Digital verification crisis reveals unhealthy dependency on centralised platforms

Twitter Blue.

Photo credit: Courtesy

On February 19, 2023, Facebook started testing Meta Verified, a paid trust-as-a-service product in lockstep with Twitter’s Blue Tick offering. These experiments expose the increased dependency on for-profit, highly centralised, and volatile digital platforms to underwrite digital trust. These experiments raise important policy questions, and should they take off, their implications on trust infrastructures around the world will be profound.

An event that happened two years ago, for example, is instructive. On August 4, 2020, the South Sudanese Office of the President sent an official letter to the Facebook LLC Head Office in California, United States, requesting a “reassuring blue-tick” on a page they had created on the Facebook platform. A favourable and timely verification, the President’s Press Secretary stated, would allow them to begin engaging with South Sudanese citizens and the international community at large. Even though the South Sudanese government is the ultimate legal identification authority within its territory, it has to request verification by a corporate actor in a foreign country to engage its own population.

The absurdity is that even though Facebook relies on South Sudanese government-generated credentials, the South Sudan government officials will have to pay for such a verification onwards. It is also true that government authorities issuing IDs have gained a bargaining position with these platforms, which may mean governments will have some control on who in their populations uses these platforms.

The general identification process involves three main activities - registration, authentication, and maintenance. Registration is an expensive and tedious affair, and only state-backed institutions have the capacity to competently prove a claimed identity to a single unique entity in a relevant population and issue respective foundational ID credentials. All for-profit companies in the ID ecosystem depend on this publicly-funded process.

Authentication involves verifying an identity claim against the registered identity information, after which an identity holder is authorised to access privileges associated with said identity. Authentication intermediaries like Apple, Google, or Twitter base their workflows on government issued IDs, either directly when they require uploading a “government issued ID” or indirectly through, for example, SIM card registration.

Continuous update

The third main component of identification, maintenance, ensures the continuous update, accuracy, and access policies of identity attributes. This is an expensive long-term process that largely relies on specific institutions like population registries to monitor and document life events like citizenship changes, marriage, and death. The integrity of digital trust is dependent on the efficiency of governments to maintain their civil registration and vital statistics.

Seeing as governments do most of the resource-intensive work on establishing credible identification, how do they lose control to private entities like Facebook and Twitter? The answer mostly lies with who keeps your ID credentials in a digital world — custodianship.

The custodianship of ID credentials has evolved into two main routes;  self-custody (tangible paper or plastic ID in your wallet, for example) and delegated custodianship (transfer ID attributes to a trusted institution, or a technology like block chain upon whom you can request should it be required by another party).  In the last two decades, individuals and organisations have had to delegate some form of their digital identification trust to a custodian for “verification-as-a-service”, driven largely by digital lifestyles like online payments and social media signups.

As with other dynamics of networked systems, these digital identification intermediaries have evolved from multiple diffused actors to powerful centralised monopolies. AppleID, HuaweiID, and GoogleID are the main players. As everyday services increasingly require a form of ID, digital verification has turned into a critical chokepoint - those who control it have disproportionate influence on other aspects of digital life. Almost everything we do online now requires a nod from these ID intermediaries. AppleID makes paying for candy a bliss, but it also feeds into their power in the wider ecosystem. Early February 2022, Apple unilaterally deactivated mostly Belarusian developer accounts on Apple’s developer platform, in effect halting production environment applications or in-app purchases on affected accounts. This was apparently due to a positive match between their associated legal ID being from a US sanctions restricted region (Belarus). While this action was retracted, it goes on to show how deeply dependent the world is on powerful but erratic verification intermediaries.

Seeing government ID authorities are essential pillars in the verification ecosystem, why are they largely quiet about this debate? It is strange that governments who do the heavy lifting in the ID ecosystem may have to pay to be verified, not just on Twitter but elsewhere on the internet. As a geopolitical issue, most of the Internet monopolies are based in the United States and are legally compelled to respect global sanctions.

Foreign policy changes

For a country that is undergoing significant foreign policy changes every four years, the United States political process continues to hold the world hostage and undermines global trust on the capacity of companies domiciled there to offer credible trust commitments globally.

This is more reason why decentralised options like fediverse are essential, as they push alternative models of trust. Strategic thinking is required on digital identification, not just as a technical issue, but the political implications of the choices made in adopting one form over another in the mid- to long term. Nothing, for example, stops a government from establishing its own digital communication infrastructure verification management system. Technologies like blockchain brand themselves as decentralisation but they are in practice highly centralised. Importantly, such technologies promise decentralisation on the authentication layer, not registration and management. Blockchain is not a viable option as it stands.

But to challenge centralisation is often seen as a challenge to America usually through labels like “splitting the Internet”. From the lived experiences of the recent past, it is evident that for-profit centralised companies have done more to scatter trust on the Internet than decentralised efforts. If anything, decentralised options that emphasise open protocols unite more than they split the Internet, if they ever do. It is on this basis that civil society should also think of human rights as they are linked to identification from a decentralised format (even as a hybrid) to offer substantial cushioning from the effects of governments and for-profit monopolies.

Identification ecosystem is complex, but as a guiding principle, government issued IDs should not be required as a default in everyday activities like paying for groceries or commuting across town. Yet, everytime we use MPESA, ApplePay, GooglePay, so-called contactless cashless systems, we enforce an ID-by-default regime. These options conduct know-your-customer checks to process payment, but neatly concealed in the backend of ever-powerful processors. It is in the ID industry’s interests to increase ID usage, and campaign for lifestyles that increase ID usage, for example cashless societies. It positions them into influential nodes shaping everyday outcomes beyond just ID custody and verification.

Even if Twitter and Facebook stabilise their verification processes, it is a faint signal in the current digital trust wasteland. This is not just a Twitter problem. It is a global trust crisis, to which civil society and governments around the world should be more strategically involved. Global trust infrastructure cannot, or perhaps more accurately should not, depend on highly centralised, for-profit volatile entities.

The writer is a Ph.D. student at the University of Toronto working on digital identification in international politics