A private matter: the cracks in India’s Aadhaar programme

by Amruta Mahakalkar via StockSnap
by Amruta Mahakalkar via StockSnap

While India’s Aadhaar system of digital identity has been held up as an example of efficient modernisation and forward thinking, it has its dark side: as Quartz reports, data breaches.

Obviously, any information online is vulnerable to leaks and hacks. And when it comes to personal information, those come at a cost – even if there is no direct monetary loss, the focus on privacy and natural rights throws into question the “platformisation” of our daily lives. In democracies, this could well lead to a pedalling back of reforms, and a pervasive suspicion of technology in general, neither of which would be good for growth.

Privacy is something that needs to be debated, though, especially in this increasingly connected world. Over the past few decades, personal space has taken on a whole new meaning, as has crime. And our understanding of natural rights is developing, along with what could be perceived as infringements.

Rumblings of discontent over government interference were present in India even before Aadhaar rolled out. Recently they have been growing in volume, even taking the shape of lawsuits.

The official response to a particular challenge in 2012 was startling: there is no fundamental right to privacy under the Indian constitution.

This week, the Supreme Court overturned that statement, declaring that privacy is, indeed, a fundamental right.

The intensity of the questions will no doubt get kicked up a notch. What does that mean? What are the implications for digital identity? Can we safely combine privacy and connectivity?

Unpacking this case, we uncover many other fundamental issues: the impact on humanity of the relentless march of technology; the separation of the courts and the government; the cost we are willing to bear for improved efficiency… And that’s just scratching the surface.

A deeper consequence, perhaps the most important of all, is that the development of Aadhaar in India has shed light on how little we comprehend about fundamental concepts, and how the big picture gets lost in the scoreboard of goals achieved.

Hopefully the matters under consideration will awaken deep debate, and get renowned thinkers from all fields involved in the conversation. The whole world should listen, and join in, for we all stand to benefit.

With this, we can hopefully move towards a deeper understanding of what privacy actually means.

The beauty in not knowing – a personal tale

granada 1930s

My mother-in-law died earlier this week.

Heartbreaking – she was a lovely, elegant, generous woman who got such pleasure from affection, laughter and good company. We miss her so much.

I won’t tell you about the strength of her struggle that surprised all of her doctors and nurses. Nor will I tell you about the beauty in a typical Spanish death – loved ones gathered around her bed, chatting, laughing, crying and chatting some more. So many people came to say goodbye. She would have had a great time.

I do want to share an anecdote that emerged as we were discussing the resulting paperwork: it turns out that no-one knew her real age.

She grew up in Granada, in southern Spain. During the Civil War, the registry that held her birth certificate burnt to the ground, and with it, all record of her date of birth. So, when she went to get the replacement issued, she decided to shave off a few years. We don’t know how many, and the only proof we have of this is the testimony of her eldest sister (who left us a few years ago). Tía Mari always swore that no way was her little sibling’s birth year 1927.

This story left me feeling wistful. Of course we don’t care how old she really is, and nor can it be important for anything that mattered in her life.

But these days, it matters – so much access (to education, employment, even bars) depends on the date you entered this world. It forms such an integral part of your identity. And the fact that the information is today (or soon will be) stored on servers means that losing it to history is increasingly unlikely.

Especially when (ok, if) a blockchain platform ends up totally removing the possibility of manipulation and loss. The information will become much more reliable.

But a certain chaotic charm will be gone forever.

RIP María del Milagro Pérez-Hernández. And thank you, with all my heart, for all you gave me.

Daily Bits – identity again, ICOs and thread – June 20th, 2017

My colleague Michael was at a presentation at the UN yesterday that focused on identity. Neil McCann of the UNDP (who was excellent on our “Global Issues” panel at Consensus, which you can see here) stressed cross-industry collaboration, urging the private sector to join the UN initiative to develop a platform for digital identities.

An especially intriguing part is this: the UNHCR representative speaking at the event insisted that the eventual identities need to be owned by the individuals.

While this may seem obvious on the surface, it isn’t when you think about how identities are granted today. Our identities are not owned by us – if our government decides to revoke our passport, it’s very hard for us to prove who we are.

Spinning out a sovereign identity platform for refugees (although they are not the only target “market” for this service) would have a huge impact – not only on how aid is delivered, but also on immigration, education, possibly even finance. The effect could be much wider than we dare to imagine.

To coin a phrase: “bring it”.

— x —

Favourite tweet of the day:

— x —

If you’re contemplating doing an ICO (really????), read Emin Gün Sirer’s take on Bancor first. It’ll provide strong guidelines on what not to do.

Bottom line, you should:

  • Address a real problem
  • …without mumbo-jumbo terminology

He doesn’t attack the code (well, a little bit) as much as the business model. Which, in this manic eurphoria, disconnected from fundamentals, is refreshing. And sensible. Hype cannot stay disconnected from reality for ever…

What’s more, whether you agree with Gün or not, the prose is sharp:

“‘Double coincidence of wants’ is a real problem in economics today in the sense that the ‘itsy bitsy spider’ problem is a real problem in zoology — that is, it’s something one might learn in grade school, and it’s completely irrelevant in the real world.”

— x —

In no way am I into embroidery (I once tried a colouring book for adults… and realized that I’m just not that stressed.) But this is captivating:

3d embroidery

3d embroidery by Justyna Wołodkiewicz, an abstract mix of thread and clay. (Via Colossal.)

3d embroidery 2

Sovereign identity and the Knights of Malta

Palazzo_di_Malta,_Roma 2

While looking into passports for sale the other day (not for me, you understand… not yet, anyway), I came across a name that I had heard before but knew very little about. So I did some digging and almost had my mind blown.

The Sovereign Military Order of Malta – also known as the Knights of Malta, or Knights Hospitaller – is a religious order with ties to the Holy See that dates back to the early 12th century. But, it is also an independent, sovereign subject of international law.

Its mission is still, almost 1000 years later, to care for the sick and infirm, especially those displaced by conflict. As well as its 13,500 members, it has 80,000 volunteers and employs approximately 25,000 medical personnel.

So, it is an NGO with sovereign status. It can negotiate with other governments as a sovereign entity. Other global NGOs such as Caritas, Greenpeace and Médecins sans Frontières need the backing of a sovereign power. The Knights of Malta don’t, because they are one.

It doesn’t have any territory, except for two buildings in Rome, both of which have extraterritorial status (which means that they are technically not part of Italy – much like embassies).

In 1998, however, it signed a treaty with Malta for the use of the upper portion of Fort St. Angelo in the city of Birgu (for the next 99 years). Technically, this will also be a sovereign territory, but the Order will not be able to grant asylum to anyone, and Maltese law applies. At the moment, it appears to be used for historical and cultural activities.

And get this: the Sovereign Military Order of Malta can issue stamps, currency and passports.

Three of them, to be precise. The Order issues passports to the Grand Master, the Deputy Grand Master, and the Chancellor of the Order.

It has diplomatic relations with over 100 states, including the European Union, which means embassies. It also has observer status at the United Nations (along with the Red Cross, the Council of Europe, the African Development Bank, the European Organization for Nuclear Research and a host of other not-for-profit academic and regional associations), which entitles it to participate in the work of the UN General Assembly.

What I find most intriguing about this is the concept of sovereignty being granted to an organization that has no territory and no citizens (sort of). True, it was granted almost a millennium ago, and no government has dared to attempt to alter that.

Personally, I hope that they never do. I find the mix of chivalry and honour, combined with the long reach of history, totally captivating.

And the notion that sovereignty does not always require the traditional parameters of borders and citizens opens up a new understanding of what could become possible as identity is redefined.

What blockchain identity can learn from India’s Aadhaar platform

by Timon Studler via Unsplash
by Timon Studler via Unsplash

An issue is currently being debated in India’s courts that could affect the development of blockchain-based identity programs worldwide.

I’m talking about the Aadhaar platform, which is leaving a trail of takeaways for others to learn from.

Given the proliferation of startups and official institutions looking at the problem of self-sovereign, immutable digital identities, a look at Aadhaar’s successes and obstacles could help with the design of lofty goals and sweeping implementation.

In 2010, the Indian government issued the first Aadhaar identity number, a unique rendering of personal data, with the aim of documenting all of India on a digital platform using biometric identifiers.

That in itself is staggering – how do you coordinate the inscription of 1.3bn people, including the scanning of fingerprints and irises for each individual?

The first main takeaway is that it is possible. In just over 6 years, approximately 1.15bn people have been issued Aadhaar numbers, including almost 100% of the over-18 population. That’s more than the entire populations of the US, Europe, Australia and South Korea combined.

True, it took a massive rollout of administrators and digital readers, but the Unique Identification Authority of India (UIDAI) showed that it could be done. At its peak, over 1 million people were being processed each day.

Second, certain rules need to be set out from the beginning. Is the program mandatory or optional? If mandatory, how will enforcement be carried out? If optional, how will the old and new systems cohabitate?

The Aadhaar program is optional. But a recent amendment to the Income Tax act stipulated that an Aadhaar number was required to file a return – which pretty much makes it mandatory. Last week the Supreme Court upheld this law, but also ruled that those without an Aadhaar number should still be able to pay taxes, until the broader privacy issues can be decided by the Constitutional bench. On the one hand, good news (for now) for privacy activists and for citizens who don’t (for whatever reason) have a card. On the other, an administrative mess for the government, which could have been mitigated with clearer parameters at the outset.

Also, one of the main incentives for the government is the opportunity to streamline administration and reduce “leakage”, the amount of aid paid to “false” identities. However, there is still some confusion as to whether or not an Aadhaar number is a requisite for government aid. Several official agencies seem to think that it is, but the Supreme Court has ruled that it isn’t.

Furthermore, while the first cards were introduced in 2010, legislation backing the project (the Aadhaar Act and the Aadhaar Regulations) did not pass until 2016, and is often criticized as being unclear.

Third, the privacy issue will always be a problem, however great the efficiencies. Concerns have been raised about the lack of clear regulation on the process of sharing identity information, as well as the lack of redress and appeal if you feel your data has been mishandled.

The Aadhaar Act mentioned above authorises any official at the level of District Judge or higher to access an individual’s identity information, excluding the biometric data – that limitation doesn’t apply to officials with rank of Joint Secretary or higher. Given India’s reputation as the “most corrupt country in Asia”, this raises some concerns.

And while the government understandably wants to standardize administration, some groups are raising the alarm over the volume of data on each individual the government would have in its power, the capacity for tracking and the spectre of mass surveillance.

The fourth lesson, a surprising one, is that biometrics are complicated. It turns out that not everyone has fingerprints that lend themselves to being scanned. Apart from the very young, manual labourers often have worn hands due to repeated handling of rough objects. One area in north Delhi reported a 10% fail rate when reading fingerprints.

The same goes for eyes – the elderly often have degraded irises, so getting a clear reading can be challenging.

Fifth, even with biometrics, falsifications will emerge. In some cases, inscription agencies took advantage of a rule that said that biometrics were not always required (if fingerprints or irises were not clear, for instance), In others, hackers were able to bypass the scanning requirements.

Sixth, census statistics are unreliable, which makes it more difficult to plan and implement projects that affect populations. The Aadhaar web page shows what percentage of the population are inscribed, by province. In Delhi, that reaches almost 120%. It turns out that the population figures are “estimates”.

Seventh, “inclusion” is elusive but possible. While bringing undocumented citizens “into” the system was touted as one of the main goals – millions of people don’t even have a birth certificate due to an inefficient registry system – apparently almost all of those who enrolled in Aadhaar already had an official ID.

So, what about those without? Over 200,000 undocumented citizens took advantage of the “introducer” option, in which someone with an Aadhaar number vouches for someone with no official identification.

And, it’s worth noting that the Aadhaar number does not substitute a government-issued ID, so it cannot be used for cross-border travel, for instance. However, Aadhaar holders without any other ID can now get mobile phones and open bank accounts, something that they couldn’t do before.

Takeaway number eight is that any broad platform needs to be designed for growth. Even after the successful rollout and the years of experience with the system, experts admit that they don’t know what else the platform will be adapted for, or what other functionalities will be built on top. However, Aadhaar has been designed to allow other private and public applications, and already innovations and apps are emerging from the ecosystem.

The hope is that Aadhaar will become a “universal id”, in that it grants the holder access to a wide range of services. Also, it aims to reduce onboarding expenses for businesses such as mobile operators, landlords, employers and even banks, allowing them to bypass most of the cumbersome KYC requirements by using information already in the system.

The last lesson is to question the technology. Aadhaar is not a blockchain solution. That in itself calls into question the need to use the blockchain for national identity. If the verification of the data needs to be centralized, and if transparency is not a fundamental feature, then a distributed database could suffice.

True, the idea of identity being centralized in the hands of the government may be disquieting to many. But for a digital version to be useful on a national or pan-national scale, it needs to be accepted by the jurisdictions in question. What will incentivize governments to cede control over the fundamental role of granting citizenship?

The Aadhaar project is encouraging in that it is leading the way in showing what can be done today. Blockchain technology, however, allows us to contemplate other forms of identity, new uses for that information, and evolving roles for government. It is inviting us to think about what could be done tomorrow.

A blockchain-based identity consortium

by Daniel Monteiro via StockSnap
by Daniel Monteiro via StockSnap

The search for the holy grail of blockchain technology – robust, global and easy-to-use identity solutions – seems to be picking up.

When you think about it, all blockchain applications rely on identity. Your bitcoin wallet, trade finance operation, connected device and energy transaction – they all count on data originating somewhere. The degrees of available information about the identity may change according to the application – but everything needs to have a reliably-identified origin and a destination, even if it’s just aseries of characters.

So it’s understandable that activity in this space is heating up.

At Consensus 2017, Microsoft, Accenture and several startups announced the creation of the Decentralized Identity Foundation.

What’s staggering about this is the public acknowledgement by all involved – competitors as well as tech incumbents – that identity has to be a collaborative effort. From realizing that “data is the new gold” to being willing to share that gold (in this case, identity data) with others in the ecosystem is a huge step. It’s a step encouraged, though, by the knowledge that a solid digital identity is not very useful if it can only be used in limited applications. That’s pretty much where we are today, with different logins for each website, and repetitive information needed for each sign-up.

There is so much more going on in the identity space that volumes could be written (and I will get around to it), but for today I just want to take a brief look at the members of the consortium, to get a feel for the type of products that could emerge:

Microsoft has been working on decentralized identity for some time. Over a year ago it partnered with ethereum consultancy ConsenSys and startup Blockstack Labs (more on them below) to build an open-source identity platform aimed at integrating the bitcoin and ethereum blockchains. Earlier this year it announced a new partnership with startup Tierion (more on them below) to investigate how decentralized identities linked to a blockchain could validate data, claims and agreements.

Professional services giant Accenture doesn’t seem to have been quite as active on the blockchain-based identity front, but its work on blockchain in general has been ramping up, with the unveiling of an innovative hardware solution for the protection of private keys.

Tierion has built a platform that creates a verifiable record of any data, file or business process on the blockchain. It is currently working with Microsoft on blockchain-based attestations (= something that confirms and authenticates) and with Dutch giant Philips on an unspecified project in the healthcare sector.

Gem pivoted in early 2016 away from bitcoin APIs to custom blockchain applications focusing on healthcare and supply chains. It is working with US financial services company Capital One in blockchain-based healthcare claims management, and Philips Healthcare on the creation of blockchain-based wellness apps, global patient ID software and secure electronic medical records. Its web states that it is also working on “global identifiers to link together data belonging to a person or asset, eliminating time consuming reconciliation, providing real-time transparency, reducing risk and creating better outcomes”.

Blockstack is building a “decentralized internet”, in which the content is pulled from peers rather than from centralized servers. Users access locally-owned apps and websites via a login based on identity… that the user owns. The startup began life in 2013 as Onename, which registered blockchain-based domain names. Initially built on the Namecoin blockchain, the system migrated to bitcoin and now also supports ethereum and zcash.

Netki was founded in 2014, and early the following year launched an innovative wallet naming service. It has since developed a system for blockchain-based identity in which a user’s details are not recorded on the blockchain itself, but on an application layer that allows for the system to work on multiple protocols. It is also a member of Hyperledger, and has contributed its work on digital identity solutions for worldwide regulatory compliance and legal non-repudiation. Late last year it participated in the launch, together with PwC, Bloq and Libra, of an enterprise platform based on bitcoin, called Vulcan Digital Asset Services. Its service is part of the IBM blockchain ecosystem. And at Consensus last month, it announced its collaboration with Barbados-based exchange Bitt in the compliant on-boarding of customers.

Uport was built by ethereum consultancy ConsenSys, with the aim of creating an open-source identity service on the ethereum blockchain, in the hope of giving users control of their information. Crypto exchange Coinbase has indicated that its messaging app Token (currently in testing) will include support for Uport’s identity service.

Berlin-based BigchainDB was originally Ascribe, a blockchain-based art authentication service. Since then the firm has rebranded, and now focuses on developing blockchain solutions for enterprises. It offers a combination of blockchain-like features with some traditional database characteristics, such as noSQL query language and faster transaction rates. In early 2016 it launched the IPDB Foundation, a non-profit aimed at developing the ecosystem around a new kind of blockchain-based database, built to serve identity and licensing needs.

The not-for-profit Sovrin Foundation (created in 2016 by blockchain startup Evernym) has an international board of trustees that includes representatives from banks, credit unions, education and retail. Its goal is to develop an ecosystem around a ledger (built and contributed by Evernym) on which individuals control their identities. It recently handed over its Project Indy – an identity solution built on a hybrid blockchain platform – to the Hyperledger consortium (of which is is a member). One of the innovations is that the identity information is never written to the ledger. Bits of it get anchored to the ledger, so there’s proof it existed on a certain day.

Civic launched in 2016 to stop identity theft, and recently announced the launch of a login authentication service – a blockchain-based platform that will offer users the chance to develop one digital identity, and use that to log in to any website without being tracked. Civic users will be able to prove their identity when logging in, without sharing that information with the website.

IDEO is an international design and consulting firm. Its research arm IDEO CoLab has identified blockchain technology as one of four key technologies that will impact society.

Mooti has developed a blockchain-based service that not only protects your identity, but will also validate the relevant components for web services or logins, without actually revealing information. Like Netki, its “Identity Chain” is part of IBM’s blockchain ecosystem.

Blockchain Foundry grew out of Syscoin, a cryptocurrency and protocol that allows near-zero cost financial transactions on a wide variety of marketplaces. The foundry focuses mainly on data security, leveraging decentralized networks, and later this year will roll out proof-of-concepts for medical, legal and real estate applications.. Last year it incorporated into Microsoft’s Azure platform, offering e-commerce solution Blockchain Market.

Iceland-based Authenteq offers automatic identity verification that can be installed via an API on just about any online marketplace or website. Its goal is to increase trust in P2P communities.

Taqanu, based in Norway, is developing banking services for people without a fixed address. It offers financial inclusion to refugees and others without a fixed address, by offering them a blockchain-based self-sovereign digital ID and the chance to accumulate a credit history.

Cybersecurity company RSA – known for its work in encryption, identity and cyber threat detection – has been ramping up its involvement in the blockchain space, giving sector startups an increasing amount of attention at the company’s renowned cybersecurity conferences.

South Africa-based Consent initially launched in 2015 with the goal of helping secure the integrity of medical records on a blockchain, but soon widened its scope to include financial know-your-customer (KYC) processes.

Danube Tech was set up in Vienna in 2015 to develop technology related to digital identity, such as blockchain-based identifier registration infrastructure including personal clouds, data transfer protocols and connectivity.

IOTA has focused on developing a blockchain for the Internet of Things, with fast throughput of micropayments. The protocol makes users and validators the same entity, eliminating the need to charge transaction fees. One of its current partners is German electrical utility’s R&D group Innogy Consulting.

Identity and the blockchain: what are we looking for, anyway?

Identity theft and falsification has been a problem ever since, well, since identities were identities. And it’s easy to understand why. Apart from political necessity (the need to escape persecution), there’s criminal intent (I’m harder to catch if you don’t know who I really am), and the frivolous desire for fun (so I’m not really responsible for what I do). Most of us have seen those movies, read those books and played the game of fantasizing about being someone else for a while.

And as the headlines and the police constantly remind us, online it is so easy to become someone else. Pseudo Twitter accounts, fake Facebook profiles and anonymous chat room IDs are the tip of the iceberg when it comes to assuming the personalities of others. You’ve probably seen the famous New Yorker cartoon:

Internet_dog - identity

So far we have not yet found a way to get around the problem. And the more we think about it, the less clear the problem becomes.

Is it one of identity verification? Is it one of identity portability? Or is it more a question of showing the right things to the right people at the right time? What exactly is it that we’re looking for?

We haven’t found an ideal solution yet, but we seem to be getting close. The technology of the blockchain – the public, decentralized database that is hard to hack and modify but easy to distribute – has opened up new possibilities that could solve some of the stubborn barriers that online identity has been coming up against.

The advantage of the blockchain is that just about anything can be digitized, hashed (compressed) and stored. Because the ledger is public, the information can be accessed from anywhere, and sent to anyone. It can only be modified by the holder(s) of the private keys. And because the ledger is decentralized, no one person or entity can stop it from being used.

You’re no doubt asking yourself, “in what way would that stop falsification?”. Obviously just putting information on the blockchain doesn’t make it true.

by Kantemir Kertiev for Unsplash
by Kantemir Kertiev for Unsplash

Several blockchain business have emerged, hoping to make identities easier to create and use. And yet most focus on identity management rather than verification. Netki announced a funding round of $3.5 million a few days ago, to develop a digital certificate of identity, piggybacking on an official US identity program and making it usable on any blockchain. ShoCard wants to use the bitcoin blockchain for identity tokens that can not only be used by banks to identify transactors, but can also change the way we travel by holding our passport details, photo, airline tickets, hotel reservation… It can be pulled from the blockchain for confirmation by any airline or airport official, anywhere in the world.

Object-Collab is a research and proof-of-concept project working with banks and regulators around the world to design a global ID that is individual, secure and accessible from anywhere. Cambridge Blockchain offers a platform that allows transacting parties to learn certain types of information about one another without compromising their full privacy. BitID wants to convert your bitcoin wallet into a unique and universal ID that would allow you to pay for goods online, check in to hotels, authenticate identity on websites… Trunomi makes KYC easier for financial institutions, and facilitates consent-based sharing of financial data. Cryptid uploads your official ID onto the blockchain, and assigns you a card along with a QR code that makes the ID more portable and more secure. Civic’s goal is not to issue nor to manage your identity, but to protect it by letting you know every time it is used online. Identifi combines identity with reputation.

And thinking big, BitNation offers a global ID that accompanies your passport, allowing you to become a “world citizen”. For those without a passport, it can issue a Blockchain Emergency ID to facilitate refugee access to aid and donations. These are just some of the ideas and businesses tackling the identity issue, and we will no doubt be hearing more about these and others in the months to come.

Big tech companies are also very interested in the field. A few days ago IBM completed a blockchain identity trial with French bank Crédit Mutuel that would allow banks to securely share their customers’ identities with third parties such as utility companies and online businesses. A few weeks ago Microsoft announced a collaboration with Ethereum developer Consensys and Blockstack to build an open-source identity platform that bridges Bitcoin and Ethereum.

With so much brain power and money behind the search for a solution, why is it proving so elusive? Some say that it’s because the solutions are too fragmented. I believe that it’s because we’re asking too much of the solution.

What is identity, anyway? I’m currently reading Richard Morgan’s Altered Carbon. In it, the protagonist is digitally sent back to Earth and assigned a “sleeve” (someone else’s body). But he’s himself, using his own name, and carrying around his own complicated past. His body is just a garment. Given that we can’t disassociate ourselves from our bodies, what are we? Are we our past? Our thoughts? Our abilities? Or are we something more solid? Perhaps an amalgam of our history and our qualifications, represented by a set of physical features. Given that both our past and our physiques are constantly changing, how can these relatively fluid concepts irrefutably identify us?

And, why do we need it? For transactions? Access? Privileges? Each “need” requires proof of different aspects of our self. My passport alone won’t get me a job, or a discount at the college bookstore. My job title is not enough to allow me into a country, or entitle me to a tax rebate. The fact that I’m a CFA won’t let me open a bank account, or get me treated at the local hospital.

We live in a world of fragmented identity, with different organizations issuing different validations for different requirements. As we have seen above, many blockchain services are trying to find a solution of unification and portability. But is this even possible? We can upload our identity (or identities) online, adapt them for many uses, send them around the world. But what identity? Who issues that which we upload? And how does anyone know that it is correct? Identity documents, after all, are only as trustworthy as the issuer. My British passport carries more weight than my coupon card from Val’s Laundromat.

It is also much more useful, and much, much harder to fake. But it can be done. Getting a passport is not easy, but as we know, false ones are available to those with the right connections and resources. Which highlights the difficulty, if not impossibility, of truly verified identities online. If identities can be faked offline, it’s even easier when you can’t look the person in the eye. Photos of smiling faces holding identity documents to prove physical similarities can be doctored. Scans of official documents can be manipulated. Signatures can be forged. Links can be diverted. Identity creation, validation (which is not the same as verification), dissemination and protection are all fundamental for secure online transactions. But they don’t address the issue of what identity is, and how we can be sure that it’s real.

Maybe there is no “one identity” that will do. And maybe that is just fine. Maybe we need to rethink at the concept of identity for this new, hyper-connected and multi-layered world. Online it’s easy to be many different people. Offline, it’s harder. So, maybe we need to forget about the search for how to represent one true identity, and focus on what that identity is needed for. What characteristics does it need to have?

In “Identity is the New Money”, David Birch proposes fragmenting our identities and offering the part that is needed according to the situation. Notice the plural – online, most of us have more than one identity, often without realising it. We sign in to services using different avatars. We use different platforms for different reasons. And while the superficial identities are easy to set-up and destroy, that doesn’t make them any less real.

“All of the identities we exchange are virtual, and while these virtual identities are of course linked to our mundane identities, they should not be confused. None of them is ‘real’.”

So the search for the “real identity solution” is looking for something that doesn’t exist, because there is no one particular universal format or need. Maybe the answer lies not in finding the solution that fulfils all needs, but in finding a multi-format but coherent solution that adapts to whatever the need is. A solution that is secure but updatable, easy to share but difficult to steal, decentralized but universal, adaptable but compact… This sounds complex, as are the issues around who would create such a system and how it would be maintained. But well designed and implemented, on a public blockchain, with official involvement and creative leeway for businesses and services, its use could end up being simple. And if it works, and if users, businesses, regulators and governments learn to trust it, the opportunities it opens up for efficiency, safety, wealth creation and freedom are immense.

(This article was first published on LinkedIn. I’m not sure which is more efficient, to post there or here first. Advice welcome.)