The launch of World ID, a digital passport that authenticates individuals’ identities, has made headlines, especially among professionals in the fraud prevention industry. Created by OpenAI’s founder, Sam Altman, this unique ID promises to secure identities and provide “a privacy-preserving identity and financial network owned by everyone.”
This appealing solution has the potential to prevent fraud and identity theft, as well as offer safe and secure transactions. However, while exciting, this new solution raises many questions about privacy, usability, and adoption. This article will explore the need for identity validation solutions such as World ID and analyze its advantages, shortcomings, and dangers.
The Need for Identity Validation Solutions
In the age of Generative AI (GenAI), we can no longer confidently discern real media from fake due to GenAI’s double threat to identity and authenticity. Now, determining whether media itself is real or the people claiming ownership are who they say they are has become increasingly challenging. The new tools offered by GenAI provide fraudsters the sophistication and efficiency to carry out malicious attacks in just days. In contrast, organizations take months, sometimes years, to keep up with fraudulent activities. The quality and speed at which they can attack, now with GenAI, is unprecedented. We are only at the tip of the iceberg of what fraudsters can now do.
In this era of technology, identity validation is more essential than ever, as socially engineered attacks and fake accounts in the marketplace are increasing. Furthermore, liveness and verification checks are bypassed more quickly and efficiently.
What is World ID, and How Does it Attempt to Solve this Challenge?
World ID addresses the identity problem with a “privacy-first, self-sovereign and decentralized” protocol. World ID’s unique digital identifiers, obtained through iris scanning, ”lets you prove you are a unique and real person while remaining anonymous.” These IDs are stored on the blockchain and entirely controlled by their owners.
The way it works is that individuals must verify their World ID by going to a center with the “Orb” device, which scans irises and creates a unique identifier. These centers are available in 18 countries, with 119 different Orb locations. Once their identity is verified through the Orb, individuals receive a digital wallet that serves as a digital passport and receive 45 “Worldcoins,” the cryptocurrency of World ID.
Who Needs New Identity Validation Solutions?
While World ID’s technology is innovative, some of its use cases have already been solved. For example, one way to ensure the authenticity of digital files or media pieces is through digital signatures using public key cryptography. This method has been around since the 1970s and involves a large unique numerical identifier that is used to encrypt data and can be used to sign and prove the authenticity of any digital file or media piece. The Public Key Infrastructure (PKI) is being widely used by Websites, and it does not require any blockchain or particular organizational structure, only a publicly available database to store keys. This system is at the core of all Internet secure transactions, whether you visit your bank’s website or buy a new product online. This tech could be used to authenticate anything – from emails and documents to identity attributes. World ID is seemingly no different, offering nothing new to the identity validation industry.
Irises are not the first or last unique identifiers to be introduced. We have the public key, fingerprints, and other unique biometric identifiers. The question of unique identifiers’ success has always come down to their storage security. World ID attempts to secure IDs by placing the data on the blockchain. However, the blockchain, by nature, is not private, exposing the data to risk. Blockchain has been around for over a decade and is still not widely used for storing identities. Moreover Blockchain solutions have been proven to be highly inefficient, requiring huge amounts of computation and energy to secure even the simplest action.
Global Adoption of Identity Validation Solutions
An Identity solution without wide adoption is meaningless unless the vast majority of people can be authenticated, we are still at square one. Government enforcement can encourage adoption, but history shows that individuals will only sign up if they see direct value in their actions. It is unlikely that World ID will gain global adoption, given it has already been banned in Kenya and is currently under review in the UK, France, and Germany. World ID hasn’t launched in the US due to regulatory uncertainty on the legal status of cryptocurrencies. Even if regulations across the globe allow for World ID, we still have the issue of sign-up. World ID seemingly attempts to solve this issue by incentivizing individuals with 45 Worldcoins, World ID’s cryptocurrency. However, this can lead to corruption, which we will address later.
The Complexities of Self-sovereign Identities
Self-sovereign identities are part of a philosophy that gives individuals control over the information they use to prove who they are. World ID follows this philosophy, given its decentralization and complete control given to each person. This philosophy trusts that every person can create, maintain, and update their identity–across all ages and technical abilities. In an ideal world, everyone could be responsible for their identities. However, reality shows that this has not been the case. Any solution must work for people of all ages, races, socioeconomic backgrounds, and physical or mental conditions. For example, can we trust people to never lose their digital identity? Given its decentralization, lost World IDs may never be recovered. We’ve already seen this happen with cryptocurrencies, where people reported that upon losing their digital key, they could not recover it, subsequently losing millions of dollars. We know that currently when you allow government systems to store and manage lost information, it can always be recovered. But with self-sovereign identities, IDs can be lost forever.
Imagine how easy it might be to scam, coerce or steal someone’s digital identity once obtained.
How Safe and Trustworthy is World ID?
While World ID is based on the concept of a distributed identity system, in reality it is a central solution owned and operated by one company. Relying on any such solution means that we need to fully trust the people and the technology behind World ID. For starters, we have the clerks working at each center and each individual who signs up. World ID requires that we place our complete trust in these people. However, with the involvement of money for both participants and operators, there will likely be a conflict of interest.
Furthermore, while World ID guarantees that no one can register more than once, many unknowns exist about the technology’s safety. Can the machine be purposefully fooled? What are the false positive and false negative identification rates? What happens when hackers or fraudsters compromise the technology in the future? These questions remain unanswered.
Conclusion
Self-sovereign identity solutions, such as the one proposed by World ID, are unlikely to solve the upcoming identity crisis. Further introducing new technologies like blockchain, proprietary iris scanners and more only raises more questions about the solution’s security, privacy, and stability. As we’ve learned, many solutions are already on the market, each with particular advantages and flaws.
I believe in three non-negotiables in any identity validation solution: privacy, anonymity, and accuracy. Privacy, unfortunately, is something most solutions do not guarantee. Many will use anonymity and privacy interchangeably, but while both are paramount, they are not the same. Regarding accuracy and privacy, as the world turns more digital and the use of Generative AI grows exponentially, we are seeing the need for accurate digital identity validation as a basis for content authenticity. Therefore, I believe that while World ID aims to solve a real and pressing problem, the real solution emerges elsewhere when the foundation is fully private, anonymous, and protected from human error or malicious intent. So, while we cautiously welcome Sam Altman into the world of Identity Validation, I am not rushing to have my iris scanned or store my personal information in that blockchain. I will stick to my non-negotiables of privacy, anonymity, and accuracy.
Itay Levy is the CEO and co-founder of Identiq, a private network for identity validation that enables the world’s largest companies to validate new users without sharing any personal data. A successful entrepreneur with two acquired startups by Nielsen and Teradata, Itay’s expertise in the digital identity space, cybersecurity, and engineering have led the innovation and growth of Identiq, empowering businesses to fight fraud and offer good users the positive experiences they deserve.
Identiq is a private network for identity validation that empowers companies to safely collaborate with each other in order to validate trusted customers–without sharing any sensitive data or identifiable information. Our peer-to-peer technology helps some of the world’s largest companies to identify good customers, fight fraud, and offer better experiences throughout the digital journey.