Launch / Award Event #57 Governing Identity Online Nations and Technologists

Summary

This discussion launched a research project funded by the Internet Society Foundation and executed by the Internet Governance Project at Georgia Tech, focusing on the governance of digital identifiers and online identity systems. Upasana Hembram from the Internet Society Foundation explained that digital interactions are fundamentally built on trust and identity authentication, which profoundly influence how transparent, secure, and trustworthy the Internet can be. The research examines how private organizations and government agencies interact in the global governance landscape to deploy online identity systems, particularly studying three specific identifier systems: WebPKI, Legal Entity Identifiers (LEI), and Resource Public Key Infrastructure (RPKI).

Dr. Milton Mueller outlined how digital identifiers require systems of trust and authority, with cyberspace changing traditional authority relationships in new ways. He discussed RPKI as a method for authenticating routing announcements and IP address block ownership, noting government involvement such as the U.S. Federal Communications Commission’s consideration of requiring RPKI implementation. The WebPKI system was highlighted through the European Commission’s EIDAS initiative, which created tension with existing browser-based trust hierarchies controlled by companies like Google, Apple, and Microsoft.

Vagisha Srivastava presented research on Legal Entity Identifiers, which uniquely emerged from a top-down approach by the Financial Stability Board and G20 following the 2008 financial crisis. LEIs address transparency and verification needs for financial entities in cross-border transactions, though the system faces challenges with certificate lapses due to insufficient user incentives for renewal. Benjamin Akinmoyeje provided perspective from Africa, discussing the continent’s rapid digital identity initiatives including World Bank projects and African Union digital transformation strategies, while highlighting concerns about interoperability across different national systems. The research aims to enhance understanding of how different policy decisions within various jurisdictions impact the global Internet governance landscape.

Keypoints

## Major Discussion Points:

– **Launch of Digital Identity Research Project**: Introduction of a new research initiative funded by the Internet Society Foundation and executed by the Internet Governance Project at Georgia Tech to study governing online identities and digital identifier systems

– **Three Core Identity Systems Under Study**: Examination of RPKI (Resource Public Key Infrastructure) for routing security, WebPKI for web authentication including EU’s EIDAS controversy with browser manufacturers, and LEI (Legal Entity Identifiers) for financial entity verification

– **Government vs. Technical Community Authority**: Analysis of how state authority intersects with Internet community self-governance, including examples like the FCC’s consideration of RPKI requirements and the European Commission’s clash with existing browser-based trust hierarchies

– **Legal Entity Identifiers (LEI) Challenges**: Discussion of the top-down creation of LEI by financial regulators post-2008 crisis, its mandatory use for cross-border transactions, and the problem of certificate lapses due to lack of user incentives for renewal

– **Global South Perspective on Digital Identity**: Presentation of Africa’s digital identity landscape, including massive inclusion efforts (500+ million people lacking verifiable identity), various continental initiatives, and concerns about interoperability across different national systems

## Overall Purpose:

The discussion serves as a launch event for a comprehensive research project examining how digital identity systems are governed globally. The goal is to understand the complex interplay between technical communities, government agencies, and private actors in managing online identity verification systems, with implications for Internet governance, trust, security, and global digital inclusion.

## Overall Tone:

The discussion maintains an academic and informative tone throughout, characterized by scholarly presentation of research objectives and technical concepts. The tone is collaborative and forward-looking, with speakers building upon each other’s presentations to create a comprehensive overview of the research scope. There’s an underlying sense of urgency about the importance of understanding these “background” systems that are fundamental to digital trust, though the presentation remains measured and analytical rather than alarmist.

Speakers

– **Dr. Milton Mueller**: Internet Governance Project at Georgia Tech (project executor/researcher)

– **Upasana Hembram**: Internet Society Foundation (foundation representative)

– **Dr. Karim Farhat**: Part of the research project, based in the United States, working on legal entity identifiers

– **Vagisha Srivastava**: PhD student at Georgia Tech, handling research on legal entity identifiers (LEIs)

– **Benjamin Akinmoyeje**: Involved in ICANN from Africa perspective, working with digital identifier policy, based in Nigeria

– **Michael Palage**: (mentioned in speakers list but role/expertise not clearly specified in transcript)

Additional speakers:

– **Dr. Johannes Sedlmeyer**: (mentioned multiple times but role/expertise not specified in the provided transcript portion)

# Summary: Launch of Digital Identity Governance Research Project

## Introduction and Project Overview

This discussion marked the formal launch of a research initiative examining the governance of digital identifiers and online identity systems. The project is funded by the Internet Society Foundation and executed by the Internet Governance Project at Georgia Tech, bringing together researchers from multiple continents to address digital identity governance.

Upasana Hembram from the Internet Society Foundation opened the discussion by establishing that digital interactions are built upon trust and identity authentication. She emphasized that digital identity systems, despite their crucial role in today’s digital economy, remain an understudied area of Internet governance with profound implications for privacy, security, and trust. Hembram argued that these systems should be viewed as instruments of public trust rather than mere background technologies.

## Theoretical Framework

Dr. Milton Mueller provided the theoretical foundation by addressing fundamental questions about authority and trust in cyberspace. He explained that objects in cyberspace cannot be identified without proper identification and authentication systems, making digital identity systems essential infrastructure.

Mueller highlighted how cyberspace is changing authority relationships and posed critical questions about where authority resides in digital identity systems and who can be trusted when authenticating online identity. The research framework focuses on three specific identifier systems: Resource Public Key Infrastructure (RPKI), Web Public Key Infrastructure (WebPKI), and Legal Entity Identifiers (LEI).

## Resource Public Key Infrastructure (RPKI)

Mueller presented RPKI as a method for authenticating routing announcements and verifying ownership of IP address blocks. He noted that the U.S. Federal Communications Commission initially considered requiring RPKI implementation among Internet service providers but ultimately backed away from this requirement due to questions about their authority in this domain.

The research team identified RPKI implementation speed and effectiveness as key areas of investigation, particularly regarding the degree to which governments become involved in either requiring or using RPKI.

## Web Public Key Infrastructure and eIDAS

The WebPKI system was discussed through the European Commission’s Electronic Identification, Authentication and Trust Services (eIDAS) initiative, which created tension with existing browser-based trust hierarchies. Mueller described this as a political clash between governmental authority and established technical community governance structures, where the European Commission attempted to intervene in web authentication processes controlled by major technology companies including Google, Apple, and Microsoft.

## Legal Entity Identifiers: Regulatory Approach

Vagisha Srivastava presented detailed research on Legal Entity Identifiers, which emerged from regulatory mandates following the 2008 financial crisis. The LEI system was created by the Financial Stability Board and G20 to address transparency and verification problems in cross-border financial transactions.

Srivastava explained the LEI governance structure: the Financial Stability Board established the Regulatory Oversight Committee (ROC), which oversees the Global Legal Entity Identifier Foundation (GLEIF), which in turn manages local operating units that issue LEI codes to legal entities.

Her research revealed critical challenges with certificate lapses due to insufficient user incentives for renewal. Financial organizations often fail to maintain current LEI certificates, undermining the system’s verification purposes. This led to the insight that regulatory mandates alone are insufficient – effective systems require user incentives and infrastructural integration for ongoing effectiveness.

## African Perspectives

Benjamin Akinmoyeje began presenting on Africa’s digital identity landscape, noting that over 500 million people in Africa lack verifiable legal identities, creating barriers to accessing essential services. He mentioned multiple initiatives developing across the continent, including the World Bank’s ID for Development project and the African Union’s digital transformation strategy.

*Note: The transcript appears to become incomplete during Benjamin’s presentation and becomes unclear toward the end, limiting the available information about his full contribution to the discussion.*

## Project Significance

The discussion positioned digital identity governance as a critical but understudied component of Internet governance. The research project aims to examine how private organizations and government agencies interact within the global governance landscape to deploy online identity systems, addressing the complex reality where traditional boundaries between public and private authority are increasingly blurred.

The project’s multi-stakeholder approach and focus on three distinct identifier systems provides concrete case studies for examining broader questions about authority, trust, and governance in digital environments. The inclusion of Global South perspectives ensures the research addresses questions of inclusion and digital equity alongside technical governance challenges.

## Conclusion

This launch discussion established the scope and methodology of a research project examining digital identity governance through three specific case studies. The conversation highlighted the complexity of digital identity systems and demonstrated the need for understanding how different governance approaches operate across various contexts and jurisdictions. The research represents an effort to fill a significant gap in understanding how these fundamental systems are governed and their implications for the broader Internet ecosystem.

Dr. Milton Mueller: This is a session on digital identifiers, and it represents a launch of a research project that is being funded by the Internet Society Foundation and executed by the Internet Governance Project at Georgia Tech. And I want to begin by introducing Upasana, who is with the Internet Society Foundation, and she will introduce you to the foundation and the way they are supporting research.

Upasana Hembram: Hello, everyone. Good morning to everyone present in Oslo. Good afternoon. Good evening to all those joining virtually. Thank you all for gathering here to attend this session about launching this study on governing online identities. As you all know, the fundamental of our digital interaction these days is essentially built on trust, and a lot of it is dependent on authenticating identity, and this involves several complex technical systems and governance arrangements that are constantly developed in order to assign proof and verify identity. And since these identity systems profoundly influence how transparent, secure, and trustworthy the Internet can be, I don’t think they should be viewed as merely technologies that run in the background, but as a fundamental instrument of public trust. At Internet Society and the Internet Society Foundation, our vision is an Internet for everyone, and we strongly believe that the Internet should be open, secure, safe, trustworthy, and community-centered. Through our various grant programs at the Internet Society Foundation, we have been championing organizations and changemakers who have been working towards this mission, and specifically through our research grant program, we encourage experimentation, innovation, and explorations that can help us deepen our understanding of the critical functions that keep the Internet running, and also help ideate various solutions that can strengthen and safeguard the core principles of an open and trustworthy Internet. So we’ve partnered with the Internet Governance Project at Georgia Tech to do exactly that. The digital identity system, despite the emerging lack of trust in today’s digital world, happens to be an understudied area of Internet governance, but it has deep implications for privacy, security, and trust in today’s Internet economy. And amidst this evolving geopolitical landscape, this study, which has been supported by the Internet Society Foundation’s research grant, will examine how private actor-led organizations and government agencies interact in the global governance landscape to deploy online identity. And our hope with this study is that it can enhance our understanding of the dynamics that are involved, and what that means for the broader Internet ecosystem. This study particularly looks at WebPKI, LEI, and RPKIs, which will be discussed in greater detail by the presenters today. And while these don’t make newsflash, like eyeball-grabbing headlines, they are very critical in shaping some of the most foundational aspects of digital interactions today via trust and safety. Now, why should somebody care about this study, and how does it relate to Internet governance? This study takes a closer look at identity regimes across different jurisdictional contexts, and it sheds light on how the effects of these different policy options within these jurisdictions have implications on the global Internet governance landscape. The insights from these different case studies can help us understand why some decisions were made, how they were made, how they were implemented, and perhaps what are some of the outcomes that they produce, which will eventually help us, especially key decision makers in government and policy, public policy, make decisions on how to allocate resources around investment decisions, et cetera. Lastly, I would like to close off by saying that the future of Internet governance does not mean to be built solely on laws and regulations. It should be through open, multi-stakeholder models that truly reflect the public interest, and this study tries to go deep into the governance of online identity and does exactly that.

Dr. Milton Mueller: Thank you. Let’s go back now to, by the way, that’s Karim Farhat up there. He’s in the United States, and he’s part of the project. So let me just begin by introducing the basic topic. You see these blobs on the left, and that kind of represents objects in cyberspace, which could be any number of things. It could be servers, it could be machines, it could be devices, it could be people. And in cyberspace, you simply do not know what these things are without some kind of a identification and authentication system. So we’re studying that process, and we’re looking at it, how do I change the slides? Like that? Next slide. Okay. So one of the important things about digital identifiers, and they could be, again, for anything, is that they require some kind of system of trust and authority. And the interesting thing about cyberspace is that it is changing the authority relationships in new ways. So where does the authority reside? Who can you trust when you’re authenticating online identity? And so that is three different identifier systems that we have chosen to study. One of them is the RPKI, which is about trusting routing announcements. Another is about the WebPKI. And another is about legal entity identifiers, which is a new system of identifiers being developed by a new international organization. Now, I’m going to talk a little bit about RPKI. We don’t have a lot of time. Obviously, this is a very complex topic. But RPKI is a way of authenticating routing announcements, or actually authenticating who actually is the legitimate holder of an IP address block. The Regional Internet Registry has issued certificates, digital certificates, that allow you to authenticate this. And there’s been some controversy about how quickly this is being implemented and how effective it is as a method of ensuring routing security. And so one of the things that interests us is the degree to which governments get involved in either requiring or using RPKI. And so one of the things we’ll be looking at is a recent U.S. Federal Communications Commission proceeding in which the FCC, for a while, thought it was going to intervene and start requiring RPKI among Internet service providers in the United States, and ultimately backed off and decided it didn’t have the authority to do that. But that’s one of these ways in which state authority is mixing with the The EIDAS is another area in which we will be looking closely at an intersection of government power and Internet community self-governance. This is the web authentication process and recently the European Commission tries to intervene in this by saying we’re going to create a European system of digital certificates and we will decide who you can trust and they clashed with the existing platform-based trust hierarchy primarily centered in the browser manufacturers, that is to say Google, Apple, Microsoft and so on and there was a big political clash over that and so we’re going to be looking at that controversy in detail. And now I’m going to turn it over to, we don’t have time to go into all this, organizational identity. I’ll turn it over to Vagisha Srivastava who is a PhD student at Georgia Tech and she’s handling part of the research on legal identity identifiers.

Vagisha Srivastava: I and Karim, my colleague, who’s online, we are looking at the legal entity identifiers which is kind of a unique choice in our study because this is one of those organizational entity that was not created by the technical community, bottoms up, but it was a top-down approach created by the FSB, the financial standards board in the G20. So one of the problems that led to the creation of this was identified post-financial crisis where a lack of transparency and verification needed for, you know, financial entities was missing. So there was an asymmetric information problem that led to a market failure where especially for cross-border transactions, verification and authentication was very, very difficult. So between 2008 and 2012, G20 convened and they decided that we need an entity identifier norm and regulation which led to the creation of GLEIF, we can go to the next slide. And LEIs basically fill that gap. They provide a standardization requirement for financial entities so that they can be verified which go through a list of procedures and check and then they can participate in local transactions and also cross-border transactions. It’s mandatory for cross-border transactions but not so much for if you want to make domestic transactions. So they did improve transparency and risk mechanisms. So you can see the FSB led to RAC which led to the creation of GLEIF which is like a non-profit entity that then leads to the creation of local operating units that issue LEIs in domestic markets. You can go to the next slide. The current status remains that the uptake is huge, one because it’s compulsory for any entity that wants to participate in cross-border transactions. But one of the problems that we observed was that there’s a lot of lapse certificate which basically means that these financial organizations don’t have the incentive to keep on renewing which means that the information that is associated with these identities gets lapsed and therefore it’s not current which then leads to a problem which we began with that you cannot verify or authenticate these entities with credible information. So LEIs in our cases, and I’ll stop just here, which is LEIs in our case reveal something very important which is global standards need not just regulatory pressure but user incentives and infrastructural integration for them to keep on going and that’s what we are focusing on within this study.

Benjamin Akinmoyeje: Okay. So next we want to bring up Benjamin Akinmoyeje Akinmoye from Nigeria. Benjamin Akinmoyeje is not a researcher for us but he is somebody involved in ICANN from the standpoint of Africa and so he’s been working with digital identifier policy. Benjamin Akinmoyeje, can you talk about your perspective on this for about five minutes? Yes. Thank you very much. Can you hear me? We can hear you. Can you bring his picture up on the screen or is he not showing video? Oh. There we go. Okay. We got you. Yes. Is it possible for me to share my slide? I have a more detailed slide if you don’t mind. I don’t know whether the, yes, you can share your slides. Okay. Thank you. Do you see my screen?

Dr. Milton Mueller: No, we just see you which is perfectly fine. You look great. So.

Benjamin Akinmoyeje: Thank you. Good morning, everybody, and thank you for the opportunity to have me here. So I’m going to be talking about the relevance of digital identifier and the governance around it from the perspective of Global South and from someone living in Africa. So this space is really dynamic because of the enormous innovation going on for primarily for inclusion, access to services, and all of that. And in order to understand what is happening, at least I know that on the continent, statistics show that over 500 million people are yet to have some form of verifiable identity, legal IDs that they can build access to. So from that perspective, and then there’s this huge push for everybody to go online and there’s so much technology optimizing, you know. So there has been interesting projects on the continent. So when you look out some form of research around this, you’re going to find that World Bank has a big project going on, ID for Identification for Development, and it has like 49 countries already on board, and Rwanda and Nigeria are participants of this. And they are really going hard at this and getting more individuals registered, providing the guidelines so that we can have credible identifications that can work online as well. Then there’s this project, ID for Africa. This really goes across the continent, getting different national organizations responsible for either national identifiers like identification schemes to be on board. And then also African Union has their digital transformation strategy. And fundamental, foundational to this is the identifications, legal identification across different countries. So they give like a roadmap. Also regionally, like ECOWAS, you’ll find something like national biometric ID cards. So all of this, I’m just trying to show you how very rapidly moving these things are. Then on top of this, and you can see the motivation for this, because AFICTA, which is Africa Free Trade Agreement, is hoping to build essentially on digital innovations and how can we do trade across the continent. But the major concern is interoperability of this framework, because different countries talking to different vendors, different to get the ID. Benjamin Akinmoyejejamin Akinmoyeje, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer,

Dr. Karim Farhat: Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer,

Michael Palage: Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Vagisha Srivastava, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Dr. Johannes Sedlmeyer, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat,

Dr. Milton Mueller: Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat, Dr. Karim Farhat,

Agreement points

Digital identity systems require complex governance structures involving multiple stakeholders

Speakers

– Upasana Hembram
– Dr. Milton Mueller
– Vagisha Srivastava

Arguments

Future Internet governance should be built through open, multi-stakeholder models that reflect public interest rather than solely on laws and regulations

The study examines how private actor-led organizations and government agencies interact in global governance to deploy online identity

LEIs represent a unique top-down approach created by the FSB and G20, unlike technical community bottom-up systems

Summary

All speakers acknowledge that digital identity governance involves complex interactions between various stakeholders including governments, private organizations, and technical communities, requiring multi-stakeholder approaches rather than single-authority solutions

Topics

Digital identities | Legal and regulatory

Digital identity systems are fundamental infrastructure for trust and security online

Speakers

– Upasana Hembram
– Dr. Milton Mueller

Arguments

Objects in cyberspace cannot be identified without proper identification and authentication systems

Digital identity systems profoundly influence how transparent, secure, and trustworthy the Internet can be and should not be viewed as merely background technologies

Summary

Both speakers emphasize that digital identity systems are not just technical tools but fundamental infrastructure that determines the trustworthiness and security of the entire Internet ecosystem

Topics

Digital identities | Infrastructure

Similar viewpoints

Both speakers recognize the tension between top-down governmental/regulatory approaches and bottom-up technical community governance in digital identity systems, highlighting different models of authority and control

Speakers

– Dr. Milton Mueller
– Vagisha Srivastava

Arguments

There are clashes between government power and Internet community self-governance, as seen in the European Commission’s intervention in web authentication

LEIs represent a unique top-down approach created by the FSB and G20, unlike technical community bottom-up systems

Topics

Digital identities | Legal and regulatory

Both speakers identify implementation challenges in digital identity systems, emphasizing that successful deployment requires more than just regulatory mandates and must address practical issues like user incentives and system compatibility

Speakers

– Vagisha Srivastava
– Benjamin Akinmoyeje

Arguments

Global standards need regulatory pressure, user incentives, and infrastructural integration to remain effective

Interoperability remains a major concern as different countries work with different vendors for ID systems

Topics

Digital identities | Development

Unexpected consensus

Limitations of purely regulatory approaches to digital identity governance

Speakers

– Upasana Hembram
– Vagisha Srivastava
– Dr. Milton Mueller

Arguments

Future Internet governance should be built through open, multi-stakeholder models that reflect public interest rather than solely on laws and regulations

Global standards need regulatory pressure, user incentives, and infrastructural integration to remain effective

The FCC initially considered requiring RPKI among Internet service providers but ultimately backed off due to lack of authority

Explanation

Despite representing different perspectives (foundation, academic research, and policy analysis), all speakers converge on the view that regulatory approaches alone are insufficient for effective digital identity governance, requiring broader stakeholder engagement and practical implementation considerations

Topics

Digital identities | Legal and regulatory

Overall assessment

Summary

The speakers demonstrate strong consensus on the fundamental importance of digital identity systems as critical infrastructure, the need for multi-stakeholder governance approaches, and the limitations of purely regulatory solutions. They agree on the complexity of governance challenges and the need for balanced approaches between different authority models.

Consensus level

High level of consensus on core principles and challenges, with complementary rather than conflicting perspectives. This suggests a mature understanding of digital identity governance issues across different stakeholder communities, which could facilitate collaborative approaches to addressing the identified challenges in policy development and implementation.

Different viewpoints

Top-down vs. Bottom-up Governance Approaches

Speakers

– Upasana Hembram
– Vagisha Srivastava

Arguments

Future Internet governance should be built through open, multi-stakeholder models that reflect public interest rather than solely on laws and regulations

LEIs represent a unique top-down approach created by the FSB and G20, unlike technical community bottom-up systems

Summary

Hembram advocates for multi-stakeholder, bottom-up governance models, while Srivastava presents LEIs as an example of successful top-down regulatory approach, though she notes challenges with this model

Topics

Digital identities | Legal and regulatory

Unexpected differences

Effectiveness of Regulatory Mandates

Speakers

– Vagisha Srivastava
– Benjamin Akinmoyeje

Arguments

Global standards need regulatory pressure, user incentives, and infrastructural integration to remain effective

Multiple initiatives are rapidly developing across Africa including World Bank’s ID for Development project and African Union’s digital transformation strategy

Explanation

Srivastava’s research shows that regulatory mandates alone are insufficient (citing LEI certificate lapses), while Akinmoyeje presents multiple regulatory initiatives as positive developments, creating an implicit tension about the effectiveness of regulatory approaches

Topics

Digital identities | Legal and regulatory | Development

Overall assessment

Summary

The discussion reveals subtle tensions between different governance philosophies – top-down regulatory approaches versus bottom-up technical community governance, and questions about the effectiveness of mandatory systems versus incentive-based approaches

Disagreement level

Low to moderate disagreement level. This was primarily a research presentation rather than a debate, so disagreements are more implicit and philosophical rather than direct confrontations. The implications suggest ongoing challenges in finding the right balance between regulatory oversight and technical community self-governance in digital identity systems

Partial agreements

Similar viewpoints

Both speakers recognize the tension between top-down governmental/regulatory approaches and bottom-up technical community governance in digital identity systems, highlighting different models of authority and control

Speakers

– Dr. Milton Mueller
– Vagisha Srivastava

Arguments

There are clashes between government power and Internet community self-governance, as seen in the European Commission’s intervention in web authentication

LEIs represent a unique top-down approach created by the FSB and G20, unlike technical community bottom-up systems

Topics

Digital identities | Legal and regulatory

Both speakers identify implementation challenges in digital identity systems, emphasizing that successful deployment requires more than just regulatory mandates and must address practical issues like user incentives and system compatibility

Speakers

– Vagisha Srivastava
– Benjamin Akinmoyeje

Arguments

Global standards need regulatory pressure, user incentives, and infrastructural integration to remain effective

Interoperability remains a major concern as different countries work with different vendors for ID systems

Topics

Digital identities | Development

Key takeaways

Digital identity systems are fundamental infrastructure that should be viewed as instruments of public trust rather than mere background technologies

Cyberspace is fundamentally changing authority relationships, creating new questions about trust and governance between government power and Internet community self-governance

The research project will examine three specific identifier systems (WebPKI, LEI, and RPKI) to understand how private organizations and government agencies interact in global digital identity governance

Legal Entity Identifiers (LEIs) demonstrate that global standards require not just regulatory pressure but also user incentives and infrastructural integration to remain effective

Africa faces significant digital identity challenges with over 500 million people lacking verifiable legal IDs, while multiple rapid development initiatives are creating interoperability concerns

Future Internet governance should be built through open, multi-stakeholder models that reflect public interest rather than relying solely on laws and regulations

Resolutions and action items

The Internet Society Foundation has funded the Internet Governance Project at Georgia Tech to conduct research on digital identity governance

The research team will examine specific case studies including the FCC’s RPKI proceeding and the European Commission’s intervention in web authentication

Vagisha Srivastava and Karim Farhat will focus on researching Legal Entity Identifiers (LEI) systems

Benjamin Akinmoyeje will provide perspective on digital identifier policy from the African/Global South context

Unresolved issues

The fundamental question of where authority should reside in digital identity systems remains unresolved

Interoperability challenges across different national digital identity systems, particularly in Africa where different countries work with different vendors

The problem of lapsed LEI certificates where financial organizations lack incentives to renew, leading to outdated verification information

How to balance government regulatory authority with Internet community self-governance in digital identity systems

The effectiveness and implementation speed of RPKI as a method for ensuring routing security

Suggested compromises

N

o

n

e

i

d

e

n

t

i

f

i

e

d

In cyberspace, you simply do not know what these things are without some kind of a identification and authentication system… the interesting thing about cyberspace is that it is changing the authority relationships in new ways. So where does the authority reside? Who can you trust when you’re authenticating online identity?

Speaker

Dr. Milton Mueller

Reason

This comment reframes digital identity from a technical problem to a fundamental question of power and authority. It highlights that digital identity systems aren’t just about verification but about who gets to decide what constitutes legitimate identity – a deeply political question that challenges traditional notions of sovereignty and control.

Impact

This framing established the conceptual foundation for the entire discussion, shifting it from technical implementation details to governance implications. It set up the tension between traditional authority structures and new digital power dynamics that would be explored through each case study.

LEIs in our case reveal something very important which is global standards need not just regulatory pressure but user incentives and infrastructural integration for them to keep on going

Speaker

Vagisha Srivastava

Reason

This insight challenges the assumption that top-down regulatory mandates are sufficient for successful digital identity systems. It reveals a critical gap between policy intention and practical implementation, highlighting that compliance alone doesn’t ensure system sustainability or effectiveness.

Impact

This observation introduced a crucial dimension to the discussion – the difference between mandated adoption and meaningful, sustained use. It shifted the conversation from focusing solely on governance structures to considering the practical incentives and infrastructure needed for digital identity systems to actually work in practice.

The digital identity system, despite the emerging lack of trust in today’s digital world, happens to be an understudied area of Internet governance, but it has deep implications for privacy, security, and trust in today’s Internet economy

Speaker

Upasana Hembram

Reason

This comment identifies a significant research gap while simultaneously highlighting the paradox that as trust becomes more critical online, the systems that enable that trust remain poorly understood from a governance perspective. It positions digital identity as foundational infrastructure rather than background technology.

Impact

This framing justified the research project’s importance and established digital identity systems as deserving serious academic and policy attention. It elevated the discussion from technical implementation to strategic Internet governance, setting the stage for examining how these systems shape broader digital interactions.

Statistics show that over 500 million people are yet to have some form of verifiable identity, legal IDs that they can build access to… but the major concern is interoperability of this framework, because different countries talking to different vendors

Speaker

Benjamin Akinmoyeje

Reason

This comment brings a crucial Global South perspective that highlights how digital identity governance isn’t just about managing existing systems but about inclusion and access. It reveals how fragmented approaches to digital identity can perpetuate rather than solve exclusion problems.

Impact

This intervention broadened the discussion beyond the technical governance of established systems to include questions of digital inclusion and the risks of creating incompatible identity silos. It added urgency to the governance questions by showing real-world consequences of poor coordination in digital identity systems.

Overall assessment

These key comments collectively transformed what could have been a narrow technical discussion into a comprehensive examination of power, authority, and inclusion in digital identity governance. Mueller’s framing of authority relationships established the theoretical foundation, while Srivastava’s insight about the gap between regulation and implementation added practical nuance. Hembram’s identification of the research gap legitimized the inquiry’s importance, and Akinmoyeje’s Global South perspective ensured the discussion remained grounded in real-world implications for digital inclusion. Together, these comments shaped a discussion that moved fluidly between theoretical governance questions and practical implementation challenges, demonstrating how digital identity systems sit at the intersection of technology, policy, and social equity.

How quickly is RPKI being implemented and how effective is it as a method of ensuring routing security?

Speaker

Dr. Milton Mueller

Explanation

This was identified as a controversial topic that interests the research team, particularly regarding the speed of implementation and effectiveness of RPKI for routing security

What is the degree to which governments get involved in either requiring or using RPKI?

Speaker

Dr. Milton Mueller

Explanation

This represents a key research focus on the intersection of government authority and technical infrastructure governance

Why don’t financial organizations have incentives to keep renewing their LEI certificates, leading to lapsed information?

Speaker

Vagisha Srivastava

Explanation

This addresses a critical problem where the lack of renewal incentives undermines the verification and authentication purpose of LEIs

How can global standards achieve not just regulatory pressure but also user incentives and infrastructural integration for sustainability?

Speaker

Vagisha Srivastava

Explanation

This emerged as a key finding from the LEI case study about what’s needed for global digital identity standards to be successful long-term

How can interoperability be achieved across different African countries’ digital identity frameworks when they’re working with different vendors?

Speaker

Benjamin Akinmoyeje

Explanation

This represents a major concern for digital identity implementation across Africa, where different countries are adopting different technical solutions that may not work together

What are the detailed outcomes and implications of the political clash between the European Commission’s eIDAS system and existing browser-based trust hierarchies?

Speaker

Dr. Milton Mueller

Explanation

This was mentioned as an area the research will examine in detail, representing a significant conflict between government power and Internet community self-governance