This is part 5 of 8 posts critiquing Philip’s assertion that all of SSI is a Dystopian effort when its really the work of a community of practical idealists who really want to build real things in the real world and do the right thing. This volume focuses on this quote that draws on Lawrence Lessig and concludes asserting that we some how are on the cusp of digital enslavement.
Professor Lawrence Lessig is a scholar of technology in society who is famed, amongst other things, for exploring the ways in which our lives are subject to four forces: laws, social norms, the market, and technical architecture (software)[14]. He observes that software code regulates conduct in a similar but not identical manner to legal code — while law needs people to know about it to be effective in regulating behaviour, software code is effective regardless.
SSI fundamentally changes the balance of these regulators in the context of identity. It diminishes the role of legal code and has software code and social norms supervene. (When it comes to identity, let’s all hope legal code keeps the market well clear — a market in digital identity leads to digital enslavement.)
– THE DYSTOPIA OF SELF-SOVEREIGN IDENTITY (SSI)
Wow so much in here. Philip references Lessig as if his work is entirely novel to this community. The thing is we are very very very aware that when designing new systems that change how identity systems work that we are in essence doing what he discusses creating “code is low” because code shapes what happens and this is a powerful medium because it transcends processes that are proscribed in law that people cary out but instead computers carry out processes that then can become/shape law – what materially happens.
I’m guessing that Phillip is unaware of and has not read Lawerence Lessig’s 50 page work specifically about digital identity published in 1998.
A digital identity system must serve several functions. First, authentication—ensuring that when a message purports to be from Alice, Alice sent it, not someone pretending to be Alice. Second, message integrity—providing certainty that when a message arrives from Alice, it is the same message that Alice sent, not modified en route in any way. Third, non-repudiation—ensuring the inability of Alice later to deny that she sent the message, and the inability of the recipient of Alice’s message to deny that the message was received. Finally, establishing a digital identity architecture may have the beneficial side effect of facilitating confidentiality through encryption—the knowledge that no one besides Alice can read a message intended for her. For our analysis in this paper, a digital identity system must serve the first three functions, and may serve the fourth.
The technical problem with cyberspace in 1998 is that there is no effective, widespread architecture to verify identity on the Internet. There is no digital identity mechanism that meets the needs for the diverse range of cyberspace interactions.
– From the Introduction to Cyberspace (right below the “No, One Knows your a dog on the Internet image”) Digital Identity in Cyberspace by Hal Abelson and Lawrence Lessig.
Lawrence Lessig and his co-authors go on in the paper to propose technical architecture FOR digital identity.
So before you go pulling out and “waving around” the book Code: And other Laws of Cyberspace and saying “Code is Law” as if his work was a reason to NOT do anything in relationship to digital identity on the internet. He himself proposed an architecture for a certificate based digital identity system for the whole internet.
Self-Sovereign Identity systems are based on self-certifying identifiers that basically create their their own certificates (its basically what a DID Document is). What is great is that open standards for Self-Sovereign Identity architectures can meet his criterion for a good internet wide identity system.
First, authentication—ensuring that when a message purports to be from Alice, Alice sent it, not someone pretending to be Alice.
DIDComm permits two different wallet/agents to exchange messages with each other and to know with confidence that it is Alice writing.
If a DIDComm connection is new and one of the parties, or better yet both of the parties are trying to figure out if each other is the party they claim to be – they can also use that connection to exchange verifiable credentials that assert their identity attributes (signed by a third party). This is known in the business as mutual authentication. In this case as I have outlined it is happening on two levels – one level is pure math – yes the person owning this DID and associated public key is the person sending the message. and on another level that indeed the person owning that key is “a particular person” or perhaps more importantly ” that particular business” this has enourmous potential to reduce fraud and risk to normal folks who are fooled by fishing attacks and share their information with businesses that think they are really “that business” but are not.
Second, message integrity—providing certainty that when a message arrives from Alice, it is the same message that Alice sent, not modified en route in any way.
With DIDComm messages in the form of JWM (JSON Web Message) the messages are signed cryptographically so they are sealed and the reader on the other end can know they are not tamppered with.
With Verifiable Credentials the digital credentials are sealed with a signature and this can be checked against the public keys of the issuer to know they have not been tampered with.
Third, non-repudiation—ensuring the inability of Alice later to deny that she sent the message, and the inability of the recipient of Alice’s message to deny that the message was received.
I checked in with the authors of the DIDComm spec specifically about this and this is what they said. Sending non repudiable messages is accomplished by adding an optional signature, and non repudiable receipt is done with a signed ACK. This is documented in Aries RFC 0049.
Finally, establishing a digital identity architecture may have the beneficial side effect of facilitating confidentiality through encryption—the knowledge that no one besides Alice can read a message intended for her.
DIDComm Messages are encrypted between parties so that only the party they were intended for can read them.
Lessig explicitly calls for a widespread architecture to verify identity on the Internet.
We believe we have the open standards to make this a reality.
Continuing on with the assersions from the first quote at the top of this post.
It [SSI] diminishes the role of legal code and has software code and social norms supervene
What “legal code” about identity are you even talking about? You go on to reference GDPR and then say it doesn’t apply to groups – ok..and so what? Then you talk about the potential for emergent social norms that might be illiberal (saying that Nazism and apartheid are social norms?…not sure I follow you cause you know what both of those system were driven by laws that made the the regimes who perpetrated those ideologies legal.)
Its just a kind of through away statement that doesn’t really make sense. Formal written law is often behind technology and the laws on identity is all over the map globally. Names and human systems for expressing identity are way older any human written laws. I’ve actually studied the history of identity systems and government’s role in them (see the Government Registration section of the Domains of Identity as a starting point or Mawaki Chango’s PhD Thesis Becoming Artifacts) The way to ensure that this code is good and in alignment with human values and social norms is to engage with building because they are different then legal code that is by its very nature behind the technology. Back to my first critique in this series where I explain why I have dedicated my professional life engaged with and in the technical communities working on these very hard problems.
although the decentralized authentication processes we have today have their downsides of course, those disadvantages are at least well understood and remain the constant subject of expert legal purview.
What process are you talking about exactly? Digital ones like OAuth and OpenID Connect? or the processes around identity proofing that are digital where companies as you to “smile” while holding up your existing identity documents to a camera? in some proprietary system? Or the process where I have to lug a bunch of original documents to an office somewhere to have someone look at them.
Again I urge you to actually make yourself clear – what types of interactions are you specifically talking about?
our relationships with dozens of organizations today are indeed authenticated by each of them in turn, separately with this actually burying a really important point foot note – “Excepting where individuals may select a “log in with …” option, bringing a third party such as Facebook or Google into the process.”
You yourself are basically making the point I already made – we have an identity layer of the internet now and it means that our identifiers are controlled by private companies or in global registry systems where we must pay rent every year to keep our identifiers.
whereas SSI collapses that all down to our supposed atomistic selves.
How does SSI collapse us down to our supposed atomistic selves?
Individuals get to:
- generate as many decentralized identifiers as they want and create pair-wise secure connections to any other person or entity (With the wallet/agent software that speaks the protocols).
- they get to collect a whole variety of credentials issued to them by any number of institutions saying all manner of things about them.
- they get to decide how and when they share those credentials.
Many of them will leverage the new JSON-LD ZKP with BBS+ signatures format so people will be able to pull together and share only some of the information using selective disclosure.
Then you pull in a random scholar who wrote a whole paper about “Decentralization” as if he his analysis of the term actually speaks to what our decentralized identity technology can and does do. To quote from the abstract.
[Decentralization] is called for far more than it is theorized or consistently defined.
Well guess what Philip our community has gone to tremendous lengths to explore what the term actually means and has developed (and still is if you want to join in) a rubric for different ways that term could be used to describe the actual systems we are building. Why because we as a collective actually care about actually being decentralized or at least understanding where things aren’t and why.
- Here is a post from IIW 28 where joe summarizes the discussion there.
- Here is the creative brief for it.
- Here is the Decentralized Characteristics Rubric v1.0– join in, create issues and make pull requests.
this is the quote from Nathan Schneider
we cannot accept technology as a substitute for taking social, cultural, and political considerations seriously. Decentralized technology does not guarantee decentralized outcomes.
– Decentralization: An Incomplete Ambition
I totally agree. AND
right now in the real world we have a very centralized architecture of digital identity on the consumer web where increasingly it is impossible to do business with a site or applications UNLESS you subject yourself to getting an identifier from Google, Apple, Facebook, or GitHub.
right now in the real world we have governments being actively told by large global institutions that they should be investing in digital identity architectures for their citizens that look like what India has with Aadhaar (everyone has one number linked to a biometric that the government hosts and does authentication against creating a Mega-IdP) and Estonia has with X-Road (where all the databases across the whole country are cross linked)
right now in the real world we have a company called CLEAR proposing to NYC that it be permitted to set up across the whole city to be the gate keeper for “opening up” and permitting people into certain buildings and spaces or not based on their “risk score” as determined by them. (think of it like google or facebook for the real world – having and ID with them will be required and they will gate keep not ‘the web’ but all of physical space via just your face).
right now in the real world governments who have a responsibility to all of their citizens to provide for them are looking at SSI and saying this is pretty good because we want to provide our citizens/residents information about them for which we are authoritative and we DO NOT want to be in the middle (CENTRALIZED) of seeing every place or situation they might want to prove those attributes to other parties.
So to continue to the last part of the quote of yours from above
When it comes to identity, let’s all hope legal code keeps the market well clear — a market in digital identity leads to digital enslavement.
What are you even talking about? Legal code keeps the market well clear – in what way? about what? What are you even really saying?
And let’s just get one thing really clear – that last part is totally inappropriate – it is not ok to compare anything to slavery. It just isn’t ok for you with your social position as an British white guy to do this. Do you even have African American friends? If you did – you would know not to do this.
Whatever the problems we have in the digital world relative to control and power they don’t deserve to be compared to this horrible institution that was instrumental in creating the America we have today.
This is the 5th in a series of posts addressing Philip’s critiques.
Bonus – Why my expertise is radically interdisciplinary and not focused solely on “information technology” cause that is always a reason to not listen to something a woman is saying.