Proof of Personhood and Its Applications in Digital Identity
Written in colaboration with Bautista Kugler, Martin Chang, Manuel Milde, Sofía Ferrari & Guido Salem.
Introduction
A person communicates with their bank to obtain their first credit card, buys tickets to a concert, or sets up their first smartphone—all from the comfort of home. At first glance, there appears to be little connection between these three seemingly disparate activities. However, upon closer inspection, a common thread emerges that links these significant moments in life: identity.
Whether it is realized or not, this connecting factor may be the most crucial facilitator for accessing services in today’s society. In 2023, identity and the ways it is expressed are evolving. This change is attributed to ongoing technological innovations that aim to satisfy an increasingly interconnected population, leading to the rise of digital identity.
Digital identity is the means by which one proves one’s identity in a virtual context. For many who grew up in analog times—displaying passports at airport security or showing driver’s licenses to prove they can drive—it feels natural to present physical credentials. However, providing such proof is not as straightforward in a digital world due to the very nature of remoteness, where the actual act of handing over a physical document simply doesn’t work. In the absence of that physical, unalterable verification, how can a person or a business on either side of that interaction know they are dealing with a genuine and trustworthy party? Furthermore, how can one prove their reality in an environment that is highly susceptible to forgery? This issue also occurs with machines communicating with each other (Internet of Things). In such cases, the devices involved need to know that the technology they are connected to is what it claims to be. Trust, therefore, becomes essential. Digital identities are needed to bridge this gap and ensure that both people and machines can trust other organizations, businesses, and devices—and vice versa.
In general terms, digital identities can take two forms. The first is the digital version of an official physical identity document, such as a digital driver’s license stored in a smartphone wallet. The second is a credential for accessing online services. Generally, these are created through an initial identity verification process (usually a KYC, or know your customer, system), which typically involves verification with an official identification document and, increasingly, some form of biometric data. For a consumer, these could be the details used to log into their bank app on their phone.
These two areas cover a large number of interactions, including everyday moments and life milestones. Setting up a new SIM with a provider, connecting a smart speaker to a home hub, and applying for a loan to start a business are at different ends of the spectrum in terms of importance, but all are enabled by a reliable digital identity.
The use of Proof of Personhood in digital identity management could enhance user privacy and security in cyberspace. However, this technology presents significant challenges regarding anonymity and raises ethical and legal issues that need to be addressed, especially concerning data protection legislation and the role of the state in the regulation and supervision of the same.
The aim of this monograph is to delve into the concept of Proof of Personhood, seeking to explore its implications for privacy, digital sovereignty, and security, as well as the ethical and legal challenges it poses. Through a detailed analysis, the goal is to understand the role of this methodology in the evolution of digital identity and its potential contribution to a safer and more autonomous online environment.
Proof of Personhood and Digital Identity
Before introducing the concept of Proof of Personhood (PoP), it is necessary to understand certain key notions that allow it to be conceptualized. Some of these are listed below.
Firstly, blockchain is a technology that can be understood as a distributed ledger. Essentially, it is a chain of blocks that connects them in a chronological sequence, in such a way that a specific data structure is achieved in a chained manner, and cryptography is used to ensure immutability and integrity.
It is also necessary to define the concept of a smart contract, which is software deployed on the blockchain that has the attribute of executing automatically, with flexible and programmable characteristics that do not depend on intermediaries. These are created and called in the manner that entities send transactions, thus preventing unilateral manipulation of the rules. With the help of this technology, the entity’s operation process is made public, and the underlying consensus mechanism ensures the consistency of the transaction results.
Thus, the concept of PoP is understood as a mechanism that establishes the uniqueness of an individual, considered by various authors as the most fundamental building block for constructing digital identity. The simplest way to define one of these systems is as follows: a list of public keys is created where the system guarantees that each key is controlled by a unique human being. In other words, if it is a human, it is possible to place a key on the list, but it should not be possible to place two keys, and if it is a bot, it is not possible to place any key on the list.
According to Bryan Ford, leader of the Decentralized Systems Laboratory (DEDIS) at the École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland, some properties that the implementation of the Proof of Personhood (PoP) mechanism must meet are: (1) Decentralization: to maximize trust that behind every key there is indeed a human, it is necessary that there be no third-party organization in charge of regulating this data privately. (2) Privacy Preservation: it must be impossible to identify the owner of a key through a key associated with a person. (3) Scalability: The system must be able to handle at least one key per person living and yet to live on this planet, so the system must be capable of scaling as the population grows and integrates into the system.
It is valuable because it solves many anti-power concentration and anti-spam problems that affect many people, in a way that avoids relying on centralized authorities and reveals the least amount of information possible. If PoP is not resolved, decentralized governance becomes much easier to manipulate by very wealthy actors, including hostile governments. Many services could only prevent denial-of-service attacks by setting a price for access, and sometimes a price high enough to deter attackers is also too high for many legitimate low-income users.
So, according to Ford, digital identity is fundamental for democracy and online existence, but current solutions present serious security, privacy, and transparency issues, leaving users vulnerable to exclusion, identity loss or theft, and coercion. The author argues that it should be based on a “digital persona” foundation that guarantees rights to digital participation independent of identity.
graph TD;
PoP[Proof of Personhood] --> Blockchain[Blockchain]
PoP --> SmartContracts[Smart Contracts]
Blockchain --> Ledger{Distributed Ledger}
SmartContracts --> AutoExec[Automatically Executing Contracts]
AutoExec --> NoIntermediaries[No Intermediaries Required]
style PoP fill:#333,stroke:#fff,stroke-width:2px
style Blockchain fill:#666,stroke:#fff,stroke-width:2px
style SmartContracts fill:#666,stroke:#fff,stroke-width:2px
style AutoExec fill:#666,stroke:#fff,stroke-width:2px
style Ledger fill:#666,stroke:#fff,stroke-width:2px
style NoIntermediaries fill:#666,stroke:#fff,stroke-width:2px
Ethical and Legal Aspects of Proof of Personhood
The implementation of Proof of Personhood (PoP) in digital identity management raises a series of ethical challenges that must be carefully addressed. First, the crucial question arises about the centralization or decentralization of information associated with digital identification. This aspect has direct implications for privacy and individual autonomy. Centralization could expose users to security risks, as a centralized database could be an attractive target for cyber-attacks. On the other hand, decentralization may offer greater resistance to manipulation but raises questions about how to ensure the coherence and integrity of dispersed information.
The question of how much personal information is required to establish digital identification is also an ethical reflection point. How many details should be provided, and what happens if there are data that the individual chooses not to share in order to enter the system? This dilemma highlights the need to balance the need for verification with respect for user privacy and autonomy. Bryan Ford states, “The implementation of Proof of Personhood (PoP) in digital identity management raises a series of ethical challenges that must be carefully addressed. First, the crucial question arises about the centralization or decentralization of information associated with digital identification. This aspect has direct implications for privacy and individual autonomy. Centralization could expose users to security risks, as a centralized database could be an attractive target for cyber-attacks. On the other hand, decentralization may offer greater resistance to manipulation but raises questions about how to ensure the coherence and integrity of dispersed information” (Ford et al., 2017, p. 2). In other words, the implementation of PoP must ensure the protection of user privacy and security, as well as the prevention of cyber-attacks and information manipulation. Additionally, it must ensure that users can freely express their preferences in digital democratic processes without being influenced by coercion or corruption.
The concept of voluntary participation in the PoP system also raises ethical concerns. What happens if a person decides not to participate in this digital identification system? Do they face a loss of rights or exclusion from essential services? This scenario could create new forms of discrimination and technological marginality, highlighting the importance of addressing equity and inclusion in the design of these technologies.
The amount of privacy sacrificed by participating in a PoP system is another critical ethical aspect. Users should be aware of how much personal information they are willing to share and understand the implications of such disclosure. The vulnerability of digital identification, both in terms of software and potential social engineering attacks, also raises ethical questions about user security and protection.
Finally, the possibility of leakage or misuse of digital identification highlights the need to establish effective mechanisms to address security incidents. Damage repair and accountability in cases of misuse are key ethical considerations that must be addressed in the development and implementation of PoP. Together, these ethical aspects underscore the importance of a thoughtful and equitable approach in the application of digital identity technologies.
graph LR;
PoP[Proof of Personhood] --> Ethical[Ethical Challenges]
PoP --> Legal[Legal Challenges]
Ethical --> CentralizationVsDecentralization[Centralization vs. Decentralization]
Ethical --> Privacy[Privacy Concerns]
Legal --> DataLaws[Data Protection Laws]
Legal --> Regulation[Regulation & Oversight]
style PoP fill:#333,stroke:#fff,stroke-width:2px
style Ethical fill:#666,stroke:#fff,stroke-width:2px
style Legal fill:#666,stroke:#fff,stroke-width:2px
style CentralizationVsDecentralization fill:#666,stroke:#fff,stroke-width:2px
style Privacy fill:#666,stroke:#fff,stroke-width:2px
style DataLaws fill:#666,stroke:#fff,stroke-width:2px
style Regulation fill:#666,stroke:#fff,stroke-width:2px
The Role of the State
The implementation of technologies such as Proof of Personhood (PoP) poses significant challenges regarding the role of states. They play a crucial role in regulation, oversight, and ensuring the rights and duties associated with identity. Regulations must address ethical, privacy, and security issues, setting standards for the collection, storage, and use of digital information. Additionally, the regulatory framework must be agile enough to adapt to the rapid advancements in technology. Thus, states must begin preparing, as Rivera-Robledo and Larios clearly state, there is no doubt that blockchain plays a crucial role in the near future of individual identification.
Given the dynamic nature of technology, states must be involved in the oversight of new technologies like PoP. This involves continuously evaluating their ethical, legal, and social impact and adjusting policies accordingly. Active supervision helps prevent abuses and ensures that technologies benefit society as a whole. Furthermore, clear mechanisms for accountability and legal recourse in cases of digital identification misuse should be established. This involves defining the legal consequences for those who violate privacy or misuse information: “Data sovereignty is closely linked to the laws and regulations of the countries where the data resides. It refers to the concept that the data an organization collects, stores, and processes are subject to the laws and best practices of the country where they are physically located.” (Tan, Chi, & Lam, 2023). The existence of a robust legal framework strengthens trust in digital identification.
Encouraging citizen participation in the formulation of policies related to digital identity is essential. The state must facilitate an inclusive dialogue involving civil society, experts, and other relevant stakeholders to ensure that decisions reflect collective values and do not exclude important perspectives.
Ultimately, the role of governments is multifaceted and ranges from policy creation to oversight and protection of individual rights. A balanced and collaborative approach between the state, society, and the private sector is essential to ensure an ethical, secure, and inclusive digital identification environment.
graph TD;
State[State's Role] --> Regulation[Regulate PoP]
State --> Oversight[Oversight of PoP]
State --> Support[Support PoP Initiatives]
Regulation --> Laws[Laws & Regulations]
Oversight --> Monitoring[Monitoring & Compliance]
Support --> Funding[Funding & Resources]
style State fill:#333,stroke:#fff,stroke-width:2px
style Regulation fill:#666,stroke:#fff,stroke-width:2px
style Oversight fill:#666,stroke:#fff,stroke-width:2px
style Support fill:#666,stroke:#fff,stroke-width:2px
style Laws fill:#666,stroke:#fff,stroke-width:2px
style Monitoring fill:#666,stroke:#fff,stroke-width:2px
style Funding fill:#666,stroke:#fff,stroke-width:2px
Challenges and Future Directions
The application of technologies like Proof of Personhood (PoP) in digital identity management presents significant challenges and highlights the need to address future directions to enhance effectiveness and mitigate concerns. As Bryan Ford explains: “Pseudonym parties are periodic real-world events where individuals wishing to exercise an online vote gather to publicly demonstrate their authentic personality, obtaining single-person anonymous digital tokens usable for voting and other purposes during the forthcoming period” (Bryan Ford, 2017). Thus, one of the most promising directions for PoP is the development of pseudonym parties, in-person events where each attendee receives a unique anonymous digital token. These tokens can be used to establish PoP and validate the digital identity of each real and human participant in an online community. These appear to be the only plausible means to achieve the four key goals of PoP: privacy, security, inclusiveness, and equality.
Another direction for PoP is the use of blockchain to create decentralized digital identity systems. These systems would allow individuals to have complete control over their digital data, including discretion over what to share and with whom. Decentralized digital identity systems based on this technology have the potential to provide a solid foundation for digital democracy and protect the digital persona of each real and human participant in an online community.
In addition to these technical advancements, likely involving greater citizen participation in policy-making related to identity. This will help ensure that decisions reflect collective values and do not exclude dissenting perspectives. Governments will also need to engage in the regulation, oversight, and protection of digital identity and PoP. This will require the establishment of ethical, privacy, and security standards for the collection, storage, and use of digital information, as well as the development of an agile regulatory framework that can adapt to rapid technological advancement.
Finally, future directions for digital identity and PoP will likely include greater collaboration between the public and private sectors. This will help ensure that the development of these technologies is aligned with the needs and values of society as a whole. The aforementioned collaboration will also be essential for the development of robust and secure digital identity and PoP systems that can protect the rights and freedoms of individuals in the digital world.
graph TD;
Future[Future Directions] --> Decentralized[Decentralized Systems]
Future --> PseudonymParties[Pseudonym Parties]
Decentralized --> BlockchainTech[Blockchain Technology]
PseudonymParties --> AnonTokens[Anonymous Tokens]
style Future fill:#333,stroke:#fff,stroke-width:2px
style Decentralized fill:#666,stroke:#fff,stroke-width:2px
style PseudonymParties fill:#666,stroke:#fff,stroke-width:2px
style BlockchainTech fill:#666,stroke:#fff,stroke-width:2px
style AnonTokens fill:#666,stroke:#fff,stroke-width:2px
Conclusion
In conclusion, digital identity and Proof of Personhood (PoP) are constantly evolving areas that present significant challenges in terms of privacy, security, ethics, and legality. The implementation of technologies like PoP highlights the need to establish ethical, privacy, and security standards for the collection, storage, and use of digital information, as well as the need to involve citizens in formulating policies related to digital identity. Furthermore, the role of the state is crucial in regulating, supervising, and protecting these technologies.
The challenges and future directions for digital identity and PoP include the development of pseudonym parties and decentralized digital identity systems based on blockchain. These directions have the potential to provide a solid foundation for digital democracy and protect the digital persona of each real and human participant in an online community. Additionally, increased collaboration between the public and private sectors is expected to ensure that the development of the concerned technologies is aligned with the needs and values of society as a whole.
The implementation of PoP in digital identity management raises a series of ethical challenges that must be carefully addressed, such as the centralization or decentralization of associated information, the amount of personal information required to establish it, voluntary participation in the PoP system, and the amount of privacy sacrificed by participating in such a system. A balanced and collaborative approach between the state, society, and the private sector is required to ensure an ethical, secure, and inclusive digital identification environment: “There are many discussions and concerns surrounding the implementation of digital identity, especially in terms of data protection, privacy, and other legal and jurisdictional issues. However, it will be inevitable to stop the implementation of this digital service. Some industries and governments are inviting developers to build a platform to expand digital identity services, with the aim of using them across digital services of government entities and companies.” (Rogelio Rivera, José G. Robledo, Víctor M. Larios, Juan Manuel Avalos).
Overall, these future directions are expected to allow the development of robust and secure digital identity and PoP systems that can protect the rights and freedoms of individuals in the digital world. However, it is important to carefully address the ethical and legal challenges that must be undertaken, such as the centralization or decentralization of information associated with digital identification, the amount of personal information required to establish digital identification, and the privacy sacrificed by participating in a PoP system. Ultimately, a thoughtful and equitable approach is essential to ensure that these technologies benefit society.
Bibliography
- Identity and Personhood in Digital Democracy: Evaluating Inclusion, Equality, Security, and Privacy in Pseudonym Parties and Other Proofs of Personhood: Bryan Ford et al. (2017)
- How digital identity on blockchain can contribute in a smart city environment: Rivera-Robledo and Larios (2017)
- Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies: Borge et al. (2017)
- A zero-knowledge-proof-based digital identity management scheme in blockchain: Wang et al. (2020)
- Digital Identities in The Context of Blockchain and Artificial Intelligence: Kara and Koc (2020)
- Democratic Value and Money for Decentralized Digital Society: Ford (2020)
- Survey on Digital Sovereignty and Identity: From Digitization to Digitalization: Kheng Leong Tan, Chi-Hung Chi, and Kwok-Yan Lam et al. (2023)
- Identity and Personhood in Digital Democracy: Evaluating Inclusion, Equality, Security, and Privacy in Pseudonym Parties and Other Proofs of Personhood: Bryan Ford (2020)