A Human Rights Approach to Digital Identity Protocols

Adrian Gropper, MD

CTO, Patient Privacy Rights

RWOT XI - September 2022

A novel approach to digital identity protocols is presented that gives market power to the human subject of identity-based interactions through their ability to choose a delegate.[1]

Self-Sovereign Identity (SSI) is founded on human choice (via standards) and control (such as consent and selective disclosure) in the name of privacy. Unfortunately, choice and consent are also a burden to the individual. For example, GDPR cookie consent choices are annoying and likely ineffectual. Privacy policies are typically an example of so-called "dark patterns" used to extract consent while shielding the service provider from liability. "Privacy by Design", a self-asserted industry model, is a failure, leading to increasing calls for regulation. But regulations lag the torrential pace of technology and are subject to capture by commercial interests.

Unlike regulation, human rights are seen as universal. A human rights approach to information management protocols would not depend on consent or be subject to dark patterns. Technical protocols based on human rights would mirror human protocols based on human rights. Law and regulation would still be important but would focus on accountability and enforcement. Public blockchains are an example of protocols designed for accountability and enforcement in the absence of regulation.

A human rights approach to identity protocols begins with the assumption that issuers and verifiers, typically institutions, have overwhelming power over the subject. This means the subject has to be protected by default without over-dependence on consent or multi-page contracts. Unfortunately, the first generation of digital identity protocols are meant to serve issuers and verifiers as institutional customers. Ironically, the protocol designers had discussions over whether "self-sovereign" as a marketing term would upset the true sovereigns.

Second-generation digital identity protocols will be expressly designed to mitigate the power of issuers and verifiers by enabling the subject to freely choose a delegate that works only for them. We're all familiar with this approach when we choose a physician, attorney, trade union or spouse to act on our behalf with respect to institutions. Second-generation digital identity protocols will standardize around delegation instead of regulation and focus on holding the delegates accountable. As subjects, we may not be able to choose the institutions, but standardized delegation protocols will give us the power to choose and pay our delegates.

A choice of delegate is necessary but not sufficient to project our human rights into the digital domain. (Dare I say metaverse?) We also need the protocols to prevent platform surveillance and lock-in in order to maximize the real-world market power of ourselves and our delegates. The best way to reduce the power of surveillance and the cost of switching among service providers is to separate the search and discovery services from the transaction and persistence services. As the recent controversy over GitHub Copilot AI shows, combining separate functions such as developer identity, issue tracking, storage, and code publication can undermine the intent of standardized and open source protocols such as Git.[2,3,4]

We propose a strategy to limit the scope of surveillance platforms by designing protocols to reduce their potential for lock-in. The proposed protocols enable strict separation between 1) authentication, 2) discovery, and 3) persistence such that the subject and their delegate can choose service providers and privacy protections _separately_ for each of the three activities.

For almost a decade, we have been developing and advocating a Free software demonstration project for these protocols as the HIE of One Trustee® project.[5] To this end, we have participated in the Kantara UMA, OpenID Foundation HEART, W3C Verifiable Credentials, W3C Decentralized Identifiers,[6] and IETF[7] GNAP. At this time, we are looking for communities and workgroups to formalize through profiling and standardization a new generation of digital identity protocols that protect human rights by default.[8]