Every natural person or a legal entity, such as company, partnership, association, government department or supranational organization, has a verifiable and unique identity. Usually, the identity is formally awarded by a competent sovereign authority, such as the state or is set out in international agreements among sovereign states. The uniqueness and verifiability of an identity is a fundamental element of a functioning society as well as the foundation of every legal system.
As a social construct, individuals and groups have unique identities that are not tied to or reliant on a formal record by an official identity. A mother or a father will “assign” an unique identity to their child that is recognizable to other family members and members of their community, regardless of what the child’s legal status is. As the child grows, her identity in her extended family and her community will be unquestionable as she becomes a link in the social fabric that forms that family and that community, and where each member can verify the individuals who belong to their group, and what their relationships to each other are. To the members of the family or the community, there is no difficulty in differentiating between John Smith Sr. and John Smith Jnr. even though they might share the same name, address, family tree etc.
Since the emergence of internet and the world wide web, the question of unique, verifiable identity has become more complex, and organizations have had to invest in protecting their identity in the digital, online environment. The 1990’s saw several court cases over the ownership of specific URLs as the larger companies and brands woke up to the emergence of internet later than the early pioneers and found themselves having to claim their name or brand in the digital world, to reflect what they owned and controlled in the physical world. Building and maintaining an identity and presence online became quickly no different to organizations than what they had to do in the physical world.
Around a decade later individuals too found themselves creating online identities following the emergence of social media. Up until that point, the only digital identifier that most individuals had was an email address that was given to them by their employer or other organization they belonged to or they procured it themselves from one of the email service providers such as AOL, Hotmail, Yahoo or Gmail. However, since the late 2000’s, Facebook, LinkedIn, Twitter, Instagram, SnapChat, WeChat etc. have become essential tools for individuals to organize their social and professional networks as well becoming the primary channels for communication.
The importance of social media in organizing the lives of real people has had a profound impact on organizations as well, and no enterprise, association or government department could operate without online presence in the major platforms, most often supported by significant advertising spend on these platforms.
There is no single source of truth when it comes to digital identities, and an individual’s digital identity consists of several different profiles and identifiers. These include the different profiles in various social media and communication platforms, but equally an individual can be identified by their email addresses or phone number(s). Since the different identifiers are rarely constant (you only get to use your company email address or company mobile phone whilst employed by that company), and since individuals tend to share different identifiers with different people, maintaining and updating what ultimately determines an individual’s digital identity is often logistically difficult. And this does not extend to just maintaining one’s own identifiers, but also to keeping track of other people’s details who form your social and professional network.
A new paradigm is needed for individuals and organizations to have a reliable and secure digital identity that is fully controlled by the owner of the identity and not by a third party. To achieve this, individuals and organizations will need to be able to:
Control their digital identity by allowing them to manage and update their various identifiers, or attributes, in real time.
Control what attributes are shared with whom.
Control who can associate themselves with a specific organization.
Ensure that the individual’s or organization’s attributes are secure and immutable to everyone except themselves.
Like in the physical world, individuals should be the owners of their own identity in the digital world. A self-sovereign identity model is needed that allows individual users to store their own identifying attributes, change them as required, and share them with others dynamically and in real time, without the need of third parties in between. This gives every person the control over what information they share with whom, while ensuring that everyone have the most up to date relevant details of their contacts.
By consolidating all the possible digital identity attributes, individuals can secure a truly unique digital identity that everyone who is contact with them can trust. It can also act as the bridge between the different social media platforms, ensuring that people can link the various social media profiles with the real person. It will also make it easier and simpler for individuals to share their contact details in professional or social settings.
The same should also be extended to organizations, allowing them to set up their own identity and control who is able to associate themselves with the organization. This will not only protect the organization by eliminating the possibility of individuals pretending to be part of the organization on their digital profiles and potentially harming their reputation and brand, it will also strengthen the trustworthiness of the individual’s identity who is a member of that organization. This will eventually create a virtuous cycle where multiple individuals and organizations verify each other, similarly to what our families and communities have done for millennia.
The first step in achieving this is accepting that individuals and organizations are the sovereigns of their own identities and they alone should always have full control of the attributes they share with anyone.