Editorial: Identity and Privacy Governance

Abstract

The design and management of digital identity is a complex challenge. On the one hand, it requires a clear understanding of the parameters that are involved in identity management. On the other hand, it requires the cooperation of many stakeholders. In particular, this involves those public authorities and private organisations that need to be aligned to define technical standards, develop identification infrastructures and maintain them. A shared understanding of fundamental concepts that define identity in the digital age is then a prerequisite. Such a complimentary reflection and evaluation of what the emergence of distributed-ledger technologies means from the perspectives of human rights, human dignity, as well as individual and collective autonomy are essential to ensure their use for good purposes. While technical capabilities are important, they are increasingly insufficient without guiding theoretical frameworks. Sound governance mechanisms which respect, protect and promote human rights such as privacy are equally essential. The COVID-19 pandemic has only further increased the desire to use data to understand and manage our societies (Zwitter and Gstrein, 2020), which also increases the degree to which we are defined through data and our access to digital services. Certainly, we currently witness profound changes in the capabilities to define and manage identity. Established architectures to validate, certify, and manage credentials are usually based on centralized or federated top-down approaches. They rely on territorial sovereignty, trusted authorities and third-party operators which gain considerable power by being able to manage the systems. In recent years, distributed-ledger technologies such as Blockchain have been described as “trust mechanisms”, which can operate independently of such trust-mediators and territorial restrictions. One might prefer to rather trust a technical system, as well as the parties that host the software and ensure proper functioning, than traditional institutions such as banks and states. This emerging opportunity to change the practice of identity management raises the questions of 1) how blockchain applications influence trust, and 2) how trust based requirements affect the design of applications based on distributed-ledger technology? Some identity management architectures presented in this research topic go even further and design full-fledged identity management systems. Their users are not only independent from the gatekeepers mentioned above. They also do not need to maintain a single aggregated identity. This enhances privacy and autonomy, so the authors argue, since aggregated identities can potentially be constrained or reconstructed against the interests of individuals. Such a pattern change could also potentially mitigate information security issues. These security issues are becoming more and more pressing as conventional digital identity management based on passwords and e-mail addresses face enhanced cybersecurity threats, typically associated with identity theft. Nevertheless, private forms of digital identity governance can also create worrying consequences from a security perspective, as the case of “Silk Road”—a historically influential platform for trading on the “dark web”—demonstrates. Edited and reviewed by: Richard Adams, Cranfield University, United Kingdom