Decentralised digital identity: what is it, and what does it mean for marginalised populations?
Margie Cheesman, digital anthropologist, and doctoral candidate at the Oxford Internet Institute, explores the subject of decentralised digital identity, what it is and what it means for marginalised populations.
The rise of big data and big tech platforms has heightened concerns about how ‘identification practices’—the ways in which people are made recognisable to institutions—enable invasions of privacy, state surveillance, and the extraction and exploitation of personal data by businesses for profit. Recent debates focus on the handling of health information and vaccine passports by governments and their corporate partners, but the examples are legion.
To address the threats posed by computational capitalism, some propose to decentralise digital identity through ‘self-sovereign identity’ (SSI) schemes which will supposedly revolutionise data governance. SSI will allegedly give individuals more privacy, control and ownership with regard to personal identity data, reducing reliance on—or even cutting out—commercial and state gatekeepers. Most decentralised identity projects deploy blockchain, a.k.a. distributed ledger technology, which is claimed to have a high security profile and to enable transactions that rely on algorithms instead of institutions.
Decentralised digital ID is going mainstream. Microsoft’s blockchain-based identity platform is now being trialled with the UK’s NHS, a university in Tokyo, and a Belgian government authority.
“The goal is to build a platform that could store information about official data without holding the actual documents or details themselves. Instead of just storing a scan of your birth certificate, for example, a decentralised ID platform might store a validated token that confirms the information in it. Then when you get carded at a bar or need proof of citizenship, you could share those pre-verified credentials instead of the actual document or data”.
The implications are promising. Beyond getting drinks at a bar, this would encompass all kinds of public, financial and health services. The European Commission is developing its own decentralised approach to e-identity for citizens. Public-private initiatives are building blockchain-based ‘immunity passports’. Decentralised identity systems are being trialled by public authorities and NGOs in British Columbia, the Netherlands, Belgium, and Germany, Thailand and Indonesia, Turkey and Ethiopia, Lebanon and Tanzania. Unsurprisingly, many of these experiments happen to enrol refugees as end-users.
Decentralised identity at global margins
When people are forcibly displaced from a country, it’s often on the basis of identity: e.g., a persecuted ethnic, political or religious affiliation, or LGBT identity. And refugees often lack a secure, persistent from of ID. When humanitarian and government agencies formally recognise people as refugees and provide them with welfare, social and financial services, and political protection, they deploy identification systems. Many experiments are running to develop decentralised, digital, self-sovereign identity systems, and grand claims are regularly made about them.
Taqanu and the Rohingya Project are two such projects. Taqanu (strapline: ‘A Catalyst for Global Inclusion’) aims to set up an alternative financial infrastructure for refugee populations, who are often not ‘bankable’ because they do not fulfil the necessary ID checks and credit scores. The Rohingya Project aims to mitigate the systematic denial of political recognition to stateless Rohingyans, who are persecuted on the basis of ethnic identity in Myanmar, and ‘other stateless people worldwide’.
It is well known that data-based identification systems are riddled with the profiteering, exploitation and surveillance strategies of state and corporate actors. The claims made by proponents of decentralised ID can’t be taken at face value. Will SSI projects like Taqanu and The Rohingya Project really reform the international order and empower some of the world’s most marginalised groups? Recent research suggests this is unlikely.
Research findings from the aid industry
My book chapter with Aiden Slavin on decentralised identity in aid is published this week. Our research zooms in on the two aforementioned case studies to examine how SSI initiatives interface with the established data practices and institutions of refugee governance. We advocate for caution regarding the slippery terms and techno-utopian associations of self-sovereignty, decentralisation and blockchain. This work ties in with my recent research paper in Geopolitics, where I draw on ethnographic research with an international aid organisation to examine the key debates surrounding SSI.
In the rest of this blog, I draw together the main findings from both pieces of research. In summary, there are 4 main competing logics that characterise debates about decentralised identity:
- The neutrality of the technology: Who gets to define what it is to be Rohingyan? Aid actors recognise the sensitive classification work and discriminatory outcomes involved in refugee identification. Yet SSI proponents make huge neutrality claims about digital identity systems, because of the association with blockchain’s supposedly ‘trustless’ algorithmic governance. We need to re-politicise decentralised identity. SSI schemes are no different from other identity technologies: they are still part of the political struggle to make people legible to institutions and control their livelihoods and movement.
- The capacities of users: The idea of ‘self-sovereign’ agency involves autonomy and empowerment for technology users. This regularly comes into friction with generalisations about refugees’ deficiencies in digital literacy and access. The ideal SSI user possesses more digital expertise than most refugees and, frankly, most people, full stop. Decentralised ID may outsource legal liability to individuals and ‘responsibilize’ them to independently manage their identity. Many people are likely to ‘fail’ at the task. This may end up weakening the responsible data practices and safeguards of institutions.
- Global governance and the nation state: SSI discourses strongly promote blockchain as the infrastructure to circumvent messy, fallible political economies in the Global South. Some suggest decentralised identity could lead to the demise of international passports, and even the nation state system. However, existing refugee SSI projects are inevitably entangled with traditional authorities like UNHCR and national governments. Decentralisation is an elastic term. Increasingly, decentralised ID projects are said to be about ‘strengthening the relationship’ between states and subjects. Yet SSI projects may not grant refugees access to meaningful recognition, rights and protections. They are extremely unlikely to deliver citizenship to stateless Rohingyans, for example.
- New economic models for digital identity: Some proponents of self-sovereign identity see it as a public good that should be managed and maintained as a privacy-supporting commons resource. However, this is a minority view. Most SSI start-up companies espouse the profit-oriented models of computational capitalism. When decentralised ID schemes like Taqanu invoke the global ‘financial inclusion’ agenda, humanitarian settings are being redefined the latest frontier for market creation via data technologies.
Overall, the research shows that the properties of SSI are indeterminate, as are its benefits. Slippery terms and competing logics are not just at play in debates about decentralised identity at global margins, but also much more broadly. Decentralised ID is being proposed in ever more domains. This presents pressing issues, not just of legality or technical standards. SSI schemes embed classification systems with potentially discriminatory outcomes. They embed models of end-users and their capacities to act. They instantiate political, institutional arrangements. They offer new forms of value: but for whom?
This blog was originally published by the The Digital Inequality Group, Oxford Internet Institute, University of Oxford in May 2021.