Identity can be a real pain to discuss. I’ve been to dozens of workshops and conferences over the last decade plus and the quality of engagement varies from exciting, enthusiastic progress to frustrating, disheartening dysfunction—even within the same event. So many of us bring our own ax to grind that even when we think we are in agreement, we can spend ridiculous amounts of time in rat holes and rabbit holes that just don’t go anywhere productive. Yet, identity matters. So we push on through, hoping to forge common ground and make headway against the seemingly intractable task of figuring out how identity should work in the digital age.
So it is rare that I get to enjoy as productive a conversation about identity as I did earlier this month at Good ID: What’s policy got to do with it?, organized by the Omidyar Network, run by Caribou Digital, and held at the Shorenstein Center of the Harvard Kennedy School. It wasn’t a collaborative writing exercise like we host at Rebooting the Web of Trust. It wasn’t an unconference open space like we gather for at the Internet Identity Workshop. It wasn’t a trade conference with presentations and panels like we get at Know Identity. Nor was it a large scale summit bringing together the international community with technologists like ID2020. On the contrary, it was an intimate gathering of passionate and experienced individuals from diverse fields, first discussing what “Good ID” might mean and how policy can help us get there, then committing to concrete actions to collectively advance the cause.
Not only did we avoid the all too common pitfalls I’ve seen again and again at other gatherings, under the calm, competent hand of facilitator Tessa Finlev of the Institute for the Future, we rappelled from a stratospheric, high-concept, open discussion about what Good ID means, down to specific, detailed, self-assigned marching orders.
I apologize for the apparent fan-boy nature of what I’ve written so far, but creating a productive dialog on identity is hard. Omidyar and Caribou Digital deserve credit for deftly bringing a challenging topic to such a productive engagement. The meeting brought together great people and guided us through a focused conversation leading to actionable tasks.
What was particularly exciting about the Good ID workshop is that it is focused on how we transform policy to realize the ambitions of well-meaning identity advocates everywhere. At the end of the day, it doesn’t matter what the “Identerati” talk about if policy makers ignore the lessons learned from literally decades of experiments in digital identity. Billions of dollars have been invested in bringing digital identity systems to bear on the world’s problems. From consumer-based identity services from Microsoft and Facebook, to sovereign identity systems like Aadhaar in India or RealID in the United States, to the most recent open standard advances of OpenID Connect and immanent decentralized identifier standard at the W3C. The key failure point in extant systems—and the greatest risk in those still under development—is failure of decision makers to make the right decisions.
These were failures in policy, not technology. With Facebook, the system worked. We just didn’t understand how it could be manipulated and abused until Cambridge Analytica showed us. With Aadhaar, the biometrics and authentication technologies work as intended—it just overcentralizes too much personal data in a brittle state mandated, privately run system, effectively creating a vast digital surveillance system. With OpenID, large companies like Facebook and Google were happy to issue “identities” but refused to accept them from others, resulting in an extension of their monopoly power rather than the liberating user-centric vision its inventors intended.
With decentralized identifiers, I have no doubt that the underlying technology will deliver the basic nuts and bolts of an identity layer, but will credential issuers and relying parties adopt the technology as we intend? Or will they co-opt the basic function to re-intermediate themselves into our digital lives? The challenge isn’t in the technology, it is in shifting the mindset, perspective, and will of decision makers. The hard part is shifting the policy of the powers in charge, toward creating and maintaining identity systems that respect and ensure human dignity rather than trapping people in technology distopias governed by the tyranny of data, where what’s in the database matters more than the humanity of the person in front of you.
And that is precisely what Good ID is all about.
It’s a conversation about shifting policy at every level to better support humanity in the digital age. It’s about taking all stakeholders’ needs into account, from law enforcement to tax authorities, from illegal immigrants to victims of domestic violence, from mega corporations with a billion users to local community organizations like churches and schools. Each and every one of these constituencies bring unique perspectives and needs to the conversation about digital identity. Some need rigorous accountability, others need the freedom to engage society on their own terms. Some need to set and enforce regulatory frameworks that cross international boundaries, others just want to be able to communicate with people they trust. Some thrive in Western notions of individuality and freedom, others feel more at home with notions of harmony and placing society before self. If we are going to build a global system of identity on top of our global system of digital telecommunications—both the Internet and mobile interconnectivity—then we must do so with bright eyes and open hearts to the real, concrete needs of every player in the mix. The different needs and requirements and the resulting disagreements over what determines good policy will never fully disappear, but by understanding both the differences and the commonalities, we have the best chance to find policy that best suits the most needs of all parties.
It was a GREAT conversation in Boston. I look forward to continuing it at http://good-id.org as we work together to shape digital identity in the 21st century.
