Proof of life: The past, present, and future of identity
This is a guest post by Archit Lohokare, Chief Product Officer at Idaptive.
The U.S. 2020 Census, according to its own messaging, aims to provide a “snapshot of our nation – who we are, where we live, and so much more.” The data collected – the identities of individual people – will be culled together to form a larger blanket identity for a community, state, or region. It’s an identity built on identities. The Census can and does have far-reaching influences. It can alter the size of your state’s representation in the House of Representatives, and how much weight it holds in the Electoral College. The past few years have also made factors such as race, gender, and immigration status more than just data – we’ve seen all too often how they can be excuses for discrimination and punishment as nationalist sentiments gain a deeper and deeper hold on government.
But in general, proving who you are is a routine, daily occurrence for just about everyone. You produce a driver’s license at the bank. You show a passport at the airport. You constantly have to remind your computer that you are not, in fact, a robot. It’s this last part that is most relevant to my work on identity and access software, naturally, but it also will gain more significance during this Census period. For the first time ever, a U.S. Census will offer a fully digital, online response option. Limiting person-to-person contact has become an extreme priority in 2020, but this option is also in service of convenience and, hopefully, more widespread response.
A digital census also raises questions of how we got here. When did identity become a tangible thing? And what will “ownership” of one’s identity look like in the next decade and beyond?
A brief history of identity
There’s a reason why anyone researching their family history almost inevitably comes to the point where the trail peters out into a morass of approximate dates and best guesses. For centuries, births were not recorded by any central authority. If it was done at all, it was done by the local church – and record keeping wasn’t their strong suit. In 17th century Virginia, the government even tried to mandate that churches keep more precise records only to see the practice die out almost immediately. In 1639, Massachusetts made the first formal effort to assign the job to local governments. Things didn’t immediately improve, but it was a start.
As the influx of European immigrants rose between 1815 and 1915, the U.S. Bureau of the Census was pressured to begin registering and recording births. This led to the standardization of the birth certificate, and one of the first concrete forms of identity confirmation.
It would be another 20 or so years later that the government would first begin issuing the other foundational building block of identity: The social security number. The U.S. Postal Service distributed and assigned the first batch of Social Security numbers through its 45,000 local post offices in 1935. Of these 45,000 post offices, 1,074 were also designated as “typing centers” where the cards themselves were prepared. The Social Security number’s importance would only rise alongside digital record keeping, as the nine-digit designation was much easier to memorize and have handy for profile creation, registration, and filing.
The 1990s and early 2000s, obviously, saw identity morph in an entirely new direction. Computers were no longer just digital file cabinets, but portals into virtual realities. You had your “real world” identity, and now you had a second, online identity – the establishment of which still depended on time-honored proofs of identity such as birth date and social security number. What started as playful interactions quickly became an integral part of your overall identity. According to a 2019 survey conducted by reputation management firm Qnary, 70 percent of colleges say a candidate’s Facebook profile is a priority in the admissions process. And 86 percent of job recruiters admit that they check online activity as part of the hiring process. People were getting jobs, doing their banking, shopping, and even getting an education online – all using their identity as access. The first identity and access management (IAM) architectures and systems in enterprises as we know them didn’t even come into common use until the early 2000s, when it was already abundantly clear that who you are and, more importantly, proving who you are was a much more fluid concept than a piece of paper or government-issued card.
Getting past the password
We’re currently at a stage where we’re seeing the slow progression from basic multi-factor authentication towards mature, zero trust IAM. Your identity is irrevocably tied to an almost infinite number of digital services, devices, and applications. Passwords and firewalls are a relic of a less sophisticated time. Constituents and consumers need to gain access to services as they do in real life, by maintaining ownership of their identity. “Who” you are is now much more than when and where you were born – that contextual awareness is key as we move forward.
Speculation about the future – like a deep dive into the past – tends to run into the same murky waters of best guesses and approximations. But given what we know about the growth and evolution of identity as it relates to access management and your digital second life, we can look ahead to what’s being called “decentralized digital identity” (DDID) and “self-sovereign identity” (SSI).
In short, SSI and DDID give the individual more control over their digital identity. They can use their digital identities in much the same way they use it in the real world – to gain access to goods and services and to provide a layer of security for assets. A Forrester report from earlier this year describes nascent DDID services as literally digital versions of national ID cards or even university degrees – allowing users to “selectively present these claims and proofs to verifiers in a zero-knowledge proof, proving, for instance, that the user is of legal age to purchase alcohol.”
The report details efforts to deliver physical-world levels of trust to the digital ecosystem. Using a permissioned, distributed blockchain ledger, users can establish credentials that carry no personal information – simply a digital “ID” that can be used for access to services.
The evolution of our identity from philosophical question to government-verified documentation to a fluid digital set of keys is particularly fascinating when you see it in this context – of giant leaps over a relatively short span of human history. Our need to be recorded, verified, and trusted is not a privilege but something increasingly woven into the fabric of how our society operates, from commerce to education to government. And we’re only just beginning.
About the author
Archit Lohokare, Chief Product Officer at Idaptive, is a senior enterprise software product and strategy executive with a demonstrated track record of envisioning and launching new innovations, taking them to market and building successful businesses.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of Biometric Update.