21. The Plummet
How did that happen? We were promised a reusable Digital Identity ecosystem, and now we are getting digital copies of documents on a smartphone?
With New Zealand’s premier identity conference, 2025 Digital Trust Hui Taumata, happening within 2 weeks, I thought it would be useful to report the plummet of Decentralized Identity down to Distributed Digital Documents. To put this plummet into perspective, I have written a report card for Identity for the last 50 years. Identity only gets a C-, and my analysis that follows describes this major contraction reusable Identity to digital documents.
Lifetime Achievements: C-
In the last 50 years Identity achievements are:
Paper-based identity records have been replaced with centralized digital identity databases.
Physical identity documents are created from these databases for in-person identity.
On-line identity started on the Internet with username/password and evolved to Multi-Factor Authentication (MFA).
Federated Identity emerged a) to support integrated online government services, b) in the corporate arena as the Identity and Access Management (IAM) industry, and c) as a method of leveraging the large identity databases maintained by social media and big tech
Identity Verification, based on physical identity documents, was developed by the Know Your Customer (KYC) industry, a response to Anti-Money Laundering / Countering the Financing of Terrorism legislation (AML/CFT).
What has not been achieved is:
Secure in-person Identity (e.g. a secure Covid passport)
Secure and easy to use on-line Identity
On-telephone Identity
Low-cost solutions
Age Assurance to protect youth from social media, adult content, gambling, and alcohol sales
On-line authentication to protect individual from fraudulent financial scams.
Identity development has been haphazard in the last 50 years – it has lacked an overall design and any consolidated direction. We still use physical documents. On-line Identity is a mess. The social harm due to a lack of Age Assurance is not imaginary – it is happening right now, and solutions are limited. Simply put, we lack the reusable digital identity that everyone desires (except the incumbent KYC industry which would be marginalized if there was reusable digital identity).
The outliers to all this are the national Identity solutions of Scandinavia and Estonia. With the advantage of compulsory personal numbers, these countries have developed common second factors of authentication (2FA) solutions and the sharing of basic government data. While not reusable identity, these solutions are highly effective and meet many of the identity needs of their societies.
But overall, Identity’s grade is C- at best. So, what is Identity doing to solve it?
Current Activities
Simplifying in the extreme, I see the major courses being pursued now as Decentralization, Distributed Digital Documents (DDD), Probabilistic Models, and Legislation.
Decentralization
I have written many newsletters on the challenges for Decentralization: securing data on personal digital devices, establishing initial verified identities on these same devices, exchanging credentials in multiple environments, recovery processes for lost devices etc. These many challenges are probably why, 20 years after the Internet Identity workshop started promoting Decentralization, there is no implementation of decentralized reusable Identity. We have had a series of technologies including DIDs, Digital Wallets, and Verifiable Credentials but no decentralized ecosystem design. We have technologies, but no functional solution. Decentralization has not delivered reusable Digital Identity.
Distributed Digital Documents (DDD)
What is coming to fruition is Distributed Digital Documents, this being Verifiable Credentials stored in Digital Wallets. Essentially this replicates physical identity documents in physical wallets but with better verifiability of the documents. MATTR’s recent announcement, that it had been selected to provide a credential SDK for the New Zealand’s government’s app, highlights the utility of this solution: “It marks a major step toward Kiwis being able to carry trusted digital versions of their credentials (like driver’s licences) in their own digital wallets”.
But note that there is no mention of reusable Digital Identity. Because Decentralization is so complex we have descended to a lesser deliverable – DDD (maybe we can call this triple D). And note that the descent is huge, from an ecosystem to a digital copy, hence the use of the word ‘plummet’.
Probabilistic Models
Due to both the need for Age Assurance and the weaknesses in current Identity solutions, Age Estimation and Age Inference have emerged. Both are based on probability – that people who look and move like this are normally a certain age and people who have a certain digital footprint are normally a certain age. But, of course, they have inherent error rates, and you do not know when an error occurs. While these techniques may have applicability for statistical analysis of behaviour, they are unlikely to be the answer for high assurance Identity.
Legislation
We have legislation that:
proscribes KYC processes creating Identity Verification
establishes national trust frameworks but without any tangible results
establishes customer data rights but without any delivery to date
proscribes an EU Digital Identity Wallet that has given rise to a pilot industry
regulates age assurance resulting in rushed low-quality solutions (e.g. UK) or the shutting down of services (e.g. adult entertainment in some US states).
Legislation is clearly important to a society, but it has yet to deliver a Digital Identity ecosystem and is unlikely to do so. Why not? Because it is there to regulate what society produces, not to dictate what society produces.
The Plummet
50 years of below-average performance has left us with physical identity documents, on-line federated identity, and an incumbent KYC industry. We have no reuseable Digital Identity ecosystem.
In the last 10 years, Identity has disappeared down a series of ideological and technology rabbit holes. Decentralization, driven by an ideological distrust of central control and fuelled by a cryptographic industry, has failed to deliver and has plummeted to Distributed Digital Documents.
Side bets, probabilistic identity and legislating solutions into existence, have not and will not work.
After 50 years, we can now put a digital version of an Identity Document onto a smartphone. That’s right— what we digitized 50 years ago can now be put on a smartphone. Gee whiz.
The dream of a Digital Identity ecosystem is yet to be realized.
Alan Mayo