Originally posted on Wired
Your digital self is fragmented and wholly owned by third parties – but identity activist Kaliya Young has a plan to help us pull ourselves together, and make tech fairer for all
Kaliya Young doesn’t want to break up Facebook. She wants to make it obsolete.
She was an Olympic-level water polo player for Canada, but in 2002 was diagnosed with Hodgkin lymphoma. Freshly graduated from university and living in the San Francisco Bay area, she went through months of radiation and chemotherapy that sapped her her physical strength. In her mid-20s, far from home, no longer an athlete, Young felt intensely alone.
But she dreamed of human connection. Coming out of treatment, she threw herself into activism work in environmentalism, social justice and tech. However, she felt like she was splitting up her energy. “Having my environmental activist self chopped up into pieces because I’m in six organisations doesn’t make sense,” says Young. “We can’t build power that way.”
Young became interested in the idea of creating unified digital identities that could move easily between different platforms online. “I understood how critical it was that we need to own our own digital selves to build movements and make our communities better,” she says. So in 2005 she started a blog, and called it identitywoman.net.
She warned people about the dangers of giving third-party companies, like Google or Facebook, control over individual digital identities. “The current picture of identity on the internet is that the individual is underneath those existing hierarchies of identifiers,” she says. “I have a Twitter account on Twitter, a LinkedIn account on LinkedIn. That ‘on’ part means that I’m underneath them. They determine my digital self. I don’t own or control my identity, they belong to Facebook.”
She wants to be able to take her identity with her from Facebook to Google to her doctor’s office to her bank, with the same ease that she can plug any electrical device into any socket in any wall. And she doesn’t want any company or government to have the authority to track, cancel or suspend her. But to get what she wants, Young needs to add a new layer to internet protocols. That’s what she’s been working on for the past 15 years.
The internet is built on technical standards, such as TCP/IP for sending data, or SMTP for email. These standards are decentralised, meaning that no one company owns and controls them. Anyone can develop a product and plug into them. That’s why lots of different companies can build their own email clients like Gmail and Outlook and Yahoo Mail, and they can all send emails to each other. Facebook and Google Search, by contrast, are walled gardens. They keep user data on their platforms for the purpose of selling ads.
Developing standards is equal parts technology and politics. Representatives from different companies need to come together and reach consensus about how a new technology should work. These people are not elected, but the process of passing a standards through bodies like IETF (Internet Engineering Task Force) or W3C (World Wide Web Consortium) isn’t totally dissimilar to steering a law through parliament. It involves meetings and phone calls and negotiations.
That’s where Young comes in. She has a background in environmental activism, and she’s built a career as a freewheeling community organiser for identity tech. She does research. She writes white papers and op-eds. She introduces people to each other. She advises everyone from the US government to small tech startups to Microsoft. At a lot of meetings she was the only woman in the room. People came to know her as “Identity Woman”.
Most importantly, Young has created a space for standards work to happen, twice a year, every year. In 2005, she co-founded the Internet Identity Workshop (IIW) with Phil Windley and Doc Searls. Every six months, a few hundred identity geeks flock to the Computer History Museum in Mountain View, California, where they work together on identity standards and technology.
The conference has spawned widely used standards such as OAuth, which is used by millions of people every day when they use login credentials from one site to sign into another. These days, most of the participants at IIW are working on Self-Sovereign Identity (SSI), a technology that uses decentralised identifiers that people create and own, and verifiable credentials issued to them and under their control.
SSI has its critics. Some say that a decentralised system will never work, that a company like Amazon will come through and monopolise identity. Privacy critics and techno-sceptics are concerned about the unforeseen consequences, such as backdoor data intrusions, or a lack of institutional recourse if something goes wrong.
Young has seen plenty of new identity schemes fail. She’s a walking, talking encyclopaedia of standards past and present, dead or dormant. She can tell you about failed attempts at a single sign-on tool, such as Microsoft Passport (which famously crashed hotmail.co.uk when Microsoft forgot to renew the passport.com domain in 1999).
But the tech underpinning SSI has matured since Young started working on it, and a growing number of industries, including finance, enterprise management and healthcare, stand to benefit. “Banks are interested in SSI now because it’s significantly reducing risk for them,” she says. “It’s so much more secure than cookies.”
When Young started her blog, she was in her mid-20s with no formal background in identity tech. But she had original ideas, and experts soon took notice. The work hasn’t made her rich. She does it because she truly believes that new technical tools can solve the privacy crisis. She has taken it upon herself to shepherd those new tools into existence – and now says the standards that we need are almost ready.
Young believes that if SSI succeeds, it will replace Facebook. “We’re on the brink of deploying architectures that would have prevented all of our privacy problems in the first place,” she says.