Open Blockchains and Decentralized Identity Standards

An open letter to the W3C Director, CEO, team, and membership

Coin Center is the leading non-profit research and advocacy center focused on the public policy issues facing cryptocurrency and decentralized computing technologies. Our mission is to build a better understanding of these technologies and to promote a regulatory climate that preserves the freedom to innovate using permissionless blockchain technologies. We are not a member of the W3C but share a mutual desire to encourage the development of a freer, more open internet. We write today in response to recent objections by Mozilla and other major technology corporations to the Decentralized Identifiers (DIDs) proposed recommendation.

As we’ve previously written, “blockchain technology” is generally an overhyped buzzword. In truth, it is the open consensus mechanism of some blockchain networks, rather than the mere existence of a mythical “blockchain,” that is the true innovation in our field. Additionally, only a few use cases actually benefit from that innovation: electronic cash (e.g. Bitcoin) chief among them. That said, one of the few genuine use cases for open blockchain networks beyond electronic cash is digital identity.

Like electronic cash, digital identity should be open: anyone should be able to create identifiers and issue identity credentials to anyone else without needing to adopt proprietary technologies and without seeking permission from a gatekeeper. Additionally, anyone should be able to build applications that can leverage portable and interoperable digital identity credentials without needing to buy access to an API or form an agreement with some dominant identity provider. As with electronic cash, an individual should be able to directly possess and control her own digital identity and should not need to rely upon some third party’s ability and willingness to preserve the integrity and privacy of those identifiers and credentials. Only open blockchain networks can ultimately provide the openness and individual possession and control that a fair and well-functioning digital identity system would demand.

Today we have the complete opposite of that system. Current digital identity systems are closed: your identifiers come from a company (e.g. Twitter handle, Facebook name, domain name, telephone number, etc.) and your credentials are held captive at one or several siloed database providers (e.g. social networking sites, banks, credit rating agencies, or government agencies, etc.). One provider may not be willing to cooperate on standards with another provider, and a new business seeking to leverage established digital identities is at the mercy of the existing identity providers for interoperability and access. These systems do not allow for individual ownership and control over identifiers and credentials: when you are proving your identity to someone else online you are not sharing a digital certificate over which you have actual cryptographic control, you are, instead, asking a middleman to share that credential on your behalf (e.g. sign-on with Google, sign-on with Facebook, etc.). Your privacy and the integrity of your data are wholly dependent on the quality of the cybersecurity practices of that middleman. Worse, when one of these middlemen is hacked, all of their user data is compromised in bulk (e.g. the Equifax hack).

With all that in mind, we are disappointed that a promising effort to standardize Decentralized Identifiers (DIDs) at the W3C is being waylaid by the objections of centralized digital identity providers. Those objections are, perhaps, unsurprising because they are coming from companies with the most to lose from a future, more open, digital identity landscape. However, the tone of these objections is particularly disappointing. Rather than critiquing the pending W3C DID standard on the merits, these objections have jumped to scare tactics and hyperbole.

The Mozilla objection, for example, dedicates the vast majority of its critique to the putative environmental costs of proof of work mining. This is transparently irrelevant to the W3C DID standardization process. Not only does the current DID standard never mention proof of work mining as essential to the proposed scheme, it doesn’t even mention blockchains of any kind. While it is true that the current DID standard can be used in conjunction with open blockchain networks (and that is something worth celebrating for the reasons outlined above) it by no means requires blockchain networks for its functionality. Nor does the standard even remotely suggest that a proof of work blockchain specifically would be necessary. The DID standards could be implemented, for example, on proof of stake blockchains that do not utilize anywhere near as much energy in their consensus mechanism or they could be implemented without blockchains at all.

At the end of the day, the current standard simply provides options for future uses: if the larger internet community found any particular blockchain useful in implementing the DID standard then that choice could be made. But if, on the other hand, the environmental or other cost of implementing the DID standard using blockchains was prohibitive, then other methods could be used. The current standard does not lock anyone into any particulars. Indeed, it’s confusing that this flexibility of methods is also something that the Mozilla objection criticizes. How can the standard both be too permissive of various methods (blockchain and non-blockchain) while simultaneously too deterministic in locking the community into a particular method that, it is alleged, would have deleterious environmental consequences?

Moreover, the energy usage of a proof of work blockchain, like Bitcoin’s, could be entirely justified if it was leveraged to provide robust security for a global identity network. Energy usage alone does not inherently equate to environmental degradation. Developing clean energy sources and discouraging the burning of fossil fuels is a far wiser environmental policy goal than simply forgoing the potential benefits of increased energy consumption for important processes. The best of all worlds might be one where tremendous energy resources are dedicated to forging a secure and open identity standard that significantly discourages hacking and fraud but where all of that energy comes from clean and renewable sources.

We urge the W3C to look closely at these objections. Do they critique the actual DID standard or do they instead critique a strawman?

Thank you,

Peter Van Valkenburgh

Coin Center Director of Research