Let's Digitize Article 12 of the UN Declaration of Human Rights!
It's really important that Self-Sovereign Identity is provided by the network, and not corporate policy
Self-Sovereignty...Ugh, More Jargon?
There's too much jargon and made-up words in Web3, so I want to start by trying to reduce the cognitive overhead of adding another word to our digital lexicon.
Self-Sovereignty is autonomy. That's it. Per the reliable folks over at Merriam-Webster:
Across the pond, Cambridge Dictionary:
The ability to make your own decisions without being controlled by anyone else.
Self-Sovereignty Identity is having authority over your identity. It's being digitally autonomous.
It doesn't exist today, but it's about time that it does.
I'm going to go a step further and emphasize that this self-sovereign identity cannot be something that is provided by companies to digital denizens, it needs to be woven into the very fabric of the web.
So pick your favorite: Self-Sovereign Identity (SSI), or digital autonomy, or just the concept that you can make your own decisions online without being controlled by anyone else.
Protect, Not Provide
As we had mentioned in previous newsletters, social norms change. This includes the general notion of rights. Whilst a thorough treatise on the evolution of rights through history is tempting, we'll pass on the French revolution for today, and remain closer to present-day. In 1948, The United Nations General Assembly proclaimed from Paris that some rights are humanly universal, and are to be protected by all nations and peoples. Though the UN hardly has the ability to enforce policy, the Universal Declaration of Human Rights has inspired decades of policy and treaty, having a tangible impact on all our lives.
This social contract establishes that, fundamentally, all human beings are entitled to these rights, without distinction, simply because they are human. These rights - like life, liberty and security of person - stem from nature, and not the institutions. This is an important distinction: human rights are protected by our institutions and societies, not provided by them.
Amongst these rights, the UN clearly states in Article 12 that "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Human Rights IRL: Does Online Count?
Now, the rights the UN declared in 1948 address very serious, tangible, life or death issues, like not torturing or enslaving other people, and I'm not making light of the standards it set. It also seriously predates the internet.
For the past 25 years, humanity has worked to imitate or recreate the physical world in the digital one, from the monotony of banking to the intimacy of dating. The current pandemic has accelerated our digitization, from the way we work to the way we celebrate. In 2020, I left a virtual conference to attend a zoom stag party, which I had to cut short to watch some friends live-stream their wedding on YouTube. What?
So, yes, I would argue that our IRL human rights should absolutely follow us online, which is anything but the case today. Beyond just access to the internet, humanity deserves some choice, some degree of agency, some semblance of digital dignity. Just looking at Article 12, it takes no imagination to digitize an individual's right to privacy and correspondence. In its current state, however, your privacy is only as good as company policy, your passive and active behavior is closely monitored, and your correspondence is anything but your own.
But...What Has Big Tech Done For Us?
I'm not sure when hating on "Big Tech" became the cool thing to do, but companies like Google, Facebook, Apple, Microsoft, and Amazon have helped make incredible things happen digitally, whether through innovation, acquisition, or imitation. Free e-mail, free messaging, free photo sharing, free video calls, free file storage, free shipping (Ok, Apple gives nothing for free, but)...all widely adopted services we often take for granted. Sure, the data mining, the questionable security, the violations of privacy, all feel gross and invasive. For most users, it's a small price to pay for how big tech has literally changed how we live our lives.
Unlike the physical world, however, participation requires accepting private company's terms and agreements, and often leaves little choice or alternative. You can't walk away from your ISP monitoring and monetizing your data at the modem (Yes, it's a thing, from Comcast + Plume, literally called "Harvest", and it monitors your traffic under the guise of advanced security), and that's not the type of thing you explicitly agree to. Companies also are able to - and frequently do - whimsically change their policies.
As our digital behavior becomes more important and impactful - applying for government issued IDs, paying our taxes, etc - this sense of digital rights becomes more critical. We're not just posting videos of cats any more! With Web2 - cloud - we don't have much of a choice. Companies are literally providing you with your digital rights, and can change that policy at any time. GDPR and CCPA are a step in the right direction, but lack teeth, and are open to broad interpretation as to how they're implemented.
Do we really want Facebook or Google driving the next generation of regulation for the web? Because they're already doing it.
An Immutable Opportunity
With Web3 and blockchain, there is a unique opportunity to permanently code digital rights into the infrastructure itself. Rather than allow companies and organizations to dictate what privacy participants are entitled to, and how that privacy is protected, the network itself can provide basic protections.
This begins with self-sovereign identity - autonomy. Though there are several ways to achieve this, at Guer we're advocating starting with cryptographic addressing. Allowing users to own their identity, in the form of cryptographic keys, rather than continue to rely on location-based identity, puts companies in a position to support and protect participant's rights like privacy, instead of determining how and when to provide them.
The temptation to abuse participant data has proven too great for most companies, and the sophistication to understand the abuses is too high for most normal folks. Smart contracts, on resilient, public, and distributed networks, can be an unbiased and unchangeable guarantor of identity, privacy, and security.
For identity to be truly self-sovereign, it should be rooted in code, not trust.