Self-Sovereign Identity and Legal Identity


Summary

We've finally gotten to a place where self-sovereign identities are technically possible. This is a huge milestone. The next hurdle is getting organizations, including governments to allow the use of self-sovereign identities as the basis for their administrative identities. In the case of legal identity, this would provide 1.8 billion people who have no legal identity with a way to establish one.

Passport

The Peace of Westphalia, ending the 30 Year's War in 1648 created the concept of Westphalian sovereignty, the principle of international law that "each nation state has sovereignty over its territory and domestic affairs, to the exclusion of all external powers, on the principle of non-interference in another country's domestic affairs, and that each state (no matter how large or small) is equal in international law."

The next century saw many of these states begin civil registration for their citizens. These registrations, from which our modern system of birth certificates springs, became the basis for personal identity and legal identity in a way which conflated these two concepts.

Birth certificates are both the source of identity and proof of citizenship. People present proof of civil registration for many purposes. The birth certificate is thus the basis for individual identity in most countries. We use our physical control of a piece of paper to prove who we are and, springing from that, our citizenship. Civil registration has become the foundation for how states relate to the citizens. As modern nation states have become more and more powerful in the lives of their citizens, civil registration and its attendant legal identity have come to play a larger and larger role in our lives.

Descartes didn't say "I have a birth certificate, therefore, I am." We are, obviously, more than a legal identity. Nevertheless, the civil registration has been with us for almost four centuries and most of us cannot conceive of any basis for trusted identity independent of civil registration.

And yet, presently, 1.8 billion people are without this basic form of identity. As a result, they have difficulty getting basic government services. Most of these people are refugees displaced by war or territorial disputes, victims of famine or ethnic cleansing, outcasts from society, or victims of unscrupulous employers, smugglers, or organized crime. People who want to help them have difficulty because without legal identity they are illegible to state apparatus.

Without a birth certificate, people are in a bind. They have nothing upon which they can establish a legal identity and become legible to governments. And since birth certificates link identity and citizenship, both of these problems have to be solved at once, creating a paradox for authorities trying to help these unidentified people. In this system, they can't be made legible, and thus able to call on governments for aid or protections, without also being granted citizenship of some kind.

We are at a point in the development of identity that it is possible to develop and deploy technologies that allow individuals to create a self-sovereign basis for their identity independent from civil registration.

Such systems allow us to tease apart the purposes of the birth certificate by recognizing a self-sovereign identity independent of the proof of citizenship. This doesn't, by itself, solve the problem of providing legal identity since the self-sovereign identity is self-asserted. But it does provide a foundation upon which a legal identity could be built: specifically it is an identifier that a person can prove they control. Constructing a legal identity on this self-sovereign identity is possible, but would require changes to existing statutes, rules, policy, and processes.

ID2020 is a summit being held at the UN in May with the goal to "by 2030, provide legal identity to all, including birth registration." For this to work, I believe we must succeed in recognizing one or more sources of self-sovereign identity that people can use to bootstrap the process. Such systems must be trustworthy enough that governments will be willing to use them as a basis for a legal identity. Governments must be persuaded to accept this self-declared identity as the basis for establishing a relationship to the state.

The self-sovereign identity will not be all that is needed. The self-sovereign identity won't, at first, be associated with any validated claims. It provides only the identifier that the person can prove they have control over. Beyond that, legal systems will have to provide a route for using that identity to validate the attributes needed for a person to form a recognized relationship with various governments and their agencies.

Please note that this doesn't require that the self-sovereign identity be controlled by the state, only that it be trustable by the state. This also doesn't mean that this same self-sovereign identity wouldn't be usable as the basis for identity in other administrative systems. And using the self-sovereign identity in administrative systems need not diminish its independence in any way.

I'm very excited about developments in self-sovereign identity. There is much to do, but I feel like I can finally see a way forward on an idea many in the identity community have been working on for a decade: to understand how people can use identity in a way that doesn't always rely on some administrative authority to grant that identity.


Note: Christopher Allen's The Path to Self-Sovereign Identity got me thinking about writing this post when he circulated an early draft of his post last week. As he points out, a lot of people have been working on this for many years. User-centric identity was the word we used in the early phrase to refer to these ideas. The Internet Identity Workshop, which is holding it's 22nd meeting this week, was founded to explore user-centric identity on the Internet. As I said, many people in the identity community have been pushing this idea for a long time. And there's finally some light at the end of the tunnel.

Chris is also hosting a Rebooting the Web of Trust workshop in New York in the two days after the UN Summit. This is the second #RebootingWebOfTrust Design Workshop on decentralized identity technologies. The first produced a number of white papers on these ideas.