[remark] Privatizing our digital identities

by Ciprian Dorin Craciun (https://volution.ro/ciprian) on 

Trying to make the case for permanent irrevocable digital identities, which unfortunately today, by de-facto, are email addresses.

// permanent-link // Lobsters // HackerNews // index // RSS

Imagine a parallel universe in which the society has developed so that, just like in our society, every time a person needs to interact with some business or governmental institution, one needs to present some form of document that, within a reasonable limit of certainty, attests that one is who one says to be. Also, to simplify the exercise, imagine that there is exactly one form of such identification document, the ID-card.

What happens if one doesn't have such an ID-card? One basically doesn't exist, or at least practically can't get anything done. Lose it, and one needs to get another ID-card, which is identical to the previous one, obviously after jumping through some hoops in a sacred bureaucratic ritual. If one, for some reason, doesn't manage to get an identical ID-card to the previous one, but instead gets even a slightly different one, for all practical purposes it's just like one is now a completely different person that was born just yesterday. (Remember, this is a strange far away parallel universe.)

Now, unlike in our universe, imagine that these ID-cards are not issued by the government (or a branch of it) but instead by any private enterprise that happens to be registered as providing such a service. Unfortunately, the ID-cards issued by any of these business aren't even equivalent; choose another business and one is now a completely different person...

So one set out to find a trustworthy ID-card provider that won't let one down when in need. One searches and searches and decides to go with one of the big corporations, because although one would prefer a smaller business, given that these ID-cards are not swappable or equivalent, one is afraid of the business going bust, and thus taking with them one's entire identity.

All is fine for a few golden years, until one gets older and starts to develop an aversion towards internet cat photos (maybe one has seen one too many such modern works of art). Well, too bad...

One has made the mistake of making one's opinion public, and all of a sudden one is at odds with one's ID-card provider, because the CEO happens to like cat photos on the internet very much. So, because the CEO has thrown a tantrum, he has decided, because he is the owner of a private business and thus can do whatever he wants, to revoke our poor fellow ID-card, along with all those other cat photos on the internet haters.

Thus, now one has just ceased to exist... The bank doesn't recognize one anymore, one's AI-magic weather-predicting-app just told him to look at the sky, and even one's friends and relatives act like one has just disappeared... Oh, and all his rants about cat photos on the internet have just magically vanished.

So, what can one do? Sue the former ID-card provider? On what ground? Has one actually read the terms of service? I bet one has already infringed a couple of those fine-prints...

No, one just gives up, and chooses another ID-card provider, another private business that hopefully isn't as fussy as the previous one... Or at least another private business that actually wants to sell a service, not play cat photos on the internet politics.

Good luck! Because apparently, unknown to our poor fellow, this new ID-card provider one has just chosen doesn't like to do business with people that don't like tea-with-milk... And boy-oh-boy does one want to make his opinion public about those tea-with-milk drinkers...

(Strange universe indeed...)

Sounds stupid right? Not realistic at all you say?

Well, just replace ID-card with email, and you are right in our own universe and society... You need an email address -- or phone number, or Google account, or GitHub account, or Facebook account, or Twitter account, etc. -- to do anything online these days, including interacting with your local authorities.

Did you upset Google?
--- You are no more.

Did your country do something to upset the majority of Twitter paying customers?
--- You are no more.

Did your country do something to upset the US, where GitHub is incorporated?
--- You are no more.

Have you suffered partial amnesia, and forgot the password or recovery details?
--- You are no more.

Did you forget to pay your monthly bill?
--- You are no more.

Do you not love cat photos on the internet?
Are you are dismissal of tea-with-milk lovers?
Better hope the new owner that just bought your email provider agrees with your views, else you'd better keep it to yourself, or...
--- You are no more.

What can you do?
Register your own domain and run your own SMTP server?
Better make sure you renew your domain each year, else...
--- You are no more.
Don't have $5 per month to lease a VPS and run your SMTP server?
--- You are no more.
Has your domain gotten on some mail blacklists?
--- You are not more.

Were you just kidnapped by aliens, and your spouse, your children, or your legal inheritor can't reset your email account password?
--- Your digital assets are no more.

Technology can't help us here!

The right An alternative solution is for the current governments -- that each day loudly shout "digitization!", "digital society!", and other meaningless blurbs -- to step up and provide us with an irrevocable permanent email address.

It doesn't have to be anything fancy. Even a random number like 42@id.tld would work, and in fact would be better than something identifiable. Bonus points if it provides unlimited aliases in a similar fashion. They don't even have to store your email, just allow you to configure (on-line or in-person) a new forwarding address.

How much would it cost? How complicated could it get? I am willing to bet not much at all.

Thus, one can keep using this irrevocable email address as a recovery address, or as the main one used to subscribe to the various on-line entities.

Then, just like a country can't revoke the citizenship from a person that doesn't have a second one, so should the government be unable (by law) to just revoke your email address.

Is such a solution without problems? Certainly not! It even creates completely new issues!

As with anything government related, there are issues:

The bottom line is that there is no good solution at the moment.

Until we can all prove our identity with self-issued crypto-wallet-certs -- obviously cross-published on at least three different proof-of-worth-blockchains, presented as a NFC QZCode, from within the MetaTok application, running on our two-kidney-worth leased iDroid phoneputron, because why not, MuskerZuck must save the dolphins by developing the next social-electric-mothership -- as security experts use to say: "there is a problem! something must be done! this is something!"

Perhaps a better solution is regulating the whims of big corporations. Just like in some countries the power or gas company can't cut you off in the winter, or how in some countries phone numbers are portable by law between carriers, so perhaps we should regulate email (or other identity) providers.

No, blockchains and other purely technological solutions don't actually work here. We need to support the case when a person wakes but-naked in a corn field, suffering from complete amnesia, and remembering nothing about himself. Today, such a person has a chance of getting his identity back, but in a pure technological world, "the computor just says no!"

Of course I love cat photos on the internet! Those bastards that don't love cat photos on the internet should have their keyboards burned on the stake! But, just like even the most heinous criminals aren't stripped of their government issued identity, so shouldn't these cat photos on the internet haters lose their email accounts!