Personal data servers will help take back digital ID from big tech

Proving you are who you are will get personal in 2021, thanks to data servers

In a world that is increasingly digital, our online identities hold the key to accessing social, economic and democratic activities. According to a 2019 report by McKinsey, the potential economic value of digital identity by 2030 will be the equivalent of six per cent of GDP in emerging economies, and three per cent in developed economies. This will come from many sources, including increased use of financial services, better access to employment, escalated agricultural productivity, higher tax revenues and less fraud.

Yet, the World Bank estimates 1.8 billion people have no legal form of identity. Without this, individuals are more likely to be exploited, trafficked or confined to a life of servitude. And many of us who do have an online identity find that it is managed by companies such as Google and Facebook – organisations that, in many people’s eyes, have a poor reputation when it comes to using individuals’ data.

In 2021, individuals will gain the ability to own servers where their data is stored – and with it control their online identities.
Digital identification utilises three components: identification, authentication and authorisation/assertion. Identification involves binding a digital identity to a real-world person, such as happens when you open a bank account. Authentication is about proving that someone is who they say they are – which is most commonly through the creation and use of a log-in password. Authorisation and assertion are the presentation of credentials that demonstrate that someone is able to access certain resources – such as a parent topping up a child’s school-meal allowance.

All three digital-ID components require “source-of-truth” data for the individual’s identity to be verified against, and digitally verifying these sources confers great economic power. Much of this data has been amassed by tech giants such as Google and Facebook, which have stepped into the role once held by the state.

These platforms are able to verify online identities through the vast amount of data they hold and through the fact that their servers can perform real-time, secure digital verification and authentication. (This is how Google and Facebook can offer smaller companies the means to verify and authenticate people logging into their systems quickly – the option to sign in “with” Facebook or Google.)

For those of us concerned about privacy and civil liberties, this is a problem. Each time Facebook or Google verifies a user’s identity they become even more powerful through gaining more data about that individual and their transactions. By ceding identity verification to big tech, we are increasing its ability to surveil.

In 2021, people online will be able to verify their own identities. This will help the 1.8 billion of those who have no legal form of identity, and will reduce the power of the tech giants.

Companies such as Dataswift, with which we are involved, have developed personal data servers (PDAs) with computational abilities to create their own digital personas. Using this technology, individuals will be able to import their own sources of truth – such as banking and healthcare information and even data from Facebook – and use this for identity, authentication or authorisation with applications and websites directly.

PDAs can be created in seconds in the cloud with legal ownership transferred to individuals upon creation. They are able to authenticate themselves directly and give apps that use them access to the account without the app itself holding any identity information, such as an email. They also enable apps to request other data stored in the PDA. For example, individuals can show applications they are allergic to peanuts, because data from their healthcare provider acquired into the server can be used to authenticate and assert that fact without the need to give any identity information. By using PDAs, apps that rely on sensitive data will be able to access this and stay “identity blind”.
One effect of the Covid-19 pandemic will be the increased use of PDAs.

In the US, ShareTrace, which manages Covid-19 symptom tracking, is already using the technology. And, in 2021, EMITTO, which helps travellers verify risks before they fly, will offer log-ins via PDA in its app. This will be a game changer. With 759 million travellers per annum, 2021 will see a huge rise in those obtaining a PDA, instead of logging in with Facebook and Google. And once PDAs have increased penetration in this way, they will be used by apps and online services across many other sectors.

In a society where digital technology is becoming yet more dominant, giving citizens the ability to own and verify their identity (or just their Covid risk score without identity) levels the playing field and holds the key to a more equitable future.

Originally published on Wired.