I have been meaning to write something up about a fantastic session I attended on Day 2 of the GDC conference in Geneva, convened by Dr Emry's Schoemaker and [Dr Margie Cheeseman](https://about.me/cheesman.

The session was titled Trust in Transition and explored identity and systems of identification within the context of war, climate disasters and human migration. Critical conversations for our work at the Credentials Community Group and the wider commuity of technologists working on identity.

The humanitarian sector is a sector where systems of identification are undoubtedly and justifiably required. It is also a sector with vastly imbalanced power dynamics where vulnerable humans far from home must subject themselves to the identification systems of a state or/and a multitude of non-governmental organisations (NGOs). Additionally, the humanitarian sector is vastly under resourced and oversubscribed. Even conservatives projections into the future must accept that these challenges are only going to be further exacerbated by our collapsing climate stability, wars around the world and the terrifying rise in authoritarian regimes we see today.

Many of these NGOs were represented in the room for this session including the UN Refugee Agency (UNHCR) and the International Federation of Red Cross and Red Crescent Societies (IFRC). State actors less so, although there were a few big hitters from for profit organisations in the mix.

I made a decision to attend this session because of Emry's of Caribou Digital. I have so much respect for him and the rest of the Caribou team. Throughout my PhD I read much of the research and case studies that they pushed out. In fact that research formed the backbone of one of my chapters in my thesis titled Identification Systems.

Some of their content that remains highly relevant and I that I cannot recommend highly enough are:

• The difference between digital identity, identification and ID by Johnathan Donner precisely articulates the Caribou Digital style guide for talking about identity in the digital age.

• The Identities Report, an excellent, detailed report produced by Caribou Digital as part of the Identities Project. Stories of real people, with real experiences and real challenges navigating systems of identification in the digital age. From India to the world.

These outputs, and many, many more are deep and insightful. They definitely helped to shape my thinking and perspectives of identity that continues to this day.

Anyway, I finally motivated to write these words after the latest round of responses on the CCG email thread - When Technical Standards Meet Geopolitical Reality - kicked off by Christopher Allen's call to action and concerns of the direction our community and technologies seem to be being pulled in.

I don't agree with everything Christopher is saying, but I agree with the sentiment and appreciate his voice and deep expertise in the space.

Christophers call to action kicked off a mammoth and fascinating email thread that really highlights the strengths and the heart of the Credentials Community Group. I am proud to be able to contribute to this community as one of its chairs during this time.

The whole thread is worth a read, it contains a diversity of perspectives, personal lived experiences and well-informed opinions from many of the leaders in this space.

The latest round of emails were in responses to a series of blog posts by Kyle raising serious and thoughtful concerns about the centralization of power that these technical architectures for identification enable, especially when the focus is on some authoratative issuer issuing credentials to mere holders and subjects of identification systems.

Over the weekend, after digesting Kyles words for some time Manu replied with an excellent summary.

If I had to summarize the core of your message, you're suggesting that
we have over-optimized for large government issuers and have therefore
further entrenched traditional power dynamics (that some in this
community don't like). You are saying that when we identify use cases
that we want to address, we need to focus on the power dynamics
created by the solutions. Does it shift too much power and authority
to the issuer, a guardian, the holder, or the verifier? You're
suggesting that we need to explore architectures that don't
over-optimize for the issuer, and then you used an example with age
verification where we put the decision making power in the hands of a
guardian (the parent) instead of the verifier (the website).

...

What I was thinking that you and Christopher were saying was something
along the lines of: Decentralized Identifiers are broken and we should
abandon them. Verifiable Credentials are broken and we should abandon
those too... and so on. When I think what you're saying is that we
need to reevaluate how these primitives are put together into a
functioning architecture; specifically, what credentials are issued by
whom and who depends on those -- decentralize the issuers, if
possible.

A wonderful example of how in the heat of the moment we can mistakenly infer intentions. Sometimes pausing for breath and coming back with a considered response is far more fruitful. Manu is a master of this. It is worth reading his full email response if you have the time.

So as you might see this discussion on the imbalances of power felt highly relevant to the Trust in Transition session at GDC. Imbalances in power are a fact of the fabric of the societies that we live in today, but these imbalances can, and are being, be further entrenched by information technologies. And especially information technologies designed for the purposes of recognising, remembering and responding to people and things.

Identity is powerful, just look at how it is wielded across the political spectrum.

Not only that, information technologies are disrupting and disintermediating some of the institutions whose role in society has been to trust within the systems and activity across a domain which they oversee. This is the OG (original) way societies have scaled trust to meet the demands of increasingly complex fields of social activity. I tried to write something to this effect in an earlier email response on this thread.

Anyway, I digress.

What finally tiped me into writing this piece was a response from Tim Bouma over the weekend.

Personally, I’ve come to the conclusion that we require a protocol where
the core primitive is ‘issuance’ (signing) such that there is no privileged
role of ‘issuer’ and/or ‘verifier’. Anyone using this so-called protocol,
no matter how disadvantaged they might be, must be on equal footing with
the strongest of users, namely government.
​
As things stand now, the current protocols simply reinforce the status quo,
and for the majority that’s ok, or don’t know anything differently. That’s
also ok, for the current generation of solutions, but we need to start
looking past that horizon.

This reminded me of something I wrote in my notebook towards the end of the Trust in Transition session as we turned our attention towards the futures for the humanitarian sector in relation to identity systems.

We were asked for our vision. Our aspirations.

What paths are we trying to navigate towards?

What futures are we striving to avoid?

These hooks sparked a great conversation around the room. One that, as very much a guest in this space, I was mostly happy to listen to and digest. As a wise man once told me, seek first to understand then to integrate.

I did have a vision to propose though. A vision that I attempted to articulate towards the end of the discussion. One less rooted in the current reality, more in the adjacent possible. It very much rhymes with what Tim shared on the email thread.

Simply put: SIGN ALL THE THINGS.

Individuals should be capable of being the source authority over the reality of their digital lives.

My vision is one of accountability and intersubjectivity between humans and the systems which identify them and attempt to represent some facet or fragement of their identity. Humans should be able to understand the web of accountabilities between them and the systems that what to identify them.

We have much work to go before this is a reality.

However, unlike some voices on this thread, I still have hope. We are laying the foundations, refining the primitives and exploring the building blocks and their configurations.

I firmly believe these components open up a whole new possibility space for designing, building and interacting with digital systems.

It is a possibility space we are only just starting to explore.

Sure, within that possibility space, over in some uninteresting corner, is all the same systems and approaches we know and dislike today. But that is tiny compared to what else might be possible.

I think it will take imagination, creativity and courage to bring some of these possibilities into reality.

It will also take compromise. In certain situations and sectors. The state isn't going away anytime soon. Like it or not, they are in a certain position of authority over some of the facts of our lives. In these cases we should look to gently nudge the framing, like Utah has done wonderfully.

States endorse identity, they do not issue it.

No one can issue you your identity, and if anyone trys to tell you otherwise gentle correct them and point to some facets of the multitude of identities that you contain.

That is probably enough for now.

I will close with an invitation and much encouragement to playfully explore the possibilities enabled by decentralized technologies like Decentralized Identifiers and the associated privacy-preserving cryptography primitives.

New digital realms are possible. I firmly believe this.