Human Centered Holdings
← Journal

Essay

On Identity in a Digital World

Why identity is the work of this decade.

Most of what looks like a software problem on the internet is actually an identity problem. Who is logging in? Whose credit card is being charged? Whose photograph is being trained on? Whose voice is in the synthetic audio? Whose opinion is being amplified? The internet has functioned for thirty years on an identity layer that was, by design, optional. That era is closing. Every system that matters, including payments, AI training data, public-square discourse, healthcare records, and immigration, is being rebuilt around an identity assumption.

This is not a future development. It is happening this year. The European Union's Digital Identity Wallet is mandatory across member states under eIDAS 2.0. The W3C Verifiable Credentials Data Model has reached Recommendation status. Major AI labs are integrating provenance and attribution into their pipelines under regulatory pressure. The architecture is being chosen now.

If the architecture is wrong, it will be wrong for everyone, and it will be hard to unwind.

The three layers of digital identity.

Useful conversation about digital identity requires distinguishing three layers that are usually collapsed in popular discourse.

The identifier layer. This is the symbol that uniquely refers to a person, organization, or thing: an email address, a DID, a phone number, a national ID number, a wallet address. The identifier is just a name. By itself it makes no claims about the entity it names.

The attestation layer. This is the set of claims made about the entity that the identifier refers to: this person is over 18; this organization is in good standing in Delaware; this artist is the author of this photograph. Attestations are issued by issuers (a government, a university, an exchange, an artist's own signing key) and verified by relying parties.

The reputation layer. This is the accumulated history of how the entity has behaved across systems: how reliably they paid, what they posted, who they associated with, what they trained on. Reputation is the hardest layer because it is generated socially, not issued.

Many systems blur these three. A platform that uses your phone number as your identifier, your phone-carrier KYC as your attestation, and your in-platform behavior as your reputation has tied all three to a single private actor. That is a fragile and undemocratic architecture.

The architecture this decade chooses depends on whether we keep those layers separate, accountable, and portable, or fuse them into a smaller number of unaccountable owners.

What is breaking.

Three breakdowns are pushing the redesign.

Provenance has collapsed. Generative AI has erased the assumption that a piece of digital content can be traced to a human author. The identity systems we built for the internet were built to authenticate people; they were not built to authenticate the things people produced. Without attribution, the economy of digital creative work breaks down.

Verification has been outsourced to a small number of platforms. Most identity verification on the internet is performed by Apple, Google, Meta, Microsoft, and a small group of compliance vendors. They make the call about who is real. This is a profoundly powerful position and it is held by a vanishingly small number of accountable parties.

Self-determination is missing. The person whose identity is being established has almost no say in how their attestations are bundled, who sees them, or how their reputation accumulates. The default architecture is that identity happens to you.

A serious redesign has to fix all three.

Three principles for a human-centered identity layer.

We evaluate every identity-adjacent investment, partnership, or standards participation against three principles. They are deliberately short.

Portability. A person's identifiers, attestations, and reputation must be portable across systems. If switching from one platform to another requires giving up your history, the platform owns you. Portability is the inversion. The person owns the credentials; the platforms are renting access.

Minimal disclosure. Verification should disclose the minimum information necessary to satisfy the verifying party. Proving you are over 18 should not require disclosing your birth date. Proving you live in a jurisdiction should not require disclosing your address. The cryptographic primitives to do this, including zero-knowledge proofs and selective disclosure credentials, exist. The discipline to use them is what is in short supply.

Recourse. Every system that makes a decision about a person on the basis of an identity claim must be appealable. Identity decisions made by automated systems without a human review path are not legitimate. Recourse is what separates an identity infrastructure from an identity panopticon.

What human-centered identity is not.

It is not a single global identifier. The internet does not need a one-identifier-per-person system, and many of the people building toward one are doing so for reasons that should be examined skeptically.

It is not anonymity by default. Some systems benefit from pseudonymity; others (payments, healthcare, voting) cannot function without strong identity. The question is not whether identity is present. The question is who controls it and who is accountable for it.

It is not exclusively a technical problem. The hardest parts are institutional: who issues attestations, who has standing to verify, who hears appeals, who is liable. A perfect cryptographic system embedded in a bad institutional architecture is still a bad identity system.

An invitation.

If you are building identifier infrastructure, attestation systems, or recourse mechanisms, or operating registries, wallets, or verification services that sit anywhere in this stack, we would like to know you. Identity infrastructure is exactly the kind of long-horizon, public-facing digital asset that calls for patient stewards.