, information about the user to validate whether the real and unique person accessing the blockchain is actually the owner of the information stored therein (7). The fourth pillar is Location and Civic tests the user’s location through a check of the computer’s IP address and verification of VPN use (8). Finally, Civic employs a Sanctions Screen which assesses, one, whether the user is attempting to access their blockchain from a sanctioned location, and two, if there is known political exposure for the individual. Civic accomplishes this by cross-referencing official government sanction lists (e.g., OFAC, UN, HMT, EU, DFAT, etc.) (9).
Taken together, these five pillars of validation seek to verify from the moment of account creation, through continued use, and global access, that the person accessing their blockchain is the actual owner of that information. The net effect of these security measures are intended to provide the highest level of confidence and security for their users at the lowest cost (10).
However, it is important to highlight that just as with all emerging platforms, there is little independent research testing the claims that Civic makes. While the decentralized principles on which Civic rests its business are sound, considerations such as the cost of transactions (e.g., the cost to validate an identity) are unclear to individual users before entering into their service agreement.
While identity in the digital world of web2.0 remains tricky, the present use of piecemeal and duplicative online identities serves neither users, companies, nor governments who seek to use, monitor, and engage everyday across the digital realm. The time to reimagine what digital identities are and how we assess them is upon us. It is incumbent on leaders, designers, and users to identify what aspects of the current digital environment are failing them so they may know what they want from the future of the internet. Without this forethought, designing for web3 and a decentralized, self-sovereign identity might become only more enmeshed in the inefficiencies of web2.0. In so doing, we may yet allow us to place identity back under our control — once more reuniting identity with the ineffable “I.”
1 Rene Descartes, Discourse on Method, 1637. 2 Christopher Allen, The Path to Self-Sovereign Identity, April 25, 2016, http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
3 Civic Mission Statement, https://www.civic.com/
4 Civic Solutions Center, https://www.civic.com/solutions/
9 Civic Solutions Center, https://www.civic.com/solutions/