Research Note

Self-(De)termination: The Fatal Ambiguity of Digital Identity

In Hong-Kong, a finance worker joins a video call—one of dozens they attend every week. This is not a routine call however: the meeting’s agenda is a request to transfer $200 million Hong Kong dollars. Familiar faces appear on-screen, their voices filling the headphones. In the flattened reality of this digital interaction, reassured by colleagues and superiors, the employee finalises the transfer details and wires the money.

None of those people were real. The money disappears.[1]

As you read this, the world has entered an era where no recorded voice or face can be trusted. Amongst the many system shocks the 2020s will be remembered for, this is a tectonic shift that shatters how we cultivate social trust, especially in digital societies. Entrenched governance structures, agitated by sudden paradigm changes, have led us to this digital identity event horizon. A pure science (non-)fiction timeline of crimes, made possible by the most intimate impersonations, stretches as far as the eye can doomscroll. Clearly, the rise of AI social engineering attacks highlights the pressing need for more technological solutions enforcing more robust authentication. How else can this depressing state of affair, where no single attribute of a person can escape the reach of bad actors, be brought to an end?

Perhaps a more important question is, how did we get here? The answer remains elusive. As trust in identity crumbles, the entire dID field is left incoherent. Lost in the mainstream dID discourse is a consistent definition of the very subject of the debates. Instead stands fledgling, market-driven governance cultivated by a cohort of self-selected experts—NGOs, politicians, technologists, executives and private consultants—, all agitating for discrete interests and the ‘common good.’ Contradictory and competitive conceptualisations of the self lead to decisions made for entire populations—often with unexpected consequences.

Identity is everywhere, and as a result it is nowhere. This fatal ambiguity arises from Cartesian identity—‘I think therefore I am’—, an incomplete reckoning of the digital self that leaves actors of the field incapable to discern its shortcomings. The digital identity landscape remains blind-sided by outcomes stemming from the limits of technical solutions derived from the Cartesian identity. Furthermore, this ‘indentitarian moment’ produces an attack surface that originates from functioning systems of identification.

In our previous research note, Cade Diehm detailed the technical flaws of digital identity (dID).[2] He described how digital identity’s first principles are ill-defined, untested and brittle. Combined with the shaky convictions of triumphant post-Cold-War liberalism,[3] and the tendency of this political philosophy to confuse ontology with ownership (or being with having),[4] identity morphed from the output of an act of identification to the property of a person. The profound contradictions produced by this conceptual chasm reverberate when applied to systems of governance deployed at scale.

The promises made by proponents of both past and emerging dID systems are varied and contradictory. Common to all is the claim that this dID will usher a new age of sovereignty, a digital equivalent of ‘just one more lane will fix traffic on this highway.’ Here, digital identity is a rational tool, deployed both to know the self and to recognise the other. This form of recognition and authentication relies on deeply-held claims of self-understanding buttressing one's human rights and economic autonomy[5]—where puzzingly “one cannot have an absolute right over his or her body.”[6] When presented as a cornerstone of governance, entire communities subjected to centuries of western colonial and post-colonial exactions are expected to materialise the infrastructures of a western-modelled civic society—an expectation presented without an ounce of reflection.[7]

When promoted as infrastructure policy, proponents claim that the new efficiencies and optimisations set free by dID will generate “a new frontier in value creation for individuals and institutions around the world.”[8] Deep-seated ideological and logistical issues of old 'paper-based' bureaucratic registration systems will be solved. Consultants and ex-governement officials, with a resume of shock therapy, austerity and underfunding,[9] will finally bring to heel “slow and cumbersome government services.”[10] And in the disintegration of peace-time, these systems become pattern-of-life indicators, building targetable identities whole cloth for optimised drone strikes.[11]

Such moral and material flexibility strikes at the heart of dID. The fatal ambiguity of such a benighted and chaotic definition of the digital self ensures that a desirable future cannot be achieved. A discipline that blends together commercial trust, human rights and targeted assassinations under the same epithet offers only nihilism as its telos. Digital identity, with its self-appointed grandiose remit, faces us as a weapon, not as an aspiration.

In 2000, Rogers Brubacker and Frederick Cooper summarised this “identity crisis” that had, by the time they published, already been unfolding for more than fifty years:

“The notion of identification was pried from its original, specifically psychoanalytic context […].

[The] term identity proved highly resonant in the 1960s, diffusing quickly across disciplinary and national boundaries, establishing itself in the journalistic as well as the academic lexicon, and permeating the language of social and political practice as well as that of social and political analysis. In the American context, the prevalent individualist ethos and idiom gave a particular salience and resonance to "identity" concerns, particularly in the contexts of the 1950s thematization of the "mass society" problem and the 1960s generational rebellion […].

The proliferation of identitarian claim-making was facilitated by the comparative institutional weakness of leftist politics in the United States and by the concomitant weakness of class-based idioms of social and political analysis.”[12]

This “identitarian” endeavour cannot be separated from the long era of technocratic solutionism unleashed in the wake of cybernetics.[13] Positioned as a humanist (and later human-centred) medium to pacify social conflicts, identity evolved into both a societal first principle and a theoretical fetish, a value-laden shorthand to self that could resolve a series of social antagonisms.[14] Today, ‘cardinal’ identities—reference points for each person—are fast becoming the alpha and omega of any registration process. They seek to embody a natural right, property and possession of any represented human. In a perverse inversion of this value system, life-threatening consequences looms over those falling short of its representational schemes.[15] At its extreme of confusion between being and having, such identities are dubbed wallets, whence the currency of all social interactions must flow.

Following the UN 2016 Sustainable Development Goal indicators and the World Bank ID4D initiative, digital identity designers began to advocate for a serialisation of cardinal identities. These include projects that allow users to split one’s identity across multiple contexts,[16] or that advocate for context-sensitive, compartmentalised identities linked to one verifiable person,[17] as well as “self-sovereign” endeavours.[18] While their technical implementations may diverge, all these initiatives agree with the same basic identitarian premises, investing in identity near-identical ontological power[19] and epistemic value.[20]

There exists already concrete consequences to the conceptual confusion engendered by the dangerously out-of-control reach of dID, and any system that rely upon this compromised first principle. In 2010, journalist and author Cory Doctorow documented the theft of his Twitter password via a phishing link sent to his DMs.[21] In 2024, he was successfully targeted again by another social engineering fraud, despite 14 years of allegedly more sophisticated digital security infrastructure and his own increased awareness to this threat.[22] Doctorow’s anecdotal example points at a serious reality: with billions lost in conventional phishing techniques, what hope do we have to fight this future?

Emergent dID paradigms look beyond the password, into unique personal identifiers—such as biometrics—as authentication and presentation components. Keys derived from unique biological features or individual behaviours offer a compelling defence against a seemingly unstoppable wave of social engineering attacks. What’s however clear by now is, if vulnerable passwords and passcodes remain the mainstay of digital identity theft, biometrics are subject to rapid weaponisation[23] to become new cardinal attack vectors.[24] Offensive technologies are in active development, harvesting the rough materials for impersonation at a mass-scale aided by the multiplication of biometric sensors unleashed by consumer tech—smart speaker microphones, face-id cameras, and newly-introduced retina scans.[25] And mere fraudsters would not be the only ones interested in such a rabid deployment of official, biometric-backed data-points.[26] This reality coexists with massive systemic failures such as the 2021 hack of the Argentinian Registro Nacional de las Personas, which saw the digital identities of the country’s entire population stolen and sold piecemeal on the dark net,[27] the leak of Adhaar card-holders’ personal information,[28] and the theft of the integrality of Okta’s customer support’s data.[29]

What drives this arms race? The answer is simple. The assetisation of digital identity—combined with the flaws of the Cartesian identity—accrues tremendous value because all data-points in a digitised society are deemed credible enough to become a support for dID: patient records, credit scores, transactions, social media whereabouts, moods, citizenship, ownership claims. What used to be considered mere records become partial-identities, and while initially carefully defined as such, end up quickly misused as full-fledged identity projects.

For instance, USAID, the avowed tip of the spear of the US soft power apparatus,[30] draws a distinction[31] between instrumental approaches, where identity stems from a specific remit (such as patient records or driving licenses), and foundational ones, where the foundations for a comprehensive identity project are put in place. Yet, USAID cannot resist subsuming these two categories under the grand project of digital identity, with the first seen as a useful and potential stepping stone for the second. The two become inextricably linked, a cybernetic Möbius strip of conceptualisation, serialisation and expansion. The world has already witnessed the tragic consequences of such cavalier conceptualisations, combined at scale with misplaced beliefs in soft-power management.[32]

Similarly, the Future of Identity in the Information Society (FIDIS), a "multidisciplinary endeavour of 24 leading institutions from research, government, and industry" that included IBM and Microsoft, took great pain in their 2009 proceedings to define the GSM network as the medium for partial identities, whereby “different sets of attributes (partial identities) are needed in different situations – and they can be made available due to the relative strength of the SIM card as a security token.”[33] Yet quickly, a self-contained set of attributes can be discussed as identity per se:

“The SIM concept, together with the supporting GSM infrastructure, provides both identity information and security for accessing voice services, data services, or context based services, such as LBS [Location-Based Services].”[34]

This should not be seen as mere slip of the tongue or semantic shorthand, but a conceptual blurring of lines endemic to the discipline of digital identity. When considered alongside the use of IP addresses as legal evidence in dragnet intellectual property enforcement,[35] the GSM example above reveals itself as a topological space where illegitimate reconfigurations of power manifest.

[36]

Other cases are even more egregious. The IDF has long developed the practice of dropping leaflets in Gaza featuring QR codes leading Palestinians to a web page with a geolocation service, in order to ‘help’ the population avoid active combat zones and bombings. Worse than the widely reported failures of this “service”,[37] is the perspective of the generation of “GSM identity information” tied to the well-established practice of 360-degree profile databases[38] and drone strikes[39] through “SIM card data, the interception of phone calls, and graphs of social networks.”[40]

In a white paper produced as part of the 2016 Rebooting Web of Trust II workshop, Joe Andrieu et al. contested ‘the appropriateness of focusing on “identity” as a property of a thing (or person), rather than as a phenomenon that emerges between an observer and a subject,” noting that “using the word “identity” as a concrete, ownable, controllable asset obfuscates more than it communicates.’ Within this seemingly semantic challenge lurks a deeply operational one:

“[…] any notion of identity is not particularly useful without the existence of a person or entity performing identification.”[41]

What’s at stake here is the common denominator that connects it all—the million-dollar Hong Kong fraud, the social media password worm, the IDF bombing-shelter-as-a-service leaflet, and the biometrics deepfake mass-harvest—as a single, uninterrupted contour of the dID event horizon. By eliding this core operation at the heart of identification, and focusing instead on a rhetoric of value-laden identity, the dID landscape has been unable to grapple with a key site of power and knowledge relations[42] that has been weaponised over and over again.

To describe the dire state of digital identity is not to condemn the discipline indiscriminately. The field is aware of the issues of surveillance, context collapse and identity theft.[43] All these can however be assuaged by externalising the threats, or by defining a system as faulty or compromised. What the dID landscape is yet to fully address is the idea that a locus of power opens when identification performs as expected—a systemic example of weaponised design—, as one party unilaterally assesses and gives permission. In what Michel Foucault describes as “micro-physics of power,”[44] domination and subjugation do not flow from institutions (or platforms, databases or even rogue nations) but rather within the mechanisms articulating social relations and giving them weight, serving as “weapons, relays, communication routes and supports for the power and knowledge relations that invest human bodies and subjugate them by turning them into objects of knowledge.”[45] This complex social dynamic, that saturates all acts of registration and recognition, does not simply evaporate by claiming self-sovereignty through blockchain ledgers,[46] device enclaves[47] or zero-knowledge proof.[48]

The easy transition from human-centred value to financial value, permeating digital identity, only multiplies the potency of this power imbalance. In Immigration Control and Fraud in Southern Africa, Andrew MacDonald documents the lucrative operations, and the bodily harm, that can spawn out of registration systems. As the nascent South African State geared itself towards preserving its white population’s dominance, it targeted the flow of Indian migrants with a complex system of certificates, testimonies, biometrics (fingerprinting) and other official documents—while claiming for itself the kind patriarchal values of imperial liberalism. The creation of an incentive for a market for fraud helmed by bureaucrats and the heads of Indian trading families had unthinkably horrific consequences:

“The certificates gradually gained in monetary value. [Brokerage] houses became more sophisticated—where once they might merely have acted as exchange marketplaces, they diversified into the altering and endorsement of certificates (the going rate was about £5 per document). With a certificate came some rudimentary coaching in what to expect from South African immigration officials […]. Some migrants arrived with multiple certificates as a form of insurance against theft; in some extreme cases impersonation required self-mutilation so that bodily scars might tally […].

As this economy grew more complex, so did the potential for profit.”[49]

These are the concrete outcomes that the dID discipline must reckon with—not as a bug to be patched, but as fundamental incentives and rewards baked into the material conditions that bear witness to the birth of digital systems. The avowed dID horizon is one where most—if not all—social interactions end up mediated by series of discrete, “partial” identifications.[50] Through precarious conceptualisations of identity, and its concretion into the design of digital systems, these identifications retain the full performative power of the cardinal identity they refer to.[51] In this fallacy of identity composition, the incentive to attack these small and diffuse partial identifications simply become too tentalizing. Our Hong Kong fraudsters simply had to imitate faces and voices: it netted them more than $25 million US dollars.

The digitised society clearly needs a way to represent the self. In addition, social groups do require forms of mutual, inter-personal recognition that are often mediated through schemes of registration. And yet, the crises made possible by digital identity touch on every aspect of life. By 2024, hundreds of billions are lost through fraud[52] achieved by the weaponised design of dID.[53] Digital identity has revealed itself to be a major attack surface in the two biggest conflagrations of recent years, Ukraine and Gaza. The doxxing of Russian soldiers and spies’ personal information,[54] and the identification of Palestinian civilians[55] as well as warfare-based pattern-matching terrorist profiles,[56] reveal the extent to which identifying information, combined with cynical probability-based scoring systems, do not simply oil the cogs of credit and trust, but also of retaliation and massacre.

Far from these tragedies, one Friday night in your future, a loved one calls you unexpectedly. Their voice can be heard begging you to transfer your life savings to save them from peril.

They never called you. Your money is never seen again, and your bank—citing your biometric authentication of the transfer—refuses to refund your money.

The total collapse in the trust of the digital self is already here.

Benjamin Royer
March 2024

Edited by Cade Diehm, with assistance from Roel Roscam Abbing.
A full list of acknowledgements for this Research Note will be included in a forthcoming Digital Identity research report, due late Q2, 2024.

  1. Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’
    Heather Chen and Kathleen Magramo
    CNN
    4 February 2024 ↩︎

  2. Identifying the Digital Self 25 January 2024 ↩︎

  3. Liberalism here in the sense of the broader political philosophy and economy, which most sections of conservatism, socialism, social-democracy, etc. have embraced. ↩︎

  4. Pierre Crétois, philosopher: ‘We cannot pretend to be absolute masters of things’
    Sara González
    EL PAÍS
    21 July 2023 ↩︎

  5. Digital Inclusion. The Human Right to Have an Identity
    Thales Group
    02 February 2021 ↩︎

  6. In Supreme Court, Centre admits Aadhaar data leak, critics cite ‘civil liberties’
    Ananthakrishnan G
    The Indian Express
    4 May 2017 ↩︎

  7. Digital Identity In Developing Countries: What Lessons Can Be Learned?
    Andrew Sever
    Forbes
    12 April 2023 ↩︎

  8. Digital ID: The opportunities and the risks
    Deepa Mahajan, Owen Sperling & Olivia White
    McKinsey & Company
    19 August 2019 ↩︎

  9. https://www.goodreads.com/book/show/14451319-bloody-nasty-people ↩︎

  10. The Great Enabler: Transforming the Future of Britain’s Public Services Through Digital Identity
    Kirsty Innes, Jeegar Kakkad & Ryan Wain
    Tony Blair Institute for Global Change
    15 June 2023 ↩︎

  11. A Theory of the DroneA Theory of the Drone January 2015

    ↩︎

  12. Beyond “identity"
    Rogers Brubacker & Frederick Cooper
    Theory and Society Vol. 29, No. 1 (Feb., 2000)
    Springer ↩︎

  13. The Imperial Sensorium 21 June 2022

    ↩︎

  14. Inscribed on the UN Legal Identity Agenda ↩︎

  15. Of 42 'Hunger-Related' Deaths Since 2017, 25 'Linked to Aadhaar Issues'
    Staff
    The Wire
    12 September 2018 ↩︎

  16. OAuth is an open standard for integrating access and authentication across different websites and user accounts. See also: the Wikipedia definition for OAuth. ↩︎

  17. Keybase is a digital security start-up that pairs PGP key security with social trust and verification by using 'proofs' on social media to determine identity authenticity. [Read more on Wikipedia](https://en.wikipedia.org/wiki/Keybase ↩︎

  18. Generative identity - beyond self-sovereignty
    Philip Sheldrake
    2 September 2019 ↩︎

  19. As R. Brubacker & F. Cooper have noted, one must wonder why the same word is employed to described a fragmented partial or incomplete self, multiple partial selves, and multiple complete selves. The philosophical and psychological implications are even more bewildering. ↩︎

  20. Digital Identity Infrastructures: a Critical Approach of Self-Sovereign Identity
    Alexandra Giannopoulou
    Digital Society, Vol. II
    11 May 2023 ↩︎

  21. Cory Doctorow: Persistence Pays Parasites
    Cory Doctorow
    Locus Magazine
    5 May 2010 ↩︎

  22. Pluralistic: How I got scammed
    Cory Doctorow
    Puralistic
    5 February 2024 ↩︎

  23. Banking Trojan Harvests Facial Biometrics for AI Deepfakes
    Matthew J. Schwartz
    Data Breach Today
    15 February 2024 ↩︎

  24. X wants permission to start collecting your biometric data and employment history
    Emma Roth
    The Verge
    31 August 2023 ↩︎

  25. About Optic ID Advanced Technology
    Apple, Inc.
    28 February 2024 ↩︎

  26. The Rising Wave Of Impersonation
    Filtrerwatch
    27 November 2023 ↩︎

  27. Hacker steals government ID database for Argentina's entire population
    Catalin Cimpanu
    The Record
    18 October 2021 ↩︎

  28. In Supreme Court, Centre admits Aadhaar data leak, critics cite ‘civil liberties’
    Ananthakrishnan G
    The Indian Express
    4 May 2017 ↩︎

  29. Okta Says Hackers Stole Data for All Customer Support Users
    Graham Starr
    Bloomberg
    29 November 2023 ↩︎

  30. Measuring Soft Power
    Margaret Seymour
    Foreign Policy Research Institute
    14 December 2020 ↩︎

  31. Identity In A Digital Age: Infrastructure For Inclusive Development
    USAID
    2022 ↩︎

  32. This is the real story of the Afghan biometric databases abandoned to the Taliban
    Eileen Guoarchive & Hikmat Noori
    MIT Technology Review
    30 August 2021 ↩︎

  33. The Future of Identity in the Information Society: Challenges and Opportunities
    Kai Rannenberg, Denis Royer, André Deuker(eds.)
    Springer
    2009 ↩︎

  34. The Future of Identity in the Information Society: Challenges and Opportunities
    Kai Rannenberg, Denis Royer, André Deuker(eds.)
    Springer
    2009 ↩︎

  35. This is Fine: Optimism & Emergency in the P2P Network 16 July 2020

    ↩︎
  36. ↩︎

  37. Israel touts civilian warning system, but for Gazans, nowhere is safe
    Steve Hendrix, Miriam Berger & Hazem Balousha
    The Washington Post
    19 November 2020

    ↩︎

  38. The Dangers of NATGRID and the Proliferation of 360-Degree Profile Databases
    Srinivas Kodali
    The Wire
    1 May 2023 ↩︎

  39. ‘A mass assassination factory’: Inside Israel’s calculated bombing of Gaza
    Yuval Abraham
    972 Magazine
    30 November 2023 ↩︎

  40. A Theory of the DroneA Theory of the Drone January 2015

    ↩︎

  41. Identity Crisis: Clearer Identity
    through Correlation
    Joe Andrieu (Editor), Kevin Gannon, Igor Kruiper, Ajit Tripathi & Gary Zimmerman
    Web of Trust II: ID2020 Design Workshop
    2020 ↩︎

  42. That can however always be potentially challenged and undermined. We’ll address this more in future notes. ↩︎

  43. These issues are however often acknowledged as abstractions without real-life use-cases, mostly as technical problems to be solved, and if ever concretely addressed, simply pertaining to commercial transactions. If the risks of political downfalls for users are ever mentioned, they occur in non-liberal democracies. The case of the French governement creating terrorist records out of the identity of climate activists, or the UK Metropolitan Police abusing women through police officers with fake personas appear to us somehow very prescient. ↩︎

  44. Discipline and Punish: The Birth of the Prison
    Michel Foucault, Penguin
    April 2020 ↩︎

  45. ibid. ↩︎

  46. Self-Sovereignty for Refugees? The Contested Horizons of Digital Identity
    Margie Cheesman
    Geopolitics Vol 27
    4 October 2020 ↩︎

  47. ↩︎

  48. On how zero-knowledge is not a silver bullet in complex socio-political contexts: https://epicenter.works/en/content/eu-digital-identity-reform-the-good-bad-ugly-in-the-eidas-regulation ↩︎

  49. A. MacDonald, Immigration Control and Fraud in Southern Africa. One could raise the objection that this is the example of a system of identification that was gamed, with unexpected effects. However, the system worked as intended, or as best as it can be expected to work, given the conditions and the driving forces behind its creation: imperial liberalism, the closure of the colonial expansion of capitalism, and patriarchal white supremacism. ↩︎

  50. FIDIS’ proceedings are particularly rich in dystopian case-studies of future applications. ↩︎

  51. For how performativity influences registration, see T. Herzog, Naming, Identifying and Authorizing Movement in Early Modern Spain and Spanish America: “Rather than constituting the person as the bearer of certain rights and duties, [identity documents and registries] indicated he may be thus. Rather than operating a transformation (making someone worthy of a certain treatment by the act of registering him or her), they recognized the validity of a change in status that had transpired beforehand, in fact sanctioning what oral negotiations had already consecrated. More often than not, rather than representing ‘reality’, registries gave proof of attempts by authorities […] to control reality, attempts that were usually rejected […]. [Written] registries always coexisted with an oral knowledge that either opposed or converged with them. How these two different registers coexisted (and perhaps coexist today) is a story we still need to explore.” ↩︎

  52. Identity theft is costing the British £4bn a year
    Dashveenjit Kaur
    Tech HQ
    16 August 2022 ↩︎

  53. Digital Identity in the US is Broken
    Anonymous contributor
    BTC Policy
    2 February 2024 ↩︎

  54. Russia Is Leaking Data Like a Sieve
    Wired Magazine
    Matt Burgess
    13 April 2022 ↩︎

  55. Tracking Cellphone Data by Neighborhood, Israel Gauges Gaza Evacuation
    Patrick Kingsley & Ronen Bergman
    New York Times
    16 October 2023 ↩︎

  56. Israel’s AI can produce 100 bombing targets a day in Gaza. Is this the future of war?
    Bianca Baggiarini
    The Conversation
    8 December 2023 ↩︎

This Research Note is an excerpt from our forthcoming Digital Identity research report. Read the others in the series here:

Identifying & Defining the Digital Self
What does it take to assemble a digital identity? What do different implementations of digital identity share? An abridged introduction to digital identity as part of a larger New Design Congress research project.
Cade Diehm