Unique Identification ≠ Big Government
There is a substantial difference between privacy, which everyone is entitled to, and unique identification.
This difference is obfuscated by today’s prevalent procedures. Currently, passwords, personal questions, Social security numbers, Email addresses and cell numbers are used for access control to software, web sites, banking and many other services.
Let’s use the example of a mobile phone. Each mobile phone has a device number (a supposedly unique IMEI number). However, mobile service providers can associate that unique ID to a customer account. This likely includes our personal information, which they obtained with our permission, when we requested their service.
Furthermore, well known companies, such as Google, Facebook and other application providers, usually ask us to provide them with a password or personal information as a condition to obtain their services.
They exploit their notoriety, and the popularity of their applications, to acquire our trust.
Purportedly for further security, application providers will then ask for our Email account and cell number, to burden us with two-factor authentication. What’s next, three-factor authentication?
Security and privacy have become more relevant with the advent of blockchain technology, which promised to solve some of these problems.
We understand the need for unique identification, to enable us to transact with each other in a free market, but what about the risk of big government involvement? We all have heard the preposterous scenarios of having a number printed on our forehead, or a chip implanted under our skin. Furthermore, we may be the target of surveillance by foreign powers. We certainly want to stay away from those possible developments.
Still, today governments and companies seem to be moving towards less privacy. For example, some companies, once they have acquired the right to a piece of software on our phone, can follow our movements through GPS coordinates, even when our device is powered off. That information, coupled with the many transactions, messages, voice calls and videos available to them on our phone, paints a very scary scenario, which could involve big government or even foreign governments.
All of the above is lumped under the term “identification”, which is needed for access control.
In reality, we do not need identification to access our own private information. It is service provider companies that need it to reference and access our devices, for targeted advertising or for other marketing schemes.
Once our information is in some central database, the possibility of a big private company, possibly controlled by a dictatorial government, having the ability to monitor us, or even blackmail us on the basis of some past behavior, becomes too close for comfort.
It does not need to be this way.
Normally, people associate unique identification with a number registered or assigned, and verified by a central authority, as for domain names, IP numbers, or IMEI numbers. But it does not need to be this way.
A unique identification can be achieved in ways that do not involve passwords, personal information, central databases, governments or corporations.
For example, we can generate a unique key pair to use with a cryptocurrency account, without third party involvement.
In this case, a unique identification is a number that is unique based on math, given the extreme improbability of someone else generating the same key pair numbers.
This type of unique identification does not need to be assigned by a central authority. We do not need to divulge some of our unique personal information, such as a password, an ID, or a security code.
Thus, let us not confuse unique identification with privacy. We do not need to sacrifice privacy for convenience or for security.
However, there are a few challenges when using a random number as a unique identification:
- An identification number could be lost, and with it any record of past transactions, or reputation, we may have built with that identity. Just as with cryptocurrencies, the loss of an identification number is unrecoverable.
- Such an identity, when held on a device, can be viewed by a malicious observer, or may become available to a malicious person when a device is lost or stolen.
- If such an identity is completely untraceable to a human being (full anonymity), it offers the opportunity for illegal activity that hurts us all, such as in the cases of theft, money laundering related to human trafficking, etc.
The simplest solution to the first challenge is to have multiple copies (or backups) of our unique identification. This reasonably solves the first challenge, but having multiple copies of a secret number increases the probability of the second challenge.
A good solution to the second challenge has been sought for many years and it involves live biometrics combined with static biometrics: voice recognition or gesture recognition, combined with fingerprints, iris scan, face recognition, etc. These techniques are becoming more affordable and more reliable. Thus, in the near future, the second challenge will be satisfactorily solved.
The third challenge is more difficult to solve because no simple solution is universally acceptable.
- With complete anonymity, some people thrive, e.g. thieves, and other people lose, e.g. their victims, and the majority of the people are relatively unaffected.
- With complete openness, some thrive, e.g., dictatorial governments, and other people lose, i.e., some groups of people. The majority of the people are exposed to loss of privacy.
While the first trade-off could be tolerable, the second trade-off seems to be a loose-loose deal: dictators win and people loose.
Anonymity has several good properties. In the current information age, we want to remain as close as possible to anonymous, but at the same time we want to use the convenience of technology. However, we need to avoid anonymity’s negative consequences.
We hold in high esteem individual freedoms, but we do not tolerate high crimes.
Anonymity has been touted as the best way to protect both freedom of expression and the right to privacy.
The following are possible degrees of anonymity, from highest to lowest:
1. Complete Anonymity means that a unique identification can never lead to a physical person’s identity. When coupled with cryptographic techniques, with this level of anonymity it is possible to transfer money and issue one-time transactions.
Ability to prosecute: With complete anonymity, we cannot always avoid transactions of money illegally obtained, such as human trafficking, or cryptocurrency theft. In cases of theft or other serious criminal activity, the only recourse in current public crypto-networks is a hard fork. However, a hard fork goes against the principles of immutability of the blockchain. In addition, a hard fork splits the crypto-network and its blockchain into two, possibly causing loss of data integrity.
Legal recourse: With complete anonymity, legal recourse is not possible, as there is no way to find or prove the identity of the litigants. Any recourse clause must be included in the digital contract.
Used by: This level of anonymity is used by public crypto-networks, such as Bitcoin or Ethereum. However, in these networks there is no long lasting unique identification by design, thus it is very difficult to build a reputation or run applications among trusted partners, as any party can change its identity at will.
Existing jurisdictions: No existing country or jurisdiction accepts complete anonymity of its citizens.
2. Implicit Anonymity means that each device, and by association each device owner, are addressable and have a unique identity created mathematically. This identity is implicitly anonymous, unless and until the owner chooses to reveal more aspects of his/her personal identity to a trusted service provider.
Ability to prosecute: If a legal authority wants to discover the association between a device unique identity and its owner, without the owner’s consent, it is not an easy procedure. Not only the prosecutors may need a warrant from a judge, but they will need the cooperation of other involved parties, such as device manufacturers and software companies. For example, in 2016 Apple refused to comply with several court orders asking Apple to provide backdoor software to access a terrorist’s phone, in the hope of finding relevant information.
This level of implicit anonymity could be successfully reversed only in special cases, such as theft or human trafficking, where more than one party, both public and private, agree that the exceptional circumstances warrant the disclosure of information that each party may have. This type of action, if and when possible, is an alternative to a hard fork on a crypto-network.
Legal recourse: With implicit anonymity, other forms of recourse are also possible. The litigants have unique identities and can be individually compensated, according to the terms of the contract, or possibly compensated in other ways. For example, people can raise funds and donate to a victim, or to a person unjustly condemned.
Used by: This level of anonymity is proposed by Gorbyte for its GNodes crypto-network. Neither Gorbyte nor any other company, authority or intermediate entity has control over the network of GNodes users. GNodes devices have a unique identity and its owners can build a reputation. Parties can verify each other on the blockchain and interact securely off the blockchain.
Existing jurisdictions: Implicit anonymity can defend individual privacy more effectively than what is achieved by law in any country.
3. Legal Anonymity means that by law a government protects a citizen’s right to privacy. A device unique identification and the corresponding owner can be found, when necessary, to enforce contracts and local legislation.
Ability to prosecute: Today, this level of anonymity has shown to be insufficient. Manufacturers, suppliers and governments can build and maintain centralized databases with an almost limitless ability to collect information on an entity or a person. While they are theoretically legally bound to respect peoples’ constitutional freedoms, many examples show that in practice people cannot legally defend their rights.
Legal recourse: At this level, when a party does not keep its legal obligations, a person can seek legal recourse individually, or possibly through a class action suit.
Used by: This level of legal anonymity corresponds to the legal standard, in western democracies, before the advent of the information age, the Internet, and its lack of security.
Today, in many cases, companies and government administrations have been hacked, or voluntarily provide access to third parties, opening many ways for malicious actors to profit.
Existing jurisdictions: Right to privacy was theoretically protected in most western democracies, but with the advent of high connectivity and ease of information transfer, the capability of legal protection by governments has considerably reduced.
4. Voluntary Anonymity means that companies and government can voluntarily refrain from disclosing information about devices and users according to their Privacy Statements. Under these conditions, many people know the identity of many other people, their company’s customers, device owners, etc.
Ability to prosecute: Employees are held by the same government or company standards, thus prosecution is usually initiated, in the worst cases, by the government.
Legal recourse: At this level, legal recourse is possible through a class action suit.
Used by: Most countries today allow this level of anonymity (or lack thereof). In practice, user identity information, which currently may include passwords, IDs, security numbers, etc., is available to many company or government employees.
This is illustrated by the post office model: All addresses are public, your mail box is owned by the post office, and the association between addresses and owners is kept in a central database. Access to the database is voluntarily restricted to post office employees.
Existing jurisdictions: This is approximately the current level of anonymity in most western countries, with some exceptions (see below).
5. Open, or Public Disclosure is the opposite of anonymity. The law enables collecting and sharing customer identity and related data to anyone.
Ability to prosecute: National governments have been moving towards public disclosure, reducing the frequency of prosecution against private information theft, and reducing the ability of people to successfully defend themselves in cases of infringement of privacy.
Legal recourse: At this level, legal recourse is very difficult, as the laws are generally against individual privacy.
Existing jurisdictions: The globalization of the information infrastructure has started long ago. Globally, the Internet already has a centralized addressing scheme. IP addresses and domain names are assigned by a central authority and delegated to local national authorities.
The erosion of privacy keeps progressing: Legislation has been proposed to globalize even more the control of the Internet, thus making its availability dependent on global government decisions.
Used by: In some countries special legislation allows for identity disclosure. For example, ISP providers in the US can gather and share data about customers without their consent.
The UK government can monitor the internet usage of their citizens.
Given the above levels of anonymity, it seems that the combination of Unique Identification with Implicit Anonymity is the best solution to protect our individual freedoms not only from open attempts aimed at obtaining our private information, but also from malicious attacks from unidentifiable sources.
When a new, secure Internet will be in place, DoS and other malicious attacks will be prevented at their inception, as the sources cannot hide their unique addresses.
Once a person has a unique mathematically protected identification owned by the person for a long period of time, stored on the blockchain, and a verifiable through a cryptographic signature, a number of advantages are possible.
For example, a unique worldwide personal identification can enable us to build a reputation and do business worldwide.
Malicious activities become more traceable and preventable.
People’s personal accounts can be individually credited, and currency applications can include better features, such as the distribution of dividends, or inflation-compensating interest directly into peoples’ accounts.
Unique identification of all people globally will enable the development of distributed applications, where information is owned and kept in our devices, without big government or big companies as intermediaries. Distributed, non-company-owned social media is such an example.
The most important advantage of unique identification is that, with blockchain technology, the parties involved in distributed applications can verify and trust each other.
General distributed applications (GApps) become extremely scalable when the parties can verify each other’s unique identification on the blockchain and then share any amount of data directly off the blockchain.
New applications that we cannot even imagine, using concepts not yet formulated, will run on a distributed operating environment made possible by the blockchain.
One of such concepts, made possible by unique identification combined with blockchain technology, is superconnectivity between personal devices, IoT devices and autonomous robots.
Superconnectivity will allow us to gain secure access to private or public assets without intermediaries, without passwords or IDs to remember, without cost and without adding a transaction load on the internet or on the blockchain. Like superconductivity, superconnectivity will be essentially free.
As we go about our daily business, our personal device will meet other devices through Wi-Fi. Devices will verify each other instantly using their locally-stored replica of the blockchain. After verification, they will make things happen around us, specifically for us, because of who we are, without the need of keys, passwords or IDs.
Authorized access to physical properties (unlocking doors of home, garage, vehicles, office, factory, restricted business areas, clubs, parking lots, etc.), software (information, databases, web sites, movies, accounts, software applications, airport check in, etc.) and automation (lighting and A/C adjustments, responsive traffic lights, motors starting, vehicles driving, drones and robots responding) will automatically occur around us as we approach.
If we are careful with our technologies and choices, unique identity coupled with a high level of anonymity will provide us a much higher degree of convenience, security and privacy without the risk of big government or big company control.