What Universal Digital Identity Would Enable And Endanger

The World Bank's ID4D (Identification for Development) initiative estimates that approximately 850 million people globally lack a foundational identity document. The breakdown is revealing:

- Sub-Saharan Africa has the lowest rates of birth registration — below 50% in many countries. - Women are disproportionately affected. In many South Asian and African countries, men are more likely to have ID because they interact more frequently with formal systems (employment, land ownership, military service). - Refugees are particularly vulnerable. When you flee a conflict zone, your documents often stay behind. UNHCR estimates that 1 in 3 refugees lack adequate identity documentation. - Stateless persons — people who are not recognized as citizens by any nation — number approximately 4.4 million (though the real figure is likely much higher, since stateless people are by definition undercounted).

The consequences of lacking identity are systematic and severe. Without ID, you cannot:

- Open a bank account or access formal financial services - Own or transfer property - Register a business - Enroll children in school (in many countries) - Vote - Access government benefits, subsidies, or social protection - Travel across borders legally - Prove your age (relevant for child labor protections, marriage law, criminal justice)

Being undocumented is not just an inconvenience. It is a form of structural exclusion from the rights and systems that the rest of the world takes for granted.

---

Modern digital identity systems generally fall into three architectural categories:

Centralized systems. A single authority (usually a government) issues, manages, and verifies identities. India's Aadhaar system is the largest example, covering over 1.3 billion people with a 12-digit unique identifier linked to biometric data (fingerprints and iris scans). Estonia's e-Residency program offers digital identity to non-citizens for accessing Estonian digital services.

Federated systems. Multiple authorities issue identities, and a protocol allows them to recognize each other. The European Union's eIDAS framework enables citizens of any EU member state to use their national digital identity to access services in any other member state.

Decentralized / self-sovereign systems. The individual controls their own identity data, stored on their device or in a personal data store. Verification occurs through cryptographic proofs rather than through a central database. Blockchain-based identity projects, the W3C's Verifiable Credentials standard, and various "self-sovereign identity" (SSI) initiatives fall into this category.

The architectural choice has profound implications for power. Centralized systems are efficient but create single points of failure and control. Federated systems distribute power but require complex governance agreements. Decentralized systems give individuals the most control but face adoption and usability challenges.

---

The strongest case for universal digital identity is the inclusion case.

Aadhaar, for all its controversies (and there are many), has measurably expanded financial inclusion in India. The number of adults with bank accounts increased from 35% to 80% between 2011 and 2017, driven largely by the ability to use Aadhaar as proof of identity for account opening. Direct benefit transfers to bank accounts linked to Aadhaar have reduced leakage and corruption in subsidy programs.

In Kenya, the Huduma Namba digital identity initiative aims to replace multiple fragmented identity systems with a single national number. In Estonia, digital identity enables citizens to file taxes, vote, access health records, and start businesses entirely online — saving an estimated 2% of GDP annually in reduced bureaucratic costs.

The humanitarian case is equally compelling. Refugees arriving with no documentation could, with a digital identity system, prove who they are and access services without months of bureaucratic limbo. Stateless persons could have their existence formally recognized. Children born in conflict zones could be registered at birth, preventing a lifetime of exclusion.

The UN's Sustainable Development Goal 16.9 calls for legal identity for all, including birth registration, by 2030. Digital identity is the only mechanism that could achieve this at the required scale.

---

Now the other side.

Mass surveillance. A universal digital identity system creates the infrastructure for comprehensive tracking of every person's movements, transactions, communications, and interactions. Even if a government promises not to use it that way, the capability exists once the system is built. And capabilities, historically, get used. Post-9/11 surveillance expansion in the United States and the UK demonstrates how quickly emergency powers become permanent.

Exclusion by design. The same system that includes the undocumented can exclude the uncooperative. China's social credit system links identity to behavior ratings that can restrict travel, employment, and access to services. Any identity system can be modified to include behavioral conditions — and once the infrastructure exists, adding conditions is trivially easy.

Biometric risks. Unlike a password or a card, you cannot change your fingerprints or iris patterns. If biometric data is compromised — through hacking, data breach, or state capture — the individual has no recourse. India's Aadhaar database has experienced multiple security incidents, and civil liberties organizations have raised persistent concerns about biometric data protection.

Function creep. Identity systems designed for one purpose inevitably expand to others. Aadhaar was launched as a voluntary identity for accessing government services. It has become de facto mandatory for bank accounts, mobile phone SIM cards, tax filing, and dozens of other functions. The scope expanded without a clear democratic mandate for each expansion.

Digital exclusion. Paradoxically, a digital identity system can exclude the very populations it aims to include. People without smartphones, internet access, or digital literacy may find themselves locked out of a system that requires digital verification. Elderly populations, people with disabilities, and people in areas with poor connectivity face particular barriers.

---

The technical architecture of digital identity is a solved problem. Multiple systems exist that can verify identity securely at scale. The unsolved problem is governance.

Specifically:

Who controls the system? If a government controls it, citizens of authoritarian states face surveillance risk. If a corporation controls it, profit motives may conflict with user interests. If no one controls it (fully decentralized), accountability and recourse become difficult.

What data is collected? The minimum viable digital identity requires very little data — a unique identifier, a name, and a date of birth are sufficient for most purposes. But mission creep pushes systems to collect biometrics, location data, transaction history, and behavioral data. The more data collected, the greater the power of whoever holds it.

Who can see the data? Selective disclosure — proving you are over 18 without revealing your exact birth date, proving your nationality without revealing your home address — is technically possible with modern cryptography. But most existing systems don't implement it. The default is oversharing.

What happens when it goes wrong? False negatives (the system doesn't recognize you), false positives (it confuses you with someone else), system failures (the database goes down), and adversarial attacks (someone spoofs your identity) all require clear remediation processes. Who is responsible? How do you appeal? These questions are governance questions, not technical ones.

Can you opt out? This may be the most important question. If digital identity is mandatory, it is a tool of state power regardless of how it is governed. If it is optional, its inclusion benefits are limited because the most marginalized populations are least likely to opt in voluntarily. The tension between universality and voluntariness is irreducible.

---

Universal digital identity is a Law 1 test case because it forces a confrontation between two versions of "we are human."

Version one: We are human, therefore every person deserves to be seen, counted, included, and able to access the systems that distribute rights and resources. Digital identity makes this possible.

Version two: We are human, therefore every person deserves to be free from surveillance, control, and coercion by powerful institutions. Digital identity makes this harder.

Both versions are true. The work of Law 1 is not to choose one. It is to build systems that honor both — that include without controlling, that verify without surveilling, that see without watching.

If every person said yes to the full humanity of every other person, the design of identity systems would prioritize the most vulnerable. It would ask: "How does this system serve the refugee, the stateless child, the woman who has never had a document?" And simultaneously: "How does this system protect the dissident, the whistleblower, the person who needs to be invisible to survive?"

Those two questions, held together, produce better systems than either question asked alone.

---

Inventory. List every identity document and digital account you have. Count them. Now imagine losing all of them overnight. What could you no longer do? Who could you no longer prove you are? Sit with that feeling. It is the daily reality for 850 million people.

Research. Read about one digital identity initiative — India's Aadhaar, Estonia's e-Residency, or the EU's eIDAS framework. Look for both the inclusion gains and the civil liberties concerns. Notice which narrative you're drawn to. Push yourself to take the other side seriously.

Design. If you were designing a digital identity system for a refugee camp — where people have lost all documents, trust in authority is low, and the risk of data misuse is high — what would you build? What data would you collect? Who would hold it? How would you protect it? Write a one-page design proposal.

Conversation. Ask someone: "Would you be comfortable with a global digital identity system that every government could verify?" Listen to their answer. Then ask: "What if 850 million people are currently invisible because they don't have any identity at all?" Notice how the two frames change the conversation.