How the separation and unseparation of concerns contribute to SSI’s dystopian promise
As Einstein intimated [1], everything should be made as simple as possible, but not simpler. Current architectures for digital identity — intended to meet some definition of the needs of the complex living system that is human society — are dangerously too simple for the task.
Even self-sovereign identity (SSI), not infrequently held up by its champions as having the requisite complexity by design or claims to that effect, encodes distressing emergent outcomes.
I will qualify my use of words such as dangerous and distressing. Most obviously, we are talking about systems that may facilitate exclusion, persecution, and murder, as history attests.
Much less obviously I find, we are contemplating the ramifications for psychological, sociological, and ecological health; the very poor outcomes of the digitalization of identity for the human condition, the fabric of our communities, and our facilities to cooperate in responding to wicked problems at national and global scale. I don’t wish to sound flippant but these things are more important than, say, my hiring a car with great ease or proving I’m old enough to order a beer, both referenced examples of the technology’s application
The Good ID article format isn’t intended for detailed critiques — I invite you to dive into one provided in the conclusion. Rather for the brevity required here, I’ll focus on the misapplication of one common engineering maxim — separation of concerns — in terms of its contribution to SSI’s dystopian promise.
Described as “a kind of divide and conquer” strategy [2], and “one of the essential principles in software engineering” [3], “this principle asserts that software should be separated based on the kinds of work it performs” [4].
The SSI architecture follows the separation of concerns maxim when it shouldn’t, and then fails to when it should. Let’s take each in turn:
Outside the legal domain and IT systems administration for access management, identity is a social phenomenon co-constitutive and reciprocally-defining with relationships and corresponding information flows, as outlined in a previous Good ID viewpoint [5].
This natural triarchy cannot be separated, atomized, discretized, and yet, with an ingrained separation of concerns mindset, an historic familiarity with the comparatively narrow domain of Identity Access Management (IAM), and a corpus inherited from their pre-digital society-coding cousins, SSI architects appear drawn to legal identity and authorization as exemplars of the wider design challenge.
There may be benefits in rising up to the challenge in this common albeit artificial context, but having followed a separation of concerns in one tight context that is most unsuited to others, the architecture must then design to keep the corresponding code tightly constrained to the context for which it is indeed designed.
But just when the initial dedication to separation of concerns demands continued dedication, the architects turn to pursue interoperability and universality. SSI is designed deliberately to bleed into the quotidian operation of conceptualizations of identity that reflect the complexities of our nature and natural living systems, rather than stick to the comparatively Newtonian workings of the law
This is malignant. Quite simply, SSI is not ready for us, so we must not be ready for SSI.
For a deeper dive on this topic, please see The dystopia of self-sovereign identity (SSI) [6].
Such critique is a necessary next step on this long path to forging inter-disciplinary research, understanding, and development towards ‘digital identity’ for psychological, sociological, and ecological health; to co-creating contextually Good ID.
You are invited to join the corresponding working group, especially if you or your colleagues have deep expertise in psychology, sociology, ecology, history, political science, etc. — indeed any and all disciplines that will help balance and bring the best out of deeply talented information technologists.
References
[1] https://quoteinvestigator.com/2011/05/13/einstein-simple/
[2] Laplante, P. A. (2007). What Every Engineer Should Know about Software Engineering. United Kingdom. CRC Press. https://books.google.com/books?id=pFHYk0KWAEgC&q=%22separation+of+concerns%22&pg=PA85&redir_esc=y#v=snippet&q=%22separation%20of%20concerns%22&f=false
[3] De Win, B., Piessens, F., Joosen, W., & Verhanneman, T. (2002). On the importance of the separation-of-concerns principle in secure software engineering. In Workshop on the Application of Engineering Principles to System Security Design (pp. 1–10). https://distrinet.cs.kuleuven.be/projects/sobenet/dissemination/docs/ACSA.pdf
[4] Microsoft .NET Common Architectural Principles. Retrieved 23 Nov 2020. https://docs.microsoft.com/en-us/dotnet/architecture/modern-web-apps-azure/architectural-principles
[5] Sheldrake, P. (2019). Good Identity Lives In Between. Good ID. https://www.good-id.org/en/articles/good-identity-lives-between/
[6] Sheldrake, P. (2020). The dystopia of self-sovereign identity (SSI). https://generative-identity.org/the-dystopia-of-self-sovereign-identity-ssi/
