For as long as I can remember a strong cohort of technologists have agitated for identity portability between internet services. Their theory goes that individuals should “own” the reputation and identity data about them stored inside platforms and be able to take that information with them between services. They believe portability will empower users, encourage more platform competition and lead to better services.
Many smart people I’ve had conversations with lately are excited that blockchains provide—at long last—the key technology to unlock data portability. These people think that blockchains can enable trusted “memory” to be distributed across a network rather than warehoused and maintained by specific companies or organization inside walled gardens.
To these people I say, be careful what you wish for.
It is possible that blockchains will serve as the backbone for a future with portable identity. But rather than enabling people to “own” their identity, this approach to portability risks leading us to a dystopic panopticon where your complete reputation follows you everywhere—whether you want it to or not.
As with most things in technology, blockchains are a double-edged sword. Many see an opportunity for healthy decentralization. But it may turn out that blockchains do as much to consolidate global power of governments and big companies as they do to open up new freedoms.
Why Technologists Advocate for Portability
Who among us has not been frustrated, at some point, by the lack of data portability on the internet?
There are the relative trivialities—not being able to move full resolution photos between Facebook and Google, or export full transcripts of conversations from chat applications.
Then there are the big missed opportunities—such as the ability to take your “reputation” as a good Airbnb host, a five-star Uber driver, Meetup host, or Twitter/Instagram micro-celebrity, and use that to garner more trust and get better service elsewhere.
Many of the most successful companies on the internet found a way to move identity data off of trusted legacy systems. Facebook bootstrapped off a form of university identity data, Snapchat bootstrapped off of phone address book data and Affirm allowed forms of social credit to trickle through to better financing options.
Technologists want portability because they think it would dramatically weaken large services and institutions by taking away their major point of defensibility and leverage. This, in the minds of many, opens the playing field and paves a path to better services.
Portability Hasn’t Been Viable for Companies to Provide
The challenge, of course, is despite the fact that many consumers might abstractly want and value data portability, leading platforms have very little incentive to provide it. Outside of medical records—where the law guarantees basic portability, so long as you are willing to use a fax machine—you can’t really take your records with you between providers with any real ease.
There are several major reasons for this.
One is that data is extremely valuable for generating loyalty over time—and allowing it to be moved elsewhere is generally bad for business. Beyond that, figuring out ways to make data portable creates all sorts of nettlesome privacy and legal issues for companies that are rarely considered (you can take your comment with you, but what about the private message on which that comment hangs? Out of context “your” information isn’t worth much).
So, companies have little inherent interest—or even ability—to provide consumer portability. Even if the leaders of a company intellectually want to provide portability, their fiduciary responsibility dictates that they cannot.
Another challenge that prevents data portability is that normal customers generally do not care day-to-day about data portability. Services that have tried to highlight data portability as an important feature mostly fall on deaf ears.
So companies generally have no business incentive to provide data portability.
Of course, if companies don’t want and can’t provide portability, where exactly are you supposed to store information as a consumer that you want to be “portable?” Where can you warehouse information efficiently other than giving it to a company to manage?
if some service provider had to “own” the servers on which identity data sat, no matter how well intentioned they were, the data could be corrupted or undermined.
To date there really hasn’t been any viable option.
The Blockchain ‘Solution’
Blockchains have excited many portable-identity advocates because for the first time the technology provides distributed trusted “memory” where identity information can be stored in a way that no single company or organization owns it. It exists as part of a “public record” embedded in the network.
With the right economic incentives, key identity information could be distributed over the network and stored in a tamper-proof way that could never be turned off or blocked.
In a blockchain world, individuals could maintain an identity with a public-private key pair. You (and others) could write “claims” about your identity that you could easily import into any new service as you choose—without relying on any company to warehouse information for you.
Existing big companies would be unlikely to get on board with this plan. But it is possible that a large federation of smaller services, publishing in a somewhat standardized way to a common set of blockchain(s), could gain enough scale to compete with the big closed platforms over time.
In this future the history of your actions as a host, driver, employee, friend, political commentator, etc. could all live in neutral territory on the blockchain. When you start using a new platform, all the content and context would easily come with you.
Where It Gets Scary
Unfortunately, this nice vision gets very, very “dark” very quickly.
The first issue is that with blockchains, as I have written about before, there is no expunging records—ever. Bullying, revenge porn, defaulted loans, or just embarrassing mistakes will never go away once published to the blockchain. Existing social networks and identity platforms can—at least in theory—police themselves and try to comply with the rules of governments. Public open blockchains cannot. What is said can never be unsaid or escaped.
The second issue is that it will be hard or impossible to prevent anyone from publishing anything they want about you. Many blockchain utopians see a world where you as an individual decide whether or not to “accept” claims added to the system about you—but that is impossible to enforce. Once you are associated with a digital key in a world of pertinent memory, anyone can choose to add any information they want about you to the public record, either in their own voice or anonymously.
The third issue is that computation will likely still be off-chain and black box—mixing public and private data—in ways you don’t like. The presence of blockchains won’t end private data. It just means that private data can be almost instantly enriched with an open-ended set of public information published on the blockchain. So, in some ways, the blockchain does nothing to provide more transparency to decision making of services. It just opens up a new avenue for more data.
The final, and perhaps scariest issue, is that you will likely not be able to opt out as a user from participating in the public sharing of identity data. You might choose as an individual to not identify yourself with a public key on a blockchain. But someone can still add other pointers to the ledger (your email, your phone, your photo) and then attach claims to that log that anyone can access.
Just imagine an internet where it is easy for anyone to publish anything, and nothing can be policed or removed once published—and all that information could be about you.
What Comes Next
At some point—probably relatively soon—this future is going to start to be tested in small ways. I predict that people are going to start publishing very bad things on mainstream blockchains. That could be pornography, leaked government documents, compromised email addresses and phone numbers for celebrities, or even terrorist messages. And unlike now, when these things can be taken down by companies, on the blockchain such “bad” content can’t come down.
How will we as a society react to content that the vast majority of people detest being publicly accessible and beyond the reach of traditional institutions like governments and companies to remove?
From there, if we do indeed end up in a world where people represent identity with public-private key pairs on public blockchains, the social politics of identity will only become more complex and affect far more people.
In the extreme we will live in a world where the bouncer won’t let you into the bar because you have a low credit rating or you won’t be able to get a consumer loan because of mistakes you made in high school, etc.
Of course, this already happens in limited forms, with emails and credit cards used as a key identifier by companies. Doing deals to trade data and match identities is a common and powerful tool companies use. But, right now all of that activity is very high friction and exists in a world dominated by traditional companies under mostly traditional legal frameworks.
We shouldn’t underestimate how much things will change when the bar is lowered to nearly zero on this activity. The fact that traditional institutions can’t easily influence how this technology plays out on the open internet will be a new and very different reality.
Distributing and Consolidating Power
Fundamentally, what blockchains represent is cryptographically secured permanent memory. This is a very powerful concept—but it is going to be more socially challenging than most people realize.
Right now most people like to talk about the positive side of the story, and the empowerment it will bring to people.
This may indeed come to pass, but along with that empowerment will likely also come several less seemingly desirable outcomes.
In many cases, people won’t be able to escape their identities. Traditional human organizations like states and companies will lose their ability to play a role in deciding what is and isn’t acceptable memory and speech.
And paradoxically, it also is highly likely that certain states will use cryptocurrency to consolidate power themselves, outlawing cash and forcing all transactions to sit on top of technical infrastructure they control.
This is what tends to happen when a new power is released in the world. In a sense, it is what happened with the internet itself.
Blockchain technology allows simultaneously for the distribution and consolidation of power depending on exactly how it is applied, and the specific technical implementation details of what it allows.
It is likely that with this new force many things will change, not all for the better. So the best thing to do is be realistic rather than utopian about how the technology will be used and consider how seemingly minor technical details will play out over time when they meet the power dynamics of the real world.