I had not heard of Tea, an app for women who want to share information about the poor behaviour of a subset of men, until it the platform suffered from two major data leaks. First, an unprotected Firebase database containing users’ personal information was breached and then a second database containing 1.1 million personal messages exchanged by the users was opened up. This meant that torrents of the leaked data (users’ driver’s licenses, selfies, and message attachments) were spewed across the web.
Why was the web site storing this personal information? Well, it is because of the sign-up process, which required people to take selfies to prove their identity. This typical example of a breach and real damage reminded me that across tradfi and defi, the need for a population-scale privacy-enhancing digital identity infrastructure is evident. But how?
The Crypto Perspective On Digital Identity
The White House has just released its report on digital assets. The report, called “Strengthening American leadership in digital leadership in digital financial technology” identifies digital identity as key infrastructure and has a section on “Advancing Privacy Through Digital Identity and Related Tools” that Treasury should consider issuing guidance to financial institutions on how they can utilise digital identity solutions within their existing customer identification programs. I saw an article in American Banker titled “Banks should take the lead in developing a trusted digital ID system” (and I agree), but as yet Americans do not have any bank-issued digital identity, so it is interesting to see if the crypto world might advance the state of the art.
The Bitcoin Policy Institute (BPI) has just published a report called “Building a Trustworthy Digital Future: Digital Identity in the Land of the Free” which calls identity the “layer zero for participating in modern life” while simultaneously calling attention to the “fractured” nature of digital identity in America and noting the escalating scale of identity fraud.
(Indeed, while I was reading it noticed an all-too-typical report that hackers obtained the personal information of a majority of insurance firm Allianz Life’s 1.4 million customers in North America.)
It is an interesting report and I urge you to read it, but for now I will simply highlight that it (correctly) identifies tried-and-test cryptographic solutions such as digital signatures and verifiable credentials as the way forward. The report favours the use of decentralised identifiers that are “wholly controlled” by individuals – something I am not entirely convinced about, since it is not at all clear to me that individuals (eg, me) have the persistent competence necessary to exercise this control — and the use of selective disclosure to enhance privacy.
The Ethereum world is facing the same problem and Vitalik Buterin, the co-founder and a is a very smart guy, has just put forward a proposal for an “inclusive” digital identity model with interest. He suggests that we meet the challenges of identity verification in the digital age by creating a decentralized system that allows individuals to control their own digital identities. This might be a good – but what does good look like in the world of population-scale digital identity?
Buterin’s proposal emphasizes the importance of pluralistic identity systems, which enhance privacy and support the capability to maintain several digital identities. This approach is seen as crucial in an era where digital interactions increasingly require reliable and private identifications. The initiative suggests that digital ID systems should avoid a one-per-person model that heightens surveillance and reduces pseudonymity. Existing systems, such as those in the European Union, were referenced to illustrate the need for zero-knowledge proof applications.
He then goes on to discuss the Sam Altman-backed World ID. This uses iris biometics to distinguish individuals. Instead of storing the biometric, or the biometric template, they break up the template into encrypted pieces stored in different places. Working in a field known as secure multi-party computation (SMPC), they have applied cryptographic smarts to use the iris templates (known as “iris codes”) to enable them to determine an individual’s uniqueness without creating a biometric honeypot for fraudsters. Privacy is enhanced because an application-specific ID is actually a hash that takes in the application ID and a session ID so that, for example, your bank ID and your airline ID cannot be linked without your permission.
Pluralistic Digital Identity
The White House report says that Treasury should ensure that future guidance balances secure identity verifications with protection of personally identifiable information. I see no need for balance: I think Americans should expect both security and privacy and the pluralistic approach is a way to achieve this. You can have a pseudonymous identity (or even multiple identities), and each of those identities can build up reputation in their communities through their actions. An ideal explicit pluralistic identity system may not even need to have the concept of discrete identities at all, only discrete reputations that can be cryptographically-proved on demand.
With banks doing nothing, then, perhaps it will be the crypto world that will rise to meet this challenge by using new technology to bring a new approach to the problem of identity in the new economy. And if they do, the benefits will spread far beyond the worlds of fintech and defi, payments and exchanges, because this new approach to identity is needed across the economy as whole.
There was no reason for Tea to know any of their user’s personally identifiable information. In a sane world, when asked to created an account at Tea a citizens could use their (let us imagine) Zelle ID. They would then be redirected to their bank, which would not know which web site the request had some from, and required to log in.
Their bank could then send back an identifier (different for each request, of course, so that your Tea-ID and your Walgreens-ID would be different) and a verifiable credential attesting to the fact that the user is over 18. This is all Tea needs to store in its database alongside the username. When the hackers get in, they will find that user “Daphne-Whitethigh” is Ted-id XXXX and has an IS-OVER-18 credential signed by Wells Fargo, the Department of Motor Vehicles, the US Treasury or whoever. They will learn no personal information about the citizen behind the identity whatsoever.
We need actual security, and we need actual privacy to go with it.