Who owns your digital identity? You may think you do. But it’s more likely to be a combination of Google, Facebook and other online service providers. They’re the platforms holding records of your browsing history, your social preferences, your shopping habits and financial transactions.

If you use Facebook, Google or another company to verify your ID while logging onto other online services, you’re adding to the data they already hold on you. Technically, that’s ok. Because you’ll have authorised all of this back in the mists of time when you clicked an “I agree to the Terms and Conditions” checkbox.

Identity crisis

Most of us are have only recently started to appreciate that “free” digital services aren’t generally free at all. Apps like Google, Amazon, Facebook and TikTok make money through buying and selling our data.

Often, we don’t care. These services are convenient. My teenage daughter likes the fact that Instagram only serves up ads that are relevant to her. (And I guess I should be grateful she won’t be staggering out of Tesco’s with a bottle of Martini any time soon).

But we know the current system is riddled with problems. Harvard Professor Shoshana Zuboff described these best when she coined the term “surveillance capitalism”. (She wrote a book which is 700 pages long – this article sums up the key ideas).

So, what’s next?

Last week I went to the future. Or at least, I went to the Internet Identity Workshop. IIW was set up in 2005 by Doc Searls, Phil Windley and Kaliya Young to look at addressing and solving our digital identity issues. The workshop usually takes place in Mountain View, California. Since April last year, it’s been held online.

Doc, Phil and Kaliya are all pioneers of self-sovereign identity (SSI) and the decentralised web. IIW is a fantastic smorgasbord of the technology and philosophy around these concepts, and everything in between.

My main concern is not only who owns our digital identity data, but the flipside of that: all the stuff that is unattributable or verifiable. Social media is drowning in fake news, fake identities, malign bots and anonymous trolls.

Can IIW save us? Possibly not. But for the last 16 years, this conference has tackled verification issues head on. It’s played a key part in the development of technologies like OAuth, OpenID and (my favourite given the photo for this blog), Fido.

Here’s what I learned from the sessions I joined:

1. The global SSI market is still tiny

We haven’t yet found the perfect use case to take SSI to a mass audience. Progress is being made – the finance and health sectors are leading the way. But SSI is still too complex. It’s not clear which technologies will dominate, or which ones are going to take SSI to the next level. People need to take this entire field and create mass communication around it (says Trevor Butterworth).

I ran a session where we tried to create a positive vision of the future focused on values rather than tech.

Here’s the first draft.

Digital identity - creating a positive vision for the future
Creating a positive vision for the future (Miro board)

2. Right now, things are a mess

We’re stuck in what Doc Searls calls the calf-cow model. It’s about control – and who has it. “Google ran ads against Mozilla back in the day. Now Facebook are running ads against Apple,” says Doc. And current regulations aren’t doing anything to protect us. “Our experience of the web is worse due to GDPR. Look up ‘GDPR compliance’ and you’ll get millions of results – all about how to obey the letter of the GDPR while completely destroying its purpose (to stop organisations tracking us).”

3. Digital identity is part of a bigger problem

The bigger problem is the provenance and authenticity of data in general (says Dave Huseby). It’s about how we digitise trust. Self-sovereign identities are verified by a “provenance log” which is a bit like a list of Bitcoin transactions (although apparently a blockchain is not essential). Like Bitcoin, self-sovereign identities are built on a decentralised system: anybody can be an issuer, anyone can be the holder, anyone can be the verifier.

4. The experience of Web 2.0 left people feeling burned

Judith Fleenor says “I’m not sure what good I can create any more that won’t achieve a result I wasn’t expecting”. We must be wary of unintended consequences when pushing forward the next generation of internet tools. Paperclips is a game where you pretend to be an AI optimising paperclip production: the end game is that all matter in the universe is turned into paperclips – that’s a good metaphor for what we don’t want (thanks Jacob Dilles).

5. Digital data can be toxic

We’re suffering from “data debris”, defined by Jeff O as “when you have so much treasure you can’t find grandma’s gold ring”. “We are built to forget” says Robert Mitwiki (“It’s a survival feature” says Jeff O). The internet right now doesn’t allow us to forget anything. That’s a problem.

6. Covid passports are not the answer

So says Dr Manreet Nijjar, who worked on the Covid frontline in a south London hospital: “Why do we need this solution? What problems are we really trying to solve? We don’t know enough about Covid yet to introduce this technology. We live in this world of hyper-convenience. Everyone wants things done quickly. [But] I would be struck off as a doctor if I developed a drug and started giving it to people without testing. As technologists, you’re potentially doing the same thing!”

We mustn’t forget that technology is crucial in terms of how power can be applied within a population: “The slide to totalitarian control is very, very real and very, very possible,” said another contributor: “I’ve seen first hand how your IP address gets you killed. No one gets the right on Twitter to say ‘I’m sorry, I take that back’.”

Things need to change – but it’s not clear exactly how they will.

Digital identity - social media and covid
The conversation around Covid passports is not always well-informed, says Dr Manreet Nijjar

We’re at square zero

We’re living in times of seismic technological and social change but no need to worry, says Scott David: “It’s not extinction. It’s a paradigm shift”. (Scott recommends 1177: The Year Civilization Collapsed as some light bedtime reading). It’s probably useful to bear this in mind as we navigate the next few years.

I like what Doc said at one of the sessions: “We are at Square 0 for making privacy work in the digital world. We are at Square 9000 in the physical world, where Square 1 was clothing and Square 2 was shelter—our first two privacy technologies.”

One day, one way or another, we’ll own our digital identity again. Juniper Research says self-sovereign identity will be mass market in three years time. Colleen Elliott from the Canadian government says it’s more like 15 years away. Either way, I look forward to a time when we can be our own masters, not calves feeding from cows, or even dogs being taken for a digital walk!

The future of social media: web 3.0, wearables and chatbots

Photo by Nick Fewings on Unsplash