What is a Digital Identity (and can a zombie have one)?

As the world moves ever further towards everyone and everything being online 24/7, digital identity as a topic is gaining traction in many different walks of life. The views on what constitutes a digital identity are many and varied, from the simple (a few attributes) to the complex (‘it’s everything you do online’).

So, what does the term ‘digital identity’ actually mean? And who is allowed to have one? Humans? Pets? Zombies?

In order to answer these questions, it’s useful to first consider the more basic question of ‘what is identity?’

In UK law, an individual human is known as a ‘natural person’ and has a separate, unique identity that legally exists from birth to death. A company or organisation can also have a legal identity of its own, and is known as a ‘legal person’.

The UN’s definition of legal identity is practical and highlights the need for a ‘civil registration authority’ to issue birth and death certificates to record an identity:

“Legal identity is defined as the basic characteristics of an individual's identity. e.g. name, sex, place and date of birth conferred through registration and the issuance of a certificate by an authorized civil registration authority following the occurrence of birth. Legal identity is retired by the issuance of a death certificate by the civil registration authority upon registration of death.”

Many things to do with identities are actually records of relationships between two or more identities; e.g. a UK birth certificate links four natural persons together; the new person, mother, father and registrar. The only four attributes you need for the new person are name, gender, date of birth and place of birth.

At its most basic level, a legal identity begins with an entry on a register of births, and a birth certificate is the person’s proof that the registry entry was made.

Having a legally-recognised identity confers rights to the holder; they can hold relationships with other identities, own property and have equivalent protections to other identities, e.g. human rights.

As more of our lives move online, we need a ‘digital identity’ that is a legal equivalent of your paper birth certificate; something that confers the rights that come with a legal identity to you as the entitled person.

In order to protect the digital identity from being compromised or used by others, there needs to be a trusted process to bind it to the correct individual person, and a secure way for the person to access it.

In order to create a digital identity, you need these three components:

???A legal identity such as that held by a natural or legal person

???A verification process carried out by a certified party (such as a bank) to ensure that the legal identity belongs to the person presenting it

???Authentication credentials for connecting to the verified digital account (e.g. PIN/password, biometrics, mobile device)?

A digital identity is therefore a special type of digital account that the legal identity owner controls, and can be securely used to represent the legal identity in digital journeys. That’s not to say that any digital account is a digital identity; most accounts do not verify the legal identity or bind it to the presenting party.?

The broad claim that digital identity is ‘everything you do online’ is also not identity; it’s just data related to your activity online, that may or may not be linked to your legal identity.

Solving some of today’s big online problems like fraud or safety needs at least one party in the chain of service providers to have the ability to trace from the digital to the legal identity to hold them accountable; this can be done whilst also preserving the need for pseudonymous and anonymous accounts where they are required or wanted.

In a world where I can freeze/unfreeze my card and toggle light and dark modes on and off, why can’t I also turn off the trolls by muting unverified accounts?

Finally, coming back to the question ‘can a zombie have a digital identity’? - given that the zombie is dead and no longer human, it doesn’t qualify as having a legal identity, so can’t have a digital identity either. It would also probably struggle with getting past ‘log in with your face’.