Coming full circle: How Self-Sovereign Identity Could Lose Its Way
Self-Sovereign Identity (SSI) offers a robust and scale-able solution to the challenges of digital identity that is secure while also respecting privacy, freedom, and human rights. However, a mix of political and industry pressures, along with a push for quick adoption, risks turning SSI into just another marketing buzzword.
Nowhere is this trend more visible than in the mobile Drivers License (mDL) and the ongoing conversations around the second version of European Unions “electronic IDentification, Authentication and trust Services” (eIDAS).
Old Interests, New Technology
The first version of eIDAS was an adoption failure. While it was not providing privacy by design, technologically it was sufficiently correct to function. It did so by giving a central role to Trust Service Providers (TSPs) and Certificate Authorities (CAs).
These intermediaries sought to exploit their government issued monopoly and consequently choked off adoption for the first version of eIDAS.
In doing so, they repeated the same mistake made on the wider web, where excessive pricing led to stagnation in the adoption of encrypted communications. In 2014, only 10 short years ago, the vast majority of all connections was not using any kind of transport layer security (TLS).
It was the Snowden Revelations that changed everything. But not in the way the intermediaries had hoped.
While I am sure many were rubbing their hands, and expecting the pipe they were sitting on to finally start flowing, everyone in the industry knew that predatory pricing was to blame for the low adoption. So in November 2014, Let’s Encrypt was founded in order to provide for free what Certificate Authorities are selling at premium prices.
Today, Let’s Encrypt provides over 55% of all certificates used on the web. Which provides for two conclusions:
Let’s Encrypt has become the single point of failure for security on the internet. And the addressable market for TSPs has shrunk dramatically, and keeps shrinking.
Simultaneously, the costs for TSPs are growing. Not only in terms of technology cost. But also in terms of compliance cost. Because there is a whole industry of consultants and auditors that service TSPs, extracting six figure payments each year for initial certification and re-certification. Growing cost and shrinking markets are not a great prospect for any industry.
So when the new version of eIDAS came along, promising to switch to Self Sovereign Identity for privacy by design, security, and elimination of intermediaries, the TSPs deployed their lobbyists to Brussels to stop this threat to their remaining business.
The result was a bureaucratic monster, for which some people at DICE 2024 in Zurich voiced doubt whether it could even be implemented in practice.
Intermediaries are once again involved in every step. And all the technological choices are based on legacy Web2.0 technology shaped by the TSPs, without privacy by design, and with well known and regularly exploited security issues.
So TSP lobbying successfully defended their government mandated monopoly over the digital domain, and the fundamental issue that stopped adoption of the first version of eIDAS remains unresolved. Only the future will show whether this second attempt of the TSPs at monetizing all digital interactions will fare any better.
But that isn’t even the biggest problem.
The Web is a bad idea for personal identity
The web is a fundamentally unsound technology choice for personal identity, for a variety of reasons, starting with security.
The early web wasn’t really designed for privacy or security. Its original design was inspired by the need for institutional information sharing. Invented in 1989, security was added in 1995 when Netscape came up with Secure Sockets Layer (SSL), which led the way for today’s Transport Layer Security (TLS). This allowed encryption of communication, but all security was dependent on key management.
Because it was the only practical way at the time, intermediaries became the root of all trust for virtually all users. On top of those issues, secure communication requires two parties who may know nothing about one another to negotiate a secure key to use for encryption with one another. That negotiation must happen over the same channel that is being used for encrypted communication.
Which is a bit like yelling the combination of the key pad to your house through the open window over to your neighbour so he can come in and water the plants. If there are no eavesdroppers at that time: Great. If there are, they now also have the key. You’ll find out whether you were safe in a few weeks when you get back from vacation.
Diffie-Hellman key exchange was invented to solve that particular problem. But it is only secure if used correctly and keys are being rotated and refreshed often. Re-use of static keys or weak parameters can weaken security considerably.
On top of that, cryptography is an ever evolving field, and the need for web servers to support older browsers means that sometimes, outdated or known vulnerable settings are still being allowed. Managing all that is complex. It requires organisational level security teams.
And much like charging your modern Electric Vehicle using a coal powered steam engine to drive a generator, trying to fast track adoption for Self Sovereign Identity by using Web based Decentralized Identifier (DID) methods effectively negates all the conceptual and architectural progress that has been made with SSI.
All the underlying security issues our industry has struggled with for the past 30+ years, all the conceptual weaknesses of the Web, all the privacy issues and compromises also apply to SSI when using did:web and its descendants.
In practical terms this translates into most people once again finding themselves forced to entrust their personal identity to intermediaries in the form of custodial wallets and platforms. Just as they are doing today with Google, Facebook, Amazon, Apple, Microsoft.
Most people will rent usage of their own identities, but they will have no ownership or agency. And those intermediaries will once again have full visibility and control over everything people are doing online.
That is a steep price to pay. Is it worth it at least in terms of security?
Even these large organisations get it wrong often enough for data leaks and other issues to occur frequently. When using the Web for personal identity, these compromises will have consequences beyond anything we have seen so far. What happens when the compromise has enabled the attacker to provide legally valid signatures in your name to sign contracts, or consent to sharing your personal pictures with the wrong parties?
And that’s only the start of the valley of doom.
The Web is based on top of the Domain Name System (DNS). Which is a system in which you rent usage of certain human readable domains on a yearly basis. Without it, the Web falls apart.
So let’s assume enlightened users rent their own domains to become independent from the intermediaries. Now they can move between them in case one of them has issues, goes out of business, or gets acquired by a billionaire with a questionable political agenda. Just move your domain and you’re good, right?
Not so fast.
Not only is it possible you may lose your domain, either due to changes in DNS policy, legal aspects, such as trademarks, or because you’ve missed a yearly payment.
If a personal identity can be lost that easily, was it ever really yours?
But there is an even bigger issue.
The W3C Decentralized Identifier (DID) standard was designed to provide for unique, non-correlatable identifiers for each individual interaction. Which sounds great in theory. But how non-correlatable are did:tdw:johnsmith.eu:223499182
and did:tdw:johnsmith.eu:673403151
?
Would you be able to tell they might both belong to the same person, whose name might be John Smith?
Because the domain is always an intrinsic part of each Web based DID method, none of them allow for personal ownership without complete loss of pseudonymity, and non-correlatability.
So whatever pseudonymity and privacy can be achieved leads back full circle to large intermediaries and custodial wallets — just like the federated identity infrastructure of today.
TL;DR: Don’t do it, Anakin!
Web technologies are a fundamentally poor choice for personal identity.
They can work in domains where privacy and non-correlatability are not required, for instance organisational identity. But for personal identity, they compromise almost everything that Self Sovereign Identity (SSI) was intended and designed for.
You cannot retrofit privacy and security onto an architecture that wasn’t built for them. Just look at Email. It has the same problem. Decades of adding layers of complexity and auxiliary systems have kept moving the problem somewhere else in the stack, to another component. Lots of snake oil has been sold. Some people got very rich this way. But the fundamental issues remain unsolved.
We should not repeat that same mistake for Self Sovereign Identity.
No system that is intended for personal identity should ever use did:web
, did:tdw
, or any of the other web based DID specifications. The concepts of SSI can solve all the issues above. They can provide people with real agency and control over their own identity. But not when using the Web.
The solution is simple.
Humans are not organizations. Stop using Web based DID methods for personal identity. did:web and its descendants are very useful for some organizational use cases, and for prototyping new ideas. They have NO place when it comes to personal identity, or use cases that require strong privacy or security.
There are (at least) three superior alternatives that come to mind, all of which can also provide a secondary channel for key negotiation.
Stay tuned.