For all the reading and conversations I’ve had regarding decentralising identities, it appears we still come back to needing something centralised. And fundamentally we need trust.
We can decentralise the issuance of credentials (things that identify one aspect about our lives) and decentralise verification and acceptance of the credentials. We can even decentralise an aspect of trust. Can I trust that the DVLA issued the drivers’ licence being shown to me?
The challenge that it appears when we decentralise we can’t ‘prove’ uniqueness across a population group. We can not ensure that I have not registered twice. This is important for humanitarian operations when we want to deduplicate a population set across multiple organisations. There appears to need a some sort of centralisation ability for this. However, this does not mean we need to centralise huge datasets. Ideally we need one identifier that is unique and constant. And one that can be meaningless by itself.
According to the NASPO IDPV Project, the combination of first name, last name, and date of birth can distinguish uniqueness of around 96% of any population group. However, many of the population groups we work in humanitarian contexts don’t have a known fixed date of birth or just know it was January 1984. So this is unlikely to help us.
As much as I tend to be very skeptical of biometrics, perhaps this is where they could come into their own (I feel nervous even writing that sentence). If we have a common biometric which is hashed and store securely in a database. Not globally, a central database for a response. Then we might be able to prove uniqueness. And, keeping the biometric completely separate from any other data, as good practice states, we could reduce harms. And perhaps, this is also where data trusts could come into their own as they could ‘manage’ the biometric database if they can answer a few questions.
With this, we can decentralise the rest of the data management and enable data portability. Trust will come into question as we will need to ‘trust’ the ‘trustees’ of the ‘data trust’. (Too many trusts in that sentence, but what can you do.) This is one of the big areas to work on so we can forward. The technology is mostly there, focus on the trust.
The choice is up to us.