M-RCBG Associate Working Paper No. 205
Identity Assurance in an Era of Digital Disruption:
Planning a Controlled Transition
This paper endeavors to make the case that we should begin a controlled transition towards widespread online identity assurance over the next decade. While pressure building in this direction over the past five years, the democratization of generative AI tools has altered the risk-benefit balance of the ‘anonymous’ Internet. AI-powered services will soon perfectly replicate online human speech, text, appearance, and activity so that they are indistinguishable from humans. These capabilities will potentially empower a wave of harms such as misinformation and disinformation, manipulation of elections, security hacks, fraud, hate speech, shaming, blackmail, etc. These harms will undermine trust and damage the online social and economic fabric if not mitigated.
Thus, this paper asserts that, whether driven by government decree or private sector self-protection, individuals and enterprises will soon need to provide greater levels of identity assurance to interact online. Note that identity assurance is not the same thing as ID verification. Identity assurance is ‘the ability of one party to determine, with varying levels of assurance, that an identity claim made by another party can be trusted’. The ‘claim’ can be any characteristic, such as “I am a human” or “I am above 18 years old” or “I am a student at University XYZ”. Establishing a trusted framework for identity assurance can greatly help mitigate online harms, though it also raises issues around privacy, surveillance, equity and competition fairness.