Proof of personhood and identity

Worldcoin has been in tech news recently. Launched nearly a year ago, Worldcoin is one of many providers of digital identity at the age of AI and offers tokens for new sign-ups in exchange of, well, putting one’s faith in the identity proof technology and trusting that their personal data is well guarded. The shiny orb will scan the user eye iris and the user will get in addition to verified identity a gift. What’s wrong with that?

Scanning persons iris and calculating a hash is definitely a way of identifying a person and reducing identity fraud. Many competitors and privacy watchdogs are taking a different view, however. They see scanning a person’s iris as an unnecessary intrusion and in case of an identity theft it’s nay impossible to reset your digital identity (on that network). German privacy watchdog has launched a probe into its practices as of last week. Michael Will of Bavarian State Office for Data Protection Supervision says “These technologies are at first sight neither established nor well analysed for the specific core purpose of the processing in the field of transferring financial information.” Britain’s data regulator has also publicly announced they will examine the Wordlcoin’s privacy policy. If the provider is focussed on possible future uses and opportunities that currently feel like sci-fi, their promises are similarly vague.

Etherum co-founder Vitalik Buterin has gone into lengths here highlighting the risks related to this nascent industry’s hardware, legal and fraud aspects. It’s an interesting and highly advisable read.

Quartz is reporting on criminals exploiting the vulnerable people hoping for easy payout and getting a fraction of it. In the process the also give up their identity for potential second tier fraud. Not a good deal, but absolutely predictable. Is it also avoidable? Vitalik provides some thoughts how it could be done in his post above.

Whilst I welcome such initiatives to get more people participating safely in a Web3 digital economy (which is still evolving and figuring out the business models), handing out tokens (that can be traded for money) in exchange to grow the user base may not be the best strategy. In this case the provider will soon discover that new users had different motives from theirs and the promise of verified personhood has little to do with those. Tying the identity to UBI will definitely be boon to tech providers and their supply chains as countries need many contact points to roll out the identity validation systems.

It’s plausible that as the digital identity ecosystem continue to evolve, there will be similar pledges that were made by the AI companies recently. Hopefully the politicians will have had time to think and require more concrete pledges, backed up by regulation. Vague promises are just that.

Regulators must not focus on just one company – Worldcoin – to be extensively scrutinised and others falling through the net. I would hope that regulators hire experts who understand both legal and technological aspects, and provide appropriate guidance, which in turn will be included in GDPR and other similar legislation. Equally I hope that in this case the decision makers will not give into the providers pressure to do something but nothing much to make everyone feel somewhat content. Our identity must remain unique and secure and current systems need a massive overhaul to even start to enable thinking of a unified, globally trusted identity. And it shouldn’t be the corporates that run it but rather a decentralised network validated by a UN type body.

Or do you think otherwise?

etEesti