One of the challenges is to have something that verifies the user is a person, but to also have it be privacy preserving, because people don't want to or need to give up their information.
When it comes to biometric data like an iris scan, palm print or face recognition, all of which are considered “ground truths,” Zick acknowledges that these factors can be used, but “making them privacy-preserving takes other technical steps, takes trusting the intermediary that's processing those things that's like a potential adopter of that digital credential.”
When Will Personhood Credentials Become a Reality?
A personhood credential could come from different sources. The most obvious way, Zick says, is a government-issued digital personhood credential, something unique to you,
While countries such as India and Estonia are working on government-issued personhood credentials, it’s not an easy path forward.
DISCOVER: Universities are using identity and access management solutions to bolster security.
“The government has a handful of ground truths that they can use to match the person to all this other stuff that they have on a person,” Zick says. “They can definitely tell if you're human or not, based off things you’d expect in a credit report, ID, Social Security, passport. They have a lot of resources for that, but the problem is that in terms of practically rolling something like that out, it’s very, very challenging to do any sort of innovation and IDs, especially digital IDs.”
Of course, going the government route means that the user is giving up privacy, so another possible solution is to use third-party verifiers.
“The ideal personhood credential is kind of like if you've used single sign-on systems. For example, you’re using one credential and your work portal to log in to a bunch of different applications. It’s that principle of, ‘You're you here in this one place that we trust, and so you’re you in all of these other places that you say you’re you.’ We connect it to your phone, we connect it to your email, so we know that it’s you,” Zick says.
How Could Personhood Credentials Impact Higher Education?
While this method is also not exactly privacy-preserving, it’s a way to establish ground truth with no government involvement.
In a university setting, this could mean that students receive a digital equivalent of their student IDs that can be used to navigate certain things within the university’s Wi-Fi when they’re connected to it.
However, in a university system, if there was “some credential that you really trust, and students use that for all of their interactions, all of their AI platforms, that could be a way to track whether a human is working on something versus an AI.”
LEARN MORE: How to avoid zero-trust tool fatigue.
While Zick believes the best version of a personhood credential is one that works across the board and can be used worldwide, she can also see them being implemented on a smaller scale, such as within a university.
“You just have to think about what you’re getting by having something that only verifies personhood, whether you want that privacy-preserving element or you want to be able to track if someone is using a bunch of different AI agents. If this is something you foresee people doing a lot, if you can imagine that being something that students do when we have AI as part of education, and people have to program different agents to do various things, this is a way to keep track of them: having a personal credential that’s localized to a university in a situation like that. But it is very context-specific whether something like that is useful.”
However, personhood credentials are likely at least five years out, Zick says. This is due to the complexity of implementing such security measures, and because it might require “some fairly tangible issues for people to actually want to mobilize about doing something like this that’s really systematic,” she says.
