Cryptographic Identity

Last week I wrote about the inherent tension between data portability and privacy, and suggested that one solution would be an exportable “privacy context” that could travel with ported data. Such an approach, however, would require a notion of identity that is broader than a single account at a single company. Rather, it would require the linking of one or more “proprietary identities” (i.e., accounts at tech companies) with some type of “cryptographic identity” (private key) that really “belongs” to that person and represents them in a more holistic and permanent way.

This is not a new idea. Since at least 2017, both Keybase and Blockstack have enabled social media users to attest to a linkage between social accounts and a cryptographic identity. Here’s what it looks like on Keybase, and here’s what it looks like on Blockstack. Neither Keybase nor Blockstack are currently promoting this routine front & center, as it is admittedly a geeky thing that appealed (back in 2017) to identity explorers, but not to mainstream consumers.

But today, we are starting to see some new signs of life on this pattern, and I think we may be nearing some drivers that have the potential to bring it to mainstream scale. They are:

1/ Fun. It may be that some sort of social game figures out a way to bring crypto identities mainstream. For example, 2100 is a project that popped last fall, which let people issue tokens corresponding to their Twitter accounts. Interesting idea, though it seems to have lost some steam, at least for now. Another project that’s looking to connect crypto assets / identity to social identity is Roll, which lets anyone create “social money” connected to their social identity. You could imagine this taking off with social media influencers with large audiences, who are already super good at finding ways to commercialize their online presence.

Combining fun and money can be powerful. And from that, I think some of the more principled / architectural components will become more obvious and valuable over time.

2/ Privacy & Security. Speaking of Keybase, where they have focused more recently is secure, encrypted messaging, as a consumer use case building off of the core infrastructure. Related, are two separate projects called “Dmail” — and — the former lets you encrypt emails that you send across unsafe channels (like Gmail or any other email client) and the latter is a full system for sending private emails. One of the things you get with a cryptographic identity is the ability to encrypt and sign messages. It makes sense that this will be at the the center of a driving consumer use case. Privacy is more of a mainstream feature every day, and it can’t just be Apple that provides it.

3/ Compliance. Compliance is where this post began, thinking about coming regulations around data portability, interoperability and privacy, and where I’ll end it. While I don’t expect that we will get direct guidance towards cryptographic identity from regulators, it may be that cryptographic identity becomes clear as part of various compliance solutions.

For example, all payments systems need to comply with so-called Know-Your-Customer (KYC), Anti-Money-Laundering (AML) and sanctions rules, including the so-called Travel Rule which requires that both senders and receivers of funds verify identities. On the surface, cryptographic identities are digital bearer assets and would therefore seem to be at odds with formal identity systems. However, it may be that we come to use cryptographic identity components (e.g., blockchain accounts, digital signatures, or even non-fungible tokens) in creative ways to satisfy some of these requirements, vs. traditional methods employed by companies like Persona, Alloy and others today.

To tie it all together: In this week’s “On the Brink” podcast, Nic Carter and Matt Walsh from Castle Island Ventures talk with Balaji Srinivasan about social media handles as property, which potentially combines both the “fun” and “compliance” angles discussed here. It does feel like your online identity, whether it’s a bitcoin or a twitter handle, is a form of property and should be treated as such.