The Least Worst Option
SSI, GMI or CCI?
Note: This is the sole opinion of the author.
I must admit, I had an inescapable sinking feeling when I read this open letter on the EU’s proposed digital identity reform. After all these years of optimism, I felt it came to a screeching halt when I learned that certain arcane technical provisions made their last-minute way into the proposed regulation.
Without getting into the technical details, the gist is this: the proposed regulation enables any member state to inject their own root certificate into the trusted browser list, and prohibits security improvements without permission.
Seriously?
I recall a joke from long ago that ‘military intelligence’ was an oxymoron, we’ll now need to update that to ‘mandatory trust.’
The point of this article is not to criticize, but to accept the reality of where digital identity is going. I have been long a proponent of digital identity, mainly from the perspective on enabling the individual. Now I see that are there three least worst options to choose from:
Option 1: Self-Sovereign Identity (SSI)
Self-sovereign identity (SSI) refers to a digital identity that is fully owned and controlled by an individual, without reliance on centralized authorities or intermediaries. Originally hailed as the alternative to liberate our digital selves from archaic IT systems and captured platforms, this option is effectively dead, as it was as deemed too scary for policymakers, and certain words within the label had unsavoury connotations. But some of the good ideas did carry forward.
Option 2: Government-Mandated Identity (GMI)
Government-mandated identity (GMI) is a digital identity that is issued by the government and you are obliged to use for certain services. I would say that we are in the midst of GMI (a label I just invented) that has a committee-selected set of characteristics (SSI and other things) that satisfy governments and aligned stakeholders. There is promise and optimism (myself, included) that this will improve public sector services and bureaucratic procedures, but alas, we are now witnessing that these systems should be seamlessly-mandated into private services for the good of society overall along with some back doors in case there is some bad stuff going on.
Option 3: Competitive Corporate Identity (CCI)
Competitive Corporate Identity (CCI) is a digital identity provided by the many platforms and services that are vying for you as a customer - Apple ID, Google Account, and so on… CCI has been around for years, decades, and are now evolving into being part of an integral component of the operating systems, in particular the mobile OSes. Imagine how hard it would be to use your phone without your CCI. And witness how easy it is to login or pay something with your phone, because all of that digital identity stuff is taken care of invisibly in the background.
My point is this: we now have 3 major options before us: SSI, GMI and CCI. Some may convince you (or legislate) that only one option should be used (or be legal). I have my opinion on what I believe would be the worst form of identity , but I won’t share in this blog post. Instead, I believe that we should enable all of these options to find their best fit into our lives. So whether it’s SSI, GMI or CCI, don’t let anyone take these options away from us.
Until next time,
Interesting...